rpms/policycoreutils/devel policycoreutils-rhat.patch, 1.464, 1.465 policycoreutils.spec, 1.675, 1.676
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Jan 27 21:52:30 UTC 2010
Author: dwalsh
Update of /cvs/pkgs/rpms/policycoreutils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv26272
Modified Files:
policycoreutils-rhat.patch policycoreutils.spec
Log Message:
* Wed Jan 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-14
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 64 -
audit2allow/audit2allow.1 | 3
restorecond/Makefile | 24
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +---------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 +++++
restorecond/watch.c | 260 ++++++
sandbox/.sandboxSKnKBc/.esd_auth | 1
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml | 24
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml | 8
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml | 6
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml | 23
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml | 6
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml | 4
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml | 8
sandbox/.sandboxSKnKBc/.xmodmap | 248 +++++
sandbox/Makefile | 31
sandbox/deliverables/README | 32
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 +
sandbox/deliverables/sandbox | 216 +++++
sandbox/sandbox | 357 ++++++++
sandbox/sandbox.8 | 50 +
sandbox/sandboxX.sh | 14
sandbox/seunshare |binary
sandbox/seunshare.c | 265 ++++++
sandbox/seunshare.o |binary
semanage/semanage | 124 ++
semanage/semanage.8 | 10
semanage/seobject.py | 397 +++++++--
semodule/semodule.8 | 6
semodule/semodule.c | 53 +
setfiles/restore.c | 73 +
setfiles/restore.h | 3
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 73 -
44 files changed, 2589 insertions(+), 583 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.464
retrieving revision 1.465
diff -u -p -r1.464 -r1.465
--- policycoreutils-rhat.patch 19 Jan 2010 17:25:36 -0000 1.464
+++ policycoreutils-rhat.patch 27 Jan 2010 21:52:27 -0000 1.465
@@ -148,6 +148,19 @@ diff --exclude-from=exclude --exclude=se
+ audit2why.init()
app = AuditToPolicy()
app.main()
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.78/audit2allow/audit2allow.1
+--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-02-18 16:44:47.000000000 -0500
++++ policycoreutils-2.0.78/audit2allow/audit2allow.1 2010-01-25 15:55:32.000000000 -0500
+@@ -44,6 +44,9 @@
+ Note that all audit messages are not available via dmesg when
+ auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
+ .TP
++.B "\-D" | "\-\-dontaudit"
++Generate dontaudit rules rather then allow rules
++.TP
+ .B "\-h" | "\-\-help"
+ Print a short usage message
+ .TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.78/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.78/Makefile 2009-12-08 17:05:49.000000000 -0500
@@ -1700,8 +1713,8 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.78/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-19 11:58:50.000000000 -0500
-@@ -0,0 +1,323 @@
++++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-27 16:39:26.000000000 -0500
+@@ -0,0 +1,357 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh at redhat.com>
+# Authors: Josh Cogliati
@@ -1727,6 +1740,7 @@ diff --exclude-from=exclude --exclude=se
+import selinux
+import signal
+from tempfile import mkdtemp
++import pwd
+
+PROGNAME = "policycoreutils"
+
@@ -1823,7 +1837,6 @@ diff --exclude-from=exclude --exclude=se
+ X_FILES[file] = (dest, os.path.getmtime(dest))
+
+def copyfiles(newhomedir, newtmpdir, files):
-+ import pwd
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
+ for f in files:
+ copyfile(f,homedir, newhomedir)
@@ -1850,6 +1863,29 @@ diff --exclude-from=exclude --exclude=se
+ if(copy):
+ shutil.copy2(new,orig)
+
++def setup_executable(execfile, command):
++ fd = open(execfile, "w+")
++ fd.write("""
++#! /bin/sh
++/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
++/usr/bin/matchbox-window-manager -use_titlebar no &
++WM_PID=$!
++%s
++kill -TERM $WM_PID 2> /dev/null
++""" % command)
++ fd.close()
++ os.chmod(execfile, 0700)
++
++def setup_session(execfile, command="/etc/gdm/Xsession"):
++ fd = open(execfile, "w+")
++ fd.write("""
++#!/bin/sh
++/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
++%s
++""" % command)
++ fd.close()
++ os.chmod(execfile, 0700)
++
+if __name__ == '__main__':
+ setup_sighandlers()
+ if selinux.is_selinux_enabled() != 1:
@@ -1859,7 +1895,7 @@ diff --exclude-from=exclude --exclude=se
+
+ def usage(message = ""):
+ text = _("""
-+sandbox [-h] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
++sandbox [-h] [-[X|M] [-S] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
+""")
+ error_exit("%s\n%s" % (message, text))
+
@@ -1871,8 +1907,9 @@ diff --exclude-from=exclude --exclude=se
+ newtmpdir = None
+ existing_home = False
+ existing_temp = False
++ session = False
+ try:
-+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:ht:XI:MH:T:",
++ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:hSt:XI:MH:T:",
+ ["help",
+ "include=",
+ "includefile=",
@@ -1880,6 +1917,7 @@ diff --exclude-from=exclude --exclude=se
+ "mount",
+ "homedir=",
+ "tmpdir=",
++ "session",
+ "level="
+ ])
+ for o, a in gopts:
@@ -1920,6 +1958,11 @@ diff --exclude-from=exclude --exclude=se
+ newtempdir = a
+ if o == "-h" or o == "--help":
+ usage(_("Usage"));
++
++ if o == "-S" or o == "--session":
++ session = True
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++
+
+ if len(cmds) == 0:
+ usage(_("Command required"))
@@ -1946,23 +1989,29 @@ diff --exclude-from=exclude --exclude=se
+ if existing_home:
+ if not os.path.isdir(newhomedir):
+ raise IOError("Home directory "+newhomedir+" not found")
-+ if not level:
++ if not level and not session:
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newhomedir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ else:
+ newhomedir = mkdtemp(dir=".", prefix=".sandbox")
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
++ if session:
++ chcon = ("/usr/bin/chcon --reference %s %s" %( homedir, (newhomedir))).split()
++ else:
++ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
+ if existing_temp:
+ if not os.path.isdir(newtempdir):
+ raise IOError("Temp directory "+newtempdir+" not found")
-+ if not level:
++ if not level and not session:
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ else:
+ newtmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
++ if session:
++ chcon = ("/usr/bin/chcon --reference /tmp %s" % (newtmpdir)).split()
++ else:
++ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
+ warnings.resetwarnings()
@@ -1982,12 +2031,11 @@ diff --exclude-from=exclude --exclude=se
+ xd.close()
+
+ execfile = newhomedir + "/.sandboxrc"
-+ fd = open(execfile, "w+")
-+ fd.write("""#! /bin/sh
-+%s
-+""" % " ".join(paths))
-+ fd.close()
-+ os.chmod(execfile, 0700)
++ if session:
++ setup_session(execfile, " ".join(paths))
++ else:
++ setup_executable(execfile, " ".join(paths))
++
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
+ else:
@@ -2019,12 +2067,11 @@ diff --exclude-from=exclude --exclude=se
+ except KeyError, error:
+ error_exit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
-+ error_exit(error.args[1])
++ error_exit(error.message)
+ except KeyboardInterrupt:
+ rc = 0
+
+ sys.exit(rc)
-+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.78/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/sandbox.8 2009-12-18 07:37:35.000000000 -0500
@@ -2079,29 +2126,390 @@ diff --exclude-from=exclude --exclude=se
+.TP
+runcon(1)
+.PP
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth 2010-01-25 17:24:41.000000000 -0500
+@@ -0,0 +1 @@
++ÊïhÊ~©òH||â#x
+\ No newline at end of file
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,24 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="hour_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/hour_format"/>
++ <entry name="temperature_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/temperature_unit"/>
++ <entry name="expand_locations" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_locations"/>
++ <entry name="unix_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/unix_time"/>
++ <entry name="show_temperature" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_temperature"/>
++ <entry name="format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/format"/>
++ <entry name="config_tool" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/config_tool"/>
++ <entry name="expand_birthdays" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_birthdays"/>
++ <entry name="show_date" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_date"/>
++ <entry name="expand_appointments" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_appointments"/>
++ <entry name="speed_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/speed_unit"/>
++ <entry name="expand_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_weather"/>
++ <entry name="show_seconds" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_seconds"/>
++ <entry name="internet_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/internet_time"/>
++ <entry name="show_week_numbers" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_week_numbers"/>
++ <entry name="expand_tasks" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_tasks"/>
++ <entry name="show_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_weather"/>
++ <entry name="gmt_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/gmt_time"/>
++ <entry name="show_tooltip" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_tooltip"/>
++ <entry name="custom_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/custom_format"/>
++ <entry name="cities" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/cities"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,8 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="minimum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/minimum_size"/>
++ <entry name="move_unminimized_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/move_unminimized_windows"/>
++ <entry name="maximum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/maximum_size"/>
++ <entry name="group_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/group_windows"/>
++ <entry name="display_all_workspaces" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/display_all_workspaces"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,6 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="display_workspace_names" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_workspace_names"/>
++ <entry name="num_rows" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/num_rows"/>
++ <entry name="display_all_workspaces" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_all_workspaces"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 2010-01-25 17:24:41.000000000 -0500
+@@ -0,0 +1,23 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="mousekeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="stickykeys_two_key_off" mtime="1264458281" type="bool" value="true"/>
++ <entry name="mousekeys_max_speed" mtime="1264458281" type="int" value="750"/>
++ <entry name="timeout" mtime="1264458281" type="int" value="120"/>
++ <entry name="timeout_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="bouncekeys_beep_reject" mtime="1264458281" type="bool" value="true"/>
++ <entry name="mousekeys_accel_time" mtime="1264458281" type="int" value="1200"/>
++ <entry name="mousekeys_init_delay" mtime="1264458281" type="int" value="160"/>
++ <entry name="slowkeys_beep_reject" mtime="1264458281" type="bool" value="false"/>
++ <entry name="slowkeys_beep_accept" mtime="1264458281" type="bool" value="true"/>
++ <entry name="slowkeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="stickykeys_modifier_beep" mtime="1264458281" type="bool" value="true"/>
++ <entry name="bouncekeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="togglekeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="stickykeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="slowkeys_beep_press" mtime="1264458281" type="bool" value="true"/>
++ <entry name="bouncekeys_delay" mtime="1264458281" type="int" value="300"/>
++ <entry name="slowkeys_delay" mtime="1264458281" type="int" value="300"/>
++ <entry name="feature_state_change_beep" mtime="1264458281" type="bool" value="false"/>
++ <entry name="enable" mtime="1264458281" type="bool" value="false"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,6 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="gtk-im-module" mtime="1264458283" type="string">
++ <stringvalue>gtk-im-context-simple</stringvalue>
++ </entry>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,4 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="disable_xmm_and_xkb_warning" mtime="1264458288" type="bool" value="true"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 2010-01-25 17:24:41.000000000 -0500
+@@ -0,0 +1,8 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="known_file_list" mtime="1264458281" type="list" ltype="string">
++ <li type="string">
++ <stringvalue>.xmodmap</stringvalue>
++ </li>
++ </entry>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap 2010-01-25 17:24:30.000000000 -0500
+@@ -0,0 +1,248 @@
++keycode 8 =
++keycode 9 = Escape NoSymbol Escape
++keycode 10 = 1 exclam 1 exclam
++keycode 11 = 2 at 2 at
++keycode 12 = 3 numbersign 3 numbersign
++keycode 13 = 4 dollar 4 dollar
++keycode 14 = 5 percent 5 percent
++keycode 15 = 6 asciicircum 6 asciicircum
++keycode 16 = 7 ampersand 7 ampersand
++keycode 17 = 8 asterisk 8 asterisk
++keycode 18 = 9 parenleft 9 parenleft
++keycode 19 = 0 parenright 0 parenright
++keycode 20 = minus underscore minus underscore
++keycode 21 = equal plus equal plus
++keycode 22 = BackSpace NoSymbol BackSpace
++keycode 23 = Tab ISO_Left_Tab Tab ISO_Left_Tab
++keycode 24 = q Q q Q
++keycode 25 = w W w W
++keycode 26 = e E e E
++keycode 27 = r R r R
++keycode 28 = t T t T
++keycode 29 = y Y y Y
++keycode 30 = u U u U
++keycode 31 = i I i I
++keycode 32 = o O o O
++keycode 33 = p P p P
++keycode 34 = bracketleft braceleft bracketleft braceleft
++keycode 35 = bracketright braceright bracketright braceright
++keycode 36 = Return NoSymbol Return
++keycode 37 = Control_L NoSymbol Control_L
++keycode 38 = a A a A
++keycode 39 = s S s S
++keycode 40 = d D d D
++keycode 41 = f F f F
++keycode 42 = g G g G
++keycode 43 = h H h H
++keycode 44 = j J j J
++keycode 45 = k K k K
++keycode 46 = l L l L
++keycode 47 = semicolon colon semicolon colon
++keycode 48 = apostrophe quotedbl apostrophe quotedbl
++keycode 49 = grave asciitilde grave asciitilde
++keycode 50 = Shift_L NoSymbol Shift_L
++keycode 51 = backslash bar backslash bar
++keycode 52 = z Z z Z
++keycode 53 = x X x X
++keycode 54 = c C c C
++keycode 55 = v V v V
++keycode 56 = b B b B
++keycode 57 = n N n N
++keycode 58 = m M m M
++keycode 59 = comma less comma less
++keycode 60 = period greater period greater
++keycode 61 = slash question slash question
++keycode 62 = Shift_R NoSymbol Shift_R
++keycode 63 = KP_Multiply XF86_ClearGrab KP_Multiply XF86_ClearGrab
++keycode 64 = Alt_L Meta_L Alt_L Meta_L
++keycode 65 = space NoSymbol space
++keycode 66 = Caps_Lock NoSymbol Caps_Lock
++keycode 67 = F1 XF86_Switch_VT_1 F1 XF86_Switch_VT_1
++keycode 68 = F2 XF86_Switch_VT_2 F2 XF86_Switch_VT_2
++keycode 69 = F3 XF86_Switch_VT_3 F3 XF86_Switch_VT_3
++keycode 70 = F4 XF86_Switch_VT_4 F4 XF86_Switch_VT_4
++keycode 71 = F5 XF86_Switch_VT_5 F5 XF86_Switch_VT_5
++keycode 72 = F6 XF86_Switch_VT_6 F6 XF86_Switch_VT_6
++keycode 73 = F7 XF86_Switch_VT_7 F7 XF86_Switch_VT_7
++keycode 74 = F8 XF86_Switch_VT_8 F8 XF86_Switch_VT_8
++keycode 75 = F9 XF86_Switch_VT_9 F9 XF86_Switch_VT_9
++keycode 76 = F10 XF86_Switch_VT_10 F10 XF86_Switch_VT_10
++keycode 77 = Num_Lock Pointer_EnableKeys Num_Lock Pointer_EnableKeys
++keycode 78 = Scroll_Lock NoSymbol Scroll_Lock
++keycode 79 = KP_Home KP_7 KP_Home KP_7
++keycode 80 = KP_Up KP_8 KP_Up KP_8
++keycode 81 = KP_Prior KP_9 KP_Prior KP_9
++keycode 82 = KP_Subtract XF86_Prev_VMode KP_Subtract XF86_Prev_VMode
++keycode 83 = KP_Left KP_4 KP_Left KP_4
++keycode 84 = KP_Begin KP_5 KP_Begin KP_5
++keycode 85 = KP_Right KP_6 KP_Right KP_6
++keycode 86 = KP_Add XF86_Next_VMode KP_Add XF86_Next_VMode
++keycode 87 = KP_End KP_1 KP_End KP_1
++keycode 88 = KP_Down KP_2 KP_Down KP_2
++keycode 89 = KP_Next KP_3 KP_Next KP_3
++keycode 90 = KP_Insert KP_0 KP_Insert KP_0
++keycode 91 = KP_Delete KP_Decimal KP_Delete KP_Decimal
++keycode 92 = ISO_Level3_Shift NoSymbol ISO_Level3_Shift
++keycode 93 =
++keycode 94 = less greater less greater bar brokenbar
++keycode 95 = F11 XF86_Switch_VT_11 F11 XF86_Switch_VT_11
++keycode 96 = F12 XF86_Switch_VT_12 F12 XF86_Switch_VT_12
++keycode 97 =
++keycode 98 = Katakana NoSymbol Katakana
++keycode 99 = Hiragana NoSymbol Hiragana
++keycode 100 = Henkan_Mode NoSymbol Henkan_Mode
++keycode 101 = Hiragana_Katakana NoSymbol Hiragana_Katakana
++keycode 102 = Muhenkan NoSymbol Muhenkan
++keycode 103 =
++keycode 104 = KP_Enter NoSymbol KP_Enter
++keycode 105 = Control_R NoSymbol Control_R
++keycode 106 = KP_Divide XF86_Ungrab KP_Divide XF86_Ungrab
++keycode 107 = Print Sys_Req Print Sys_Req
++keycode 108 = Alt_R Meta_R Alt_R Meta_R
++keycode 109 = Linefeed NoSymbol Linefeed
++keycode 110 = Home NoSymbol Home
++keycode 111 = Up NoSymbol Up
++keycode 112 = Prior NoSymbol Prior
++keycode 113 = Left NoSymbol Left
++keycode 114 = Right NoSymbol Right
++keycode 115 = End NoSymbol End
++keycode 116 = Down NoSymbol Down
++keycode 117 = Next NoSymbol Next
++keycode 118 = Insert NoSymbol Insert
++keycode 119 = Delete NoSymbol Delete
++keycode 120 =
++keycode 121 = XF86AudioMute NoSymbol XF86AudioMute
++keycode 122 = XF86AudioLowerVolume NoSymbol XF86AudioLowerVolume
++keycode 123 = XF86AudioRaiseVolume NoSymbol XF86AudioRaiseVolume
++keycode 124 = XF86PowerOff NoSymbol XF86PowerOff
++keycode 125 = KP_Equal NoSymbol KP_Equal
++keycode 126 = plusminus NoSymbol plusminus
++keycode 127 = Pause Break Pause Break
++keycode 128 =
++keycode 129 = KP_Decimal NoSymbol KP_Decimal
++keycode 130 = Hangul NoSymbol Hangul
++keycode 131 = Hangul_Hanja NoSymbol Hangul_Hanja
++keycode 132 =
++keycode 133 = Super_L NoSymbol Super_L
++keycode 134 = Super_R NoSymbol Super_R
++keycode 135 = Menu NoSymbol Menu
++keycode 136 = Cancel NoSymbol Cancel
++keycode 137 = Redo NoSymbol Redo
++keycode 138 = SunProps NoSymbol SunProps
++keycode 139 = Undo NoSymbol Undo
++keycode 140 = SunFront NoSymbol SunFront
++keycode 141 = XF86Copy NoSymbol XF86Copy
++keycode 142 = SunOpen NoSymbol SunOpen
++keycode 143 = XF86Paste NoSymbol XF86Paste
++keycode 144 = Find NoSymbol Find
++keycode 145 = XF86Cut NoSymbol XF86Cut
++keycode 146 = Help NoSymbol Help
++keycode 147 = XF86MenuKB NoSymbol XF86MenuKB
++keycode 148 = XF86Calculator NoSymbol XF86Calculator
++keycode 149 =
++keycode 150 = XF86Sleep NoSymbol XF86Sleep
++keycode 151 = XF86WakeUp NoSymbol XF86WakeUp
++keycode 152 = XF86Explorer NoSymbol XF86Explorer
++keycode 153 = XF86Send NoSymbol XF86Send
++keycode 154 =
++keycode 155 = XF86Xfer NoSymbol XF86Xfer
++keycode 156 = XF86Launch1 NoSymbol XF86Launch1
++keycode 157 = XF86Launch2 NoSymbol XF86Launch2
++keycode 158 = XF86WWW NoSymbol XF86WWW
++keycode 159 = XF86DOS NoSymbol XF86DOS
++keycode 160 = XF86ScreenSaver NoSymbol XF86ScreenSaver
++keycode 161 =
++keycode 162 = XF86RotateWindows NoSymbol XF86RotateWindows
++keycode 163 = XF86Mail NoSymbol XF86Mail
++keycode 164 = XF86Favorites NoSymbol XF86Favorites
++keycode 165 = XF86MyComputer NoSymbol XF86MyComputer
++keycode 166 = XF86Back NoSymbol XF86Back
++keycode 167 = XF86Forward NoSymbol XF86Forward
++keycode 168 =
++keycode 169 = XF86Eject NoSymbol XF86Eject
++keycode 170 = XF86Eject XF86Eject XF86Eject XF86Eject
++keycode 171 = XF86AudioNext NoSymbol XF86AudioNext
++keycode 172 = XF86AudioPlay XF86AudioPause XF86AudioPlay XF86AudioPause
++keycode 173 = XF86AudioPrev NoSymbol XF86AudioPrev
++keycode 174 = XF86AudioStop XF86Eject XF86AudioStop XF86Eject
++keycode 175 = XF86AudioRecord NoSymbol XF86AudioRecord
++keycode 176 = XF86AudioRewind NoSymbol XF86AudioRewind
++keycode 177 = XF86Phone NoSymbol XF86Phone
++keycode 178 =
++keycode 179 = XF86Tools NoSymbol XF86Tools
++keycode 180 = XF86HomePage NoSymbol XF86HomePage
++keycode 181 = XF86Reload NoSymbol XF86Reload
++keycode 182 = XF86Close NoSymbol XF86Close
++keycode 183 =
++keycode 184 =
++keycode 185 = XF86ScrollUp NoSymbol XF86ScrollUp
++keycode 186 = XF86ScrollDown NoSymbol XF86ScrollDown
++keycode 187 = parenleft NoSymbol parenleft
++keycode 188 = parenright NoSymbol parenright
++keycode 189 = XF86New NoSymbol XF86New
++keycode 190 = Redo NoSymbol Redo
++keycode 191 =
++keycode 192 =
++keycode 193 =
++keycode 194 =
++keycode 195 =
++keycode 196 =
++keycode 197 =
++keycode 198 =
++keycode 199 =
++keycode 200 = XF86TouchpadToggle NoSymbol XF86TouchpadToggle
++keycode 201 =
++keycode 202 =
++keycode 203 = Mode_switch NoSymbol Mode_switch
++keycode 204 = NoSymbol Alt_L NoSymbol Alt_L
++keycode 205 = NoSymbol Meta_L NoSymbol Meta_L
++keycode 206 = NoSymbol Super_L NoSymbol Super_L
++keycode 207 = NoSymbol Hyper_L NoSymbol Hyper_L
++keycode 208 = XF86AudioPlay NoSymbol XF86AudioPlay
++keycode 209 = XF86AudioPause NoSymbol XF86AudioPause
++keycode 210 = XF86Launch3 NoSymbol XF86Launch3
++keycode 211 = XF86Launch4 NoSymbol XF86Launch4
++keycode 212 =
++keycode 213 = XF86Suspend NoSymbol XF86Suspend
++keycode 214 = XF86Close NoSymbol XF86Close
++keycode 215 = XF86AudioPlay NoSymbol XF86AudioPlay
++keycode 216 = XF86AudioForward NoSymbol XF86AudioForward
++keycode 217 =
++keycode 218 = Print NoSymbol Print
++keycode 219 =
++keycode 220 = XF86WebCam NoSymbol XF86WebCam
++keycode 221 =
++keycode 222 =
++keycode 223 = XF86Mail NoSymbol XF86Mail
++keycode 224 =
++keycode 225 = XF86Search NoSymbol XF86Search
++keycode 226 =
++keycode 227 = XF86Finance NoSymbol XF86Finance
++keycode 228 =
++keycode 229 = XF86Shop NoSymbol XF86Shop
++keycode 230 =
++keycode 231 = Cancel NoSymbol Cancel
++keycode 232 = XF86MonBrightnessDown NoSymbol XF86MonBrightnessDown
++keycode 233 = XF86MonBrightnessUp NoSymbol XF86MonBrightnessUp
++keycode 234 = XF86AudioMedia NoSymbol XF86AudioMedia
++keycode 235 = XF86Display NoSymbol XF86Display
++keycode 236 = XF86KbdLightOnOff NoSymbol XF86KbdLightOnOff
++keycode 237 = XF86KbdBrightnessDown NoSymbol XF86KbdBrightnessDown
++keycode 238 = XF86KbdBrightnessUp NoSymbol XF86KbdBrightnessUp
++keycode 239 = XF86Send NoSymbol XF86Send
++keycode 240 = XF86Reply NoSymbol XF86Reply
++keycode 241 = XF86MailForward NoSymbol XF86MailForward
++keycode 242 = XF86Save NoSymbol XF86Save
++keycode 243 = XF86Documents NoSymbol XF86Documents
++keycode 244 = XF86Battery NoSymbol XF86Battery
++keycode 245 = XF86Bluetooth NoSymbol XF86Bluetooth
++keycode 246 = XF86WLAN NoSymbol XF86WLAN
++keycode 247 =
++keycode 248 =
++keycode 249 =
++keycode 250 =
++keycode 251 =
++keycode 252 =
++keycode 253 =
++keycode 254 =
++keycode 255 =
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.78/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-19 12:20:41.000000000 -0500
-@@ -0,0 +1,19 @@
++++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-27 16:49:23.000000000 -0500
+@@ -0,0 +1,14 @@
+#!/bin/bash
-+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
-+
++export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70` Running as `secon -t -l -P`"
++export SCREENSIZE="1000x700"
++#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+trap "exit 0" HUP
+
-+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
++(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
-+ (/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap) &
-+ /usr/bin/matchbox-window-manager -use_titlebar no &
-+ WM_PID=$!
-+ ~/.sandboxrc &
-+ CLIENT_PID=$!
-+ wait $CLIENT_PID
++ python -c 'import gtk, os; os.system("%s/.sandboxrc" % os.environ["HOME"])'
+ export EXITCODE=$?
-+ kill -TERM $WM_PID 2> /dev/null
+ kill -HUP 0
+ break
+done
+exit 0
+Binary files nsapolicycoreutils/sandbox/seunshare and policycoreutils-2.0.78/sandbox/seunshare differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.78/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/seunshare.c 2010-01-19 12:15:41.000000000 -0500
@@ -2371,6 +2779,7 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
+Binary files nsapolicycoreutils/sandbox/seunshare.o and policycoreutils-2.0.78/sandbox/seunshare.o differ
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.78/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.78/semanage/semanage 2010-01-08 09:24:07.000000000 -0500
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.675
retrieving revision 1.676
diff -u -p -r1.675 -r1.676
--- policycoreutils.spec 21 Jan 2010 14:35:20 -0000 1.675
+++ policycoreutils.spec 27 Jan 2010 21:52:29 -0000 1.676
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.78
-Release: 13%{?dist}
+Release: 14%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -297,6 +297,10 @@ fi
exit 0
%changelog
+* Wed Jan 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-14
+- Add session capability to sandbox
+- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
+
* Thu Jan 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-13
- Fix executable template for fifo files
More information about the scm-commits
mailing list