rpms/policycoreutils/F-7 policycoreutils-gui.patch, 1.21, 1.22 policycoreutils-rhat.patch, 1.309, 1.310 policycoreutils.spec, 1.423, 1.424
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Oct 31 11:12:28 UTC 2007
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13361
Modified Files:
policycoreutils-gui.patch policycoreutils-rhat.patch
policycoreutils.spec
Log Message:
* Tue Oct 31 2007 Dan Walsh <dwalsh at redhat.com> 2.0.16-14
- Update to latest semanage and system-config-selinux
policycoreutils-gui.patch:
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-7/policycoreutils-gui.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policycoreutils-gui.patch 19 Sep 2007 00:19:01 -0000 1.21
+++ policycoreutils-gui.patch 31 Oct 2007 11:12:23 -0000 1.22
@@ -1,14 +1,13 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.26/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.16/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/booleansPage.py 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,226 @@
++++ policycoreutils-2.0.16/gui/booleansPage.py 2007-10-31 07:06:22.000000000 -0400
+@@ -0,0 +1,254 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
+#
-+# Brent Fox <bfox at redhat.com>
+# Dan Walsh <dwalsh at redhat.com>
+#
-+# Copyright 2006 Red Hat, Inc.
++# Copyright 2006, 2007 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
@@ -30,6 +29,7 @@
+import gobject
+import sys
+import tempfile
++import seobject
+
+INSTALLPATH='/usr/share/system-config-selinux'
+sys.path.append(INSTALLPATH)
@@ -87,6 +87,7 @@
+ try:
+ return _(self.translation[key][0])
+ except:
++ #print key, "missing translation"
+ return _("Other")
+
+ def get_value(self,key):
@@ -156,6 +157,7 @@
+class booleansPage:
+ def __init__(self, xml, doDebug=None):
+ self.xml = xml
++ self.local = False
+ self.types=[]
+ self.selinuxsupport = True
+ self.translation = Translation()
@@ -173,6 +175,8 @@
+ self.typeLabel = xml.get_widget("typeLabel")
+ self.modifySeparator = xml.get_widget("modifySeparator")
+
++ self.revertButton = xml.get_widget("booleanRevertButton")
++ self.revertButton.set_sensitive(self.local)
+ listStore = gtk.ListStore(gobject.TYPE_STRING)
+ cell = gtk.CellRendererText()
+
@@ -190,12 +194,26 @@
+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text=1)
+ self.booleansView.append_column(col)
+ self.filter=""
-+ self.refreshBooleans(self.filter)
++ self.load(self.filter)
+
++ def deleteDialog(self):
++ store, iter = self.booleansView.get_selection().get_selected()
++ boolean = store.get_value(iter, 2)
++ if boolean == None:
++ return
++ try:
++ (rc, out) = commands.getstatusoutput("semanage boolean -d %s" % boolean)
++
++ if rc != 0:
++ return self.error(out)
++ self.load(self.filter)
++ except ValueError, e:
++ self.error(e.args[0])
++
+ def filter_changed(self, *arg):
+ filter = arg[0].get_text()
+ if filter != self.filter:
-+ self.refreshBooleans(filter)
++ self.load(filter)
+ self.filter=filter
+
+ def use_menus(self):
@@ -204,18 +222,15 @@
+ def get_description(self):
+ return _("Boolean")
+
-+ def refreshBooleans(self, filter=None):
++ def load(self, filter=None):
+ self.modifiers=Modifiers(self.booleansStore)
-+ booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n")
-+ for i in booleansList:
-+ rec=i.split()
-+ name=rec[0]
++ booleans=seobject.booleanRecords()
++ booleansList=booleans.get_all(self.local)
++# booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n")
++ for name in booleansList:
++ rec=booleansList[name]
+ if self.translation.match(name, filter):
-+ if rec[2]=="on" or rec[2]=="active":
-+ on=1
-+ else:
-+ on=0
-+ self.modifiers.add(name,Boolean(name,on))
++ self.modifiers.add(name,Boolean(name,rec[2] == 1))
+
+ def boolean_toggled(self, widget, row):
+ if len(row) == 1:
@@ -228,9 +243,22 @@
+
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
+ commands.getstatusoutput(setsebool)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.26/gui/fcontextPage.py
++
++ def on_local_clicked(self, button):
++ self.local = not self.local
++ self.revertButton.set_sensitive(self.local)
++
++ if self.local:
++ button.set_label(_("all"))
++ else:
++ button.set_label(_("Customized"))
++
++ self.load(self.filter)
++ return True
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.16/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/fcontextPage.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/fcontextPage.py 2007-10-31 07:06:58.000000000 -0400
@@ -0,0 +1,209 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -350,7 +378,7 @@
+ def load(self, filter=""):
+ self.filter=filter
+ self.fcontext=seobject.fcontextRecords()
-+ fcon_list=self.fcontext.get_all()
++ fcon_list=self.fcontext.get_all(self.local)
+ self.store.clear()
+ for fcon in fcon_list:
+ if not self.match(fcon, filter):
@@ -369,7 +397,7 @@
+ filter = arg[0].get_text()
+ if filter != self.filter:
+ self.load(filter)
-+
++
+ def dialogInit(self):
+ store, iter = self.view.get_selection().get_selected()
+ self.fcontextEntry.set_text(store.get_value(iter, SPEC_COL))
@@ -441,9 +469,9 @@
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.26/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.16/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/loginsPage.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/loginsPage.py 2007-10-31 07:08:35.000000000 -0400
@@ -0,0 +1,179 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -514,7 +542,7 @@
+ def load(self, filter = ""):
+ self.filter=filter
+ self.login = seobject.loginRecords()
-+ dict = self.login.get_all()
++ dict = self.login.get_all(0)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
@@ -538,7 +566,7 @@
+ self.loginsSelinuxUserCombo.pack_start(cell, True)
+ self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0)
+
-+ selusers = seobject.seluserRecords().get_all()
++ selusers = seobject.seluserRecords().get_all(0)
+ keys = selusers.keys()
+ keys.sort()
+ for k in keys:
@@ -624,9 +652,9 @@
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.26/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.16/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/Makefile 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/Makefile 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,34 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -662,9 +690,9 @@
+indent:
+
+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.26/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.16/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/mappingsPage.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/mappingsPage.py 2007-10-31 07:08:45.000000000 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -716,16 +744,16 @@
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ self.view.set_model(self.store)
+ self.login = loginRecords()
-+ dict = self.login.get_all()
++ dict = self.login.get_all(0)
+ keys = dict.keys()
+ keys.sort()
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.26/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.16/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/modulesPage.py 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,181 @@
++++ policycoreutils-2.0.16/gui/modulesPage.py 2007-10-31 07:07:45.000000000 -0400
+@@ -0,0 +1,187 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
@@ -777,6 +805,7 @@
+ self.module_filter = xml.get_widget("modulesFilterEntry")
+ self.module_filter.connect("focus_out_event", self.filter_changed)
+ self.module_filter.connect("activate", self.filter_changed)
++ self.audit_enabled = False
+
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.view.set_model(self.store)
@@ -789,8 +818,6 @@
+ col = gtk.TreeViewColumn(_("Version"), gtk.CellRendererText(), text = 1)
+ self.enable_audit_button = xml.get_widget("enableAuditButton")
+ self.enable_audit_button.connect("clicked", self.enable_audit)
-+ self.disable_audit_button = xml.get_widget("disableAuditButton")
-+ self.disable_audit_button.connect("clicked", self.disable_audit)
+ self.new_button = xml.get_widget("newModuleButton")
+ self.new_button.connect("clicked", self.new_module)
+ col.set_sort_column_id(1)
@@ -853,8 +880,15 @@
+ self.error(e.args[0])
+
+ def enable_audit(self, button):
++ self.audit_enabled = not self.audit_enabled
+ try:
-+ status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/enableaudit.pp" % self.policy_type)
++ if self.audit_enabled:
++ status, output =commands.getstatusoutput("semodule -DB")
++ button.set_label(_("Disable Audit"))
++ else:
++ status, output =commands.getstatusoutput("semodule -B")
++ button.set_label(_("Enable Audit"))
++
+ if status != 0:
+ self.error(output)
+
@@ -863,7 +897,7 @@
+
+ def disable_audit(self, button):
+ try:
-+ status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/base.pp" % self.policy_type)
++ status, output =commands.getstatusoutput("semodule -B")
+ if status != 0:
+ self.error(output)
+
@@ -907,10 +941,10 @@
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.26/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.16/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/polgen.glade 2007-09-18 20:15:07.000000000 -0400
-@@ -0,0 +1,2386 @@
++++ policycoreutils-2.0.16/gui/polgen.glade 2007-09-18 14:18:45.000000000 -0400
+@@ -0,0 +1,2385 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@@ -2007,7 +2041,7 @@
+ <child>
+ <widget class="GtkEntry" id="in_tcp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user binds to. Example: 612, 650-660</property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that application/user binds to. </property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2139,7 +2173,7 @@
+ <child>
+ <widget class="GtkCheckButton" id="in_udp_unreserved_checkbutton">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user binds to. Example: 612, 650-660</property>
++ <property name="tooltip" translatable="yes">Allows application/user to bind to any udp ports > 1024</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Unreserved Ports (>1024)</property>
+ <property name="use_underline">True</property>
@@ -2197,7 +2231,7 @@
+ <child>
+ <widget class="GtkEntry" id="in_udp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Allows application/user to bind to any udp ports > 1024</property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that application/user binds to. </property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2289,7 +2323,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="out_net_page">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that application/user connects to. </property>
++ <property name="title" translatable="yes">Enter network ports that application/user connects to</property>
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox7">
+ <property name="border_width">16</property>
@@ -2387,8 +2421,7 @@
+ <child>
+ <widget class="GtkEntry" id="out_tcp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
-+
++ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports that application/user connects to.</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2520,7 +2553,7 @@
+ <child>
+ <widget class="GtkEntry" id="out_udp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports that application/user connects to.</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -3297,10 +3330,10 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.26/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.16/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/polgengui.py 2007-09-18 20:09:54.000000000 -0400
-@@ -0,0 +1,476 @@
++++ policycoreutils-2.0.16/gui/polgengui.py 2007-09-18 14:18:45.000000000 -0400
+@@ -0,0 +1,452 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@@ -3500,14 +3533,6 @@
+ if self.on_select_type_page_next():
+ return
+
-+ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
-+ if self.on_in_net_page_next():
-+ return
-+
-+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
-+ if self.on_out_net_page_next():
-+ return
-+
+ if self.pages[type][self.current_page] == self.APP_PAGE:
+ if self.on_name_page_next():
+ return
@@ -3729,22 +3754,6 @@
+ return
+ self.output_entry.set_text(self.file_dialog.get_filename())
+
-+ def on_in_net_page_next(self, *args):
-+ try:
-+ polgen.verify_ports(self.in_tcp_entry.get_text())
-+ polgen.verify_ports(self.in_udp_entry.get_text())
-+ except ValueError, e:
-+ self.error(e.message)
-+ return True
-+
-+ def on_out_net_page_next(self, *args):
-+ try:
-+ polgen.verify_ports(self.out_tcp_entry.get_text())
-+ polgen.verify_ports(self.out_udp_entry.get_text())
-+ except ValueError, e:
-+ self.error(e.message)
-+ return True
-+
+ def on_select_type_page_next(self, *args):
+ self.exec_entry.set_sensitive(self.confine_application())
+ self.exec_button.set_sensitive(self.confine_application())
@@ -3777,10 +3786,10 @@
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.26/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.16/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/polgen.py 2007-09-18 20:10:02.000000000 -0400
-@@ -0,0 +1,740 @@
++++ policycoreutils-2.0.16/gui/polgen.py 2007-09-18 14:18:45.000000000 -0400
+@@ -0,0 +1,727 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -3866,34 +3875,6 @@
+APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
+USERS = [ XUSER, TUSER, RUSER ]
+
-+def verify_ports(ports):
-+ if ports == "":
-+ return []
-+ max_port=2**16
-+ try:
-+ temp = []
-+ for a in ports.split(","):
-+ r = a.split("-")
-+ if len(r) > 2:
-+ raise ValueError
-+ if len(r) == 1:
-+ begin = int (r[0])
-+ end = int (r[0])
-+ else:
-+ begin = int (r[0])
-+ end = int (r[1]) + 1
-+
-+ if begin > end:
-+ raise ValueError
-+
-+ for p in range(begin, end):
-+ if p < 1 or p > max_port:
-+ raise ValueError
-+ temp.append(p)
-+ return temp
-+ except ValueError:
-+ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
-+
+class policy:
+
+ def __init__(self, name, type):
@@ -3977,6 +3958,21 @@
+ return self.dict[begin,end]
+ return None
+
++ def __verify_ports(self, ports):
++ if ports == "":
++ return []
++ max_port=2**16
++ try:
++ temp = []
++ for p in ports.split(","):
++ i = int(p.strip())
++ if i < 1 or i > max_port:
++ raise ValueError()
++ temp.append(i)
++ return temp
++ except ValueError:
++ raise ValueError(_("Ports must be be numbers from 1 to %d " % max_port ))
++
+ def set_program(self, program):
+ if self.type not in APPLICATIONS:
+ raise ValueError(_("USER Types are not allowed executables"))
@@ -3990,16 +3986,16 @@
+ self.initscript = initscript
+
+ def set_in_tcp(self, all, reserved, unreserved, ports):
-+ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
++ self.in_tcp = [ all, reserved, unreserved, self.__verify_ports(ports)]
+
+ def set_in_udp(self, all, reserved, unreserved, ports):
-+ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
++ self.in_udp = [ all, reserved, unreserved, self.__verify_ports(ports)]
+
+ def set_out_tcp(self, all, ports):
-+ self.out_tcp = [ all , False, False, verify_ports(ports) ]
++ self.out_tcp = [ all , False, False, self.__verify_ports(ports) ]
+
+ def set_out_udp(self, all, ports):
-+ self.out_udp = [ all , False, False, verify_ports(ports) ]
++ self.out_udp = [ all , False, False, self.__verify_ports(ports) ]
+
+ def set_use_syslog(self, val):
+ if val != True and val != False:
@@ -4448,7 +4444,7 @@
+if __name__ == '__main__':
+ mypolicy = policy("mycgi", CGI)
+ mypolicy.set_program("/var/www/cgi-bin/cgi")
-+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
++ mypolicy.set_in_tcp(1, 0, 0, "513")
+ mypolicy.set_in_udp(1, 0, 0, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(False)
@@ -4521,10 +4517,10 @@
+ sys.exit(0)
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.26/gui/portsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.16/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/portsPage.py 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,247 @@
++++ policycoreutils-2.0.16/gui/portsPage.py 2007-10-31 07:07:12.000000000 -0400
+@@ -0,0 +1,251 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
@@ -4576,6 +4572,8 @@
+class portsPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "ports", "Network Port")
++ xml.signal_connect("on_group_clicked", self.on_group_clicked)
++ self.group = False
+ self.ports_filter = xml.get_widget("portsFilterEntry")
+ self.ports_filter.connect("focus_out_event", self.filter_changed)
+ self.ports_filter.connect("activate", self.filter_changed)
@@ -4586,8 +4584,6 @@
+ self.ports_add_button = xml.get_widget("portsAddButton")
+ self.ports_properties_button = xml.get_widget("portsPropertiesButton")
+ self.ports_delete_button = xml.get_widget("portsDeleteButton")
-+ self.ports_group_togglebutton = xml.get_widget("portsGroupTogglebutton")
-+ self.ports_group_togglebutton.connect("toggled", self.group_toggle)
+ liststore = self.ports_protocol_combo.get_model()
+ iter = liststore.get_iter_first()
+ self.ports_protocol_combo.set_active_iter(iter)
@@ -4630,17 +4626,6 @@
+ self.view.append_column(col)
+ self.store.set_sort_func(PORT_COL,self.sort_int, "")
+
-+ def group_toggle(self, button):
-+ self.edit = not button.get_active()
-+ self.ports_add_button.set_sensitive(self.edit)
-+ self.ports_properties_button.set_sensitive(self.edit)
-+ self.ports_delete_button.set_sensitive(self.edit)
-+ self.mls_col.set_visible(self.edit)
-+ if self.edit:
-+ self.load(self.filter)
-+ else:
-+ self.group_load(self.filter)
-+
+ def sort_int(self, treemodel, iter1, iter2, user_data):
+ try:
+ p1 = int(treemodel.get_value(iter1,2))
@@ -4656,7 +4641,7 @@
+ def load(self,filter = ""):
+ self.filter=filter
+ self.port = seobject.portRecords()
-+ dict = self.port.get_all()
++ dict = self.port.get_all(self.local)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
@@ -4677,7 +4662,7 @@
+ def group_load(self, filter = ""):
+ self.filter=filter
+ self.port = seobject.portRecords()
-+ dict = self.port.get_all_by_type()
++ dict = self.port.get_all_by_type(self.local)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
@@ -4771,12 +4756,27 @@
+ self.store.set_value(iter, PROTOCOL_COL, protocol)
+ self.store.set_value(iter, MLS_COL, mls)
+
++ def on_group_clicked(self, button):
++ self.ports_add_button.set_sensitive(self.group)
++ self.ports_properties_button.set_sensitive(self.group)
++ self.ports_delete_button.set_sensitive(self.group)
++ self.mls_col.set_visible(self.group)
++
++ self.group = not self.group
++ if self.group:
++ button.set_label(_("List View"))
++ self.group_load(self.filter)
++ else:
++ button.set_label(_("Group View"))
++ self.load(self.filter)
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.26/gui/selinux.tbl
++ return True
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.16/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/selinux.tbl 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,296 @@
-+allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390")
++++ policycoreutils-2.0.16/gui/selinux.tbl 2007-10-31 07:09:16.000000000 -0400
+@@ -0,0 +1,295 @@
++! allow_console_login _("Login") _("Allow direct login to the console device. Required for System 390")
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -4784,7 +4784,7 @@
+allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
+allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
-+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be neessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
++allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system")
+allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services")
@@ -4803,7 +4803,7 @@
+allow_mounton_anydir _("Mount") _("Allow mount to mount any directory")
+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services")
-+allow_polyinstantiation _("Polyinstatiation") _("Enable polyinstantiated directory support")
++allow_polyinstantiation _("Polyinstantiation") _("Enable polyinstantiated directory support")
+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications")
+allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
+allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
@@ -4854,7 +4854,7 @@
+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts")
+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
-+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd backend server")
++cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd back end server")
+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
+cupsd_lpd_disable_trans _("Printing") _("Disable SELinux protection for cupsd_lpd")
+cvs_disable_trans _("CVS") _("Disable SELinux protection for cvs daemon")
@@ -4890,7 +4890,7 @@
+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom")
+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
-+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hal daemon")
++hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Hal daemon")
+hide_broken_symptoms _("Compatibility") _("Do not audit things that we know to be broken but which are not security risks")
+hostname_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hostname daemon")
+hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon")
@@ -4998,7 +4998,7 @@
+secure_mode_policyload _("Admin") _("Do not allow any processes to modify kernel SELinux policy")
+sendmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sendmail daemon")
+setrans_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setrans")
-+setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroublesoot daemon")
++setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroubleshoot daemon")
+slapd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slapd daemon")
+slrnpull_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slrnpull daemon")
+smbd_disable_trans _("Samba") _("Disable SELinux protection for smbd daemon")
@@ -5006,10 +5006,9 @@
+snort_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snort daemon")
+soundd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for soundd daemon")
+sound_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sound daemon")
-+spamassassin_can_network _("Spam Assassin") _("Allow Spam Assasin daemon network access")
-+spamd_disable_trans _("spam Protection") _("Disable SELinux protection for spamd daemon")
-+spamd_enable_home_dirs _("spam Protection") _("Allow spamd to access home directories")
-+spammassasin_can_network _("spam Protection") _("Allow spammassasin to access the network")
++spamd_disable_trans _("Spam Protection") _("Disable SELinux protection for spamd daemon")
++spamd_enable_home_dirs _("Spam Protection") _("Allow spamd to access home directories")
++spamassassin_can_network _("Spam Protection") _("Allow Spam Assassin daemon network access")
+speedmgmt_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for speedmgmt daemon")
+squid_connect_any _("Squid") _("Allow squid daemon to connect to the network")
+squid_disable_trans _("Squid") _("Disable SELinux protection for squid daemon")
@@ -5057,7 +5056,7 @@
+xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon")
+xen_use_raw_disk _("XEN") _("Allow xen to read/write physical disk devices")
+xfs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xfs daemon")
-+xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen constrol")
++xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen control")
+ypbind_disable_trans _("NIS") _("Disable SELinux protection for ypbind daemon")
+yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon")
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
@@ -5069,13 +5068,13 @@
+samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only")
+samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write")
+samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory")
-+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories")
-+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories")
++webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
++webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.26/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.16/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/semanagePage.py 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,136 @@
++++ policycoreutils-2.0.16/gui/semanagePage.py 2007-10-31 07:09:38.000000000 -0400
+@@ -0,0 +1,147 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
@@ -5121,6 +5120,7 @@
+class semanagePage:
+ def __init__(self, xml, name, description):
+ self.xml = xml
++ self.local = False
+ self.view = xml.get_widget("%sView" % name)
+ self.dialog = xml.get_widget("%sDialog" % name)
+ self.filter_entry = xml.get_widget("%sFilterEntry" % name )
@@ -5212,9 +5212,19 @@
+ self.dialog.hide()
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.26/gui/statusPage.py
++ def on_local_clicked(self, button):
++ self.local = not self.local
++ if self.local:
++ button.set_label(_("all"))
++ else:
++ button.set_label(_("Customized"))
++
++ self.load(self.filter)
++ return True
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.16/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/statusPage.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/statusPage.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,219 @@
+## statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5435,10 +5445,10 @@
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.26/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.16/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/system-config-selinux.glade 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,3326 @@
++++ policycoreutils-2.0.16/gui/system-config-selinux.glade 2007-10-31 07:08:03.000000000 -0400
+@@ -0,0 +1,3321 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
@@ -7317,6 +7327,55 @@
+ <property name="spacing">0</property>
+
+ <child>
++ <widget class="GtkToolbar" id="toolbar9">
++ <property name="visible">True</property>
++ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
++ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
++ <property name="tooltips">True</property>
++ <property name="show_arrow">True</property>
++
++ <child>
++ <widget class="GtkToolButton" id="booleanRevertButton">
++ <property name="visible">True</property>
++ <property name="tooltip" translatable="yes">Revert boolean setting to system default</property>
++ <property name="stock_id">gtk-revert-to-saved</property>
++ <property name="visible_horizontal">True</property>
++ <property name="visible_vertical">True</property>
++ <property name="is_important">False</property>
++ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
++ </widget>
++ <packing>
++ <property name="expand">False</property>
++ <property name="homogeneous">True</property>
++ </packing>
++ </child>
++
++ <child>
++ <widget class="GtkToolButton" id="toolbutton34">
++ <property name="visible">True</property>
++ <property name="tooltip" translatable="yes">Toggle between Customized and All Booleans</property>
++ <property name="label" translatable="yes">Customized</property>
++ <property name="use_underline">True</property>
++ <property name="stock_id">gtk-find</property>
++ <property name="visible_horizontal">True</property>
++ <property name="visible_vertical">True</property>
++ <property name="is_important">False</property>
++ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
++ </widget>
++ <packing>
++ <property name="expand">False</property>
++ <property name="homogeneous">True</property>
++ </packing>
++ </child>
++ </widget>
++ <packing>
++ <property name="padding">0</property>
++ <property name="expand">False</property>
++ <property name="fill">False</property>
++ </packing>
++ </child>
++
++ <child>
+ <widget class="GtkHBox" id="hbox7">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
@@ -7494,6 +7553,24 @@
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
++
++ <child>
++ <widget class="GtkToolButton" id="customizedButton">
++ <property name="visible">True</property>
++ <property name="tooltip" translatable="yes">Toggle between all and customized file context</property>
++ <property name="label" translatable="yes">Customized</property>
++ <property name="use_underline">True</property>
++ <property name="stock_id">gtk-find</property>
++ <property name="visible_horizontal">True</property>
++ <property name="visible_vertical">True</property>
++ <property name="is_important">False</property>
++ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
++ </widget>
++ <packing>
++ <property name="expand">False</property>
++ <property name="homogeneous">True</property>
++ </packing>
++ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
@@ -8280,92 +8357,38 @@
+ </child>
+
+ <child>
-+ <widget class="GtkToolItem" id="toolitem1">
++ <widget class="GtkToolButton" id="listViewButton">
+ <property name="visible">True</property>
++ <property name="tooltip" translatable="yes">Toggle between Customized and All Ports</property>
++ <property name="label" translatable="yes">Group View</property>
++ <property name="use_underline">True</property>
++ <property name="stock_id">gtk-indent</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
++ <signal name="clicked" handler="on_group_clicked" last_modification_time="Mon, 01 Oct 2007 21:31:19 GMT"/>
++ </widget>
++ <packing>
++ <property name="expand">False</property>
++ <property name="homogeneous">True</property>
++ </packing>
++ </child>
+
-+ <child>
-+ <widget class="GtkToggleButton" id="portsGroupTogglebutton">
-+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Group/ungroup network ports by SELinux type.</property>
-+ <property name="can_focus">True</property>
-+ <property name="relief">GTK_RELIEF_NORMAL</property>
-+ <property name="focus_on_click">True</property>
-+ <property name="active">False</property>
-+ <property name="inconsistent">False</property>
-+ <signal name="toggled" handler="on_groupview_toggled" last_modification_time="Wed, 15 Nov 2006 16:55:38 GMT"/>
-+
-+ <child>
-+ <widget class="GtkAlignment" id="alignment3">
-+ <property name="visible">True</property>
-+ <property name="xalign">0.5</property>
-+ <property name="yalign">0.5</property>
-+ <property name="xscale">0</property>
-+ <property name="yscale">0</property>
-+ <property name="top_padding">0</property>
-+ <property name="bottom_padding">0</property>
-+ <property name="left_padding">0</property>
-+ <property name="right_padding">0</property>
-+
-+ <child>
-+ <widget class="GtkHBox" id="hbox5">
-+ <property name="visible">True</property>
-+ <property name="homogeneous">False</property>
-+ <property name="spacing">2</property>
-+
-+ <child>
-+ <widget class="GtkImage" id="image1">
-+ <property name="visible">True</property>
-+ <property name="stock">gtk-indent</property>
-+ <property name="icon_size">4</property>
-+ <property name="xalign">0.5</property>
-+ <property name="yalign">0.5</property>
-+ <property name="xpad">0</property>
-+ <property name="ypad">0</property>
-+ </widget>
-+ <packing>
-+ <property name="padding">0</property>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ </packing>
-+ </child>
-+
-+ <child>
-+ <widget class="GtkLabel" id="label46">
-+ <property name="visible">True</property>
-+ <property name="label" translatable="yes">Group View</property>
-+ <property name="use_underline">True</property>
-+ <property name="use_markup">False</property>
-+ <property name="justify">GTK_JUSTIFY_LEFT</property>
-+ <property name="wrap">False</property>
-+ <property name="selectable">False</property>
-+ <property name="xalign">0.5</property>
-+ <property name="yalign">0.5</property>
-+ <property name="xpad">0</property>
-+ <property name="ypad">0</property>
-+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
-+ <property name="width_chars">-1</property>
-+ <property name="single_line_mode">False</property>
-+ <property name="angle">0</property>
-+ </widget>
-+ <packing>
-+ <property name="padding">0</property>
-+ <property name="expand">False</property>
-+ <property name="fill">False</property>
-+ </packing>
-+ </child>
-+ </widget>
-+ </child>
-+ </widget>
-+ </child>
-+ </widget>
-+ </child>
++ <child>
++ <widget class="GtkToolButton" id="toolbutton35">
++ <property name="visible">True</property>
++ <property name="tooltip" translatable="yes">Toggle between Customized and All Ports</property>
++ <property name="label" translatable="yes">Customized</property>
++ <property name="use_underline">True</property>
++ <property name="stock_id">gtk-find</property>
++ <property name="visible_horizontal">True</property>
++ <property name="visible_vertical">True</property>
++ <property name="is_important">False</property>
++ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
-+ <property name="homogeneous">False</property>
++ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
@@ -8578,7 +8601,7 @@
+ <child>
+ <widget class="GtkToolButton" id="enableAuditButton">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enable additional audit rules, that are normally not reported in the log files.</property>
++ <property name="tooltip" translatable="yes">Enable/Disable additional audit rules, that are normally not reported in the log files.</property>
+ <property name="label" translatable="yes">Enable Audit</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-zoom-in</property>
@@ -8592,24 +8615,6 @@
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
-+
-+ <child>
-+ <widget class="GtkToolButton" id="disableAuditButton">
-+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Disable additional audit rules, that are normally not reported in the log files.</property>
-+ <property name="label" translatable="yes">Disable Audit</property>
-+ <property name="use_underline">True</property>
-+ <property name="stock_id">gtk-zoom-out</property>
-+ <property name="visible_horizontal">True</property>
-+ <property name="visible_vertical">True</property>
-+ <property name="is_important">False</property>
-+ <signal name="clicked" handler="on_disable_audit_clicked" last_modification_time="Wed, 15 Nov 2006 16:29:34 GMT"/>
-+ </widget>
-+ <packing>
-+ <property name="expand">False</property>
-+ <property name="homogeneous">True</property>
-+ </packing>
-+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
@@ -8765,10 +8770,10 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.26/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.16/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/system-config-selinux.py 2007-09-18 16:40:57.000000000 -0400
-@@ -0,0 +1,171 @@
++++ policycoreutils-2.0.16/gui/system-config-selinux.py 2007-10-31 07:10:06.000000000 -0400
+@@ -0,0 +1,175 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@@ -8849,6 +8854,7 @@
+ xml.signal_connect("on_delete_clicked", self.delete)
+ xml.signal_connect("on_add_clicked", self.add)
+ xml.signal_connect("on_properties_clicked", self.properties)
++ xml.signal_connect("on_local_clicked", self.on_local_clicked)
+ self.add_page(statusPage.statusPage(xml))
+ if selinux.is_selinux_enabled() > 0:
+ self.add_page(booleansPage.booleansPage(xml))
@@ -8885,6 +8891,9 @@
+ def properties(self, args):
+ self.tabs[self.notebook.get_current_page()].propertiesDialog()
+
++ def on_local_clicked(self, button):
++ self.tabs[self.notebook.get_current_page()].on_local_clicked(button)
++
+ def on_about_activate(self, args):
+ dlg = xml.get_widget ("aboutWindow")
+ dlg.run ()
@@ -8940,9 +8949,9 @@
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.26/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.16/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/executable.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/executable.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,278 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9222,9 +9231,9 @@
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.26/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.16/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/__init__.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/__init__.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -9244,9 +9253,9 @@
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.26/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.16/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/network.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/network.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -9328,9 +9337,9 @@
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.26/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.16/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/rw.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/rw.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9460,10 +9469,10 @@
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.26/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.16/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/script.py 2007-09-18 17:32:55.000000000 -0400
-@@ -0,0 +1,50 @@
++++ policycoreutils-2.0.16/gui/templates/script.py 2007-09-18 14:18:45.000000000 -0400
+@@ -0,0 +1,45 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -9489,11 +9498,6 @@
+########################### tmp Template File #############################
+compile="""
+#!/bin/sh
-+if [ ! -f /usr/share/selinux/devel/Makefile ]; then
-+echo 'selinux-policy-devel not installed, package required for building policy'
-+echo '# yum install selinux-policy-devel'
-+exit 1
-+fi
+make -f /usr/share/selinux/devel/Makefile
+/usr/sbin/semodule -i PACKAGEFILENAME.pp
+
@@ -9514,9 +9518,9 @@
+users="""\
+/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.26/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.16/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/semodule.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/semodule.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9559,9 +9563,9 @@
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.26/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.16/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/tmp.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/tmp.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9660,9 +9664,9 @@
+ TEMPLATETYPE_manage_tmp($2)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.26/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.16/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/user.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/user.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,139 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9803,9 +9807,9 @@
+"""
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.26/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.16/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/var_lib.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/var_lib.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9969,9 +9973,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.26/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.16/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/var_log.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/var_log.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,112 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10085,9 +10089,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.26/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.16/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/var_run.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/var_run.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,119 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10208,9 +10212,9 @@
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.26/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.16/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/templates/var_spool.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/templates/var_spool.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10343,9 +10347,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.26/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.16/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/translationsPage.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/translationsPage.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -10465,9 +10469,9 @@
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.26/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.16/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.26/gui/usersPage.py 2007-09-18 16:40:57.000000000 -0400
++++ policycoreutils-2.0.16/gui/usersPage.py 2007-09-18 14:18:45.000000000 -0400
@@ -0,0 +1,172 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-7/policycoreutils-rhat.patch,v
retrieving revision 1.309
retrieving revision 1.310
diff -u -r1.309 -r1.310
--- policycoreutils-rhat.patch 18 Sep 2007 18:25:11 -0000 1.309
+++ policycoreutils-rhat.patch 31 Oct 2007 11:12:23 -0000 1.310
@@ -224,18 +224,710 @@
return 1
except:
continue
+diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.16/semanage/semanage
+--- nsapolicycoreutils/semanage/semanage 2007-05-04 09:14:48.000000000 -0400
++++ policycoreutils-2.0.16/semanage/semanage 2007-10-31 07:04:57.000000000 -0400
+@@ -34,7 +34,10 @@
+ sys.stdout = codecs.getwriter(locale.getpreferredencoding())(sys.__stdout__, 'replace')
+
+ try:
+- gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
++ gettext.install(PROGNAME,
++ localedir="/usr/share/locale",
++ unicode=False,
++ codeset = 'utf-8')
+ except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+@@ -45,13 +48,14 @@
+
+ def usage(message = ""):
+ print _('\
+-semanage {login|user|port|interface|fcontext|translation} -l [-n] \n\
++semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] \n\
+ semanage login -{a|d|m} [-sr] login_name\n\
+ semanage user -{a|d|m} [-LrRP] selinux_name\n\
+ semanage port -{a|d|m} [-tr] [ -p protocol ] port | port_range\n\
+ semanage interface -{a|d|m} [-tr] interface_spec\n\
+ semanage fcontext -{a|d|m} [-frst] file_spec\n\
+ semanage translation -{a|d|m} [-T] level\n\n\
++semanage boolean -{d|m} boolean\n\n\
+ \
+ Primary Options:\n\
+ \
+@@ -59,10 +63,12 @@
+ -d, --delete Delete a OBJECT record NAME\n\
+ -m, --modify Modify a OBJECT record NAME\n\
+ -l, --list List the OBJECTS\n\n\
++ -C, --locallist List OBJECTS local customizations\n\n\
++ -D, --deleteall Remove all OBJECTS local customizations\n\
+ \
+ -h, --help Display this message\n\
+- -n, --noheading Do not print heading when listing OBJECTS\n\n\
+-\
++ -n, --noheading Do not print heading when listing OBJECTS\n\
++ -S, --store Select and alternate SELinux store to manage\n\n\
+ Object-specific Options (see above):\n\
+ -f, --ftype File Type of OBJECT \n\
+ "" (all files) \n\
+@@ -95,7 +101,7 @@
+
+ def get_options():
+ valid_option={}
+- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading' ]
++ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
+ valid_option["login"] = []
+ valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
+ valid_option["user"] = []
+@@ -108,6 +114,8 @@
+ valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
+ valid_option["translation"] = []
+ valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
++ valid_option["boolean"] = []
++ valid_option["boolean"] += valid_everyone
+ return valid_option
+
+ #
+@@ -131,7 +139,10 @@
+ add = 0
+ modify = 0
+ delete = 0
++ deleteall = 0
+ list = 0
++ locallist = 0
++ store = ""
+ if len(sys.argv) < 3:
+ usage(_("Requires 2 or more arguments"))
+
+@@ -143,16 +154,19 @@
+ args = sys.argv[2:]
+
+ gopts, cmds = getopt.getopt(args,
+- 'adf:lhmnp:s:R:L:r:t:T:P:',
++ 'adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ ['add',
+ 'delete',
++ 'deleteall',
+ 'ftype=',
+ 'help',
+ 'list',
+ 'modify',
+ 'noheading',
++ 'localist',
+ 'proto=',
+ 'seuser=',
++ 'store=',
+ 'range=',
+ 'level=',
+ 'roles=',
+@@ -174,6 +188,10 @@
+ if modify or add:
+ usage()
+ delete = 1
++ if o == "-D" or o == "--deleteall":
++ if modify:
++ usage()
++ deleteall = 1
+ if o == "-f" or o == "--ftype":
+ ftype=a
+ if o == "-h" or o == "--help":
+@@ -182,11 +200,17 @@
+ if o == "-n" or o == "--noheading":
+ heading=0
+
++ if o == "-C" or o == "--locallist":
++ locallist=1
++
+ if o == "-m"or o == "--modify":
+ if delete or add:
+ usage()
+ modify = 1
+
++ if o == "-S" or o == '--store':
++ store = a
++
+ if o == "-r" or o == '--range':
+ if is_mls_enabled == 0:
+ errorExit(_("range not supported on Non MLS machines"))
+@@ -219,31 +243,38 @@
+ setrans = a
+
+ if object == "login":
+- OBJECT = seobject.loginRecords()
++ OBJECT = seobject.loginRecords(store)
+
+ if object == "user":
+- OBJECT = seobject.seluserRecords()
++ OBJECT = seobject.seluserRecords(store)
+
+ if object == "port":
+- OBJECT = seobject.portRecords()
++ OBJECT = seobject.portRecords(store)
+
+ if object == "interface":
+- OBJECT = seobject.interfaceRecords()
++ OBJECT = seobject.interfaceRecords(store)
+
+ if object == "fcontext":
+- OBJECT = seobject.fcontextRecords()
++ OBJECT = seobject.fcontextRecords(store)
++
++ if object == "boolean":
++ OBJECT = seobject.booleanRecords(store)
+
+ if object == "translation":
+ OBJECT = seobject.setransRecords()
+
+ if list:
+- OBJECT.list(heading)
++ OBJECT.list(heading, locallist)
++ sys.exit(0);
++
++ if deleteall:
++ OBJECT.deleteall()
+ sys.exit(0);
+
+ if len(cmds) != 1:
+ usage()
+-
+- target = cmds[0]
++
++ target = cmds[0]
+
+ if add:
+ if object == "login":
+@@ -271,6 +302,9 @@
+ sys.exit(0);
+
+ if modify:
++ if object == "boolean":
++ OBJECT.modify(target, value)
++
+ if object == "login":
+ OBJECT.modify(target, seuser, serange)
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.16/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-05-04 09:14:48.000000000 -0400
-+++ policycoreutils-2.0.16/semanage/seobject.py 2007-09-18 14:18:45.000000000 -0400
-@@ -210,6 +210,7 @@
++++ policycoreutils-2.0.16/semanage/seobject.py 2007-10-31 07:04:59.000000000 -0400
+@@ -170,7 +170,7 @@
+ rec += "%s=%s\n" % (k, self.ddict[k])
+ return rec
+
+- def list(self,heading = 1):
++ def list(self,heading = 1, locallist = 0):
+ if heading:
+ print "\n%-25s %s\n" % (_("Level"), _("Translation"))
+ keys = self.ddict.keys()
+@@ -210,13 +210,17 @@
os.write(fd, self.out())
os.close(fd)
os.rename(newfilename, self.filename)
+ os.system("/sbin/service mcstrans reload > /dev/null")
class semanageRecords:
- def __init__(self):
-@@ -1283,9 +1284,12 @@
+- def __init__(self):
++ def __init__(self, store):
+ self.sh = semanage_handle_create()
+ if not self.sh:
+ raise ValueError(_("Could not create semanage handle"))
+
++ if store != "":
++ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
++
+ self.semanaged = semanage_is_managed(self.sh)
+
+ if not self.semanaged:
+@@ -234,8 +238,8 @@
+ raise ValueError(_("Could not establish semanage connection"))
+
+ class loginRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def add(self, name, sename, serange):
+ if is_mls_enabled == 1:
+@@ -389,10 +393,12 @@
+ mylog.log(1,"delete SELinux user mapping", name);
+ semanage_seuser_key_free(k)
+
+-
+- def get_all(self):
++ def get_all(self, locallist = 0):
+ ddict = {}
+- (rc, self.ulist) = semanage_seuser_list(self.sh)
++ if locallist:
++ (rc, self.ulist) = semanage_seuser_list_local(self.sh)
++ else:
++ (rc, self.ulist) = semanage_seuser_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list login mappings"))
+
+@@ -401,8 +407,8 @@
+ ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
+ return ddict
+
+- def list(self,heading = 1):
+- ddict = self.get_all()
++ def list(self,heading = 1, locallist = 0):
++ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled == 1:
+@@ -417,8 +423,8 @@
+ print "%-25s %-25s" % (k, ddict[k][0])
+
+ class seluserRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def add(self, name, roles, selevel, serange, prefix):
+ if is_mls_enabled == 1:
+@@ -601,9 +607,12 @@
+ mylog.log(1,"delete SELinux user record", name)
+ semanage_user_key_free(k)
+
+- def get_all(self):
++ def get_all(self, locallist = 0):
+ ddict = {}
+- (rc, self.ulist) = semanage_user_list(self.sh)
++ if locallist:
++ (rc, self.ulist) = semanage_user_list_local(self.sh)
++ else:
++ (rc, self.ulist) = semanage_user_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list SELinux users"))
+
+@@ -618,8 +627,8 @@
+
+ return ddict
+
+- def list(self, heading = 1):
+- ddict = self.get_all()
++ def list(self, heading = 1, locallist = 0):
++ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled == 1:
+@@ -635,8 +644,8 @@
+ print "%-15s %s" % (k, ddict[k][3])
+
+ class portRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def __genkey(self, port, proto):
+ if proto == "tcp":
+@@ -767,6 +776,34 @@
+ semanage_port_key_free(k)
+ semanage_port_free(p)
+
++ def deleteall(self):
++ (rc, plist) = semanage_port_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list the ports"))
++
++ rc = semanage_begin_transaction(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not start semanage transaction"))
++
++ for port in plist:
++ proto = semanage_port_get_proto(port)
++ proto_str = semanage_port_get_proto_str(proto)
++ low = semanage_port_get_low(port)
++ high = semanage_port_get_high(port)
++ port_str = "%s-%s" % (low, high)
++ ( k, proto_d, low, high ) = self.__genkey(port_str , proto_str)
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % port_str)
++
++ rc = semanage_port_del_local(self.sh, k)
++ if rc < 0:
++ raise ValueError(_("Could not delete the port %s") % port_str)
++ semanage_port_key_free(k)
++
++ rc = semanage_commit(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not delete the %s") % port_str)
++
+ def delete(self, port, proto):
+ ( k, proto_d, low, high ) = self.__genkey(port, proto)
+ (rc,exists) = semanage_port_exists(self.sh, k)
+@@ -795,9 +832,12 @@
+
+ semanage_port_key_free(k)
+
+- def get_all(self):
++ def get_all(self, locallist = 0):
+ ddict = {}
+- (rc, self.plist) = semanage_port_list(self.sh)
++ if locallist:
++ (rc, self.plist) = semanage_port_list_local(self.sh)
++ else:
++ (rc, self.plist) = semanage_port_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list ports"))
+
+@@ -814,9 +854,12 @@
+ ddict[(low, high)] = (ctype, proto_str, level)
+ return ddict
+
+- def get_all_by_type(self):
++ def get_all_by_type(self, locallist = 0):
+ ddict = {}
+- (rc, self.plist) = semanage_port_list(self.sh)
++ if locallist:
++ (rc, self.plist) = semanage_port_list_local(self.sh)
++ else:
++ (rc, self.plist) = semanage_port_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list ports"))
+
+@@ -837,10 +880,10 @@
+ ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
+ return ddict
+
+- def list(self, heading = 1):
++ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
+- ddict = self.get_all_by_type()
++ ddict = self.get_all_by_type(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ for i in keys:
+@@ -851,8 +894,8 @@
+ print rec
+
+ class interfaceRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
+
+ def add(self, interface, serange, ctype):
+ if is_mls_enabled == 1:
+@@ -995,9 +1038,12 @@
+
+ semanage_iface_key_free(k)
+
+- def get_all(self):
++ def get_all(self, locallist = 0):
+ ddict = {}
+- (rc, self.ilist) = semanage_iface_list(self.sh)
++ if locallist:
++ (rc, self.ilist) = semanage_iface_list_local(self.sh)
++ else:
++ (rc, self.ilist) = semanage_iface_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list interfaces"))
+
+@@ -1007,10 +1053,10 @@
+
+ return ddict
+
+- def list(self, heading = 1):
++ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
+- ddict = self.get_all()
++ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled:
+@@ -1021,17 +1067,40 @@
+ print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
+
+ class fcontextRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
+-
+- def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
++
++ def createcon(self, target, seuser = "system_u"):
++ (rc, con) = semanage_context_create(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not create context for %s") % target)
+ if seuser == "":
+ seuser = "system_u"
++
++ rc = semanage_context_set_user(self.sh, con, seuser)
++ if rc < 0:
++ raise ValueError(_("Could not set user in file context for %s") % target)
++
++ rc = semanage_context_set_role(self.sh, con, "object_r")
++ if rc < 0:
++ raise ValueError(_("Could not set role in file context for %s") % target)
++
+ if is_mls_enabled == 1:
+- if serange == "":
+- serange = "s0"
+- else:
+- serange = untranslate(serange)
++ rc = semanage_context_set_mls(self.sh, con, "s0")
++ if rc < 0:
++ raise ValueError(_("Could not set mls fields in file context for %s") % target)
++
++ return con
++
++ def validate(self, target):
++ if target == "" or target.find("\n") >= 0:
++ raise ValueError(_("Invalid file specification"))
++
++ def add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
++ self.validate(target)
++
++ if is_mls_enabled == 1:
++ serange = untranslate(serange)
+
+ if type == "":
+ raise ValueError(_("SELinux Type is required"))
+@@ -1051,33 +1120,23 @@
+ raise ValueError(_("Could not create file context for %s") % target)
+
+ rc = semanage_fcontext_set_expr(self.sh, fcontext, target)
+- (rc, con) = semanage_context_create(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not create context for %s") % target)
++ if type != "<<none>>":
++ con = self.createcon(target, seuser)
+
+- rc = semanage_context_set_user(self.sh, con, seuser)
+- if rc < 0:
+- raise ValueError(_("Could not set user in file context for %s") % target)
+-
+- rc = semanage_context_set_role(self.sh, con, "object_r")
+- if rc < 0:
+- raise ValueError(_("Could not set role in file context for %s") % target)
+-
+- rc = semanage_context_set_type(self.sh, con, type)
+- if rc < 0:
+- raise ValueError(_("Could not set type in file context for %s") % target)
+-
+- if serange != "":
+- rc = semanage_context_set_mls(self.sh, con, serange)
+- if rc < 0:
+- raise ValueError(_("Could not set mls fields in file context for %s") % target)
++ rc = semanage_context_set_type(self.sh, con, type)
++ if rc < 0:
++ raise ValueError(_("Could not set type in file context for %s") % target)
++
++ if serange != "":
++ rc = semanage_context_set_mls(self.sh, con, serange)
++ if rc < 0:
++ raise ValueError(_("Could not set mls fields in file context for %s") % target)
++ rc = semanage_fcontext_set_con(self.sh, fcontext, con)
++ if rc < 0:
++ raise ValueError(_("Could not set file context for %s") % target)
+
+ semanage_fcontext_set_type(fcontext, file_types[ftype])
+
+- rc = semanage_fcontext_set_con(self.sh, fcontext, con)
+- if rc < 0:
+- raise ValueError(_("Could not set file context for %s") % target)
+-
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+@@ -1090,13 +1149,15 @@
+ if rc < 0:
+ raise ValueError(_("Could not add file context for %s") % target)
+
+- semanage_context_free(con)
++ if type != "<<none>>":
++ semanage_context_free(con)
+ semanage_fcontext_key_free(k)
+ semanage_fcontext_free(fcontext)
+
+ def modify(self, target, setype, ftype, serange, seuser):
+ if serange == "" and setype == "" and seuser == "":
+ raise ValueError(_("Requires setype, serange or seuser"))
++ self.validate(target)
+
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if rc < 0:
+@@ -1112,16 +1173,29 @@
+ if rc < 0:
+ raise ValueError(_("Could not query file context for %s") % target)
+
+- con = semanage_fcontext_get_con(fcontext)
++ if setype != "<<none>>":
++ con = semanage_fcontext_get_con(fcontext)
+
+- if serange != "":
+- semanage_context_set_mls(self.sh, con, untranslate(serange))
+- if seuser != "":
+- semanage_context_set_user(self.sh, con, seuser)
+- if setype != "":
+- semanage_context_set_type(self.sh, con, setype)
+-
+- rc = semanage_begin_transaction(self.sh)
++ if con == None:
++ con = self.createcon(target)
++
++ if serange != "":
++ semanage_context_set_mls(self.sh, con, untranslate(serange))
++ if seuser != "":
++ semanage_context_set_user(self.sh, con, seuser)
++
++ if setype != "":
++ semanage_context_set_type(self.sh, con, setype)
++
++ rc = semanage_fcontext_set_con(self.sh, fcontext, con)
++ if rc < 0:
++ raise ValueError(_("Could not set file context for %s") % target)
++ else:
++ rc = semanage_fcontext_set_con(self.sh, fcontext, None)
++ if rc < 0:
++ raise ValueError(_("Could not set file context for %s") % target)
++
++ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+@@ -1136,6 +1210,32 @@
+ semanage_fcontext_key_free(k)
+ semanage_fcontext_free(fcontext)
+
++ def deleteall(self):
++ (rc, flist) = semanage_fcontext_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list the file contexts"))
++
++ rc = semanage_begin_transaction(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not start semanage transaction"))
++
++ for fcontext in flist:
++ target = semanage_fcontext_get_expr(fcontext)
++ ftype = semanage_fcontext_get_type(fcontext)
++ ftype_str = semanage_fcontext_get_type_str(ftype)
++ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype_str])
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % target)
++
++ rc = semanage_fcontext_del_local(self.sh, k)
++ if rc < 0:
++ raise ValueError(_("Could not delete the file context %s") % target)
++ semanage_fcontext_key_free(k)
++
++ rc = semanage_commit(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not delete the file context %s") % target)
++
+ def delete(self, target, ftype):
+ (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
+ if rc < 0:
+@@ -1167,17 +1267,20 @@
+
+ semanage_fcontext_key_free(k)
+
+- def get_all(self):
++ def get_all(self, locallist = 0):
+ l = []
+- (rc, self.flist) = semanage_fcontext_list(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not list file contexts"))
++ if locallist:
++ (rc, self.flist) = semanage_fcontext_list_local(self.sh)
++ else:
++ (rc, self.flist) = semanage_fcontext_list(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list file contexts"))
++
++ (rc, fclocal) = semanage_fcontext_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list local file contexts"))
+
+- (rc, fclocal) = semanage_fcontext_list_local(self.sh)
+- if rc < 0:
+- raise ValueError(_("Could not list local file contexts"))
+-
+- self.flist += fclocal
++ self.flist += fclocal
+
+ for fcontext in self.flist:
+ expr = semanage_fcontext_get_expr(fcontext)
+@@ -1191,10 +1294,10 @@
+
+ return l
+
+- def list(self, heading = 1):
++ def list(self, heading = 1, locallist = 0 ):
+ if heading:
+ print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
+- fcon_list = self.get_all()
++ fcon_list = self.get_all(locallist)
+ for fcon in fcon_list:
+ if len(fcon) > 3:
+ if is_mls_enabled:
+@@ -1205,9 +1308,9 @@
+ print "%-50s %-18s <<None>>" % (fcon[0], fcon[1])
+
+ class booleanRecords(semanageRecords):
+- def __init__(self):
+- semanageRecords.__init__(self)
+-
++ def __init__(self, store = ""):
++ semanageRecords.__init__(self, store)
++
+ def modify(self, name, value = ""):
+ if value == "":
+ raise ValueError(_("Requires value"))
+@@ -1266,34 +1369,62 @@
+ if rc < 0:
+ raise ValueError(_("Could not start semanage transaction"))
+
+- rc = semanage_fcontext_del_local(self.sh, k)
++ rc = semanage_bool_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete boolean %s") % name)
+-
+ semanage_bool_key_free(k)
+
+- def get_all(self):
++ def deleteall(self):
++ (rc, self.blist) = semanage_bool_list_local(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not list booleans"))
++
++ rc = semanage_begin_transaction(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not start semanage transaction"))
++
++ for boolean in self.blist:
++ name = semanage_bool_get_name(boolean)
++ (rc,k) = semanage_bool_key_create(self.sh, name)
++ if rc < 0:
++ raise ValueError(_("Could not create a key for %s") % name)
++
++ rc = semanage_bool_del_local(self.sh, k)
++ if rc < 0:
++ raise ValueError(_("Could not delete boolean %s") % name)
++ semanage_bool_key_free(k)
++
++ rc = semanage_commit(self.sh)
++ if rc < 0:
++ raise ValueError(_("Could not delete boolean %s") % name)
++ def get_all(self, locallist = 0):
+ ddict = {}
+- (rc, self.blist) = semanage_bool_list(self.sh)
++ if locallist:
++ (rc, self.blist) = semanage_bool_list_local(self.sh)
++ else:
++ (rc, self.blist) = semanage_bool_list(self.sh)
+ if rc < 0:
raise ValueError(_("Could not list booleans"))
for boolean in self.blist:
@@ -244,13 +936,25 @@
- ddict[name] = value
+ value = []
+ name = semanage_bool_get_name(boolean)
-+ value[0] = semanage_bool_get_value(boolean)
-+ value[1] = selinux.security_get_boolean_pending(boolean)
-+ value[2] = selinux.security_get_boolean_active(boolean)
++ value.append(semanage_bool_get_value(boolean))
++ value.append(selinux.security_get_boolean_pending(name))
++ value.append(selinux.security_get_boolean_active(name))
+ ddict[name] = value
return ddict
+- def list(self, heading = 1):
++ def list(self, heading = 1, locallist = 0):
+ if heading:
+- print "%-50s %-18s\n" % (_("SELinux boolean"), _("value"))
+- ddict = self.get_all()
++ print "%-50s %7s %7s %7s\n" % (_("SELinux boolean"), _("value"), _("pending"), _("active") )
++ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ for k in keys:
+ if ddict[k]:
+- print "%-50s %-18s " % (k[0], ddict[k][0])
++ print "%-50s %7d %7d %7d " % (k, ddict[k][0],ddict[k][1], ddict[k][2])
diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setsebool/setsebool.c policycoreutils-2.0.16/setsebool/setsebool.c
--- nsapolicycoreutils/setsebool/setsebool.c 2007-05-04 09:14:48.000000000 -0400
+++ policycoreutils-2.0.16/setsebool/setsebool.c 2007-09-18 14:18:45.000000000 -0400
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-7/policycoreutils.spec,v
retrieving revision 1.423
retrieving revision 1.424
diff -u -r1.423 -r1.424
--- policycoreutils.spec 19 Sep 2007 00:19:01 -0000 1.423
+++ policycoreutils.spec 31 Oct 2007 11:12:23 -0000 1.424
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities.
Name: policycoreutils
Version: 2.0.16
-Release: 13%{?dist}
+Release: 14{?dist}
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -192,6 +192,9 @@
fi
%changelog
+* Tue Oct 31 2007 Dan Walsh <dwalsh at redhat.com> 2.0.16-14
+- Update to latest semanage and system-config-selinux
+
* Tue Sep 18 2007 Dan Walsh <dwalsh at redhat.com> 2.0.16-13
- More changes to gui
More information about the fedora-extras-commits
mailing list