diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.0/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/booleansPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,199 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel +# +# Brent Fox +# Dan Walsh +# +# Copyright 2006 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import tempfile + +INSTALLPATH='/usr/share/system-config-selinux' +sys.path.append(INSTALLPATH) + +from Conf import * +import commands +ENFORCING=0 +PERMISSIVE=1 +DISABLED=2 + +## +## I18N +## +PROGNAME="system-config-selinux" + +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class Translation: + def __init__(self): + self.translation={} + fd=open(INSTALLPATH + "/selinux.tbl","r") + lines=fd.readlines() + fd.close() + for i in lines: + try: + line=i.strip().split("_(\"") + key=line[0].strip() + category=line[1].split("\"")[0] + value=line[2].split("\"")[0] + self.translation[key]=(category,value) + except: + continue + + def get_category(self,key): + try: + return _(self.translation[key][0]) + except: + return _("Other") + + def get_value(self,key): + try: + return _(self.translation[key][1]) + except: + return key + +class Modifier: + def __init__(self,name, on, save): + self.on=on + self.name=name + self.save=save + + def set(self,value): + self.on=value + self.save=True + + def isOn(self): + return self.on + +class Boolean(Modifier): + def __init__(self,name, val, save=False): + Modifier.__init__(self,name, val, save) + +class Modifiers: + def __init__(self,store): + self.modifiers={} + self.translation=Translation() + self.store=store + self.store.clear() + + def add(self,name,val): + if name == "targeted_policy": + return + category=self.translation.get_category(name) + if not self.modifiers.has_key(category): + self.modifiers[category]={} + iter=self.store.append(None) + self.modifiers[category]["iter"] = iter + self.store.set_value(iter, 1, category) + self.store.set_value(iter, 3, False) + + self.modifiers[category][name]=val; + iter=self.store.append(self.modifiers[category]["iter"]) + self.store.set_value(iter, 0, val.isOn()) + self.store.set_value(iter, 1, self.translation.get_value(name)) + self.store.set_value(iter, 2, name) + self.store.set_value(iter, 3, True) + + def set(self,name,val): + category=self.translation.get_category(name) + self.modifiers[category][name].set(val) + + def isBoolean(self,name): + c=self.translation.get_category(name) + return isinstance(self.modifiers[c][name], Boolean) + + def get_booleans(self): + booleans={} + for c in self.modifiers.keys(): + for n in self.modifiers[c].keys(): + if isinstance(self.modifiers[c][n], Boolean): + booleans[n]=self.modifiers[c][n] + return booleans + +class booleansPage: + def __init__(self, xml, doDebug=None): + self.xml = xml + self.types=[] + self.selinuxsupport = True + self.translation = Translation() + self.typechanged = False + self.doDebug = doDebug + + # Bring in widgets from glade file. + self.typeHBox = xml.get_widget("typeHBox") + self.booleanSW = xml.get_widget("booleanSW") + self.booleansView = xml.get_widget("booleansView") + self.typeLabel = xml.get_widget("typeLabel") + self.modifySeparator = xml.get_widget("modifySeparator") + + listStore = gtk.ListStore(gobject.TYPE_STRING) + cell = gtk.CellRendererText() + + self.booleansStore = gtk.TreeStore(gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_PYOBJECT, gobject.TYPE_BOOLEAN) + self.booleansStore.set_sort_column_id(1, gtk.SORT_ASCENDING) + self.booleansView.set_model(self.booleansStore) + + checkbox = gtk.CellRendererToggle() + checkbox.connect("toggled", self.boolean_toggled) + col = gtk.TreeViewColumn('', checkbox, active = 0,visible=3) + col.set_fixed_width(20) + col.set_clickable(True) + self.booleansView.append_column(col) + + col = gtk.TreeViewColumn("", gtk.CellRendererText(), text=1) + self.booleansView.append_column(col) + self.refreshBooleans() + + def get_description(self): + return _("Boolean") + + def refreshBooleans(self): + self.modifiers=Modifiers(self.booleansStore) + booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n") + for i in booleansList: + rec=i.split() + name=rec[0] + if rec[2]=="on" or rec[2]=="active": + on=1 + else: + on=0 + self.modifiers.add(name,Boolean(name,on)) + + def boolean_toggled(self, widget, row): + if len(row) == 1: + return + iter = self.booleansStore.get_iter(row) + val = self.booleansStore.get_value(iter, 0) + key = self.booleansStore.get_value(iter, 2) + self.booleansStore.set_value(iter, 0 , not val) + self.modifiers.set(key, not val) + + setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) + commands.getstatusoutput(setsebool) diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.0/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/fcontextPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,158 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import seobject +from semanagePage import *; +from avc import context + +## +## I18N +## +PROGNAME="system-config-selinux" + +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class fcontextPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "fcontext", _("File Labeling")) + self.view = xml.get_widget("fcontextView") + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) +# self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=0) + col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(250) + + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("Selinux\nFile Context"), gtk.CellRendererText(), text=1) + + col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) + col.set_fixed_width(250) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("File\nType"), gtk.CellRendererText(), text=2) + col.set_sort_column_id(2) + col.set_resizable(True) + self.view.append_column(col) + self.load() + self.fcontextEntry = xml.get_widget("fcontextEntry") + self.fcontextFileTypeCombo = xml.get_widget("fcontextFileTypeCombo") + liststore=self.fcontextFileTypeCombo.get_model() + for k in seobject.file_types: + if len(k) > 0 and k[0] != '-': + iter=liststore.append() + liststore.set_value(iter, 0, k) + iter = liststore.get_iter_first() + self.fcontextFileTypeCombo.set_active_iter(iter) + self.fcontextTypeEntry = xml.get_widget("fcontextTypeEntry") + self.fcontextMLSEntry = xml.get_widget("fcontextMLSEntry") + + def load(self): + self.fcontext=seobject.fcontextRecords() + fcon_list=self.fcontext.get_all() + self.store.clear() + for fcon in fcon_list: + iter=self.store.append() + self.store.set_value(iter, 0, fcon[0]) + self.store.set_value(iter, 2, fcon[1]) + if len(fcon) > 3: + rec="%s:%s:%s:%s " % (fcon[2], fcon[3],fcon[4], seobject.translate(fcon[5],False)) + else: + rec="<>" + self.store.set_value(iter, 1, rec) + self.view.get_selection().select_path ((0,)) + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.fcontextEntry.set_text(store.get_value(iter, 0)) + self.fcontextEntry.set_sensitive(False) + scontext = store.get_value(iter, 1) + scon=context(scontext) + self.fcontextTypeEntry.set_text(scon.type) + self.fcontextMLSEntry.set_text(scon.mls) + type=store.get_value(iter, 2) + liststore=self.fcontextFileTypeCombo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != type: + iter = liststore.iter_next(iter) + if iter != None: + self.fcontextFileTypeCombo.set_active_iter(iter) + self.fcontextFileTypeCombo.set_sensitive(False) + + def dialogClear(self): + self.fcontextEntry.set_text("") + self.fcontextEntry.set_sensitive(True) + self.fcontextFileTypeCombo.set_sensitive(True) + self.fcontextTypeEntry.set_text("") + self.fcontextMLSEntry.set_text("s0") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + fspec=store.get_value(iter, 0) + type=store.get_value(iter, 1) + self.fcontext.delete(fspec, type) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + fspec=self.fcontextEntry.get_text().strip() + type=self.fcontextTypeEntry.get_text().strip() + mls=self.fcontextMLSEntry.get_text().strip() + list_model=self.fcontextFileTypeCombo.get_model() + iter = self.fcontextFileTypeCombo.get_active_iter() + ftype=list_model.get_value(iter,0) + + self.fcontext.add(fspec, type, ftype, mls) + + iter=self.store.append() + self.store.set_value(iter, 0, fspec) + self.store.set_value(iter, 2, ftype) + self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) + + def modify(self): + fspec=self.fcontextEntry.get_text().strip() + type=self.fcontextTypeEntry.get_text().strip() + mls=self.fcontextMLSEntry.get_text().strip() + list_model=self.fcontextFileTypeCombo.get_model() + iter = self.fcontextFileTypeCombo.get_active_iter() + ftype=list_model.get_value(iter,0) + self.fcontext.modify(fspec, type, ftype, mls, "") + + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, fspec) + self.store.set_value(iter, 2, ftype) + self.store.set_value(iter, 1, "system_u:object_r:%s:%s" % (type, mls)) diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.0/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/loginsPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,161 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class loginsPage(semanagePage): + def __init__(self, xml): + self.firstTime = False + semanagePage.__init__(self, xml, "logins", _("User Mapping")) + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Login\nName"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 1) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 2) + col.set_resizable(True) + self.view.append_column(col) + self.load() + self.loginsNameEntry = xml.get_widget("loginsNameEntry") + self.loginsSelinuxUserCombo = xml.get_widget("loginsSelinuxUserCombo") + self.loginsMLSEntry = xml.get_widget("loginsMLSEntry") + + def load(self): + self.login = seobject.loginRecords() + dict = self.login.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, 0, k) + self.store.set_value(iter, 1, dict[k][0]) + self.store.set_value(iter, 2, seobject.translate(dict[k][1])) + self.view.get_selection().select_path ((0,)) + + def __dialogSetup(self): + if self.firstTime == True: + return + self.firstTime = True + liststore = gtk.ListStore(gobject.TYPE_STRING) + self.loginsSelinuxUserCombo.set_model(liststore) + cell = gtk.CellRendererText() + self.loginsSelinuxUserCombo.pack_start(cell, True) + self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0) + + selusers = seobject.seluserRecords().get_all() + keys = selusers.keys() + keys.sort() + for k in keys: + if k != "system_u": + self.loginsSelinuxUserCombo.append_text(k) + + iter = liststore.get_iter_first() + while liststore.get_value(iter,0) != "user_u": + iter = liststore.iter_next(iter) + self.loginsSelinuxUserCombo.set_active_iter(iter) + + def dialogInit(self): + self.__dialogSetup() + store, iter = self.view.get_selection().get_selected() + self.loginsNameEntry.set_text(store.get_value(iter, 0)) + self.loginsNameEntry.set_sensitive(False) + + self.loginsMLSEntry.set_text(store.get_value(iter, 2)) + seuser = store.get_value(iter, 1) + liststore = self.loginsSelinuxUserCombo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != seuser: + iter = liststore.iter_next(iter) + if iter != None: + self.loginsSelinuxUserCombo.set_active_iter(iter) + + + def dialogClear(self): + self.__dialogSetup() + self.loginsNameEntry.set_text("") + self.loginsNameEntry.set_sensitive(True) + self.loginsMLSEntry.set_text("s0") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + login=store.get_value(iter, 0) + if login == "root" or login == "__default__": + raise ValueError(_("Login '%s' is required") % login) + + self.login.delete(login) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + target=self.loginsNameEntry.get_text().strip() + serange=self.loginsMLSEntry.get_text().strip() + if serange == "": + serange="s0" + list_model=self.loginsSelinuxUserCombo.get_model() + iter = self.loginsSelinuxUserCombo.get_active_iter() + seuser = list_model.get_value(iter,0) + self.login.add(target, seuser, serange) + iter = self.store.append() + self.store.set_value(iter, 0, target) + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + + def modify(self): + target=self.loginsNameEntry.get_text().strip() + serange=self.loginsMLSEntry.get_text().strip() + if serange == "": + serange = "s0" + list_model = self.loginsSelinuxUserCombo.get_model() + iter = self.loginsSelinuxUserCombo.get_active_iter() + seuser=list_model.get_value(iter,0) + self.login.modify(target, seuser, serange) + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, target) + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.0/gui/Makefile --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/Makefile 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,30 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr +SHAREDIR ?= $(PREFIX)/share/system-config-selinux + +TARGETS= \ +booleansPage.py \ +fcontextPage.py \ +loginsPage.py \ +mappingsPage.py \ +modulesPage.py \ +portsPage.py \ +semanagePage.py \ +statusPage.py \ +system-config-selinux.glade \ +translationsPage.py \ +usersPage.py \ +selinux.tbl + +all: $(TARGETS) system-config-selinux.py + +install: all + -mkdir -p $(SHAREDIR) + install -m 755 system-config-selinux.py $(SHAREDIR) + install -m 644 $(TARGETS) $(SHAREDIR) + +clean: + +indent: + +relabel: diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.0/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/mappingsPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,54 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class loginsPage: + def __init__(self, xml): + self.xml = xml + self.view = xml.get_widget("mappingsView") + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + self.view.set_model(self.store) + self.login = loginRecords() + dict = self.login.get_all() + keys = dict.keys() + keys.sort() + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.0/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/modulesPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,161 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import commands +import libxml2 +import gobject +import sys +import seobject +import selinux +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class modulesPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "modules", _("Policy Module")) + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Module Name"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Version"), gtk.CellRendererText(), text = 1) + self.enable_audit_button = xml.get_widget("enableAuditButton") + self.enable_audit_button.connect("clicked", self.enable_audit) + self.disable_audit_button = xml.get_widget("disableAuditButton") + self.disable_audit_button.connect("clicked", self.disable_audit) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_func(1,self.sort_int, "") + status, self.policy_type = selinux.selinux_getpolicytype() + + self.load() + + def sort_int(self, treemodel, iter1, iter2, user_data): + try: + p1 = int(treemodel.get_value(iter1,1)) + p2 = int(treemodel.get_value(iter1,1)) + if p1 > p2: + return 1 + if p1 == p2: + return 0 + return -1 + except: + return 0 + + def load(self): + self.store.clear() + fd=os.popen("semodule -l") + l = fd.readlines() + fd.close() + for i in l: + module, ver = i.split('\t') + iter = self.store.append() + self.store.set_value(iter, 0, module.strip()) + self.store.set_value(iter, 1, ver.strip()) + + self.view.get_selection().select_path ((0,)) + + def delete(self): + store, iter = self.view.get_selection().get_selected() + module = store.get_value(iter, 0) + try: + status, output =commands.getstatusoutput("semodule -r %s" % module) + if status != 0: + self.error(output) + else: + store.remove(iter) + self.view.get_selection().select_path ((0,)) + + except ValueError, e: + self.error(e.args[0]) + + def enable_audit(self, button): + try: + status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/enableaudit.pp" % self.policy_type) + if status != 0: + self.error(output) + + except ValueError, e: + self.error(e.args[0]) + + def disable_audit(self, button): + try: + status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/base.pp" % self.policy_type) + if status != 0: + self.error(output) + + except ValueError, e: + self.error(e.args[0]) + + def propertiesDialog(self): + # Do nothing + return + + def addDialog(self): + dialog = gtk.FileChooserDialog(_("Load Policy Module"), + None, + gtk.FILE_CHOOSER_ACTION_OPEN, + (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, + gtk.STOCK_OPEN, gtk.RESPONSE_OK)) + dialog.set_default_response(gtk.RESPONSE_OK) + + filter = gtk.FileFilter() + filter.set_name("Policy Files") + filter.add_pattern("*.pp") + dialog.add_filter(filter) + + response = dialog.run() + if response == gtk.RESPONSE_OK: + self.add(dialog.get_filename()) + dialog.destroy() + + def add(self, file): + try: + status, output =commands.getstatusoutput("semodule -i %s" % file) + if status != 0: + self.error(output) + else: + self.load() + + except ValueError, e: + self.error(e.args[0]) + + + + + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.0/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/portsPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,214 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME = "policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +TYPE_COL = 0 +PROTOCOL_COL = 1 +MLS_COL = 2 +PORT_COL = 3 +try: + gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class portsPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "ports", "Network Port") + self.ports_name_entry = xml.get_widget("portsNameEntry") + self.ports_protocol_combo = xml.get_widget("portsProtocolCombo") + self.ports_number_entry = xml.get_widget("portsNumberEntry") + self.ports_mls_entry = xml.get_widget("portsMLSEntry") + self.ports_add_button = xml.get_widget("portsAddButton") + self.ports_properties_button = xml.get_widget("portsPropertiesButton") + self.ports_delete_button = xml.get_widget("portsDeleteButton") + self.ports_group_togglebutton = xml.get_widget("portsGroupTogglebutton") + self.ports_group_togglebutton.connect("toggled", self.group_toggle) + liststore = self.ports_protocol_combo.get_model() + iter = liststore.get_iter_first() + self.ports_protocol_combo.set_active_iter(iter) + self.init_store() + self.edit = True + self.load() + + def init_store(self): + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING , gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("SELinux Port\nType"), gtk.CellRendererText(), text = TYPE_COL) + col.set_sort_column_id(TYPE_COL) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_column_id(TYPE_COL, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("Protocol"), gtk.CellRendererText(), text = PROTOCOL_COL) + col.set_sort_column_id(PROTOCOL_COL) + col.set_resizable(True) + self.view.append_column(col) + + self.mls_col = gtk.TreeViewColumn(_("MLS/MCS\nLevel"), gtk.CellRendererText(), text = MLS_COL) + self.mls_col.set_resizable(True) + self.mls_col.set_sort_column_id(MLS_COL) + self.view.append_column(self.mls_col) + + col = gtk.TreeViewColumn(_("Port"), gtk.CellRendererText(), text = PORT_COL) + col.set_sort_column_id(PORT_COL) + col.set_resizable(True) + self.view.append_column(col) + self.store.set_sort_func(1,self.sort_int, "") + + def group_toggle(self, button): + self.edit = not button.get_active() + self.ports_add_button.set_sensitive(self.edit) + self.ports_properties_button.set_sensitive(self.edit) + self.ports_delete_button.set_sensitive(self.edit) + self.mls_col.set_visible(self.edit) + if self.edit: + self.load() + else: + self.group_load() + + def sort_int(self, treemodel, iter1, iter2, user_data): + try: + p1 = int(treemodel.get_value(iter1,2)) + p2 = int(treemodel.get_value(iter1,2)) + if p1 > p2: + return 1 + if p1 == p2: + return 0 + return -1 + except: + return 0 + + def load(self): + self.port = seobject.portRecords() + dict = self.port.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + if k[0] == k[1]: + self.store.set_value(iter, PORT_COL, k[0]) + else: + rec = "%s-%s" % k + self.store.set_value(iter, PORT_COL, rec) + self.store.set_value(iter, TYPE_COL, dict[k][0]) + self.store.set_value(iter, PROTOCOL_COL, dict[k][1]) + self.store.set_value(iter, MLS_COL, dict[k][2]) + self.view.get_selection().select_path ((0,)) + + def group_load(self): + self.port = seobject.portRecords() + dict = self.port.get_all_by_type() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, TYPE_COL, k[0]) + self.store.set_value(iter, PROTOCOL_COL, k[1]) + self.store.set_value(iter, PORT_COL, ", ".join(dict[k])) + self.store.set_value(iter, MLS_COL, "") + self.view.get_selection().select_path ((0,)) + + def propertiesDialog(self): + if self.edit: + semanagePage.propertiesDialog(self) + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.ports_number_entry.set_text(store.get_value(iter, PORT_COL)) + self.ports_number_entry.set_sensitive(False) + self.ports_protocol_combo.set_sensitive(False) + self.ports_name_entry.set_text(store.get_value(iter, TYPE_COL)) + self.ports_mls_entry.set_text(store.get_value(iter, MLS_COL)) + protocol = store.get_value(iter, PROTOCOL_COL) + liststore = self.ports_protocol_combo.get_model() + iter = liststore.get_iter_first() + while iter != None and liststore.get_value(iter,0) != protocol: + iter = liststore.iter_next(iter) + if iter != None: + self.ports_protocol_combo.set_active_iter(iter) + + def dialogClear(self): + self.ports_number_entry.set_text("") + self.ports_number_entry.set_sensitive(True) + self.ports_protocol_combo.set_sensitive(True) + self.ports_name_entry.set_text("") + self.ports_mls_entry.set_text("s0") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + port = store.get_value(iter, PORT_COL) + protocol = store.get_value(iter, 1) + try: + self.port.delete(port, protocol) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + target = self.ports_name_entry.get_text().strip() + mls = self.ports_mls_entry.get_text().strip() + port_number = self.ports_number_entry.get_text().strip() + if port_number == "": + port_number = "1" + list_model = self.ports_protocol_combo.get_model() + iter = self.ports_protocol_combo.get_active_iter() + protocol = list_model.get_value(iter,0) + self.port.add(port_number, protocol, mls, target) + iter = self.store.append() + self.store.set_value(iter, TYPE_COL, target) + self.store.set_value(iter, PORT_COL, port_number) + self.store.set_value(iter, PROTOCOL_COL, protocol) + self.store.set_value(iter, MLS_COL, mls) + + def modify(self): + target = self.ports_name_entry.get_text().strip() + mls = self.ports_mls_entry.get_text().strip() + port_number = self.ports_number_entry.get_text().strip() + list_model = self.ports_protocol_combo.get_model() + iter = self.ports_protocol_combo.get_active_iter() + protocol = list_model.get_value(iter,0) + self.port.modify(port_number, protocol, mls, target) + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, TYPE_COL, target) + self.store.set_value(iter, PORT_COL, port_number) + self.store.set_value(iter, PROTOCOL_COL, protocol) + self.store.set_value(iter, MLS_COL, mls) + + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.0/gui/selinux.tbl --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/selinux.tbl 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,265 @@ +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow") +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /.") +allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys.") +allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") +allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla") +allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t") +allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla") +allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t") +allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services.") +allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services.") +allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack") +allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory.") +allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t") +allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam.") +allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t") +allow_java_execstack _("Memory Protection") _("Allow java executable stack") +allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files") +allow_mount_anyfile _("Mount") _("Allow mount to mount any file") +allow_mounton_anydir _("Mount") _("Allow mount to mount any dir") +allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack") +allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services.") +allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support.") +allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications) +allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t") +allow_saslauthd_read_shadow _("sasl authentication server") _("Allow sasl authentication server to read /etc/shadow") +allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t") +allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign") +allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem") +allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket") +allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket") +allow_write_xshm _("XServer") _("Allow clients to write to X shared memory") +allow_ypbind _("NIS") _("Allow daemons to run with NIS") +allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files") +amanda_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amanda") +amavis_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amavis") +apmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for apmd daemon") +arpwatch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for arpwatch daemon") +auditd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for auditd daemon") +automount_disable_trans _("Mount") _("Disable SELinux protection for automount daemon") +avahi_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for avahi") +bluetooth_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for bluetooth daemon") +canna_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for canna daemon") +cardmgr_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cardmgr daemon") +ccs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Cluster Server") +cdrecord_read_content _("User Privs") _("Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files") +ciped_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ciped daemon") +clamd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamd daemon") +clamscan_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamscan") +clvmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clvmd") +comsat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for comsat daemon") +courier_authdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") +courier_pcp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") +courier_pop_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") +courier_sqwebmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") +courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") +cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon") +cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon") +cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts.") +crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon") +cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server") +cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon") +cupsd_lpd_disable_trans _("Printing") _("Disable SELinux protection for cupsd_lpd") +cvs_disable_trans _("CVS") _("Disable SELinux protection for cvs daemon") +cyrus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cyrus daemon") +dbskkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbskkd daemon") +dbusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbusd daemon") +dccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccd") +dccifd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccifd") +dccm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccm") +ddt_client_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ddt daemon") +devfsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for devfsd daemon") +dhcpc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpc daemon") +dhcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpd daemon") +dictd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dictd daemon") +direct_sysadm_daemon _("Admin") _("Allow sysadm_t to directly start daemons") +disable_evolution_trans _("Web Applications") _("Disable SELinux protection for Evolution") +disable_games_trans _("Games") _("Disable SELinux protection for games") +disable_mozilla_trans _("Web Applications") _("Disable SELinux protection for the web browsers") +disable_thunderbird_trans _("Web Applications") _("Disable SELinux protection for Thunderbird") +distccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for distccd daemon") +dmesg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dmesg daemon") +dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon") +dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon") +entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon") +fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron.") +fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail") +fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon") +freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon") +fsdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fsdaemon daemon") +ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon") +ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd") +ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories") +global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom.") +gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon") +gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon") +hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon") +hide_broken_symptoms _("Compatibility") _("Do not audit things that we know to be broken but which are not security risks") +hostname_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hostname daemon") +hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon") +howl_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for howl daemon") +hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon") +httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting") +httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases.") +httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network.") +httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay.") +httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon") +httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support") +httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server") +httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories") +httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs") +httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts.") +httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec") +httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates.") +httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files.") +hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon") +i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon") +imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon") +inetd_child_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd child daemons") +inetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd daemon") +innd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for innd daemon") +iptables_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iptables daemon") +ircd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ircd daemon") +irqbalance_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for irqbalance daemon") +iscsid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iscsi daemon") +jabberd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for jabberd daemon") +kadmind_disable_trans _("Kerberos") _("Disable SELinux protection for kadmind daemon") +klogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for klogd daemon") +krb5kdc_disable_trans _("Kerberos") _("Disable SELinux protection for krb5kdc daemon") +ktalkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ktalk daemons") +kudzu_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for kudzu daemon") +locate_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for locate daemon") +lpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lpd daemon") +lrrd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lrrd daemon") +lvm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lvm daemon") +mailman_mail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mailman") +mail_read_content _("Web Applications") _("Allow evolution and thunderbird to read user files") +mdadm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mdadm daemon") +monopd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for monopd daemon") +mozilla_read_content _("Web Applications") _("Allow the mozilla browser to read user files") +mrtg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mrtg daemon") +mysqld_disable_trans _("Databases") _("Disable SELinux protection for mysqld daemon") +nagios_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nagios daemon") +named_disable_trans _("Name Service") _("Disable SELinux protection for named daemon") +named_write_master_zones _("Name Service") _("Allow named to overwrite master zone files") +nessusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nessusd daemon") +NetworkManager_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for NetworkManager") +nfsd_disable_trans _("NFS") _("Disable SELinux protection for nfsd daemon") +nfs_export_all_ro _("NFS") _("Allow the reading on any NFS file system") +nfs_export_all_rw _("NFS") _("Allow the read/write/create on any NFS file system") +nmbd_disable_trans _("Samba") _("Disable SELinux protection for nmbd daemon") +nrpe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nrpe daemon") +nscd_disable_trans _("Name Service") _("Disable SELinux protection for nscd daemon") +nsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nsd daemon") +ntpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ntpd daemon") +oddjob_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob") +oddjob_mkhomedir_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob_mkhomedir") +openvpn_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for openvpn daemon") +pam_console_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pam daemon") +pegasus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pegasus") +perdition_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for perdition daemon") +portmap_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portmap daemon") +portslave_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portslave daemon") +postfix_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for postfix") +postgresql_disable_trans _("Databases") _("Disable SELinux protection for postgresql daemon") +pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel") +pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon") +pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon") +pppd_for_user _("pppd") _("Allow pppd to be run for a regular user.") +pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp") +prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon") +privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon") +ptal_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ptal daemon") +pxe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pxe daemon") +pyzord_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pyzord") +quota_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for quota daemon") +radiusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radiusd daemon") +radvd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radvd daemon") +rdisc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rdisc") +readahead_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for readahead") +read_default_t _("Admin") _("Allow programs to read files in non-standard locations (default_t)") +read_untrusted_content _("Web Applications") _("Allow programs to read untrusted content without relabel") +restorecond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for restorecond") +rhgb_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rhgb daemon") +ricci_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci") +ricci_modclusterd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci_modclusterd") +rlogind_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rlogind daemon") +rpcd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rpcd daemon") +rshd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rshd") +rsync_disable_trans _("rsync") _("Disable SELinux protection for rsync daemon") +run_ssh_inetd _("SSH") _("Allow ssh to run from inetd instead of as a daemon") +samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories") +samba_share_nfs _("Samba") _("Allow Samba to share nfs directories") +saslauthd_disable_trans _("sasl authentications server") _("Disable SELinux protection for saslauthd daemon") +scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon") +secure_mode _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected") +secure_mode_insmod _("Admin") _("Do not allow any processes to load kernel modules") +secure_mode_policyload _("Admin") _("Do not allow any processes to modify kernel SELinux policy") +sendmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sendmail daemon") +setrans_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setrans") +setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroublesoot daemon") +slapd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slapd daemon") +slrnpull_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slrnpull daemon") +smbd_disable_trans _("Samba") _("Disable SELinux protection for smbd daemon") +snmpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snmpd daemon") +snort_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snort daemon") +soundd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for soundd daemon") +sound_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sound daemon") +spamassasin_can_network _("Spam Assassin") _("Allow Spam Assasin daemon network access") +spamd_disable_trans _("spam Protection") _("Disable SELinux protection for spamd daemon") +spamd_enable_home_dirs _("spam Protection") _("Allow spamd to access home directories") +spammassasin_can_network _("spam Protection") _("Allow spammassasin to access the network") +speedmgmt_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for speedmgmt daemon") +squid_connect_any _("Squid") _("Allow squid daemon to connect to the network") +squid_disable_trans _("Squid") _("Disable SELinux protection for squid daemon") +ssh_keygen_disable_trans _("SSH") _("Disable SELinux protection for ssh daemon") +ssh_sysadm_login _("SSH") _("Allow ssh logins as sysadm_r:sysadm_t") +staff_read_sysadm_file _("Admin") _("Allow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)") +stunnel_disable_trans _("Universal SSL tunnel") _("Disable SELinux protection for stunnel daemon") +stunnel_is_daemon _("Universal SSL tunnel") _("Allow stunnel daemon to run as standalone, outside of xinetd") +swat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for swat daemon") +sxid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sxid daemon") +syslogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for syslogd daemon") +system_crond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for system cron jobs") +tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tcp daemon") +telnetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for telnet daemon") +tftpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tftpd daemon") +transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon") +udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon") +uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon") +unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined.") +unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined.") +unlimitedRPM _("Admin") _("Allow rpm to run unconfined.") +unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined.") +updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon") +uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon") +use_lpd_server _("Printing") _("Use lpd server instead of cups") +use_nfs_home_dirs _("NFS") _("Support NFS home directories") +user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so.") +user_can_mount _("Mount") _("Allow users to execute the mount command") +user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)") +user_dmesg _("User Privs") _("Allow users to run the dmesg command") +user_net_control _("User Privs") _("Allow users to control network interfaces (also needs USERCTL=true)") +user_ping _("User Privs") _("Allow normal user to execute ping") +user_rw_noexattrfile _("User Privs") _("Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)") +user_rw_usb _("User Privs") _("Allow users to rw usb devices") +user_tcp_server _("User Privs") _("Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols") +user_ttyfile_stat _("User Privs") _("Allow user to stat ttyfiles") +use_samba_home_dirs _("Samba") _("Allow users to login with CIFS home directories") +uucpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uucpd daemon") +vmware_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for vmware daemon") +watchdog_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for watchdog daemon") +winbind_disable_trans _("Samba") _("Disable SELinux protection for winbind daemon") +write_untrusted_content _("Web Applications") _("Allow web applications to write untrusted content to disk (implies read)") +xdm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xdm daemon") +xdm_sysadm_login _("XServer") _("Allow xdm logins as sysadm_r:sysadm_t") +xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon") +xen_use_raw_disk _("XEN") _("Allow xen to read/write physical disk devices") +xfs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xfs daemon") +xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen constrol") +ypbind_disable_trans _("NIS") _("Disable SELinux protection for ypbind daemon") +yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon") +ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon") +ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon") +zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon") diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.0/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/semanagePage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,109 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class semanagePage: + def __init__(self, xml, name, description): + self.xml = xml + self.view = xml.get_widget("%sView" % name) + self.dialog = xml.get_widget("%sDialog" % name) + self.view.connect("row_activated", self.rowActivated) + self.view.get_selection().connect("changed", self.itemSelected) + self.description = description; + + def get_description(self): + return self.description + + def itemSelected(self, args): + return + + def rowActivated(self, view, row, Column): + self.propertiesDialog() + + def verify(self, message, title="" ): + dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, + gtk.BUTTONS_YES_NO, + message) + dlg.set_title(title) + dlg.set_position(gtk.WIN_POS_MOUSE) + dlg.show_all() + rc = dlg.run() + dlg.destroy() + return rc + + def error(self, message): + dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, + gtk.BUTTONS_CLOSE, + message) + dlg.set_position(gtk.WIN_POS_MOUSE) + dlg.show_all() + dlg.run() + dlg.destroy() + + def deleteDialog(self): + store, iter = self.view.get_selection().get_selected() + if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(iter, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES: + self.delete() + + def addDialog(self): + self.dialogClear() + self.dialog.set_title(_("Add %s" % self.description)) + self.dialog.set_position(gtk.WIN_POS_MOUSE) + + while self.dialog.run() == gtk.RESPONSE_OK: + try: + self.add() + break; + except ValueError, e: + self.error(e.args[0]) + self.dialog.hide() + + def propertiesDialog(self): + self.dialogInit() + self.dialog.set_title(_("Modify %s" % self.description)) + self.dialog.set_position(gtk.WIN_POS_MOUSE) + while self.dialog.run() == gtk.RESPONSE_OK: + try: + self.modify() + break; + except ValueError, e: + self.error(e.args[0]) + self.dialog.hide() + + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.0/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/statusPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,213 @@ +## statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import tempfile + +INSTALLPATH = '/usr/share/system-config-selinux' +sys.path.append(INSTALLPATH) + +rhplPath = "/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) +if not rhplPath in sys.path: + sys.path.append(rhplPath) + +rhplPath = "/usr/lib64/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1]) +if not rhplPath in sys.path: + sys.path.append(rhplPath) + +from Conf import * +import commands +ENFORCING = 0 +PERMISSIVE = 1 +DISABLED = 2 +modearray = ( "enforcing", "permissive", "disabled" ) + +SELINUXDIR = "/etc/selinux/" +RELABELFILE = "/.autorelabel" + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +import selinux +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class statusPage: + def __init__(self, xml): + self.xml = xml + self.needRelabel = False + + self.type = selinux.selinux_getpolicytype() + # Bring in widgets from glade file. + self.typeHBox = xml.get_widget("typeHBox") + self.selinuxTypeOptionMenu = xml.get_widget("selinuxTypeOptionMenu") + self.typeLabel = xml.get_widget("typeLabel") + self.enabledOptionMenu = xml.get_widget("enabledOptionMenu") + self.currentOptionMenu = xml.get_widget("currentOptionMenu") + self.relabel_checkbutton = xml.get_widget("relabelCheckbutton") + self.relabel_checkbutton.set_active(self.is_relabel()) + self.relabel_checkbutton.connect("toggled", self.on_relabel_toggle) + if self.get_current_mode() == ENFORCING or self.get_current_mode() == PERMISSIVE: + self.currentOptionMenu.append_text(_("Enforcing")) + self.currentOptionMenu.append_text(_("Permissive")) + self.currentOptionMenu.set_active(self.get_current_mode()) + self.currentOptionMenu.connect("changed", self.set_current_mode) + self.currentOptionMenu.set_sensitive(True) + else: + self.currentOptionMenu.append_text(_("Disabled")) + self.currentOptionMenu.set_sensitive(False) + + + if self.read_selinux_config() == None: + self.selinuxsupport = False + else: + self.enabledOptionMenu.connect("changed", self.enabled_changed) + # + # This line must come after read_selinux_config + # + self.selinuxTypeOptionMenu.connect("changed", self.typemenu_changed) + + self.typeLabel.set_mnemonic_widget(self.selinuxTypeOptionMenu) + + def get_description(self): + return _("Status") + + def get_current_mode(self): + if selinux.is_selinux_enabled(): + if selinux.security_getenforce() > 0: + return ENFORCING + else: + return PERMISSIVE + else: + return DISABLED + + def set_current_mode(self,menu): + selinux.security_setenforce(menu.get_active() == 0) + + def is_relabel(self): + return os.access(RELABELFILE, os.F_OK) != 0 + + def on_relabel_toggle(self,button): + if button.get_active(): + fd = open(RELABELFILE,"w") + fd.close() + else: + if os.access(RELABELFILE, os.F_OK) != 0: + os.unlink(RELABELFILE) + + def verify(self, message): + dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, + gtk.BUTTONS_YES_NO, + message) + dlg.set_position(gtk.WIN_POS_MOUSE) + dlg.show_all() + rc = dlg.run() + dlg.destroy() + return rc + + def typemenu_changed(self, menu): + type = self.get_type() + enabled = self.enabledOptionMenu.get_active() + if self.initialtype != type: + if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: + menu.set_active(self.typeHistory) + return None + + self.relabel_checkbutton.set_active(True) + self.conf["SELINUX"] = modearray[enabled] + self.conf["SELINUXTYPE"]=type + self.conf.write() + self.typeHistory = menu.get_active() + + def enabled_changed(self, combo): + enabled = combo.get_active() + type = self.get_type() + + if self.initEnabled == DISABLED and enabled < 2: + if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: + return None + + self.relabel_checkbutton.set_active(True) + + self.conf["SELINUX"] = modearray[enabled] + self.conf["SELINUXTYPE"]=type + self.conf.write() + + def read_selinux_config(self): + self.initialtype = "targeted" + self.initEnabled = DISABLED + self.types = [] + if os.access(SELINUXDIR, os.F_OK) == 0: + #File doesn't exist. return + return None + + self.conf = ConfShellVar(SELINUXDIR+"config") + self.conf.rcs = 1 + if self.conf.has_key("SELINUX"): + value = self.conf.vars["SELINUX"].upper().strip() + else: + value = "ENFORCING" + self.conf.vars["SELINUX"] = value + + if value == "ENFORCING": + self.initEnabled = ENFORCING + self.enabledOptionMenu.set_active(ENFORCING) + elif value == "PERMISSIVE": + self.initEnabled = PERMISSIVE + self.enabledOptionMenu.set_active(PERMISSIVE) + elif value == "DISABLED": + self.initEnabled = DISABLED + self.enabledOptionMenu.set_active(DISABLED) + + if self.conf.has_key("SELINUXTYPE"): + self.initialtype = self.conf.vars["SELINUXTYPE"].strip() + else: + self.conf.vars["SELINUXTYPE"] = self.initialtype + + n = 0 + current = n + + for i in os.listdir(SELINUXDIR): + if os.path.isdir(SELINUXDIR+i) and os.path.isdir(SELINUXDIR+i+"/policy"): + self.types.append(i) + self.selinuxTypeOptionMenu.append_text(i) + if i == self.initialtype: + current = n + n = n+1 + self.selinuxTypeOptionMenu.set_active(current) + self.typeHistory = current + + return 0 + + def get_type(self): + return self.types[self.selinuxTypeOptionMenu.get_active()] + + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.0/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/system-config-selinux.glade 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,2803 @@ + + + + + + + + + False + system-config-selinux + Copyright (c)2006 Red Hat, Inc. +Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com> + False + Daniel Walsh <dwalsh@redhat.com> + + translator-credits + system-config-selinux.png + + + + Add SELinux Login Mapping + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 3 + 2 + False + 4 + 6 + + + + True + Login Name + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + SELinux User + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + MLS/MCS Range + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux Network Ports + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 4 + 2 + False + 4 + 6 + + + + True + Port Number + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Protocol + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + SELinux Type + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + tcp +udp + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + + True + MLS/MCS +Level + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 3 + 4 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 3 + 4 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux Login Mapping + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 2 + 2 + False + 4 + 6 + + + + True + SELinux MLS/MCS +Level + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Translation + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 1 + 2 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux Login Mapping + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 4 + 2 + False + 4 + 6 + + + + True + File Specification + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + File Type + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + SELinux Type + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + all files +regular file +directory +character device +block device +socket +symbolic link +named pipe + + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + + True + MLS + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 3 + 4 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 3 + 4 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + Add SELinux User + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + True + False + False + GDK_WINDOW_TYPE_HINT_DIALOG + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + False + 0 + + + + True + GTK_BUTTONBOX_END + + + + True + True + True + gtk-cancel + True + GTK_RELIEF_NORMAL + True + -6 + + + + + + True + True + True + gtk-ok + True + GTK_RELIEF_NORMAL + True + -5 + + + + + 0 + False + True + GTK_PACK_END + + + + + + True + False + 0 + + + + True + 5 + 2 + False + 4 + 6 + + + + True + SELinux User + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Label Prefix + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + MLS/MCS Range + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 3 + 4 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 3 + 4 + + + + + + + True + MLS/MCS Level + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 2 + 3 + + + + + + + True + SELinux Roles + False + False + GTK_JUSTIFY_LEFT + False + False + 0 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 4 + 5 + fill + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 4 + 5 + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 0 + 1 + + + + + + + True + True + True + True + 0 + + True + * + False + + + 1 + 2 + 1 + 2 + + + + + + 5 + True + True + + + + + 0 + True + True + + + + + + + + 800 + 500 + GTK_WINDOW_TOPLEVEL + GTK_WIN_POS_NONE + False + True + False + system-config-selinux.png + True + False + False + GDK_WINDOW_TYPE_HINT_NORMAL + GDK_GRAVITY_NORTH_WEST + True + False + True + + + + True + True + + + + True + GTK_SHADOW_NONE + + + + True + GTK_PACK_DIRECTION_LTR + GTK_PACK_DIRECTION_LTR + + + + True + GNOMEUIINFO_MENU_FILE_TREE + + + + + + + True + GNOMEUIINFO_MENU_EXIT_ITEM + + + + + + + + + + + True + GNOMEUIINFO_MENU_HELP_TREE + + + + + + + True + GNOMEUIINFO_MENU_ABOUT_ITEM + + + + + + + + + + + + BONOBO_DOCK_TOP + 0 + 0 + 0 + BONOBO_DOCK_ITEM_BEH_EXCLUSIVE|BONOBO_DOCK_ITEM_BEH_NEVER_VERTICAL|BONOBO_DOCK_ITEM_BEH_LOCKED + + + + + + True + True + 0 + + + + 5 + True + 0 + 0.5 + GTK_SHADOW_NONE + + + + True + 0.5 + 0.5 + 1 + 1 + 0 + 0 + 12 + 0 + + + + True + Select Managment Object + True + False + False + False + True + False + False + False + + + + + + + + True + <b>Select:</b> + False + True + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + label_item + + + + + False + True + + + + + + True + False + True + GTK_POS_TOP + False + False + + + + True + False + 0 + + + + True + 4 + 2 + False + 5 + 5 + + + + True + System Default Enforcing Mode + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 0 + 1 + fill + + + + + + + True + Enforcing +Permissive +Disabled + + False + True + + + 1 + 2 + 0 + 1 + fill + + + + + + True + Current Enforcing Mode + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 1 + 2 + fill + + + + + + + True + + False + True + + + 1 + 2 + 1 + 2 + fill + fill + + + + + + True + System Default Policy Type: + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + 1 + 2 + 3 + fill + + + + + + + True + + False + True + + + 1 + 2 + 2 + 3 + fill + fill + + + + + + True + Select if you wish to relabel then entire file system on next reboot. Relabeling can take a very long time, depending on the size of the system. If you are changing policy types or going from disabled to enforing, a relabel is required. + True + GTK_RELIEF_NORMAL + True + False + False + True + + + + True + 0.5 + 0.5 + 0 + 0 + 0 + 0 + 0 + 0 + + + + True + False + 2 + + + + True + gtk-refresh + 4 + 0.5 + 0.5 + 0 + 0 + + + 0 + False + False + + + + + + True + Relabel on next reboot. + True + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + False + False + + + + + + + + + 0 + 2 + 3 + 4 + fill + fill + + + + + 0 + True + True + + + + + False + True + + + + + + True + label37 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + False + False + False + True + False + False + False + + + + + False + True + + + + + + True + label50 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add File Context + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify File Context + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete File Context + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label38 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add SELinux User Mapping + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify SELinux User Mapping + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete SELinux User Mapping + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label39 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add Translation + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify Translation + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete Translation + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label41 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Add SELinux User + gtk-add + True + True + False + + + + False + True + + + + + + True + Modify SELinux User + gtk-properties + True + True + False + + + + False + True + + + + + + True + Add SELinux User + gtk-delete + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label40 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + False + True + + + + True + Add Network Port + gtk-add + True + True + False + + + + False + True + + + + + + True + Edit Network Port + gtk-properties + True + True + False + + + + False + True + + + + + + True + Delete Network Port + gtk-delete + True + True + False + + + + False + True + + + + + + True + True + True + False + + + + 32 + True + + + + + False + False + + + + + + True + True + True + False + + + + True + Group/ungroup network ports by SELinux type. + True + GTK_RELIEF_NORMAL + True + False + False + + + + + True + 0.5 + 0.5 + 0 + 0 + 0 + 0 + 0 + 0 + + + + True + False + 2 + + + + True + gtk-indent + 4 + 0.5 + 0.5 + 0 + 0 + + + 0 + False + False + + + + + + True + Group View + True + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + 0 + False + False + + + + + + + + + + + False + False + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label42 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + + True + False + 0 + + + + True + GTK_ORIENTATION_HORIZONTAL + GTK_TOOLBAR_BOTH + True + True + + + + True + Load policy module + gtk-add + True + True + False + + + + False + True + + + + + + True + Remove loadable policy module + gtk-remove + True + True + False + + + + False + True + + + + + + True + True + True + False + + + + 10 + True + + + + + False + False + + + + + + True + Enable additional audit rules, that are normally not reported in the log files. + Enable Audit + True + gtk-zoom-in + True + True + False + + + + False + True + + + + + + True + Disable additional audit rules, that are normally not reported in the log files. + Disable Audit + True + gtk-zoom-out + True + True + False + + + + False + True + + + + + 0 + False + False + + + + + + True + True + GTK_POLICY_ALWAYS + GTK_POLICY_ALWAYS + GTK_SHADOW_NONE + GTK_CORNER_TOP_LEFT + + + + True + True + True + False + False + True + False + False + False + + + + + 0 + True + True + + + + + False + True + + + + + + True + label44 + False + False + GTK_JUSTIFY_LEFT + False + False + 0.5 + 0.5 + 0 + 0 + PANGO_ELLIPSIZE_NONE + -1 + False + 0 + + + tab + + + + + True + True + + + + + + + 0 + True + True + + + + + + True + True + True + + + 0 + True + True + + + + + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.0/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/system-config-selinux.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,156 @@ +#!/usr/bin/python +# +# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux +# +# Dan Walsh +# +# Copyright 2006 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +import signal +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import gnome +import sys +import statusPage +import booleansPage +import loginsPage +import usersPage +import portsPage +import modulesPage +import fcontextPage +import translationsPage +## +## I18N +## +PROGNAME="system-config-selinux" + +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +gnome.program_init("SELinux Management Tool", "5") + +version = "1.0" + +sys.path.append('/usr/share/system-config-selinux') + + + +## +## Pull in the Glade file +## +if os.access("system-config-selinux.glade", os.F_OK): + xml = gtk.glade.XML ("system-config-selinux.glade", domain=PROGNAME) +else: + xml = gtk.glade.XML ("/usr/share/system-config-selinux/system-config-selinux.glade", domain=PROGNAME) + +class childWindow: + def __init__(self): + self.tabs=[] + self.xml = xml + xml.signal_connect("on_quit_activate", self.destroy) + xml.signal_connect("on_delete_clicked", self.delete) + xml.signal_connect("on_add_clicked", self.add) + xml.signal_connect("on_properties_clicked", self.properties) + self.add_page(statusPage.statusPage(xml)) + self.add_page(booleansPage.booleansPage(xml)) + self.add_page(fcontextPage.fcontextPage(xml)) + self.add_page(loginsPage.loginsPage(xml)) + self.add_page(usersPage.usersPage(xml)) + self.add_page(translationsPage.translationsPage(xml)) + self.add_page(portsPage.portsPage(xml)) + self.add_page(modulesPage.modulesPage(xml)) # modules + + xml.signal_connect("on_quit_activate", self.destroy) + xml.signal_connect("on_policy_activate", self.policy) + xml.signal_connect("on_logging_activate", self.logging) + xml.signal_connect("on_about_activate", self.on_about_activate) + + def add_page(self, page): + self.tabs.append(page) + + def policy(self, args): + os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/semanagegui.py") + def logging(self, args): + os.spawnl(os.P_NOWAIT, "/usr/bin/seaudit") + + def delete(self, args): + self.tabs[self.notebook.get_current_page()].deleteDialog() + + def add(self, args): + self.tabs[self.notebook.get_current_page()].addDialog() + + def properties(self, args): + self.tabs[self.notebook.get_current_page()].propertiesDialog() + + def on_about_activate(self, args): + dlg = xml.get_widget ("aboutWindow") + dlg.run () + dlg.hide () + + def destroy(self, args): + gtk.main_quit() + + def itemSelected(self, selection): + store, rows = selection.get_selected_rows() + if store != None and len(rows) > 0: + self.notebook.set_current_page(rows[0][0]) + else: + self.notebook.set_current_page(0) + + + def setupScreen(self): + # Bring in widgets from glade file. + self.mainWindow = self.xml.get_widget("mainWindow") + self.notebook = self.xml.get_widget("notebook") + self.view = self.xml.get_widget("selectView") + self.view.get_selection().connect("changed", self.itemSelected) + self.store = gtk.ListStore(gobject.TYPE_STRING) + self.view.set_model(self.store) + col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) + col.set_resizable(True) + self.view.append_column(col) + + for page in self.tabs: + iter = self.store.append() + self.store.set_value(iter, 0, page.get_description()) + self.view.get_selection().select_path ((0,)) + + def stand_alone(self): + desktopName = _("Configue SELinux") + + self.setupScreen() + + self.mainWindow.connect("destroy", self.destroy) + + self.mainWindow.show_all() + gtk.main() + +if __name__ == "__main__": + signal.signal (signal.SIGINT, signal.SIG_DFL) + + app = childWindow() + app.stand_alone() diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.0/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/translationsPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,109 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class translationsPage(semanagePage): + def __init__(self, xml): + self.firstTime = False + semanagePage.__init__(self, xml, "translations", _("Translation")) + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + col = gtk.TreeViewColumn(_("Sensitvity Level"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("Translation"), gtk.CellRendererText(), text = 1) + col.set_sort_column_id(1) + col.set_resizable(True) + self.view.append_column(col) + + self.load() + self.translationsLevelEntry = xml.get_widget("translationsLevelEntry") + self.translationsEntry = xml.get_widget("translationsEntry") + + def load(self): + self.translation = seobject.setransRecords() + dict = self.translation.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, 0, k) + self.store.set_value(iter, 1, dict[k]) + self.view.get_selection().select_path ((0,)) + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.translationsLevelEntry.set_text(store.get_value(iter, 0)) + self.translationsLevelEntry.set_sensitive(False) + self.translationsEntry.set_text(store.get_value(iter, 1)) + + def dialogClear(self): + self.translationsLevelEntry.set_text("") + self.translationsLevelEntry.set_sensitive(True) + self.translationsEntry.set_text("") + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + level = store.get_value(iter, 0) + self.translation.delete(level) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + + def add(self): + level = self.translationsLevelEntry.get_text().strip() + translation = self.translationsEntry.get_text().strip() + self.translation.add(level, translation) + iter = self.store.append() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) + + def modify(self): + level = self.translationsLevelEntry.get_text().strip() + translation = self.translationsEntry.get_text().strip() + self.translation.modify(level, translation) + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.0/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-2.0.0/gui/usersPage.py 2007-02-07 16:40:46.000000000 -0500 @@ -0,0 +1,155 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. + +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +## Author: Dan Walsh +import string +import gtk +import gtk.glade +import os +import libxml2 +import gobject +import sys +import seobject +from semanagePage import *; + +## +## I18N +## +PROGNAME="policycoreutils" +import gettext +gettext.bindtextdomain(PROGNAME, "/usr/share/locale") +gettext.textdomain(PROGNAME) +try: + gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +class usersPage(semanagePage): + def __init__(self, xml): + semanagePage.__init__(self, xml, "users", "SELinux User") + self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) + self.view.set_model(self.store) + self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) + + col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 0) + col.set_sort_column_id(0) + col.set_resizable(True) + self.view.append_column(col) + + col = gtk.TreeViewColumn(_("Labeling\nPrefix"), gtk.CellRendererText(), text = 1) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("MLS/\nMCS Level"), gtk.CellRendererText(), text = 2) + col.set_resizable(True) + self.view.append_column(col) + col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 3) + col.set_resizable(True) + self.view.append_column(col) + + col = gtk.TreeViewColumn(_("SELinux Roles"), gtk.CellRendererText(), text = 4) + col.set_resizable(True) + self.view.append_column(col) + + self.load() + self.selinuxUserEntry = xml.get_widget("selinuxUserEntry") + self.labelPrefixEntry = xml.get_widget("labelPrefixEntry") + self.mlsLevelEntry = xml.get_widget("mlsLevelEntry") + self.mlsRangeEntry = xml.get_widget("mlsRangeEntry") + self.selinuxRolesEntry = xml.get_widget("selinuxRolesEntry") + + def load(self): + self.user = seobject.seluserRecords() + dict = self.user.get_all() + keys = dict.keys() + keys.sort() + self.store.clear() + for k in keys: + iter = self.store.append() + self.store.set_value(iter, 0, k) + self.store.set_value(iter, 1, dict[k][0]) + self.store.set_value(iter, 2, seobject.translate(dict[k][1])) + self.store.set_value(iter, 3, seobject.translate(dict[k][2])) + self.store.set_value(iter, 4, dict[k][3]) + self.view.get_selection().select_path ((0,)) + + def delete(self): + if semanagePage.delete(self) == gtk.RESPONSE_NO: + return None + + def dialogInit(self): + store, iter = self.view.get_selection().get_selected() + self.selinuxUserEntry.set_text(store.get_value(iter, 0)) + self.selinuxUserEntry.set_sensitive(False) + self.labelPrefixEntry.set_text(store.get_value(iter, 1)) + self.mlsLevelEntry.set_text(store.get_value(iter, 2)) + self.mlsRangeEntry.set_text(store.get_value(iter, 3)) + self.selinuxRolesEntry.set_text(store.get_value(iter, 4)) + protocol=store.get_value(iter, 2) + + def dialogClear(self): + self.selinuxUserEntry.set_text("") + self.selinuxUserEntry.set_sensitive(True) + self.labelPrefixEntry.set_text("") + self.mlsLevelEntry.set_text("s0") + self.mlsRangeEntry.set_text("s0") + self.selinuxRolesEntry.set_text("") + + def add(self): + user = self.selinuxUserEntry.get_text() + prefix = self.labelPrefixEntry.get_text() + level = self.mlsLevelEntry.get_text() + range = self.mlsRangeEntry.get_text() + roles = self.selinuxRolesEntry.get_text() + + self.user.add(user, roles.split(), level, range, prefix) + iter = self.store.append() + self.store.set_value(iter, 0, user) + self.store.set_value(iter, 1, prefix) + self.store.set_value(iter, 2, level) + self.store.set_value(iter, 3, range) + self.store.set_value(iter, 4, roles) + + def modify(self): + user = self.selinuxUserEntry.get_text() + prefix = self.labelPrefixEntry.get_text() + level = self.mlsLevelEntry.get_text() + range = self.mlsRangeEntry.get_text() + roles = self.selinuxRolesEntry.get_text() + + self.user.modify(user, roles.split(), level, range, prefix) + store, iter = self.view.get_selection().get_selected() + iter = self.store.append() + self.store.set_value(iter, 0, user) + self.store.set_value(iter, 1, prefix) + self.store.set_value(iter, 2, level) + self.store.set_value(iter, 3, range) + self.store.set_value(iter, 4, roles) + + def delete(self): + store, iter = self.view.get_selection().get_selected() + try: + user=store.get_value(iter, 0) + if user == "root" or user == "user_u": + raise ValueError(_("SELinux user '%s' is required") % user) + + self.user.delete(user) + store.remove(iter) + self.view.get_selection().select_path ((0,)) + except ValueError, e: + self.error(e.args[0]) + diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.0/Makefile --- nsapolicycoreutils/Makefile 2006-11-16 17:15:00.000000000 -0500 +++ policycoreutils-2.0.0/Makefile 2007-02-07 16:40:46.000000000 -0500 @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui all install relabel clean indent: @for subdir in $(SUBDIRS); do \ diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.0/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2006-11-16 17:14:28.000000000 -0500 +++ policycoreutils-2.0.0/restorecond/restorecond.c 2007-02-07 16:40:46.000000000 -0500 @@ -210,9 +210,10 @@ } if (fsetfilecon(fd, scontext) < 0) { - syslog(LOG_ERR, - "set context %s->%s failed:'%s'\n", - filename, scontext, strerror(errno)); + if (errno != EOPNOTSUPP) + syslog(LOG_ERR, + "set context %s->%s failed:'%s'\n", + filename, scontext, strerror(errno)); if (retcontext >= 0) free(prev_context); free(scontext); @@ -225,8 +226,9 @@ if (retcontext >= 0) free(prev_context); } else { - syslog(LOG_ERR, "get context on %s failed: '%s'\n", - filename, strerror(errno)); + if (errno != EOPNOTSUPP) + syslog(LOG_ERR, "get context on %s failed: '%s'\n", + filename, strerror(errno)); } free(scontext); close(fd); diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.0/restorecond/restorecond.conf --- nsapolicycoreutils/restorecond/restorecond.conf 2006-11-20 12:19:55.000000000 -0500 +++ policycoreutils-2.0.0/restorecond/restorecond.conf 2007-02-08 09:48:45.000000000 -0500 @@ -1,7 +1,9 @@ /etc/resolv.conf +/etc/localtime /etc/samba/secrets.tdb /etc/mtab /var/run/utmp +/var/run/faillog /var/log/wtmp ~/public_html ~/.mozilla/plugins/libflashplayer.so diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.0/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2006-11-16 17:14:27.000000000 -0500 +++ policycoreutils-2.0.0/scripts/chcat 2007-02-08 15:47:17.000000000 -0500 @@ -25,11 +25,22 @@ import commands, sys, os, pwd, string, getopt, selinux import seobject import gettext +import codecs +import locale +sys.stderr = codecs.getwriter(locale.getpreferredencoding())(sys.__stderr__, 'replace') +sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace') try: gettext.install('policycoreutils') -except: - pass +except IOError: + import __builtin__ + __builtin__.__dict__['_'] = unicode + +def errorExit(error): + sys.stderr.write("%s: " % sys.argv[0]) + sys.stderr.write("%s\n" % error) + sys.stderr.flush() + sys.exit(1) def verify_users(users): for u in users: @@ -62,12 +73,20 @@ for i in newcat[1:]: if i not in cats: cats.append(i) + new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ",")) - + if new_serange[-1:] == ":": + new_serange = new_serange[:-1] + if add_ind: - logins.add(u, user[0], new_serange) + cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) else: - logins.modify(u, user[0], new_serange) + cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) + rc = commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors += 1 + return errors def chcat_add(orig, newcat, objects,login_ind): @@ -133,11 +152,17 @@ cats.remove(i) new_serange = "%s-%s:%s" % (serange[0], top[0], string.join(cats, ",")) + if new_serange[-1:] == ":": + new_serange = new_serange[:-1] if add_ind: - logins.add(u, user[0], new_serange) + cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) else: - logins.modify(u, user[0], new_serange) + cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) + rc = commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors += 1 return errors def chcat_remove(orig, newcat, objects, login_ind): @@ -198,11 +223,17 @@ user = seusers["__default__"] serange = user[1].split("-") new_serange = "%s-%s:%s" % (serange[0],newcat[0], string.join(newcat[1:], ",")) - + if new_serange[-1:] == ":": + new_serange = new_serange[:-1] + if add_ind: - logins.add(u, user[0], new_serange) + cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) else: - logins.modify(u, user[0], new_serange) + cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) + rc = commands.getstatusoutput(cmd) + if rc[0] != 0: + print rc[1] + errors += 1 return errors def chcat_replace(newcat, objects, login_ind): @@ -362,6 +393,10 @@ if list_ind == 0 and len(cmds) < 1: usage() + + except getopt.error, error: + errorExit(_("Options Error %s ") % error.msg) + except ValueError, e: usage() diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/scripts/fixfiles.8 policycoreutils-2.0.0/scripts/fixfiles.8 --- nsapolicycoreutils/scripts/fixfiles.8 2007-01-17 11:11:34.000000000 -0500 +++ policycoreutils-2.0.0/scripts/fixfiles.8 2007-02-07 16:52:56.000000000 -0500 @@ -54,7 +54,7 @@ change any incorrect file context labels. .TP .B relabel -Prompt for removal of contents of /tmp directory and then change any inccorect file context labels to match the install file_contexts file. +Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file. .TP .B verify List out files with incorrect file context labels, but do not change them. diff --exclude-from=exclude --exclude POTFILES.in --exclude='*.po' --exclude='*.pot' -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.0/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2007-01-17 11:11:34.000000000 -0500 +++ policycoreutils-2.0.0/semanage/seobject.py 2007-02-07 16:40:46.000000000 -0500 @@ -209,7 +209,8 @@ os.write(fd, self.out()) os.close(fd) os.rename(newfilename, self.filename) - + os.system("/sbin/service mcstrans reload > /dev/null") + class semanageRecords: def __init__(self): self.sh = semanage_handle_create() @@ -464,7 +465,8 @@ rc = semanage_user_set_mlslevel(self.sh, u, selevel) if rc < 0: raise ValueError(_("Could not set MLS level for %s") % name) - + if selinux.security_check_context("system_u:object_r:%s_home_t:s0" % prefix) != 0: + raise ValueError(_("Invalid prefix %s") % prefix) rc = semanage_user_set_prefix(self.sh, u, prefix) if rc < 0: raise ValueError(_("Could not add prefix %s for %s") % (r, prefix)) @@ -530,7 +532,9 @@ semanage_user_set_mlslevel(self.sh, u, untranslate(selevel)) if prefix != "": - semanage_user_set_prefix(self.sh, u, prefix) + if selinux.security_check_context("system_u:object_r:%s_home_t" % prefix) != 0: + raise ValueError(_("Invalid prefix %s") % prefix) + semanage_user_set_prefix(self.sh, u, prefix) if len(roles) != 0: for r in rlist: --- newrole.c 2007-02-09 17:29:23.000000000 -0500 +++ newrole.c.ljk 2007-02-09 18:20:26.000000000 -0500 @@ -636,7 +636,7 @@ static int relabel_tty(const char *ttyn, } /* Re-open TTY descriptor */ - fd = open(ttyn, O_RDWR); + fd = open(ttyn, O_RDWR|O_NONBLOCK); if (fd < 0) { fprintf(stderr, _("Error! Could not open %s.\n"), ttyn); return fd; @@ -1127,13 +1127,13 @@ int main(int argc, char *argv[]) fprintf(stderr, _("Could not close descriptors.\n")); goto err_close_pam; } - fd = open(ttyn, O_RDONLY); + fd = open(ttyn, O_RDONLY|O_NONBLOCK); if (fd != 0) goto err_close_pam; - fd = open(ttyn, O_RDWR); + fd = open(ttyn, O_RDWR|O_NONBLOCK); if (fd != 1) goto err_close_pam; - fd = open(ttyn, O_RDWR); + fd = open(ttyn, O_RDWR|O_NONBLOCK); if (fd != 2) goto err_close_pam;