rpms/policycoreutils/devel .cvsignore, 1.160, 1.161 policycoreutils-gui.patch, 1.33, 1.34 policycoreutils-rhat.patch, 1.322, 1.323 policycoreutils.spec, 1.449, 1.450 sources, 1.165, 1.166
Daniel J Walsh (dwalsh)
fedora-extras-commits at redhat.com
Wed Sep 19 02:30:19 UTC 2007
- Previous message (by thread): rpms/kflickr/devel .cvsignore, 1.2, 1.3 kflickr.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/slingshot/FC-6 slingshot, NONE, 1.1 slingshot-font-path.patch, NONE, 1.1 slingshot.desktop, NONE, 1.1 slingshot.spec, NONE, 1.1 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14595
Modified Files:
.cvsignore policycoreutils-gui.patch
policycoreutils-rhat.patch policycoreutils.spec sources
Log Message:
* Tue Sep 18 2007 Dan Walsh <dwalsh at redhat.com> 2.0.26-1
- Update to upstream
* Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.160
retrieving revision 1.161
diff -u -r1.160 -r1.161
--- .cvsignore 13 Sep 2007 12:32:16 -0000 1.160
+++ .cvsignore 19 Sep 2007 02:29:47 -0000 1.161
@@ -158,3 +158,4 @@
policycoreutils-2.0.25.tgz
sepolgen-1.0.9.tgz
sepolgen-1.0.10.tgz
+policycoreutils-2.0.26.tgz
policycoreutils-gui.patch:
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- policycoreutils-gui.patch 14 Sep 2007 14:41:51 -0000 1.33
+++ policycoreutils-gui.patch 19 Sep 2007 02:29:47 -0000 1.34
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.25/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.26/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/booleansPage.py 2007-09-11 15:02:03.000000000 -0400
++++ policycoreutils-2.0.26/gui/booleansPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,226 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -228,9 +228,9 @@
+
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
+ commands.getstatusoutput(setsebool)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.25/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.26/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/fcontextPage.py 2007-09-11 15:02:05.000000000 -0400
++++ policycoreutils-2.0.26/gui/fcontextPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,209 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -441,9 +441,9 @@
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.25/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.26/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/loginsPage.py 2007-09-11 15:02:07.000000000 -0400
++++ policycoreutils-2.0.26/gui/loginsPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,179 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -624,9 +624,9 @@
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.25/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.26/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/Makefile 2007-08-28 09:22:17.000000000 -0400
++++ policycoreutils-2.0.26/gui/Makefile 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,34 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -662,9 +662,9 @@
+indent:
+
+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.25/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.26/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/mappingsPage.py 2007-09-11 15:02:09.000000000 -0400
++++ policycoreutils-2.0.26/gui/mappingsPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -722,9 +722,9 @@
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.25/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.26/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/modulesPage.py 2007-09-11 15:02:11.000000000 -0400
++++ policycoreutils-2.0.26/gui/modulesPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,181 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -907,9 +907,9 @@
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.26/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.glade 2007-09-10 15:42:48.000000000 -0400
++++ policycoreutils-2.0.26/gui/polgen.glade 2007-09-18 20:15:07.000000000 -0400
@@ -0,0 +1,2386 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1074,7 +1074,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="select_type_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Select application or user role to be confined.</property>
++ <property name="title" translatable="yes">Select type of the application/user to be confined</property>
+ <signal name="next" handler="on_select_type_page_next" last_modification_time="Sat, 04 Aug 2007 11:39:15 GMT"/>
+
+ <child internal-child="vbox">
@@ -1395,7 +1395,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="app_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Name of application to be confined</property>
++ <property name="title" translatable="yes">Enter name of application/user to be confined</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox5">
@@ -1644,7 +1644,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="transition_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Select additional user domain(s) for transition</property>
++ <property name="title" translatable="yes">Select additional domains to which this user will transition</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
@@ -1718,7 +1718,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="admin_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Select the domain(s) that this user will administer</property>
++ <property name="title" translatable="yes">Select additional domains that this user will administer</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
@@ -1792,7 +1792,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="roles_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Select the roles(s) that this user will be able to become</property>
++ <property name="title" translatable="yes">Select additioanl roles for this user</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
@@ -1866,7 +1866,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="in_net_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Incoming Network Port Connections</property>
++ <property name="title" translatable="yes">Enter network ports that application/user listens to</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox6">
@@ -2007,7 +2007,7 @@
+ <child>
+ <widget class="GtkEntry" id="in_tcp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that this application binds to. </property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user binds to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2139,7 +2139,7 @@
+ <child>
+ <widget class="GtkCheckButton" id="in_udp_unreserved_checkbutton">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Allows application/user to bind to any udp ports > 1024</property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user binds to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Unreserved Ports (>1024)</property>
+ <property name="use_underline">True</property>
@@ -2197,7 +2197,7 @@
+ <child>
+ <widget class="GtkEntry" id="in_udp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that this application binds to. </property>
++ <property name="tooltip" translatable="yes">Allows application/user to bind to any udp ports > 1024</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2289,8 +2289,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="out_net_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Outgoing Network Port Connections</property>
-+
++ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that application/user connects to. </property>
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox7">
+ <property name="border_width">16</property>
@@ -2388,7 +2387,8 @@
+ <child>
+ <widget class="GtkEntry" id="out_tcp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports that this application/user connects to.</property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
++
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2520,7 +2520,7 @@
+ <child>
+ <widget class="GtkEntry" id="out_udp_entry">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports that this application/user connects to.</property>
++ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
@@ -2605,7 +2605,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="common_apps_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Common Application Traits</property>
++ <property name="title" translatable="yes">Select common application traits</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox8">
@@ -2737,7 +2737,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="files_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Files and Directories</property>
++ <property name="title" translatable="yes">Select files/directories that the application manages</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox9">
@@ -2992,7 +2992,7 @@
+ <child>
+ <widget class="GtkTreeView" id="write_treeview">
+ <property name="visible">True</property>
-+ <property name="tooltip" translatable="yes">Add Files/Directories that this application will need to "Write" to. Pid Files, Log Files, /var/lib Files ...</property>
++ <property name="tooltip" translatable="yes">Add Files/Directories that application will need to "Write" to. Pid Files, Log Files, /var/lib Files ...</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
@@ -3067,7 +3067,7 @@
+ <child>
+ <widget class="GnomeDruidPageStandard" id="gen_policy_page">
+ <property name="visible">True</property>
-+ <property name="title" translatable="yes">Generate policy in this directory</property>
++ <property name="title" translatable="yes">Select directory to generate policy in</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox10">
@@ -3297,10 +3297,10 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.26/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgengui.py 2007-09-11 15:02:14.000000000 -0400
-@@ -0,0 +1,452 @@
++++ policycoreutils-2.0.26/gui/polgengui.py 2007-09-18 20:09:54.000000000 -0400
+@@ -0,0 +1,476 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
@@ -3500,6 +3500,14 @@
+ if self.on_select_type_page_next():
+ return
+
++ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
++ if self.on_in_net_page_next():
++ return
++
++ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
++ if self.on_out_net_page_next():
++ return
++
+ if self.pages[type][self.current_page] == self.APP_PAGE:
+ if self.on_name_page_next():
+ return
@@ -3721,6 +3729,22 @@
+ return
+ self.output_entry.set_text(self.file_dialog.get_filename())
+
++ def on_in_net_page_next(self, *args):
++ try:
++ polgen.verify_ports(self.in_tcp_entry.get_text())
++ polgen.verify_ports(self.in_udp_entry.get_text())
++ except ValueError, e:
++ self.error(e.message)
++ return True
++
++ def on_out_net_page_next(self, *args):
++ try:
++ polgen.verify_ports(self.out_tcp_entry.get_text())
++ polgen.verify_ports(self.out_udp_entry.get_text())
++ except ValueError, e:
++ self.error(e.message)
++ return True
++
+ def on_select_type_page_next(self, *args):
+ self.exec_entry.set_sensitive(self.confine_application())
+ self.exec_button.set_sensitive(self.confine_application())
@@ -3753,10 +3777,10 @@
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.26/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/polgen.py 2007-09-10 15:43:04.000000000 -0400
-@@ -0,0 +1,727 @@
++++ policycoreutils-2.0.26/gui/polgen.py 2007-09-18 20:10:02.000000000 -0400
+@@ -0,0 +1,740 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -3842,6 +3866,34 @@
+APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
+USERS = [ XUSER, TUSER, RUSER ]
+
++def verify_ports(ports):
++ if ports == "":
++ return []
++ max_port=2**16
++ try:
++ temp = []
++ for a in ports.split(","):
++ r = a.split("-")
++ if len(r) > 2:
++ raise ValueError
++ if len(r) == 1:
++ begin = int (r[0])
++ end = int (r[0])
++ else:
++ begin = int (r[0])
++ end = int (r[1]) + 1
++
++ if begin > end:
++ raise ValueError
++
++ for p in range(begin, end):
++ if p < 1 or p > max_port:
++ raise ValueError
++ temp.append(p)
++ return temp
++ except ValueError:
++ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
++
+class policy:
+
+ def __init__(self, name, type):
@@ -3925,21 +3977,6 @@
+ return self.dict[begin,end]
+ return None
+
-+ def __verify_ports(self, ports):
-+ if ports == "":
-+ return []
-+ max_port=2**16
-+ try:
-+ temp = []
-+ for p in ports.split(","):
-+ i = int(p.strip())
-+ if i < 1 or i > max_port:
-+ raise ValueError()
-+ temp.append(i)
-+ return temp
-+ except ValueError:
-+ raise ValueError(_("Ports must be be numbers from 1 to %d " % max_port ))
-+
+ def set_program(self, program):
+ if self.type not in APPLICATIONS:
+ raise ValueError(_("USER Types are not allowed executables"))
@@ -3953,16 +3990,16 @@
+ self.initscript = initscript
+
+ def set_in_tcp(self, all, reserved, unreserved, ports):
-+ self.in_tcp = [ all, reserved, unreserved, self.__verify_ports(ports)]
++ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
+
+ def set_in_udp(self, all, reserved, unreserved, ports):
-+ self.in_udp = [ all, reserved, unreserved, self.__verify_ports(ports)]
++ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
+
+ def set_out_tcp(self, all, ports):
-+ self.out_tcp = [ all , False, False, self.__verify_ports(ports) ]
++ self.out_tcp = [ all , False, False, verify_ports(ports) ]
+
+ def set_out_udp(self, all, ports):
-+ self.out_udp = [ all , False, False, self.__verify_ports(ports) ]
++ self.out_udp = [ all , False, False, verify_ports(ports) ]
+
+ def set_use_syslog(self, val):
+ if val != True and val != False:
@@ -4411,7 +4448,7 @@
+if __name__ == '__main__':
+ mypolicy = policy("mycgi", CGI)
+ mypolicy.set_program("/var/www/cgi-bin/cgi")
-+ mypolicy.set_in_tcp(1, 0, 0, "513")
++ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
+ mypolicy.set_in_udp(1, 0, 0, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(False)
@@ -4484,9 +4521,9 @@
+ sys.exit(0)
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.25/gui/portsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.26/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/portsPage.py 2007-09-11 15:02:16.000000000 -0400
++++ policycoreutils-2.0.26/gui/portsPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,247 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -4735,9 +4772,9 @@
+ self.store.set_value(iter, MLS_COL, mls)
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.25/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.26/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/selinux.tbl 2007-08-28 09:22:17.000000000 -0400
++++ policycoreutils-2.0.26/gui/selinux.tbl 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,296 @@
+allow_console_login _("Login") _("Allow direct login to the console device. Requiered for System 390")
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
@@ -5035,9 +5072,9 @@
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivledged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivledged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.25/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.26/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/semanagePage.py 2007-09-11 15:02:18.000000000 -0400
++++ policycoreutils-2.0.26/gui/semanagePage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,136 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5175,9 +5212,9 @@
+ self.dialog.hide()
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.25/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.26/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/statusPage.py 2007-09-11 15:02:21.000000000 -0400
++++ policycoreutils-2.0.26/gui/statusPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,219 @@
+## statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@@ -5398,9 +5435,9 @@
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.25/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.26/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/system-config-selinux.glade 2007-08-28 09:22:17.000000000 -0400
++++ policycoreutils-2.0.26/gui/system-config-selinux.glade 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,3326 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -8728,9 +8765,9 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.25/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.26/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/system-config-selinux.py 2007-09-11 15:02:23.000000000 -0400
++++ policycoreutils-2.0.26/gui/system-config-selinux.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,171 @@
+#!/usr/bin/python
+#
@@ -8903,9 +8940,9 @@
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.26/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/executable.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,278 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9185,9 +9222,9 @@
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.25/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.26/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/__init__.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/__init__.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -9207,9 +9244,9 @@
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.25/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.26/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/network.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/network.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -9291,9 +9328,9 @@
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.25/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.26/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/rw.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/rw.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9423,10 +9460,10 @@
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.26/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/script.py 2007-09-14 10:14:10.000000000 -0400
-@@ -0,0 +1,45 @@
++++ policycoreutils-2.0.26/gui/templates/script.py 2007-09-18 17:32:55.000000000 -0400
+@@ -0,0 +1,50 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -9452,6 +9489,11 @@
+########################### tmp Template File #############################
+compile="""
+#!/bin/sh
++if [ ! -f /usr/share/selinux/devel/Makefile ]; then
++echo 'selinux-policy-devel not installed, package required for building policy'
++echo '# yum install selinux-policy-devel'
++exit 1
++fi
+make -f /usr/share/selinux/devel/Makefile
+/usr/sbin/semodule -i PACKAGEFILENAME.pp
+
@@ -9472,9 +9514,9 @@
+users="""\
+/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.26/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/semodule.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9517,9 +9559,9 @@
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.25/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.26/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/tmp.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/tmp.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9618,9 +9660,9 @@
+ TEMPLATETYPE_manage_tmp($2)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.26/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/user.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/user.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,139 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9761,9 +9803,9 @@
+"""
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.26/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_lib.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/var_lib.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -9927,9 +9969,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.25/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.26/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_log.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/var_log.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,112 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10043,9 +10085,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.25/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.26/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_run.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/var_run.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,119 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10166,9 +10208,9 @@
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.25/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.26/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/templates/var_spool.py 2007-09-14 10:14:10.000000000 -0400
++++ policycoreutils-2.0.26/gui/templates/var_spool.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10301,9 +10343,9 @@
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.25/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.26/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/translationsPage.py 2007-09-11 15:01:13.000000000 -0400
++++ policycoreutils-2.0.26/gui/translationsPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -10423,9 +10465,9 @@
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.25/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.26/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.25/gui/usersPage.py 2007-09-11 15:01:08.000000000 -0400
++++ policycoreutils-2.0.26/gui/usersPage.py 2007-09-18 16:40:57.000000000 -0400
@@ -0,0 +1,172 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
policycoreutils-rhat.patch:
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.322
retrieving revision 1.323
diff -u -r1.322 -r1.323
--- policycoreutils-rhat.patch 23 Aug 2007 21:00:38 -0000 1.322
+++ policycoreutils-rhat.patch 19 Sep 2007 02:29:47 -0000 1.323
@@ -1,15 +1,15 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.23/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.9 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.25/Makefile
--- nsapolicycoreutils/Makefile 2007-07-16 14:20:43.000000000 -0400
-+++ policycoreutils-2.0.23/Makefile 2007-08-22 16:29:22.000000000 -0400
++++ policycoreutils-2.0.25/Makefile 2007-08-28 09:22:16.000000000 -0400
@@ -1,4 +1,4 @@
-SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS=setfiles semanage load_policy newrole run_init restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
all install relabel clean indent:
@for subdir in $(SUBDIRS); do \
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.23/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.9 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.25/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.23/restorecond/restorecond.c 2007-08-22 16:29:22.000000000 -0400
++++ policycoreutils-2.0.25/restorecond/restorecond.c 2007-08-28 09:22:16.000000000 -0400
@@ -210,9 +210,10 @@
}
@@ -36,526 +36,9 @@
}
free(scontext);
close(fd);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon policycoreutils-2.0.23/scripts/genhomedircon
---- nsapolicycoreutils/scripts/genhomedircon 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.23/scripts/genhomedircon 2007-08-23 10:08:04.000000000 -0400
-@@ -0,0 +1,404 @@
-+#! /usr/bin/python -E
-+# Copyright (C) 2004 Tresys Technology, LLC
-+# see file 'COPYING' for use and warranty information
-+#
-+# genhomedircon - this script is used to generate file context
-+# configuration entries for user home directories based on their
-+# default prefixes and is run when building the policy. Specifically, we
-+# replace HOME_ROOT, HOME_DIR, and ROLE macros in .fc files with
-+# generic and user-specific values.
-+#
-+# Based off original script by Dan Walsh, <dwalsh at redhat.com>
-+#
-+# ASSUMPTIONS:
-+#
-+# The file CONTEXTDIR/files/homedir_template exists. This file is used to
-+# set up the home directory context for each real user.
-+#
-+# If a user is not listed in CONTEXTDIR/seusers, he will default to user_u, prefix user
-+#
-+# "Real" users (as opposed to system users) are those whose UID is greater than
-+# or equal STARTING_UID (usually 500) and whose login is not a member of
-+# EXCLUDE_LOGINS. Users who are explicitly defined in CONTEXTDIR/seusers
-+# are always "real" (including root, in the default configuration).
-+#
-+#
-+
-+import sys, os, pwd, string, getopt, re
-+from semanage import *;
-+import selinux
-+import gettext
-+gettext.install('policycoreutils')
-+
-+def grep(file, var):
-+ ret = ""
-+ fd = open(file, 'r')
-+
-+ for i in fd.readlines():
-+ if re.search(var, i, 0) != None:
-+ ret = i
-+ break
-+ fd.close()
-+ return ret
-+
-+def findval(file, var, delim = ""):
-+ val = ""
-+ try:
-+ fd = open(file, 'r')
-+ for i in fd.readlines():
-+ if i.startswith(var) == 1:
-+ if delim == "":
-+ val = i.split()[1]
-+ else:
-+ val = i.split(delim)[1]
-+ val = val.split("#")[0]
-+ val = val.strip()
-+ fd.close()
-+ except:
-+ val = ""
-+ return val
-+
-+def getStartingUID():
-+ starting_uid = sys.maxint
-+ uid_min = findval("/etc/login.defs", "UID_MIN")
-+ if uid_min != "":
-+ uid_min = uid_min.split("#")[0]
-+ uid_min = uid_min.strip()
-+ if int(uid_min) < starting_uid:
-+ starting_uid = int(uid_min)
-+
-+ uid_min = findval("/etc/libuser.conf", "LU_UIDNUMBER", "=")
-+ if uid_min != "":
-+ uid_min = uid_min.split("#")[0]
-+ uid_min = uid_min.strip()
-+ if int(uid_min) < starting_uid:
-+ starting_uid = int(uid_min)
-+
-+ if starting_uid == sys.maxint:
-+ starting_uid = 500
-+ return starting_uid
-+
-+def getDefaultHomeDir():
-+ ret = []
-+ homedir = findval("/etc/default/useradd", "HOME", "=")
-+ if homedir != "" and not homedir in ret:
-+ ret.append(homedir)
-+
-+ homedir = findval("/etc/libuser.conf", "LU_HOMEDIRECTORY", "=")
-+ if homedir != "" and not homedir in ret:
-+ ret.append(homedir)
-+
-+ if ret == []:
-+ ret.append("/home")
-+
-+ # Add /export/home if it exists
-+ # Some customers use this for automounted homedirs
-+ if os.path.exists("/export/home"):
-+ ret.append("/export/home")
-+
-+ return ret
-+
-+def getSELinuxType(directory):
-+ val = findval(directory+"/config", "SELINUXTYPE", "=")
-+ if val != "":
-+ return val
-+ return "targeted"
-+
-+def usage(rc=0, error = ""):
-+ if error != "":
-+ sys.stderr.write("%s\n" % error)
-+ rc = 1
-+ sys.stderr.write("Usage: %s [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ]\n" % sys.argv[0])
-+ sys.stderr.flush()
-+ sys.exit(rc)
-+
-+def warning(warning = ""):
-+ sys.stderr.write("%s\n" % warning)
-+ sys.stderr.flush()
-+
-+def errorExit(error):
-+ sys.stderr.write("%s exiting for: " % sys.argv[0])
-+ sys.stderr.write("%s\n" % error)
-+ sys.stderr.flush()
-+ sys.exit(1)
-+
-+class selinuxConfig:
-+ def __init__(self, selinuxdir = "/etc/selinux", type = "targeted", usepwd = 1):
-+ self.semanageHandle = semanage_handle_create()
-+ self.semanaged = semanage_is_managed(self.semanageHandle)
-+ if self.semanaged:
-+ rc = semanage_connect(self.semanageHandle)
-+ if rc:
-+ errorExit("Unable to connect to semanage")
-+ (status, self.ulist) = semanage_user_list(self.semanageHandle)
-+ self.type = type
-+ self.selinuxdir = selinuxdir +"/"
-+ self.contextdir = "/contexts"
-+ self.filecontextdir = self.contextdir+"/files"
-+ self.usepwd = usepwd
-+ self.default_user = "user_u"
-+ self.default_prefix = "user"
-+ self.users = self.getUsers()
-+ fd = open(self.getFileContextFile())
-+ self.fclines=[]
-+ for i in fd.readlines():
-+ try:
-+ regex = i.split()[0]
-+ #match a trailing .+
-+ regex = re.sub("\.+$", "", regex)
-+ regex = re.sub("\.\*$", "", regex)
-+ regex = re.sub("\(\/\.\*\)\?", "", regex)
-+ regex = regex + "/*$"
-+ self.fclines.append(re.compile(regex))
-+ except:
-+ continue
-+
-+ fd.close()
-+
-+ def getFileContextDir(self):
-+ return self.selinuxdir+self.type+self.filecontextdir
-+
-+ def getFileContextFile(self):
-+ return self.getFileContextDir()+"/file_contexts"
-+
-+ def getContextDir(self):
-+ return self.selinuxdir+self.type+self.contextdir
-+
-+ def getHomeDirTemplate(self):
-+ return self.getFileContextDir()+"/homedir_template"
-+
-+ def getHomeRootContext(self, homedir):
-+ ret = ""
-+ fd = open(self.getHomeDirTemplate(), 'r')
-+
-+ for i in fd.readlines():
-+ if i.find("HOME_ROOT") == 0:
-+ i = i.replace("HOME_ROOT", homedir)
-+ ret += i
-+ fd.close()
-+ if ret == "":
-+ errorExit("No Home Root Context Found")
-+ return ret
-+
-+ def heading(self):
-+ ret = "\n#\n#\n# User-specific file contexts, generated via %s\n" % sys.argv[0]
-+ if self.semanaged:
-+ ret += "# use semanage command to manage system users in order to change the file_context\n#\n#\n"
-+ else:
-+ ret += "# edit %s to change file_context\n#\n#\n" % (self.selinuxdir+self.type+"/seusers")
-+ return ret
-+
-+ def get_default_prefix(self, name):
-+ for user in self.ulist:
-+ if semanage_user_get_name(user) == name:
-+ return semanage_user_get_prefix(user)
-+ return name
-+
-+ def get_old_prefix(self, user):
-+ rc = grep(self.selinuxdir+self.type+"/users/system.users", "^user %s" % user)
-+ if rc == "":
-+ rc = grep(self.selinuxdir+self.type+"/users/local.users", "^user %s" % user)
-+ if rc != "":
-+ user = rc.split()
-+ prefix = user[3]
-+ if prefix == "{":
-+ prefix = user[4]
-+ if len(prefix) > 2 and (prefix[-2:] == "_r" or prefix[-2:] == "_u"):
-+ prefix = prefix[:-2]
-+ return prefix
-+
-+ def adduser(self, udict, user, seuser, prefix):
-+ if seuser == self.default_user or user == "__default__" or user == "system_u":
-+ return
-+ # !!! chooses first prefix in the list to use in the file context !!!
-+ try:
-+ home = pwd.getpwnam(user)[5]
-+ if home == "/":
-+ # Probably install so hard code to /root
-+ if user == "root":
-+ home = "/root"
-+ else:
-+ return
-+ except KeyError:
-+ if user == "root":
-+ home = "/root"
-+ else:
-+ sys.stderr.write("The user \"%s\" is not present in the passwd file, skipping...\n" % user)
-+ return
-+ prefs = {}
-+ prefs["seuser"] = seuser
-+ prefs["prefix"] = prefix
-+ prefs["home"] = home
-+ udict[user] = prefs
-+
-+ def setDefaultUser(self, user, prefix):
-+ self.default_user = user
-+ self.default_prefix = prefix
-+
-+ def getUsers(self):
-+ udict = {}
-+ if self.semanaged:
-+ (status, list) = semanage_seuser_list(self.semanageHandle)
-+ for seuser in list:
-+ user = []
-+ seusername = semanage_seuser_get_sename(seuser)
-+ prefix = self.get_default_prefix(seusername)
-+ if semanage_seuser_get_name(seuser) == "__default__":
-+ self.setDefaultUser(seusername, prefix)
-+
-+ self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
-+
-+ else:
-+ try:
-+ fd = open(self.selinuxdir+self.type+"/seusers")
-+ for u in fd.readlines():
-+ u = u.strip()
-+ if len(u) == 0 or u[0] == "#":
-+ continue
-+ user = u.split(":")
-+ if len(user) < 2:
-+ continue
-+
-+ prefix = self.get_old_prefix(user[1])
-+ self.adduser(udict, user[0], user[1], prefix)
-+ fd.close()
-+ except IOError, error:
-+ # Must be install so force add of root
-+ self.adduser(udict, "root", "root", "root")
-+
-+ return udict
-+
-+ def getHomeDirContext(self, user, seuser, home, prefix):
-+ ret = "\n\n#\n# Home Context for user %s\n#\n\n" % user
-+ fd = open(self.getHomeDirTemplate(), 'r')
-+ for i in fd.readlines():
-+ if i.startswith("HOME_DIR") == 1:
-+ i = i.replace("HOME_DIR", home)
-+ i = i.replace("ROLE", prefix)
-+ i = i.replace("system_u", seuser)
-+ # Validate if the generated context exists. Some user types may not exist
-+ scon = i.split()[-1]
-+ if selinux.is_selinux_enabled() < 1 or selinux.security_check_context(scon) == 0:
-+ ret = ret+i
-+ fd.close()
-+ return ret
-+
-+ def getUserContext(self, user, sel_user, prefix):
-+ ret = ""
-+ fd = open(self.getHomeDirTemplate(), 'r')
-+ for i in fd.readlines():
-+ if i.find("USER") > 0:
-+ i = i.replace("USER", user)
-+ i = i.replace("ROLE", prefix)
-+ i = i.replace("system_u", sel_user)
-+ ret = ret+i
-+ fd.close()
-+ return ret
-+
-+ def genHomeDirContext(self):
-+ ret = ""
-+ # Fill in HOME and prefix for users that are defined
-+ for u in self.users.keys():
-+ ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
-+ ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
-+ return ret+"\n"
-+
-+ def checkExists(self, home):
-+ for i in self.fclines:
-+ try:
-+ if i.match(home):
-+ return 1
-+ except:
-+ continue
-+ return 0
-+
-+ def getHomeDirs(self):
-+ homedirs = getDefaultHomeDir()
-+ starting_uid = getStartingUID()
-+ if self.usepwd == 0:
-+ return homedirs
-+ ulist = pwd.getpwall()
-+ for u in ulist:
-+ if u[2] >= starting_uid and \
-+ u[6] in VALID_SHELLS and \
-+ u[5] != "/" and \
-+ string.count(u[5], "/") > 1:
-+ homedir = u[5][:string.rfind(u[5], "/")]
-+ if not homedir in homedirs:
-+ if self.checkExists(homedir) == 1:
-+ warning("%s homedir %s or its parent directory conflicts with a\ndefined context in %s,\n%s will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin." % (u[0], u[5], self.getFileContextFile(), sys.argv[0]))
-+ else:
-+ homedirs.append(homedir)
-+
-+ homedirs.sort()
-+ return homedirs
-+
-+ def genoutput(self):
-+ ret = self.heading()
-+ for h in self.getHomeDirs():
-+ ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
-+ ret += self.getHomeRootContext(h)
-+ ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
-+ ret += self.genHomeDirContext()
-+ return ret
-+
-+ def printout(self):
-+ print self.genoutput()
-+
-+ def write(self):
-+ fd = open(self.getFileContextDir()+"/file_contexts.homedirs", "w")
-+ fd.write(self.genoutput())
-+ fd.close()
-+
-+if os.getuid() > 0 or os.geteuid() > 0:
-+ print _("You must be root to run %s.") % sys.argv[0]
-+ sys.exit(1)
-+
-+try:
-+ fd = open("/etc/shells", 'r')
-+ VALID_SHELLS = fd.read().split("\n")
-+ fd.close()
-+ if "/sbin/nologin" in VALID_SHELLS:
-+ VALID_SHELLS.remove("/sbin/nologin")
-+ if "" in VALID_SHELLS:
-+ VALID_SHELLS.remove("")
-+except:
-+ VALID_SHELLS = ['/bin/sh', '/bin/bash', '/bin/ash', '/bin/bsh', '/bin/ksh', '/usr/bin/ksh', '/usr/bin/pdksh', '/bin/tcsh', '/bin/csh', '/bin/zsh']
-+
-+#
-+# This script will generate home dir file context
-+# based off the homedir_template file, entries in the password file, and
-+#
-+try:
-+ usepwd = 1
-+ directory = "/etc/selinux"
-+ type = None
-+ gopts, cmds = getopt.getopt(sys.argv[1:], 'hnd:t:', ['help',
-+ 'type=',
-+ 'nopasswd',
-+ 'dir='])
-+ for o,a in gopts:
-+ if o == '--type' or o == "-t":
-+ type = a
-+ if o == '--nopasswd' or o == "-n":
-+ usepwd = 0
-+ if o == '--dir' or o == "-d":
-+ directory = a
-+ if o == '--help' or o == "-h":
-+ usage()
-+except getopt.error, error:
-+ errorExit(_("Options Error %s ") % error)
-+
-+if type == None:
-+ type = getSELinuxType(directory)
-+
-+if len(cmds) != 0:
-+ usage(1)
-+
-+selconf = selinuxConfig(directory, type, usepwd)
-+try:
-+ selconf.write()
-+except IOError, error:
-+ sys.stderr.write("%s: %s\n" % ( sys.argv[0], error ))
-+ sys.exit(1)
-+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.23/scripts/genhomedircon.8
---- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.23/scripts/genhomedircon.8 2007-08-20 19:16:35.000000000 -0400
-@@ -0,0 +1,82 @@
-+.\" Hey, Emacs! This is an -*- nroff -*- source file.
-+.\" Copyright (c) 2005 Manoj Srivastava <srivasta at debian.org>
-+.\"
-+.\" This is free documentation; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License as
-+.\" published by the Free Software Foundation; either version 2 of
-+.\" the License, or (at your option) any later version.
-+.\"
-+.\" The GNU General Public License's references to "object code"
-+.\" and "executables" are to be interpreted as the output of any
-+.\" document formatting or typesetting system, including
-+.\" intermediate and printed output.
-+.\"
-+.\" This manual is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public
-+.\" License along with this manual; if not, write to the Free
-+.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139,
-+.\" USA.
-+.\"
-+.\"
-+.TH GENHOMEDIRCON "8" "January 2005" "Security Enhanced Linux" ""
-+.SH NAME
-+genhomedircon \- generate SELinux file context configuration entries for user home directories
-+.SH SYNOPSIS
-+.B genhomedircon [ -d selinuxdir ] [-n | --nopasswd] [-t selinuxtype ] [-h]
-+
-+.SH OPTIONS
-+.TP
-+.B "\-h"
-+Print a short usage message
-+.TP
-+.B "\-d selinuxdir (\-\-directory)"
-+Directory where selinux files are installed defaults to /etc/selinux
-+.TP
-+.B
-+\-n \-\-nopasswd
-+Indicates to the utility not to read homedirectories out of the password database.
-+.TP
-+\-t selinuxtype (\-\-type)
-+Indicates the selinux type of this install. Defaults to "targeted".
-+.SH DESCRIPTION
-+.PP
-+This utility is used to generate file context configuration entries for
-+user home directories based on their
-+.B prefix
-+entry in the the
-+.B semanage user record.
-+genhomedircon is run when building
-+the policy. It is also run automaticaly when ever the
-+.B semanage
-+utility modifies
-+.B user
-+or
-+.B login
-+records.
-+Specifically, we replace HOME_ROOT, HOME_DIR, and ROLE macros in the
-+.I /etc/selinux/<<SELINUXTYPE>>/contexts/files/homedir_template
-+file with generic and user-specific values. HOME_ROOT and HOME_DIR is replaced with each distinct location where login users homedirectories are located. Defaults to /home. ROLE is replaced based on the prefix entry in the
-+.B user
-+record.
-+.PP
-+genhomedircon searches through all password entires for all "login" user home directories, (as opposed
-+to system users). Login users are those whose UID is greater than or equal
-+.I STARTING_UID
-+(default 500) and whose login shell is not "/sbin/nologin", or
-+"/bin/false".
-+.PP
-+.SH AUTHOR
-+This manual page was originally written by
-+.I Manoj Srivastava <srivasta at debian.org>,
-+for the Debian GNU/Linux system, based on the comments and the code
-+in the utility, and then updated by Dan Walsh of Red Hat. The
-+.B genhomedircon
-+utility was originally written by
-+.I Dan Walsh of Red Hat
-+with some modifications by
-+.I Tresys Technology, LLC.
-+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.23/scripts/Makefile
---- nsapolicycoreutils/scripts/Makefile 2007-08-23 16:52:26.000000000 -0400
-+++ policycoreutils-2.0.23/scripts/Makefile 2007-08-20 19:16:35.000000000 -0400
-@@ -5,14 +5,18 @@
- MANDIR ?= $(PREFIX)/share/man
- LOCALEDIR ?= /usr/share/locale
-
--all: fixfiles
-+TARGETS=genhomedircon
-+
-+all: $(TARGETS) fixfiles
-
- install: all
- -mkdir -p $(BINDIR)
-+ install -m 755 $(TARGETS) $(SBINDIR)
- install -m 755 chcat $(BINDIR)
- install -m 755 fixfiles $(DESTDIR)/sbin
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
-+ install -m 644 genhomedircon.8 $(MANDIR)/man8/
- install -m 644 chcat.8 $(MANDIR)/man8/
-
- clean:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.23/semanage/seobject.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.9 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.25/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2007-07-16 14:20:41.000000000 -0400
-+++ policycoreutils-2.0.23/semanage/seobject.py 2007-08-22 16:29:22.000000000 -0400
++++ policycoreutils-2.0.25/semanage/seobject.py 2007-08-28 09:22:17.000000000 -0400
@@ -210,6 +210,7 @@
os.write(fd, self.out())
os.close(fd)
@@ -713,9 +196,9 @@
return ddict
-diff --exclude-from=exclude --exclude=sepolgen-1.0.8 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.23/semodule/semodule.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.9 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.25/semodule/semodule.8
--- nsapolicycoreutils/semodule/semodule.8 2007-07-16 14:20:42.000000000 -0400
-+++ policycoreutils-2.0.23/semodule/semodule.8 2007-08-23 10:18:35.000000000 -0400
++++ policycoreutils-2.0.25/semodule/semodule.8 2007-08-28 09:22:17.000000000 -0400
@@ -23,6 +23,9 @@
.B \-B, \-\-build
force a rebuild of policy (also reloads unless -n is used)
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.449
retrieving revision 1.450
diff -u -r1.449 -r1.450
--- policycoreutils.spec 14 Sep 2007 14:41:51 -0000 1.449
+++ policycoreutils.spec 19 Sep 2007 02:29:47 -0000 1.450
@@ -1,12 +1,12 @@
%define libauditver 1.4.2-1
-%define libsepolver 2.0.9-1
+%define libsepolver 2.0.10-1
%define libsemanagever 2.0.5-1
-%define libselinuxver 2.0.23-3
+%define libselinuxver 2.0.34-1
%define sepolgenver 1.0.10
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.25
-Release: 14%{?dist}
+Version: 2.0.26
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -107,6 +107,7 @@
Requires: usermode, rhpl
Requires: python >= 2.4
BuildRequires: desktop-file-utils
+Requires: selinux-policy
%description gui
system-config-selinux is a utility for managing the SELinux environment
@@ -138,7 +139,6 @@
%{_sbindir}/semodule
%{_sbindir}/semanage
%{_sbindir}/load_policy
-%{_sbindir}/genhomedircon
%{_sbindir}/sestatus
%{_sbindir}/run_init
%{_sbindir}/open_init_pty
@@ -165,7 +165,6 @@
%{_mandir}/man8/fixfiles.8.gz
%{_mandir}/man8/load_policy.8.gz
%{_mandir}/man8/audit2why.8.gz
-%{_mandir}/man8/genhomedircon.8.gz
%{_mandir}/man8/open_init_pty.8.gz
%{_mandir}/man8/setsebool.8.gz
%{_mandir}/man8/run_init.8.gz
@@ -200,6 +199,13 @@
fi
%changelog
+* Tue Sep 18 2007 Dan Walsh <dwalsh at redhat.com> 2.0.26-1
+- Update to upstream
+ * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
+
+* Tue Sep 18 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-15
+- Fix wording in policy generation tool
+
* Fri Sep 14 2007 Dan Walsh <dwalsh at redhat.com> 2.0.25-14
- Fix calls to _admin interfaces
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/devel/sources,v
retrieving revision 1.165
retrieving revision 1.166
diff -u -r1.165 -r1.166
--- sources 13 Sep 2007 12:32:16 -0000 1.165
+++ sources 19 Sep 2007 02:29:47 -0000 1.166
@@ -1,2 +1,2 @@
-43c5df63e94b6e35d1f830b5b7ee6cfc policycoreutils-2.0.25.tgz
eddb3e34fb982d752aa8cbed7b98f3d2 sepolgen-1.0.10.tgz
+109975b307c6992ff721ba644b4fb718 policycoreutils-2.0.26.tgz
- Previous message (by thread): rpms/kflickr/devel .cvsignore, 1.2, 1.3 kflickr.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/slingshot/FC-6 slingshot, NONE, 1.1 slingshot-font-path.patch, NONE, 1.1 slingshot.desktop, NONE, 1.1 slingshot.spec, NONE, 1.1 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list