[policycoreutils/f16] Update to upstream 2.1.4 2011-08-17 * run_init: clarification of the usage in the * semanage: fix
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Aug 23 13:53:16 UTC 2011
commit b52696e9883c897916b1ae4cad25ff8140576077
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Aug 23 09:53:02 2011 -0400
Update to upstream
2.1.4 2011-08-17
* run_init: clarification of the usage in the
* semanage: fix usage header around booleans
* semanage: remove useless empty lines
* semanage: update man page with new examples
* semanage: update usage text
* semanage: introduce file context equivalencies
* semanage: enable and disable modules
* semanage: output all local modifications
* semanage: introduce extraction of local configuration
* semanage: cleanup error on invalid operation
* semanage: handle being called with no arguments
* semanage: return sooner to save CPU time
* semanage: surround getopt with try/except
* semanage: use define/raise instead of lots of
* semanage: some options are only valid for
* semanage: introduce better deleteall support
* semanage: do not allow spaces in file
* semanage: distinguish between builtin and local permissive
* semanage: centralized ip node handling
* setfiles: make the restore function exclude() non-static
* setfiles: use glob to handle ~ and
* fixfiles: do not hard code types
* fixfiles: stop trying to be smart about
* fixfiles: use new kernel seclabel option
* fixfiles: pipe everything to cat before sending
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
* semodule: support for alternative root paths
.gitignore | 2 +-
policycoreutils-gui.patch | 158 +++---
policycoreutils-rhat.patch | 1527 ++++----------------------------------------
policycoreutils.spec | 81 +++-
sources | 2 +-
5 files changed, 278 insertions(+), 1492 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 626b3b6..5fae7f7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -224,4 +224,4 @@ policycoreutils-2.0.83.tgz
/policycoreutils-2.0.84.tgz
/policycoreutils-2.0.85.tgz
/policycoreutils-2.0.86.tgz
-/policycoreutils-2.1.1.tgz
+/policycoreutils-2.1.4.tgz
diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 06085d7..415d192 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/gui/booleansPage.py
---- policycoreutils-2.0.86/gui/booleansPage.py.gui 2011-04-12 10:52:07.463643555 -0400
-+++ policycoreutils-2.0.86/gui/booleansPage.py 2011-04-12 10:52:07.463643555 -0400
+--- policycoreutils-2.0.86/gui/booleansPage.py.gui 2011-06-13 13:35:38.766854582 -0400
++++ policycoreutils-2.0.86/gui/booleansPage.py 2011-06-13 13:35:38.766854582 -0400
@@ -0,0 +1,247 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -250,8 +250,8 @@ diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/g
+ return True
+
diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gui/domainsPage.py
---- policycoreutils-2.0.86/gui/domainsPage.py.gui 2011-04-12 10:52:07.464643571 -0400
-+++ policycoreutils-2.0.86/gui/domainsPage.py 2011-04-12 10:52:07.464643571 -0400
+--- policycoreutils-2.0.86/gui/domainsPage.py.gui 2011-06-13 13:35:38.767854591 -0400
++++ policycoreutils-2.0.86/gui/domainsPage.py 2011-06-13 13:35:38.767854591 -0400
@@ -0,0 +1,154 @@
+## domainsPage.py - show selinux domains
+## Copyright (C) 2009 Red Hat, Inc.
@@ -408,8 +408,8 @@ diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gu
+ except ValueError, e:
+ self.error(e.args[0])
diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/gui/fcontextPage.py
---- policycoreutils-2.0.86/gui/fcontextPage.py.gui 2011-04-12 10:52:07.468643633 -0400
-+++ policycoreutils-2.0.86/gui/fcontextPage.py 2011-04-12 10:52:07.468643633 -0400
+--- policycoreutils-2.0.86/gui/fcontextPage.py.gui 2011-06-13 13:35:38.768854600 -0400
++++ policycoreutils-2.0.86/gui/fcontextPage.py 2011-06-13 13:35:38.768854600 -0400
@@ -0,0 +1,223 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -635,8 +635,8 @@ diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/g
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/html_util.py
---- policycoreutils-2.0.86/gui/html_util.py.gui 2011-04-12 10:52:07.469643648 -0400
-+++ policycoreutils-2.0.86/gui/html_util.py 2011-04-12 10:52:07.470643663 -0400
+--- policycoreutils-2.0.86/gui/html_util.py.gui 2011-06-13 13:35:38.768854600 -0400
++++ policycoreutils-2.0.86/gui/html_util.py 2011-06-13 13:35:38.769854608 -0400
@@ -0,0 +1,164 @@
+# Authors: John Dennis <jdennis at redhat.com>
+#
@@ -803,8 +803,8 @@ diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/
+ return doc
+
diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gui/lockdown.glade
---- policycoreutils-2.0.86/gui/lockdown.glade.gui 2011-04-12 10:52:07.471643678 -0400
-+++ policycoreutils-2.0.86/gui/lockdown.glade 2011-04-12 10:52:07.477643771 -0400
+--- policycoreutils-2.0.86/gui/lockdown.glade.gui 2011-06-13 13:35:38.770854616 -0400
++++ policycoreutils-2.0.86/gui/lockdown.glade 2011-06-13 13:35:38.770854616 -0400
@@ -0,0 +1,771 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1578,8 +1578,8 @@ diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gu
+
+</glade-interface>
diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/gui/lockdown.gladep
---- policycoreutils-2.0.86/gui/lockdown.gladep.gui 2011-04-12 10:52:07.482643847 -0400
-+++ policycoreutils-2.0.86/gui/lockdown.gladep 2011-04-12 10:52:07.483643863 -0400
+--- policycoreutils-2.0.86/gui/lockdown.gladep.gui 2011-06-13 13:35:38.770854616 -0400
++++ policycoreutils-2.0.86/gui/lockdown.gladep 2011-06-13 13:35:38.771854624 -0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -1589,8 +1589,8 @@ diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/g
+ <program_name></program_name>
+</glade-project>
diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/lockdown.py
---- policycoreutils-2.0.86/gui/lockdown.py.gui 2011-04-12 10:52:07.484643879 -0400
-+++ policycoreutils-2.0.86/gui/lockdown.py 2011-04-12 10:52:07.484643879 -0400
+--- policycoreutils-2.0.86/gui/lockdown.py.gui 2011-06-13 13:35:38.773854641 -0400
++++ policycoreutils-2.0.86/gui/lockdown.py 2011-06-13 13:35:38.773854641 -0400
@@ -0,0 +1,382 @@
+#!/usr/bin/python -Es
+#
@@ -1975,8 +1975,8 @@ diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/l
+ app = booleanWindow()
+ app.stand_alone()
diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui/loginsPage.py
---- policycoreutils-2.0.86/gui/loginsPage.py.gui 2011-04-12 10:52:07.485643894 -0400
-+++ policycoreutils-2.0.86/gui/loginsPage.py 2011-04-12 10:52:07.486643909 -0400
+--- policycoreutils-2.0.86/gui/loginsPage.py.gui 2011-06-13 13:35:38.775854659 -0400
++++ policycoreutils-2.0.86/gui/loginsPage.py 2011-06-13 13:35:38.775854659 -0400
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2164,8 +2164,8 @@ diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Makefile
---- policycoreutils-2.0.86/gui/Makefile.gui 2011-04-12 10:52:07.486643909 -0400
-+++ policycoreutils-2.0.86/gui/Makefile 2011-04-12 10:52:07.487643924 -0400
+--- policycoreutils-2.0.86/gui/Makefile.gui 2011-06-13 13:35:38.776854668 -0400
++++ policycoreutils-2.0.86/gui/Makefile 2011-06-13 13:35:38.776854668 -0400
@@ -0,0 +1,40 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -2208,8 +2208,8 @@ diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Make
+
+relabel:
diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/gui/mappingsPage.py
---- policycoreutils-2.0.86/gui/mappingsPage.py.gui 2011-04-12 10:52:07.487643924 -0400
-+++ policycoreutils-2.0.86/gui/mappingsPage.py 2011-04-12 10:52:07.492644000 -0400
+--- policycoreutils-2.0.86/gui/mappingsPage.py.gui 2011-06-13 13:35:38.776854668 -0400
++++ policycoreutils-2.0.86/gui/mappingsPage.py 2011-06-13 13:35:38.777854677 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2268,8 +2268,8 @@ diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/g
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gui/modulesPage.py
---- policycoreutils-2.0.86/gui/modulesPage.py.gui 2011-04-12 10:52:07.493644016 -0400
-+++ policycoreutils-2.0.86/gui/modulesPage.py 2011-04-12 10:52:07.493644016 -0400
+--- policycoreutils-2.0.86/gui/modulesPage.py.gui 2011-06-13 13:35:38.778854686 -0400
++++ policycoreutils-2.0.86/gui/modulesPage.py 2011-06-13 13:35:38.778854686 -0400
@@ -0,0 +1,190 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -2462,8 +2462,8 @@ diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gu
+ except ValueError, e:
+ self.error(e.args[0])
diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/polgen.glade
---- policycoreutils-2.0.86/gui/polgen.glade.gui 2011-04-12 10:52:07.505644201 -0400
-+++ policycoreutils-2.0.86/gui/polgen.glade 2011-04-12 10:52:07.507644232 -0400
+--- policycoreutils-2.0.86/gui/polgen.glade.gui 2011-06-13 13:35:38.782854720 -0400
++++ policycoreutils-2.0.86/gui/polgen.glade 2011-06-13 13:35:38.783854728 -0400
@@ -0,0 +1,3432 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -5898,8 +5898,8 @@ diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/
+
+</glade-interface>
diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui/polgen.gladep
---- policycoreutils-2.0.86/gui/polgen.gladep.gui 2011-04-12 10:52:07.508644247 -0400
-+++ policycoreutils-2.0.86/gui/polgen.gladep 2011-04-12 10:52:07.508644247 -0400
+--- policycoreutils-2.0.86/gui/polgen.gladep.gui 2011-06-13 13:35:38.784854736 -0400
++++ policycoreutils-2.0.86/gui/polgen.gladep 2011-06-13 13:35:38.784854736 -0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -5909,8 +5909,8 @@ diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui
+ <program_name></program_name>
+</glade-project>
diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/polgengui.py
---- policycoreutils-2.0.86/gui/polgengui.py.gui 2011-04-12 10:52:07.513644322 -0400
-+++ policycoreutils-2.0.86/gui/polgengui.py 2011-05-23 17:04:16.377786536 -0400
+--- policycoreutils-2.0.86/gui/polgengui.py.gui 2011-06-13 13:35:38.786854754 -0400
++++ policycoreutils-2.0.86/gui/polgengui.py 2011-06-13 13:35:38.786854754 -0400
@@ -0,0 +1,750 @@
+#!/usr/bin/python -Es
+#
@@ -6663,8 +6663,8 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/
+ app = childWindow()
+ app.stand_alone()
diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/polgen.py
---- policycoreutils-2.0.86/gui/polgen.py.gui 2011-04-12 10:52:07.516644368 -0400
-+++ policycoreutils-2.0.86/gui/polgen.py 2011-05-23 17:04:04.539689964 -0400
+--- policycoreutils-2.0.86/gui/polgen.py.gui 2011-06-13 13:35:38.789854781 -0400
++++ policycoreutils-2.0.86/gui/polgen.py 2011-07-26 10:08:47.330188867 -0400
@@ -0,0 +1,1346 @@
+#!/usr/bin/python -Es
+#
@@ -6982,7 +6982,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
+ if name == "":
+ raise ValueError(_("You must enter a name for your confined process/user"))
+ if not name.isalnum():
-+ raise ValueError(_("Name must be alpha numberic with no spaces."))
++ raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
+
+ if type == CGI:
+ self.name = "httpd_%s_script" % name
@@ -7950,7 +7950,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
+ print _("""
+%s
+
-+sepolgen [ -m ] [ -t type ] [ executable | Name ]
++sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
+valid Types:
+""") % msg
+ keys=poltype.keys()
@@ -7966,7 +7966,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
+ ["type=",
+ "mount",
+ "test",
-+ "name",
++ "name=",
+ "help"])
+ for o, a in gopts:
+ if o == "-t" or o == "--type":
@@ -8013,8 +8013,8 @@ diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/pol
+ except ValueError, e:
+ usage(e)
diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/portsPage.py
---- policycoreutils-2.0.86/gui/portsPage.py.gui 2011-04-12 10:52:07.518644400 -0400
-+++ policycoreutils-2.0.86/gui/portsPage.py 2011-04-12 10:52:07.521644446 -0400
+--- policycoreutils-2.0.86/gui/portsPage.py.gui 2011-06-13 13:35:38.790854790 -0400
++++ policycoreutils-2.0.86/gui/portsPage.py 2011-06-13 13:35:38.791854799 -0400
@@ -0,0 +1,259 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8276,8 +8276,8 @@ diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/
+ return True
+
diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/selinux.tbl
---- policycoreutils-2.0.86/gui/selinux.tbl.gui 2011-04-12 10:52:07.522644461 -0400
-+++ policycoreutils-2.0.86/gui/selinux.tbl 2011-04-12 10:52:07.522644461 -0400
+--- policycoreutils-2.0.86/gui/selinux.tbl.gui 2011-06-13 13:35:38.792854808 -0400
++++ policycoreutils-2.0.86/gui/selinux.tbl 2011-06-13 13:35:38.793854816 -0400
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -8514,8 +8514,8 @@ diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/s
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/gui/semanagePage.py
---- policycoreutils-2.0.86/gui/semanagePage.py.gui 2011-04-12 10:52:07.523644476 -0400
-+++ policycoreutils-2.0.86/gui/semanagePage.py 2011-04-12 10:52:07.524644491 -0400
+--- policycoreutils-2.0.86/gui/semanagePage.py.gui 2011-06-13 13:35:38.794854824 -0400
++++ policycoreutils-2.0.86/gui/semanagePage.py 2011-06-13 13:35:38.794854824 -0400
@@ -0,0 +1,168 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8686,8 +8686,8 @@ diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/g
+ return True
+
diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui/statusPage.py
---- policycoreutils-2.0.86/gui/statusPage.py.gui 2011-04-12 10:52:07.530644584 -0400
-+++ policycoreutils-2.0.86/gui/statusPage.py 2011-04-12 10:52:07.530644584 -0400
+--- policycoreutils-2.0.86/gui/statusPage.py.gui 2011-06-13 13:35:38.795854832 -0400
++++ policycoreutils-2.0.86/gui/statusPage.py 2011-06-13 13:35:38.795854832 -0400
@@ -0,0 +1,190 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -8880,8 +8880,8 @@ diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui
+
+
diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreutils-2.0.86/gui/system-config-selinux.glade
---- policycoreutils-2.0.86/gui/system-config-selinux.glade.gui 2011-04-12 10:52:07.534644645 -0400
-+++ policycoreutils-2.0.86/gui/system-config-selinux.glade 2011-04-12 10:52:07.539644720 -0400
+--- policycoreutils-2.0.86/gui/system-config-selinux.glade.gui 2011-06-13 13:35:38.799854868 -0400
++++ policycoreutils-2.0.86/gui/system-config-selinux.glade 2011-06-13 13:35:38.800854877 -0400
@@ -0,0 +1,3024 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -11908,8 +11908,8 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreut
+
+</glade-interface>
diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreutils-2.0.86/gui/system-config-selinux.gladep
---- policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui 2011-04-12 10:52:07.540644736 -0400
-+++ policycoreutils-2.0.86/gui/system-config-selinux.gladep 2011-04-12 10:52:07.541644752 -0400
+--- policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui 2011-06-13 13:35:38.801854886 -0400
++++ policycoreutils-2.0.86/gui/system-config-selinux.gladep 2011-06-13 13:35:38.801854886 -0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -11919,8 +11919,8 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreu
+ <program_name></program_name>
+</glade-project>
diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils-2.0.86/gui/system-config-selinux.py
---- policycoreutils-2.0.86/gui/system-config-selinux.py.gui 2011-04-12 10:52:07.542644768 -0400
-+++ policycoreutils-2.0.86/gui/system-config-selinux.py 2011-04-12 10:52:07.542644768 -0400
+--- policycoreutils-2.0.86/gui/system-config-selinux.py.gui 2011-06-13 13:35:38.802854894 -0400
++++ policycoreutils-2.0.86/gui/system-config-selinux.py 2011-06-13 13:35:38.802854894 -0400
@@ -0,0 +1,187 @@
+#!/usr/bin/python -Es
+#
@@ -12110,8 +12110,8 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils
+ app = childWindow()
+ app.stand_alone()
diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0.86/gui/templates/boolean.py
---- policycoreutils-2.0.86/gui/templates/boolean.py.gui 2011-04-12 10:52:07.543644784 -0400
-+++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-05-23 16:59:42.369598714 -0400
+--- policycoreutils-2.0.86/gui/templates/boolean.py.gui 2011-06-13 13:35:38.804854910 -0400
++++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-06-13 13:35:38.804854910 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12154,8 +12154,8 @@ diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0
+"""
+
diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.86/gui/templates/etc_rw.py
---- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui 2011-04-12 10:52:07.546644829 -0400
-+++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-05-23 16:59:53.369684469 -0400
+--- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui 2011-06-13 13:35:38.805854919 -0400
++++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-06-13 13:35:38.806854928 -0400
@@ -0,0 +1,112 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12270,8 +12270,8 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-2.0.86/gui/templates/executable.py
---- policycoreutils-2.0.86/gui/templates/executable.py.gui 2011-04-12 10:52:07.548644859 -0400
-+++ policycoreutils-2.0.86/gui/templates/executable.py 2011-05-23 17:03:10.575251921 -0400
+--- policycoreutils-2.0.86/gui/templates/executable.py.gui 2011-06-13 13:35:38.807854937 -0400
++++ policycoreutils-2.0.86/gui/templates/executable.py 2011-06-13 13:35:38.807854937 -0400
@@ -0,0 +1,451 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12725,8 +12725,8 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.0.86/gui/templates/__init__.py
---- policycoreutils-2.0.86/gui/templates/__init__.py.gui 2011-04-12 10:52:07.549644874 -0400
-+++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-05-23 17:02:40.424008790 -0400
+--- policycoreutils-2.0.86/gui/templates/__init__.py.gui 2011-06-13 13:35:38.808854946 -0400
++++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-06-13 13:35:38.808854946 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007-2011 Red Hat
@@ -12747,8 +12747,8 @@ diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.
+#
+
diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0.86/gui/templates/network.py
---- policycoreutils-2.0.86/gui/templates/network.py.gui 2011-04-12 10:52:07.556644982 -0400
-+++ policycoreutils-2.0.86/gui/templates/network.py 2011-05-23 17:03:09.237241107 -0400
+--- policycoreutils-2.0.86/gui/templates/network.py.gui 2011-06-13 13:35:38.809854955 -0400
++++ policycoreutils-2.0.86/gui/templates/network.py 2011-06-13 13:35:38.810854964 -0400
@@ -0,0 +1,102 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12853,8 +12853,8 @@ diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0
+"""
+
diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/gui/templates/rw.py
---- policycoreutils-2.0.86/gui/templates/rw.py.gui 2011-04-12 10:52:07.557644997 -0400
-+++ policycoreutils-2.0.86/gui/templates/rw.py 2011-05-23 16:59:48.308644991 -0400
+--- policycoreutils-2.0.86/gui/templates/rw.py.gui 2011-06-13 13:35:38.811854972 -0400
++++ policycoreutils-2.0.86/gui/templates/rw.py 2011-06-13 13:35:38.811854972 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12986,8 +12986,8 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.86/gui/templates/script.py
---- policycoreutils-2.0.86/gui/templates/script.py.gui 2011-04-12 10:52:07.558645012 -0400
-+++ policycoreutils-2.0.86/gui/templates/script.py 2011-05-23 17:02:13.796795073 -0400
+--- policycoreutils-2.0.86/gui/templates/script.py.gui 2011-06-13 13:35:38.812854980 -0400
++++ policycoreutils-2.0.86/gui/templates/script.py 2011-06-13 13:35:38.813854988 -0400
@@ -0,0 +1,126 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13116,8 +13116,8 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
+fi
+"""
diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.0.86/gui/templates/semodule.py
---- policycoreutils-2.0.86/gui/templates/semodule.py.gui 2011-04-12 10:52:07.560645042 -0400
-+++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-05-23 17:02:07.466744404 -0400
+--- policycoreutils-2.0.86/gui/templates/semodule.py.gui 2011-06-13 13:35:38.814854997 -0400
++++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-06-13 13:35:38.814854997 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13161,8 +13161,8 @@ diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.
+"""
+
diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/gui/templates/tmp.py
---- policycoreutils-2.0.86/gui/templates/tmp.py.gui 2011-04-12 10:52:07.561645058 -0400
-+++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-05-23 17:01:55.736650663 -0400
+--- policycoreutils-2.0.86/gui/templates/tmp.py.gui 2011-06-13 13:35:38.815855006 -0400
++++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-06-13 13:35:38.815855006 -0400
@@ -0,0 +1,102 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13267,8 +13267,8 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/
+ admin_pattern($1, TEMPLATETYPE_tmp_t)
+"""
diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86/gui/templates/user.py
---- policycoreutils-2.0.86/gui/templates/user.py.gui 2011-04-12 10:52:07.562645074 -0400
-+++ policycoreutils-2.0.86/gui/templates/user.py 2011-05-23 17:01:46.816579501 -0400
+--- policycoreutils-2.0.86/gui/templates/user.py.gui 2011-06-13 13:35:38.816855015 -0400
++++ policycoreutils-2.0.86/gui/templates/user.py 2011-06-13 13:35:38.817855024 -0400
@@ -0,0 +1,204 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13475,8 +13475,8 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2.0.86/gui/templates/var_cache.py
---- policycoreutils-2.0.86/gui/templates/var_cache.py.gui 2011-04-12 10:52:07.566645136 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-05-23 17:01:38.793515591 -0400
+--- policycoreutils-2.0.86/gui/templates/var_cache.py.gui 2011-06-13 13:35:38.818855033 -0400
++++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-06-13 13:35:38.818855033 -0400
@@ -0,0 +1,132 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13611,8 +13611,8 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0.86/gui/templates/var_lib.py
---- policycoreutils-2.0.86/gui/templates/var_lib.py.gui 2011-04-12 10:52:07.567645151 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-05-23 17:01:31.516457701 -0400
+--- policycoreutils-2.0.86/gui/templates/var_lib.py.gui 2011-06-13 13:35:38.819855042 -0400
++++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-06-13 13:35:38.819855042 -0400
@@ -0,0 +1,160 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13775,8 +13775,8 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0.86/gui/templates/var_log.py
---- policycoreutils-2.0.86/gui/templates/var_log.py.gui 2011-04-12 10:52:07.568645166 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-05-23 17:01:22.948389639 -0400
+--- policycoreutils-2.0.86/gui/templates/var_log.py.gui 2011-06-13 13:35:38.821855059 -0400
++++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-06-13 13:35:38.821855059 -0400
@@ -0,0 +1,114 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13893,8 +13893,8 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0.86/gui/templates/var_run.py
---- policycoreutils-2.0.86/gui/templates/var_run.py.gui 2011-04-12 10:52:07.569645181 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-05-23 17:01:11.639299961 -0400
+--- policycoreutils-2.0.86/gui/templates/var_run.py.gui 2011-06-13 13:35:38.822855067 -0400
++++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-06-13 13:35:38.822855067 -0400
@@ -0,0 +1,101 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13998,8 +13998,8 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py
---- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-04-12 10:52:07.573645242 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-25 16:09:23.350352658 -0400
+--- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-06-13 13:35:38.823855075 -0400
++++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-06-13 13:35:38.824855083 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14133,8 +14133,8 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
diff -up policycoreutils-2.0.86/gui/usersPage.py.gui policycoreutils-2.0.86/gui/usersPage.py
---- policycoreutils-2.0.86/gui/usersPage.py.gui 2011-04-12 10:52:07.578645320 -0400
-+++ policycoreutils-2.0.86/gui/usersPage.py 2011-04-12 10:52:07.578645320 -0400
+--- policycoreutils-2.0.86/gui/usersPage.py.gui 2011-06-13 13:35:38.825855092 -0400
++++ policycoreutils-2.0.86/gui/usersPage.py 2011-06-13 13:35:38.825855092 -0400
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index a4cb60d..b73beec 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,10 +1,10 @@
diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
-index 86ed03f..67d0ee8 100644
+index 86ed03f..3e95698 100644
--- a/policycoreutils/Makefile
+++ b/policycoreutils/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
-+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui
++SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
@@ -1463,21 +1463,6 @@ index 0000000..6a833c3
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
+}
-diff --git a/policycoreutils/run_init/run_init.8 b/policycoreutils/run_init/run_init.8
-index f1c418f..9fb5249 100644
---- a/policycoreutils/run_init/run_init.8
-+++ b/policycoreutils/run_init/run_init.8
-@@ -9,6 +9,10 @@ run_init \- run an init script in the proper SELinux context
- .PP
- Run a init script under the proper context, which is specified in
- /etc/selinux/POLICYTYPE/contexts/initrc_context.
-+It is generally used interactively as it requires either shadow or
-+PAM user authentication (depending on compile-time options). It
-+should be possible to configure PAM such that interactive input is
-+not required. Check your PAM documentation.
- .SH FILES
- /etc/passwd - user account information
- .br
diff --git a/policycoreutils/run_init/run_init.c b/policycoreutils/run_init/run_init.c
index 9db766c..068e24c 100644
--- a/policycoreutils/run_init/run_init.c
@@ -1539,7 +1524,7 @@ index ff0ee7c..924999d 100644
test:
@python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 0b89e9a..a9a35c1 100644
+index 0b89e9a..481034c 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
@@ -1683,9 +1668,9 @@ index 0b89e9a..a9a35c1 100644
+
usage = _("""
-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
-+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
++sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+
-+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
++sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+%s
+""") % types
@@ -1720,8 +1705,8 @@ index 0b89e9a..a9a35c1 100644
help=_("MCS/MLS level for the sandbox"))
+ parser.add_option("-c", "--cgroups",
-+ action="store_true", dest="usecgroup", default=False,
-+ help="Use cgroups to limit this sandbox.")
++ action="store_true", dest="usecgroup", default=False,
++ help=_("Use cgroups to limit this sandbox."))
+
+ parser.add_option("-C", "--capabilities",
+ action="store_true", dest="usecaps", default=False,
@@ -2025,7 +2010,7 @@ index 8338203..88ebfee 100644
exit 0
diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8
new file mode 100644
-index 0000000..5bc3bc9
+index 0000000..06610c0
--- /dev/null
+++ b/policycoreutils/sandbox/seunshare.8
@@ -0,0 +1,43 @@
@@ -2034,7 +2019,7 @@ index 0000000..5bc3bc9
+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
+.SH SYNOPSIS
+.B seunshare
-+[-v] [-c] [-C] [-k] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
++[ -v ] [ -c ] [ -C ] [ -k ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
+.br
+.SH DESCRIPTION
+.PP
@@ -2073,7 +2058,7 @@ index 0000000..5bc3bc9
+and
+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index e713b74..536a840 100644
+index e713b74..1a0a488 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,27 +1,35 @@
@@ -2197,7 +2182,7 @@ index e713b74..536a840 100644
}
+ if (signal(SIGINT, handler) == SIG_ERR) {
-+ perror("Unable to set SIGHUP handler");
++ perror("Unable to set SIGINT handler");
+ return -1;
+ }
+
@@ -2296,20 +2281,20 @@ index e713b74..536a840 100644
+
+ if (lstat(dir, st_out) == -1) {
+ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
++ return -1;
++ }
++ if (! S_ISDIR(st_out->st_mode)) {
++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
return -1;
}
- if (sb.st_uid != pwd->pw_uid) {
- errno = EPERM;
- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
- perror(_("Invalid mount point, reporting to administrator"));
-+ if (! S_ISDIR(st_out->st_mode)) {
-+ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
- return -1;
- }
+ if (st_in && !equal_stats(st_in, st_out)) {
+ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
-+ return -1;
-+ }
+ return -1;
+ }
+
return 0;
}
@@ -2323,7 +2308,7 @@ index e713b74..536a840 100644
break;
}
}
-@@ -131,54 +250,612 @@ static int verify_shell(const char *shell_name)
+@@ -131,54 +250,618 @@ static int verify_shell(const char *shell_name)
return rc;
}
@@ -2448,6 +2433,8 @@ index e713b74..536a840 100644
+ int len = strlen(buf);
+ free(str);
+ str = malloc((len + 1) * sizeof(char));
++ if (!str)
++ goto err;
+
+ int ind = 0;
+ int i;
@@ -2631,12 +2618,12 @@ index e713b74..536a840 100644
+ /* match glob for all files in src dir */
+ if (asprintf(&buf, "%s/*", src) == -1) {
+ fprintf(stderr, "Out of memory\n");
- return -1;
++ return -1;
+ }
+
+ if (glob(buf, flags, NULL, &fglob) != 0) {
+ free(buf); buf = NULL;
-+ return -1;
+ return -1;
+ }
+
+ free(buf); buf = NULL;
@@ -2777,8 +2764,12 @@ index e713b74..536a840 100644
+ if (verify_directory(tmpdir, NULL, out_st) < 0) {
+ goto err;
+ }
-+ if (check_owner_uid(0, tmpdir, out_st) < 0) goto err;
-+ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err;
++
++ if (check_owner_uid(0, tmpdir, out_st) < 0)
++ goto err;
++
++ if (check_owner_gid(getgid(), tmpdir, out_st) < 0)
++ goto err;
+
+ /* change permissions of the temporary directory */
+ if ((fd_t = open(tmpdir, O_RDONLY)) < 0) {
@@ -2951,7 +2942,7 @@ index e713b74..536a840 100644
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
-@@ -187,34 +864,36 @@ int main(int argc, char **argv) {
+@@ -187,34 +870,36 @@ int main(int argc, char **argv) {
}
if (verify_shell(pwd->pw_shell) < 0) {
@@ -3003,7 +2994,7 @@ index e713b74..536a840 100644
break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
-@@ -223,99 +902,131 @@ int main(int argc, char **argv) {
+@@ -223,99 +908,131 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -3024,14 +3015,16 @@ index e713b74..536a840 100644
- scontext = argv[optind++];
-
- if (set_signal_handles())
-- return -1;
--
-- if (unshare(CLONE_NEWNS) < 0) {
-- perror(_("Failed to unshare"));
+ if (execcon && is_selinux_enabled() != 1) {
+ fprintf(stderr, _("Error: execution context specified, but SELinux is not enabled\n"));
return -1;
- }
++ }
+
+- if (unshare(CLONE_NEWNS) < 0) {
+- perror(_("Failed to unshare"));
++ if (set_signal_handles())
+ return -1;
+- }
- if (homedir_s && tmpdir_s && (strncmp(pwd->pw_dir, tmpdir_s, strlen(pwd->pw_dir)) == 0)) {
- if (seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
@@ -3045,9 +3038,8 @@ index e713b74..536a840 100644
- if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
- return -1;
- }
-+ if (set_signal_handles()) return -1;
-+
-+ if (usecgroups && setup_cgroups() < 0) return -1;
++ if (usecgroups && setup_cgroups() < 0)
++ return -1;
+
+ /* set fsuid to ruid */
+ /* Changing fsuid is usually required when user-specified directory is
@@ -3159,9 +3151,7 @@ index e713b74..536a840 100644
- exit(-1);
+ goto childerr;
}
-+
setsid();
-+
execv(argv[optind], argv + optind);
+ fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno));
+childerr:
@@ -3208,195 +3198,18 @@ index 0000000..52950d7
+if rc[0] == 0:
+ print rc[1]
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
-index fa285ea..b70f6b0 100755
+index e4e5f0d..27dcccf 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
-@@ -3,7 +3,7 @@
- #
- # Script to restore labels on a SELinux box
- #
--# Copyright (C) 2004-2009 Red Hat, Inc.
-+# Copyright (C) 2004-2011 Red Hat, Inc.
- # Authors: Dan Walsh <dwalsh at redhat.com>
- #
- # This program is free software; you can redistribute it and/or modify
-@@ -21,6 +21,73 @@
- # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+@@ -103,7 +103,7 @@ exclude_dirs_from_relabelling() {
- #
-+# Get all mounted rw file systems that support seclabel
-+#
-+get_labeled_mounts() {
-+# /dev is not listed in the mountab
-+FS="`mount | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/\(rw/{print $3}';` /dev"
-+for i in $FS; do
-+ grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
-+done
-+}
-+
-+#
-+# Get all mounted ro file systems that support seclabel
-+#
-+get_labeled_ro_mounts() {
-+# /dev is not listed in the mountab
-+FS="`mount | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/\(ro/{print $3}';` /dev"
-+for i in $FS; do
-+ grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
-+done
-+}
-+
-+#
-+# Get the default label returned from the kernel for a file with a lable the
-+# kernel does not understand
-+#
-+get_undefined_type() {
-+ SELINUXMNT=`grep selinuxfs /proc/self/mountinfo | head -1 | awk '{ print $5 }'`
-+ cat ${SELINUXMNT}/initial_contexts/unlabeled | secon -t
-+}
-+
-+#
-+# Get the default label for a file without a label
-+#
-+get_unlabeled_type() {
-+ SELINUXMNT=`grep selinuxfs /proc/self/mountinfo | head -1 | awk '{ print $5 }'`
-+ cat $SELINUXMNT/initial_contexts/file | secon -t
-+}
-+
-+exclude_dirs_from_relabelling() {
-+ exclude_from_relabelling=
-+ if [ -e /etc/selinux/fixfiles_exclude_dirs ]
-+ then
-+ while read i
-+ do
-+ # skip blank line and comment
-+ # skip not absolute path
-+ # skip not directory
-+ [ -z "${i}" ] && continue
-+ [[ "${i}" =~ "^[[:blank:]]*#" ]] && continue
-+ [[ ! "${i}" =~ ^/.* ]] && continue
-+ [[ ! -d "${i}" ]] && continue
-+ exclude_from_relabelling="$exclude_from_relabelling -e $i"
-+ logit "skipping the directory $i from relabelling"
-+ done < /etc/selinux/fixfiles_exclude_dirs
-+ fi
-+ echo "$exclude_from_relabelling"
-+}
-+exclude_dirs() {
-+ exclude=
-+ for i in /var/lib/BackupPC /home /tmp /dev; do
-+ [ -e $i ] && exclude="$exclude -e $i";
-+ done
-+ exclude="$exclude `exclude_dirs_from_relabelling`"
-+ echo "$exclude"
-+}
-+
-+#
- # Set global Variables
- #
- fullFlag=0
-@@ -35,9 +102,8 @@ SYSLOGFLAG="-l"
- LOGGER=/usr/sbin/logger
- SETFILES=/sbin/setfiles
- RESTORECON=/sbin/restorecon
--FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
--FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
--FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
-+FILESYSTEMSRO=`get_labeled_ro_mounts`
-+FILESYSTEMS=`get_labeled_mounts`
- SELINUXTYPE="targeted"
- if [ -e /etc/selinux/config ]; then
- . /etc/selinux/config
-@@ -87,16 +153,17 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
- esac; \
- fi; \
- done | \
-- ${RESTORECON} -f - -R -p `exclude_dirs`; \
-+ ${RESTORECON} -f - -R -p `exclude_dirs`; \
- rm -f ${TEMPFILE} ${PREFCTEMPFILE}
- fi
- }
-+
- #
- # Log all Read Only file systems
- #
- LogReadOnly() {
- if [ ! -z "$FILESYSTEMSRO" ]; then
-- logit "Warning: Skipping the following R/O filesystems:"
-+ logit "Warning: Skipping labeling on the following R/O filesystems:"
- logit "$FILESYSTEMSRO"
- fi
- }
-@@ -117,29 +184,41 @@ if [ ! -z "$PREFC" ]; then
- fi
- if [ ! -z "$RPMFILES" ]; then
- for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
-- rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 >> $LOGFILE
-+ rpmlist $i | ${RESTORECON} ${FORCEFLAG} $* -R -i -f - 2>&1 | cat >> $LOGFILE
+ exclude_dirs() {
+ exclude=
+- for i in /home /root /tmp /dev; do
++ for i in /var/lib/BackupPC /home /tmp /dev; do
+ [ -e $i ] && exclude="$exclude -e $i";
done
- exit $?
- fi
- if [ ! -z "$FILEPATH" ]; then
-- if [ -x /usr/bin/find ]; then
-- /usr/bin/find "$FILEPATH" \
-- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
-- ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
-- else
-- ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
-- fi
-+ ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 | cat >> $LOGFILE
- return
- fi
- [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
--LogReadOnly
--${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
--rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
--find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete
--find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
--find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
--find /var/run \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \;
--[ -e /var/lib/debug ] && find /var/lib/debug \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \;
-+#
-+exclude_dirs="`exclude_dirs_from_relabelling`"
-+if [ -n "${exclude_dirs}" ]
-+then
-+ TEMPFCFILE=`mktemp ${FC}.XXXXXXXXXX`
-+ test -z "$TEMPFCFILE" && exit
-+ /bin/cp -p ${FC} ${TEMPFCFILE} &>/dev/null || exit
-+ exclude_dirs=${exclude_dirs//-e/}
-+ for p in ${exclude_dirs}
-+ do
-+ p="${p%/}"
-+ p1="${p}(/.*)? -- <<none>>"
-+ echo "${p1}" >> $TEMPFCFILE
-+ logit "skipping the directory ${p} from relabelling"
-+ done
-+FC=$TEMPFCFILE
-+fi
-+${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE
-+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE
-+UNDEFINED=`get_undefined_type` || exit $?
-+UNLABELED=`get_unlabeled_type` || exit $?
-+find /tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) \( -type s -o -type p \) -delete
-+find /tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --reference /tmp {} \;
-+find /var/tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --reference /var/tmp {} \;
-+find /var/run \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --reference /var/run {} \;
-+[ -e /var/lib/debug ] && find /var/lib/debug \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon --reference /lib {} \;
- exit $?
- }
-
-diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
-index dfe8aa9..0b4cbaa 100644
---- a/policycoreutils/scripts/fixfiles.8
-+++ b/policycoreutils/scripts/fixfiles.8
-@@ -29,6 +29,8 @@ new policy, or just check whether the file contexts are all
- as you expect. By default it will relabel all mounted ext2, ext3, xfs and
- jfs file systems as long as they do not have a security context mount
- option. You can use the -R flag to use rpmpackages as an alternative.
-+The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
-+excluded from relabelling.
- .P
- .B fixfiles onboot
- will setup the machine to relabel on the next reboot.
+ exclude="$exclude `exclude_dirs_from_relabelling`"
diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile
new file mode 100644
index 0000000..e15a877
@@ -3544,7 +3357,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
-index d116ba0..656a028 100644
+index 0140cd2..656a028 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -20,6 +20,7 @@
@@ -3555,7 +3368,7 @@ index d116ba0..656a028 100644
import sys, getopt, re
import seobject
import selinux
-@@ -32,27 +33,35 @@ gettext.textdomain(PROGNAME)
+@@ -32,7 +33,7 @@ gettext.textdomain(PROGNAME)
try:
gettext.install(PROGNAME,
localedir="/usr/share/locale",
@@ -3564,408 +3377,50 @@ index d116ba0..656a028 100644
codeset = 'utf-8')
except IOError:
import __builtin__
- __builtin__.__dict__['_'] = unicode
+@@ -283,11 +284,14 @@ Object-specific Options (see above):
+ equal = a
- if __name__ == '__main__':
-+ manageditems=[ "boolean", "login", "user", "port", "interface", "node", "fcontext"]
-+ action = False
-+ def set_action(option):
-+ global action
-+ if action:
-+ raise ValueError(_("%s bad option") % option)
-+ action = True
-
- def usage(message = ""):
- text = _("""
- semanage [ -S store ] -i [ input_file | - ]
--
--semanage {boolean|login|user|port|interface|node|fcontext} -{l|D} [-n]
--semanage login -{a|d|m} [-sr] login_name | %groupname
--semanage user -{a|d|m} [-LrRP] selinux_name
--semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
--semanage interface -{a|d|m} [-tr] interface_spec
--semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
--semanage fcontext -{a|d|m} [-frst] file_spec
-+semanage [ -S store ] -o [ output_file | - ]
-+
-+semanage login -{a|d|m|l|D|E} [-nsr] login_name | %groupname
-+semanage user -{a|d|m|l|D|E} [-LnrRP] selinux_name
-+semanage port -{a|d|m|l|D|E} [-ntr] [ -p proto ] port | port_range
-+semanage interface -{a|d|m|l|D|E} [-ntr] interface_spec
-+semanage module -{a|d|m} [--enable|--disable] module
-+semanage node -{a|d|m|l|D|E} [-ntr] [ -p protocol ] [-M netmask] addr
-+semanage fcontext -{a|d|m|l|D|E} [-efnrst] file_spec
- semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
--semanage permissive -{d|a} type
-+semanage permissive -{d|a|l} [-n] type
- semanage dontaudit [ on | off ]
-
- Primary Options:
-@@ -61,7 +70,9 @@ Primary Options:
- -d, --delete Delete a OBJECT record NAME
- -m, --modify Modify a OBJECT record NAME
- -i, --input Input multiple semange commands in a transaction
-+ -o, --output Output current customizations as semange commands
- -l, --list List the OBJECTS
-+ -E, --extract extract customizable commands
- -C, --locallist List OBJECTS local customizations
- -D, --deleteall Remove all OBJECTS local customizations
-
-@@ -84,12 +95,15 @@ Object-specific Options (see above):
- -F, --file Treat target as an input file for command, change multiple settings
- -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
- -M, --mask Netmask
-+ -e, --equal Substitue source path for dest path when labeling
- -P, --prefix Prefix for home directory labeling
- -L, --level Default SELinux Level (MLS/MCS Systems only)
- -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
- -s, --seuser SELinux User Name
- -t, --type SELinux Type for the object
- -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
-+ --enable Enable a module
-+ --disable Disable a module
- """)
- raise ValueError("%s\n%s" % (text, message))
-
-@@ -101,22 +115,25 @@ Object-specific Options (see above):
-
- def get_options():
- valid_option={}
-- valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-C', '--locallist', '-D', '--deleteall', '-S', '--store' ]
-+ valid_everyone=[ '-a', '--add', '-d', '--delete', '-m', '--modify', '-l', '--list', '-h', '--help', '-n', '--noheading', '-S', '--store' ]
-+ valid_local=[ '-E', '--extract', '-C', '--locallist', '-D', '--deleteall']
- valid_option["login"] = []
-- valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
-+ valid_option["login"] += valid_everyone + valid_local + [ '-s', '--seuser', '-r', '--range']
- valid_option["user"] = []
-- valid_option["user"] += valid_everyone + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
-+ valid_option["user"] += valid_everyone + valid_local + [ '-L', '--level', '-r', '--range', '-R', '--roles', '-P', '--prefix' ]
- valid_option["port"] = []
-- valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
-+ valid_option["port"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range', '-p', '--proto' ]
- valid_option["interface"] = []
-- valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
-+ valid_option["interface"] += valid_everyone + valid_local + [ '-t', '--type', '-r', '--range']
- valid_option["node"] = []
-- valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
-+ valid_option["node"] += valid_everyone + valid_local + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
-+ valid_option["module"] = []
-+ valid_option["module"] += valid_everyone + [ '--enable', '--disable']
- valid_option["fcontext"] = []
-- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
-+ valid_option["fcontext"] += valid_everyone + valid_local + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range']
- valid_option["dontaudit"] = [ '-S', '--store' ]
- valid_option["boolean"] = []
-- valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
-+ valid_option["boolean"] += valid_everyone + valid_local + [ '--on', "--off", "-1", "-0", "-F", "--file"]
- valid_option["permissive"] = []
- valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
- return valid_option
-@@ -168,6 +185,8 @@ Object-specific Options (see above):
- return ret
-
- def process_args(argv):
-+ global action
-+ action = False
- serange = ""
- port = ""
- proto = ""
-@@ -184,11 +203,17 @@ Object-specific Options (see above):
- modify = False
- delete = False
- deleteall = False
-+ enable = False
-+ extract = False
-+ disable = False
- list = False
- locallist = False
- use_file = False
- store = ""
--
-+ equal = ""
-+
-+ if len(argv) == 0:
-+ return
- object = argv[0]
- option_dict=get_options()
- if object not in option_dict.keys():
-@@ -196,53 +221,79 @@ Object-specific Options (see above):
-
- args = argv[1:]
-
-- gopts, cmds = getopt.getopt(args,
-- '01adf:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
-- ['add',
-- 'delete',
-- 'deleteall',
-- 'ftype=',
-- 'file',
-- 'help',
-- 'input=',
-- 'list',
-- 'modify',
-- 'noheading',
-- 'localist',
-- 'off',
-- 'on',
-- 'proto=',
-- 'seuser=',
-- 'store=',
-- 'range=',
-- 'locallist=',
-- 'level=',
-- 'roles=',
-- 'type=',
-- 'prefix=',
-- 'mask='
-- ])
-+ try:
-+ gopts, cmds = getopt.getopt(args,
-+ '01adEe:f:i:lhmnp:s:FCDR:L:r:t:P:S:M:',
-+ ['add',
-+ 'delete',
-+ 'deleteall',
-+ 'enable',
-+ 'equal=',
-+ 'extract',
-+ 'disable',
-+ 'ftype=',
-+ 'file',
-+ 'help',
-+ 'input=',
-+ 'list',
-+ 'modify',
-+ 'noheading',
-+ 'localist',
-+ 'off',
-+ 'on',
-+ 'proto=',
-+ 'seuser=',
-+ 'store=',
-+ 'range=',
-+ 'locallist=',
-+ 'level=',
-+ 'roles=',
-+ 'type=',
-+ 'prefix=',
-+ 'mask='
-+ ])
-+ except getopt.error, error:
-+ usage(_("Options Error %s ") % error.msg)
-+
- for o, a in gopts:
- if o not in option_dict[object]:
- sys.stderr.write(_("%s not valid for %s objects\n") % ( o, object) );
-+ return
-
- for o,a in gopts:
- if o == "-a" or o == "--add":
-- if modify or delete:
-- raise ValueError(_("%s bad option") % o)
-+ set_action(o)
- add = True
-
- if o == "-d" or o == "--delete":
-- if modify or add:
-- raise ValueError(_("%s bad option") % o)
-+ set_action(o)
- delete = True
-+
- if o == "-D" or o == "--deleteall":
-- if modify:
-- raise ValueError(_("%s bad option") % o)
-+ set_action(o)
- deleteall = True
-+
-+ if o == "-E" or o == "--extract":
-+ set_action(o)
-+ extract = True
-+
- if o == "-f" or o == "--ftype":
- ftype=a
-
-+ if o == "-e" or o == "--equal":
-+ equal = a
-+
-+ if o == "--enable":
+ if o == "--enable":
+- set_action(o)
+ if disable:
+ raise ValueError(_("You can't disable and enable at the same time"))
+
-+ enable = True
-+
-+ if o == "--disable":
+ enable = True
+
+ if o == "--disable":
+- set_action(o)
+ if enable:
+ raise ValueError(_("You can't disable and enable at the same time"))
-+ disable = True
-+
+ disable = True
+
if o == "-F" or o == "--file":
- use_file = True
-
-@@ -256,8 +307,7 @@ Object-specific Options (see above):
- locallist = True
-
- if o == "-m"or o == "--modify":
-- if delete or add:
-- raise ValueError(_("%s bad option") % o)
-+ set_action(o)
- modify = True
-
- if o == "-S" or o == '--store':
-@@ -290,10 +340,13 @@ Object-specific Options (see above):
- if o == "-t" or o == "--type":
- setype = a
-
-- if o == "--on" or o == "-1":
-- value = "on"
-- if o == "--off" or o == "-0":
-- value = "off"
-+ if o == "--on" or o == "-1":
-+ value = "on"
+@@ -338,9 +342,11 @@ Object-specific Options (see above):
+
+ if o == "--on" or o == "-1":
+ value = "on"
+ modify = True
-+
-+ if o == "--off" or o == "-0":
-+ value = "off"
+
+ if o == "--off" or o == "-0":
+ value = "off"
+ modify = True
if object == "login":
OBJECT = seobject.loginRecords(store)
-@@ -315,7 +368,12 @@ Object-specific Options (see above):
+@@ -362,6 +368,8 @@ Object-specific Options (see above):
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
--
+ if use_file:
+ modify = True
-+
-+ if object == "module":
-+ OBJECT = seobject.moduleRecords(store)
-+
- if object == "permissive":
- OBJECT = seobject.permissiveRecords(store)
-
-@@ -330,6 +388,11 @@ Object-specific Options (see above):
- OBJECT.deleteall()
- return
-
-+ if extract:
-+ for i in OBJECT.customized():
-+ print "%s %s" % (object, str(i))
-+ return
-+
- if len(cmds) != 1:
- raise ValueError(_("bad option"))
-
-@@ -343,50 +406,80 @@ Object-specific Options (see above):
- if add:
- if object == "login":
- OBJECT.add(target, seuser, serange)
-+ return
-
- if object == "user":
- OBJECT.add(target, roles.split(), selevel, serange, prefix)
-+ return
-
- if object == "port":
- OBJECT.add(target, proto, serange, setype)
-+ return
-
- if object == "interface":
- OBJECT.add(target, serange, setype)
-+ return
-+
-+ if object == "module":
-+ OBJECT.add(target)
-+ return
-
- if object == "node":
- OBJECT.add(target, mask, proto, serange, setype)
-+ return
-
- if object == "fcontext":
-- OBJECT.add(target, setype, ftype, serange, seuser)
-+ if equal == "":
-+ OBJECT.add(target, setype, ftype, serange, seuser)
-+ else:
-+ OBJECT.add_equal(target, equal)
-+ return
-+
- if object == "permissive":
- OBJECT.add(target)
-+ return
-
-- return
--
- if modify:
- if object == "boolean":
-- OBJECT.modify(target, value, use_file)
-+ OBJECT.modify(target, value, use_file)
-+ return
-
- if object == "login":
- OBJECT.modify(target, seuser, serange)
-+ return
-
- if object == "user":
- rlist = roles.split()
- OBJECT.modify(target, rlist, selevel, serange, prefix)
-+ return
-+
-+ if object == "module":
-+ if enable:
-+ OBJECT.enable(target)
-+ elif disable:
-+ OBJECT.disable(target)
-+ else:
-+ OBJECT.modify(target)
-+ return
-
- if object == "port":
- OBJECT.modify(target, proto, serange, setype)
-+ return
-
- if object == "interface":
- OBJECT.modify(target, serange, setype)
-+ return
-
- if object == "node":
- OBJECT.modify(target, mask, proto, serange, setype)
-+ return
-
- if object == "fcontext":
-- OBJECT.modify(target, setype, ftype, serange, seuser)
--
-- return
-+ if equal == "":
-+ OBJECT.modify(target, setype, ftype, serange, seuser)
-+ else:
-+ OBJECT.modify_equal(target, equal)
-+ return
-
- if delete:
- if object == "port":
-@@ -400,50 +493,66 @@ Object-specific Options (see above):
-
- else:
- OBJECT.delete(target)
--
- return
-
-- raise ValueError(_("Invalid command") % " ".join(argv))
-+ raise ValueError(_("Invalid command: semanage %s") % " ".join(argv))
-
- #
- #
- #
- try:
-+ output = None
- input = None
- store = ""
+ if object == "module":
+ OBJECT = seobject.moduleRecords(store)
+@@ -500,31 +508,36 @@ Object-specific Options (see above):
if len(sys.argv) < 3:
usage(_("Requires 2 or more arguments"))
- gopts, cmds = getopt.getopt(sys.argv[1:],
-- '01adf:i:lhmnp:s:FCDR:L:r:t:T:P:S:',
+- '01adf:i:lhmno:p:s:FCDR:L:r:t:T:P:S:',
- ['add',
- 'delete',
- 'deleteall',
@@ -3979,6 +3434,7 @@ index d116ba0..656a028 100644
- 'localist',
- 'off',
- 'on',
+- 'output=',
- 'proto=',
- 'seuser=',
- 'store=',
@@ -4021,22 +3477,7 @@ index d116ba0..656a028 100644
for o, a in gopts:
if o == "-S" or o == '--store':
store = a
- if o == "-i" or o == '--input':
- input = a
-+ if o == "-o" or o == '--output':
-+ output = a
-+
-+ if output != None:
-+ if output != "-":
-+ sys.stdout = open(output, 'w')
-+ for i in manageditems:
-+ print "%s -D" % i
-+ process_args([i, "-E"])
-+ sys.exit(0)
-
- if input != None:
- if input == "-":
-@@ -458,8 +567,6 @@ Object-specific Options (see above):
+@@ -554,8 +567,6 @@ Object-specific Options (see above):
else:
process_args(sys.argv[1:])
@@ -4045,227 +3486,11 @@ index d116ba0..656a028 100644
except ValueError, error:
errorExit(error.args[0])
except KeyError, error:
-diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
-index bb52c6b..adcb416 100644
---- a/policycoreutils/semanage/semanage.8
-+++ b/policycoreutils/semanage/semanage.8
-@@ -1,31 +1,69 @@
--.TH "semanage" "8" "2005111103" "" ""
-+.TH "semanage" "8" "20100223" "" ""
- .SH "NAME"
- semanage \- SELinux Policy Management tool
-
- .SH "SYNOPSIS"
--.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
-+Output local customizations
- .br
--.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
-+.B semanage [ -S store ] -o [ output_file | - ]
-+
-+Input local customizations
- .br
--.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
-+.B semanage [ -S store ] -i [ input_file | - ]
-+
-+Manage booleans. Booleans allow the administrator to modify the confinement of
-+processes based on his configuration.
- .br
--.B semanage user \-{a|d|m} [\-LrRP] selinux_name
-+.B semanage boolean [\-S store] \-{d|m|l|D} [\-n] [\-\-on|\-\-off|\-\1|\-0] -F boolean | boolean_file
-+
-+Manage SELinux confined users (Roles and levels for an SELinux user)
- .br
--.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
-+.B semanage user [\-S store] \-{a|d|m|l|D} [\-LnPrR] selinux_name
-+
-+Manage login mappings between linux users and SELinux confined users.
- .br
--.B semanage interface \-{a|d|m} [\-tr] interface_spec
-+.B semanage login [\-S store] \-{a|d|m|l|D} [\-nrs] login_name | %groupname
-+
-+Manage policy modules.
- .br
--.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
-+.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name
-+
-+Manage network port type definitions
- .br
--.B semanage fcontext \-{a|d|m} [\-frst] file_spec
-+.B semanage port [\-S store] \-{a|d|m|l|D} [\-nrt] [\-p proto] port | port_range
- .br
--.B semanage permissive \-{a|d} type
-+
-+Manage network interface type definitions
-+.br
-+.B semanage interface [\-S store] \-{a|d|m|l|D} [\-nrt] interface_spec
-+
-+Manage network node type definitions
- .br
--.B semanage -i command-file
-+.B semanage node [\-S store] -{a|d|m|l|D} [-nrt] [ -p protocol ] [-M netmask] address
-+.br
-+
-+Manage file context mapping definitions
- .br
--.B semanage dontaudit [ on | off ]
-+.B semanage fcontext [\-S store] \-{a|d|m|l|D} [\-fnrst] file_spec
-+.br
-+.B semanage fcontext [\-S store] \-{a|d|m|l|D} [\-n] \-e replacement target
-+.br
-+
-+Manage processes type enforcement mode
-+.br
-+.B semanage permissive [\-S store] \-{a|d|l|D} [\-n] type
-+.br
-+
-+Disable/Enable dontaudit rules in policy
-+.br
-+.B semanage dontaudit [\-S store] [ on | off ]
- .P
-
-+Execute multiple commands within a single transaction.
-+.br
-+.B semanage [\-S store] \-i command-file
-+.br
-+
- .SH "DESCRIPTION"
- semanage is used to configure certain elements of
- SELinux policy without requiring modification to or recompilation
-@@ -54,6 +92,22 @@ Delete a OBJECT record NAME
- .I \-D, \-\-deleteall
- Remove all OBJECTS local customizations
- .TP
-+.I \-\-disable
-+Disable a policy module, requires -m option
-+
-+Currently modules only.
-+.TP
-+.I \-\-enable
-+Enable a disabled policy module, requires -m option
-+
-+Currently modules only.
-+.TP
-+.I \-e, \-\-equal
-+Substitute target path with sourcepath when generating default label. This is used with
-+fcontext. Requires source and target path arguments. The context
-+labeling for the target subtree is made equivalent to that
-+defined for the source.
-+.TP
- .I \-f, \-\-ftype
- File Type. This is used with fcontext.
- Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
-@@ -62,6 +116,7 @@ Requires a file type as shown in the mode field by ls, e.g. use -d to match only
- Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
-
- Currently booleans only.
-+
- .TP
- .I \-h, \-\-help
- display this message
-@@ -78,6 +133,9 @@ Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
- .I \-m, \-\-modify
- Modify a OBJECT record NAME
- .TP
-+.I \-M, \-\-mask
-+Network Mask
-+.TP
- .I \-n, \-\-noheading
- Do not print heading when listing OBJECTS.
- .TP
-@@ -102,29 +160,66 @@ Select and alternate SELinux store to manage
- .I \-t, \-\-type
- SELinux Type for the object
- .TP
--.I \-i
-+.I \-i, \-\-input
- Take a set of commands from a specified file and load them in a single
- transaction.
-
- .SH EXAMPLE
- .nf
--# View SELinux user mappings
--$ semanage user -l
--# Allow joe to login as staff_u
--$ semanage login -a -s staff_u joe
--# Allow the group clerks to login as user_u
--$ semanage login -a -s user_u %clerks
--# Add file-context for everything under /web (used by restorecon)
--$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
--# Allow Apache to listen on port 81
--$ semanage port -a -t http_port_t -p tcp 81
--# Change apache to a permissive domain
--$ semanage permissive -a httpd_t
--# Turn off dontaudit rules
--$ semanage dontaudit off
-+.B SELinux user
-+List SELinux users
-+# semanage user -l
-+
-+.B SELinux login
-+Change joe to login as staff_u
-+# semanage login -a -s staff_u joe
-+Change the group clerks to login as user_u
-+# semanage login -a -s user_u %clerks
-+
-+.B File contexts
-+.i remember to run restorecon after you set the file context
-+Add file-context for everything under /web
-+# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
-+# restorecon -R -v /web
-+
-+Substitute /home1 with /home when setting file context
-+# semanage fcontext -a -e /home /home1
-+# restorecon -R -v /home1
-+
-+For home directories under top level directory, for example /disk6/home,
-+execute the following commands.
-+# semanage fcontext -a -t home_root_t "/disk6"
-+# semanage fcontext -a -e /home /disk6/home
-+# restorecon -R -v /disk6
-+
-+.B Port contexts
-+Allow Apache to listen on tcp port 81
-+# semanage port -a -t http_port_t -p tcp 81
-+
-+.B Change apache to a permissive domain
-+# semanage permissive -a httpd_t
-+
-+.B Turn off dontaudit rules
-+# semanage dontaudit off
-+
-+.B Managing multiple machines
-+Multiple machines that need the same customizations.
-+Extract customizations off first machine, copy them
-+to second and import them.
-+
-+# semanage -o /tmp/local.selinux
-+# scp /tmp/local.selinux secondmachine:/tmp
-+# ssh secondmachine
-+# semanage -i /tmp/local.selinux
-+
-+If these customizations include file context, you need to apply the
-+context using restorecon.
-+
- .fi
-
- .SH "AUTHOR"
--This man page was written by Daniel Walsh <dwalsh at redhat.com> and
--Russell Coker <rcoker at redhat.com>.
-+This man page was written by Daniel Walsh <dwalsh at redhat.com>
-+.br
-+and Russell Coker <rcoker at redhat.com>.
-+.br
- Examples by Thomas Bleher <ThomasBleher at gmx.de>.
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index 3a439b4..6742fe9 100644
+index 6842b07..6742fe9 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
-@@ -25,15 +25,15 @@ import pwd, grp, string, selinux, tempfile, os, re, sys, stat
- from semanage import *;
- PROGNAME = "policycoreutils"
- import sepolgen.module as module
-+from IPy import IP
-
+@@ -30,11 +30,10 @@ from IPy import IP
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -4281,7 +3506,7 @@ index 3a439b4..6742fe9 100644
import syslog
-@@ -160,10 +160,12 @@ def untranslate(trans, prepend = 1):
+@@ -161,10 +160,12 @@ def untranslate(trans, prepend = 1):
return trans
else:
return raw
@@ -4295,7 +3520,7 @@ index 3a439b4..6742fe9 100644
def __init__(self, store):
global handle
-@@ -181,7 +183,7 @@ class semanageRecords:
+@@ -182,7 +183,7 @@ class semanageRecords:
if not semanageRecords.transaction and store != "":
semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
@@ -4304,89 +3529,7 @@ index 3a439b4..6742fe9 100644
if not semanage_is_managed(handle):
semanage_handle_destroy(handle)
-@@ -220,6 +222,9 @@ class semanageRecords:
- rc = semanage_begin_transaction(self.sh)
- if rc < 0:
- raise ValueError(_("Could not start semanage transaction"))
-+ def customized(self):
-+ raise ValueError(_("Not yet implemented"))
-+
- def commit(self):
- if semanageRecords.transaction:
- return
-@@ -233,6 +238,71 @@ class semanageRecords:
- semanageRecords.transaction = False
- self.commit()
-
-+class moduleRecords(semanageRecords):
-+ def __init__(self, store):
-+ semanageRecords.__init__(self, store)
-+
-+ def get_all(self):
-+ l = []
-+ (rc, mlist, number) = semanage_module_list(self.sh)
-+ if rc < 0:
-+ raise ValueError(_("Could not list SELinux modules"))
-+
-+ for i in range(number):
-+ mod = semanage_module_list_nth(mlist, i)
-+ l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod)))
-+ return l
-+
-+ def list(self, heading = 1, locallist = 0):
-+ if heading:
-+ print "\n%-25s%-10s\n" % (_("Modules Name"), _("Version"))
-+ for t in self.get_all():
-+ if t[2] == 0:
-+ disabled = _("Disabled")
-+ else:
-+ disabled = ""
-+ print "%-25s%-10s%s" % (t[0], t[1], disabled)
-+
-+ def add(self, file):
-+ rc = semanage_module_install_file(self.sh, file);
-+ if rc >= 0:
-+ self.commit()
-+
-+ def disable(self, module):
-+ need_commit = False
-+ for m in module.split():
-+ rc = semanage_module_disable(self.sh, m)
-+ if rc < 0 and rc != -3:
-+ raise ValueError(_("Could not disable module %s (remove failed)") % m)
-+ if rc != -3:
-+ need_commit = True
-+ if need_commit:
-+ self.commit()
-+
-+ def enable(self, module):
-+ need_commit = False
-+ for m in module.split():
-+ rc = semanage_module_enable(self.sh, m)
-+ if rc < 0 and rc != -3:
-+ raise ValueError(_("Could not enable module %s (remove failed)") % m)
-+ if rc != -3:
-+ need_commit = True
-+ if need_commit:
-+ self.commit()
-+
-+ def modify(self, file):
-+ rc = semanage_module_update_file(self.sh, file);
-+ if rc >= 0:
-+ self.commit()
-+
-+ def delete(self, module):
-+ for m in module.split():
-+ rc = semanage_module_remove(self.sh, m)
-+ if rc < 0 and rc != -2:
-+ raise ValueError(_("Could not remove module %s (remove failed)") % m)
-+
-+ self.commit()
-+
- class dontauditClass(semanageRecords):
- def __init__(self, store):
- semanageRecords.__init__(self, store)
-@@ -259,14 +329,23 @@ class permissiveRecords(semanageRecords):
+@@ -328,6 +329,7 @@ class permissiveRecords(semanageRecords):
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -4394,27 +3537,7 @@ index 3a439b4..6742fe9 100644
return l
def list(self, heading = 1, locallist = 0):
-- if heading:
-- print "\n%-25s\n" % (_("Permissive Types"))
-- for t in self.get_all():
-- print t
-+ import setools
-+ all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE)))
-
-+ if heading:
-+ print "\n%-25s\n" % (_("Builtin Permissive Types"))
-+ customized = self.get_all()
-+ for t in all:
-+ if t not in customized:
-+ print t
-+ if heading:
-+ print "\n%-25s\n" % (_("Customized Permissive Types"))
-+ for t in customized:
-+ print t
-
- def add(self, type):
- import glob
-@@ -343,7 +422,9 @@ class loginRecords(semanageRecords):
+@@ -420,7 +422,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -4425,23 +3548,7 @@ index 3a439b4..6742fe9 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -499,6 +580,15 @@ class loginRecords(semanageRecords):
- ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
- return ddict
-
-+ def customized(self):
-+ l = []
-+ ddict = self.get_all(True)
-+ keys = ddict.keys()
-+ keys.sort()
-+ for k in keys:
-+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
-+ return l
-+
- def list(self,heading = 1, locallist = 0):
- ddict = self.get_all(locallist)
- keys = ddict.keys()
-@@ -541,7 +631,8 @@ class seluserRecords(semanageRecords):
+@@ -627,7 +631,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -4451,23 +3558,7 @@ index 3a439b4..6742fe9 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -722,6 +813,15 @@ class seluserRecords(semanageRecords):
-
- return ddict
-
-+ def customized(self):
-+ l = []
-+ ddict = self.get_all(True)
-+ keys = ddict.keys()
-+ keys.sort()
-+ for k in keys:
-+ l.append("-a -r %s -R '%s' %s" % (ddict[k][2], ddict[k][3], k))
-+ return l
-+
- def list(self, heading = 1, locallist = 0):
- ddict = self.get_all(locallist)
- keys = ddict.keys()
-@@ -769,6 +869,7 @@ class portRecords(semanageRecords):
+@@ -864,6 +869,7 @@ class portRecords(semanageRecords):
return ( k, proto_d, low, high )
def __add(self, port, proto, serange, type):
@@ -4475,7 +3566,7 @@ index 3a439b4..6742fe9 100644
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -831,6 +932,7 @@ class portRecords(semanageRecords):
+@@ -926,6 +932,7 @@ class portRecords(semanageRecords):
self.commit()
def __modify(self, port, proto, serange, setype):
@@ -4483,71 +3574,7 @@ index 3a439b4..6742fe9 100644
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
-@@ -965,6 +1067,18 @@ class portRecords(semanageRecords):
- ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
- return ddict
-
-+ def customized(self):
-+ l = []
-+ ddict = self.get_all(True)
-+ keys = ddict.keys()
-+ keys.sort()
-+ for k in keys:
-+ if k[0] == k[1]:
-+ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0]))
-+ else:
-+ l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
-+ return l
-+
- def list(self, heading = 1, locallist = 0):
- if heading:
- print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -981,21 +1095,36 @@ class portRecords(semanageRecords):
- class nodeRecords(semanageRecords):
- def __init__(self, store = ""):
- semanageRecords.__init__(self,store)
-+ self.protocol = ["ipv4", "ipv6"]
-+
-+ def validate(self, addr, mask, protocol):
-+ newaddr=addr
-+ newmask=mask
-+ newprotocol=""
-
-- def __add(self, addr, mask, proto, serange, ctype):
- if addr == "":
- raise ValueError(_("Node Address is required"))
-
-- if mask == "":
-- raise ValueError(_("Node Netmask is required"))
-+ # verify valid comination
-+ if len(mask) == 0 or mask[0] == "/":
-+ i = IP(addr + mask)
-+ newaddr = i.strNormal(0)
-+ newmask = str(i.netmask())
-+ if newmask == "0.0.0.0" and i.version() == 6:
-+ newmask = "::"
-
-- if proto == "ipv4":
-- proto = 0
-- elif proto == "ipv6":
-- proto = 1
-- else:
-+ protocol = "ipv%d" % i.version()
-+
-+ try:
-+ newprotocol = self.protocol.index(protocol)
-+ except:
- raise ValueError(_("Unknown or missing protocol"))
-
-+ return newaddr, newmask, newprotocol
-+
-+ def __add(self, addr, mask, proto, serange, ctype):
-+
-+ addr, mask, proto = self.validate(addr, mask, proto)
-
- if is_mls_enabled == 1:
- if serange == "":
-@@ -1014,11 +1143,13 @@ class nodeRecords(semanageRecords):
+@@ -1136,7 +1143,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -4557,12 +3584,7 @@ index 3a439b4..6742fe9 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
- raise ValueError(_("Could not create addr for %s") % addr)
-+ semanage_node_set_proto(node, proto)
-
- rc = semanage_node_set_addr(self.sh, node, proto, addr)
- (rc, con) = semanage_context_create(self.sh)
-@@ -1029,7 +1160,6 @@ class nodeRecords(semanageRecords):
+@@ -1152,7 +1160,6 @@ class nodeRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not set mask for %s") % addr)
@@ -4570,27 +3592,7 @@ index 3a439b4..6742fe9 100644
rc = semanage_context_set_user(self.sh, con, "system_u")
if rc < 0:
raise ValueError(_("Could not set user in addr context for %s") % addr)
-@@ -1065,18 +1195,8 @@ class nodeRecords(semanageRecords):
- self.commit()
-
- def __modify(self, addr, mask, proto, serange, setype):
-- if addr == "":
-- raise ValueError(_("Node Address is required"))
--
-- if mask == "":
-- raise ValueError(_("Node Netmask is required"))
-- if proto == "ipv4":
-- proto = 0
-- elif proto == "ipv6":
-- proto = 1
-- else:
-- raise ValueError(_("Unknown or missing protocol"))
-
-+ addr, mask, proto = self.validate(addr, mask, proto)
-
- if serange == "" and setype == "":
- raise ValueError(_("Requires setype or serange"))
-@@ -1091,12 +1211,11 @@ class nodeRecords(semanageRecords):
+@@ -1204,12 +1211,11 @@ class nodeRecords(semanageRecords):
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
@@ -4604,53 +3606,7 @@ index 3a439b4..6742fe9 100644
if serange != "":
semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
-@@ -1115,18 +1234,8 @@ class nodeRecords(semanageRecords):
- self.commit()
-
- def __delete(self, addr, mask, proto):
-- if addr == "":
-- raise ValueError(_("Node Address is required"))
-
-- if mask == "":
-- raise ValueError(_("Node Netmask is required"))
--
-- if proto == "ipv4":
-- proto = 0
-- elif proto == "ipv6":
-- proto = 1
-- else:
-- raise ValueError(_("Unknown or missing protocol"))
-+ addr, mask, proto = self.validate(addr, mask, proto)
-
- (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
- if rc < 0:
-@@ -1178,15 +1287,20 @@ class nodeRecords(semanageRecords):
- con = semanage_node_get_con(node)
- addr = semanage_node_get_addr(self.sh, node)
- mask = semanage_node_get_mask(self.sh, node)
-- proto = semanage_node_get_proto(node)
-- if proto == 0:
-- proto = "ipv4"
-- elif proto == 1:
-- proto = "ipv6"
-+ proto = self.protocol[semanage_node_get_proto(node)]
- ddict[(addr[1], mask[1], proto)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con))
-
- return ddict
-
-+ def customized(self):
-+ l = []
-+ ddict = self.get_all(True)
-+ keys = ddict.keys()
-+ keys.sort()
-+ for k in keys:
-+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2],ddict[k][2], k[0]))
-+ return l
-+
- def list(self, heading = 1, locallist = 0):
- if heading:
- print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1226,7 +1340,8 @@ class interfaceRecords(semanageRecords):
+@@ -1334,7 +1340,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -4660,81 +3616,7 @@ index 3a439b4..6742fe9 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1365,6 +1480,15 @@ class interfaceRecords(semanageRecords):
-
- return ddict
-
-+ def customized(self):
-+ l = []
-+ ddict = self.get_all(True)
-+ keys = ddict.keys()
-+ keys.sort()
-+ for k in keys:
-+ l.append("-a -t %s %s" % (ddict[k][2], k))
-+ return l
-+
- def list(self, heading = 1, locallist = 0):
- if heading:
- print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1381,6 +1505,48 @@ class interfaceRecords(semanageRecords):
- class fcontextRecords(semanageRecords):
- def __init__(self, store = ""):
- semanageRecords.__init__(self, store)
-+ self.equiv = {}
-+ self.equal_ind = False
-+ try:
-+ fd = open(selinux.selinux_file_context_subs_path(), "r")
-+ for i in fd.readlines():
-+ src, dst = i.split()
-+ self.equiv[src] = dst
-+ fd.close()
-+ except IOError:
-+ pass
-+
-+ def commit(self):
-+ if self.equal_ind:
-+ subs_file = selinux.selinux_file_context_subs_path()
-+ tmpfile = "%s.tmp" % subs_file
-+ fd = open(tmpfile, "w")
-+ for src in self.equiv.keys():
-+ fd.write("%s %s\n" % (src, self.equiv[src]))
-+ fd.close()
-+ try:
-+ os.chmod(tmpfile, os.stat(subs_file)[stat.ST_MODE])
-+ except:
-+ pass
-+ os.rename(tmpfile,subs_file)
-+ self.equal_ind = False
-+ semanageRecords.commit(self)
-+
-+ def add_equal(self, src, dst):
-+ self.begin()
-+ if src in self.equiv.keys():
-+ raise ValueError(_("Equivalence class for %s already exists") % src)
-+ self.equiv[src] = dst
-+ self.equal_ind = True
-+ self.commit()
-+
-+ def modify_equal(self, src, dst):
-+ self.begin()
-+ if src not in self.equiv.keys():
-+ raise ValueError(_("Equivalence class for %s does not exists") % src)
-+ self.equiv[src] = dst
-+ self.equal_ind = True
-+ self.commit()
-
- def createcon(self, target, seuser = "system_u"):
- (rc, con) = semanage_context_create(self.sh)
-@@ -1407,6 +1573,8 @@ class fcontextRecords(semanageRecords):
- def validate(self, target):
- if target == "" or target.find("\n") >= 0:
- raise ValueError(_("Invalid file specification"))
-+ if target.find(" ") != -1:
-+ raise ValueError(_("File specification can not include spaces"))
-
- def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
- self.validate(target)
-@@ -1431,7 +1599,8 @@ class fcontextRecords(semanageRecords):
+@@ -1592,7 +1599,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -4744,37 +3626,9 @@ index 3a439b4..6742fe9 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1547,9 +1716,16 @@ class fcontextRecords(semanageRecords):
- raise ValueError(_("Could not delete the file context %s") % target)
- semanage_fcontext_key_free(k)
-
-+ self.equiv = {}
-+ self.equal_ind = True
- self.commit()
-
- def __delete(self, target, ftype):
-+ if target in self.equiv.keys():
-+ self.equiv.pop(target)
-+ self.equal_ind = True
-+ return
-+
- (rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") % target)
-@@ -1604,12 +1780,22 @@ class fcontextRecords(semanageRecords):
+@@ -1783,11 +1791,11 @@ class fcontextRecords(semanageRecords):
+ return l
- return ddict
-
-+ def customized(self):
-+ l = []
-+ fcon_dict = self.get_all(True)
-+ keys = fcon_dict.keys()
-+ keys.sort()
-+ for k in keys:
-+ if fcon_dict[k]:
-+ l.append("-a -f '%s' -t %s '%s'" % (k[1], fcon_dict[k][2], k[0]))
-+ return l
-+
def list(self, heading = 1, locallist = 0 ):
- if heading:
- print "%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))
@@ -4786,20 +3640,7 @@ index 3a439b4..6742fe9 100644
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1618,6 +1804,12 @@ class fcontextRecords(semanageRecords):
- print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
- else:
- print "%-50s %-18s <<None>>" % (k[0], k[1])
-+ if len(self.equiv.keys()) > 0:
-+ if heading:
-+ print _("\nSELinux fcontext Equivalence \n")
-+
-+ for src in self.equiv.keys():
-+ print "%s = %s" % (src, self.equiv[src])
-
- class booleanRecords(semanageRecords):
- def __init__(self, store = ""):
-@@ -1630,6 +1822,18 @@ class booleanRecords(semanageRecords):
+@@ -1814,6 +1822,18 @@ class booleanRecords(semanageRecords):
self.dict["1"] = 1
self.dict["0"] = 0
@@ -4818,7 +3659,7 @@ index 3a439b4..6742fe9 100644
def __mod(self, name, value):
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
-@@ -1649,9 +1853,10 @@ class booleanRecords(semanageRecords):
+@@ -1833,9 +1853,10 @@ class booleanRecords(semanageRecords):
else:
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
@@ -4832,7 +3673,7 @@ index 3a439b4..6742fe9 100644
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
-@@ -1734,8 +1939,12 @@ class booleanRecords(semanageRecords):
+@@ -1918,8 +1939,12 @@ class booleanRecords(semanageRecords):
value = []
name = semanage_bool_get_name(boolean)
value.append(semanage_bool_get_value(boolean))
@@ -4847,54 +3688,6 @@ index 3a439b4..6742fe9 100644
ddict[name] = value
return ddict
-@@ -1749,6 +1958,16 @@ class booleanRecords(semanageRecords):
- else:
- return _("unknown")
-
-+ def customized(self):
-+ l = []
-+ ddict = self.get_all(True)
-+ keys = ddict.keys()
-+ keys.sort()
-+ for k in keys:
-+ if ddict[k]:
-+ l.append("-%s %s" % (ddict[k][2], k))
-+ return l
-+
- def list(self, heading = True, locallist = False, use_file = False):
- on_off = (_("off"), _("on"))
- if use_file:
-diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
-index 059f629..81d6a3c 100644
---- a/policycoreutils/semodule/semodule.c
-+++ b/policycoreutils/semodule/semodule.c
-@@ -162,6 +162,7 @@ static void parse_command_line(int argc, char **argv)
- {"noreload", 0, NULL, 'n'},
- {"build", 0, NULL, 'B'},
- {"disable_dontaudit", 0, NULL, 'D'},
-+ {"path", required_argument, NULL, 'p'},
- {NULL, 0, NULL, 0}
- };
- int i;
-@@ -170,7 +171,7 @@ static void parse_command_line(int argc, char **argv)
- no_reload = 0;
- create_store = 0;
- while ((i =
-- getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
-+ getopt_long(argc, argv, "p:s:b:hi:lvqe:d:r:u:RnBD", opts,
- NULL)) != -1) {
- switch (i) {
- case 'b':
-@@ -198,6 +199,9 @@ static void parse_command_line(int argc, char **argv)
- case 'r':
- set_mode(REMOVE_M, optarg);
- break;
-+ case 'p':
-+ semanage_set_root(optarg);
-+ break;
- case 'u':
- set_mode(UPGRADE_M, optarg);
- break;
diff --git a/policycoreutils/semodule_package/Makefile b/policycoreutils/semodule_package/Makefile
index 0a4a3a6..f84cd7e 100644
--- a/policycoreutils/semodule_package/Makefile
@@ -4933,12 +3726,12 @@ index 29c9eb2..ddad2d2 100644
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
diff --git a/policycoreutils/semodule_package/semodule_unpackage.8 b/policycoreutils/semodule_package/semodule_unpackage.8
new file mode 100644
-index 0000000..0c0afeb
+index 0000000..62dd53e
--- /dev/null
+++ b/policycoreutils/semodule_package/semodule_unpackage.8
@@ -0,0 +1,24 @@
+.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
-+.SH NAME
++.SH NAME
+semodule_unpackage \- Extract polciy module and file context file from an SELinux policy module unpackage.
+
+.SH SYNOPSIS
@@ -4947,7 +3740,7 @@ index 0000000..0c0afeb
+.SH DESCRIPTION
+.PP
+semodule_unpackage is the tool used to extract the SELinux policy module
-+ and file context file from an SELinux Policy Package.
++ and file context file from an SELinux Policy Package.
+
+.SH EXAMPLE
+.nf
@@ -4963,7 +3756,7 @@ index 0000000..0c0afeb
+The program was written by Stephen Smalley <sds at tycho.nsa.gov>
diff --git a/policycoreutils/semodule_package/semodule_unpackage.c b/policycoreutils/semodule_package/semodule_unpackage.c
new file mode 100644
-index 0000000..440b1f5
+index 0000000..0120ee4
--- /dev/null
+++ b/policycoreutils/semodule_package/semodule_unpackage.c
@@ -0,0 +1,103 @@
@@ -4992,16 +3785,16 @@ index 0000000..440b1f5
+static int file_to_policy_file(char *filename, struct sepol_policy_file **pf, char *mode)
+{
+ FILE *f;
-+
++
+ if (sepol_policy_file_create(pf)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
-+ return -1;
++ return -1;
+ }
-+
++
+ f = fopen(filename, mode);
+ if (!f) {
+ fprintf(stderr, "%s: Could not open file %s: %s\n", progname, strerror(errno), filename);
-+ return -1;
++ return -1;
+ }
+ sepol_policy_file_set_fp(*pf, f);
+ return 0;
@@ -5029,21 +3822,21 @@ index 0000000..440b1f5
+
+ if (file_to_policy_file(ppfile, &in, "r"))
+ exit(1);
-+
++
+ if (sepol_module_package_create(&pkg)) {
+ fprintf(stderr, "%s: Out of memory\n", progname);
-+ exit(1);
++ exit(1);
+ }
+
+ if (sepol_module_package_read(pkg, in, 0) == -1) {
+ fprintf(stderr, "%s: Error while reading policy module from %s\n",
+ progname, ppfile);
-+ exit(1);
++ exit(1);
+ }
+
+ if (file_to_policy_file(modfile, &out, "w"))
+ exit(1);
-+
++
+ if (sepol_policydb_write(sepol_module_package_get_policy(pkg), out)) {
+ fprintf(stderr, "%s: Error while writing module to %s\n", progname, modfile);
+ exit(1);
@@ -5347,23 +4140,9 @@ index 0000000..1ce37b0
+ return 0;
+}
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
-index 20817fb..66cb950 100644
+index e05761a..66cb950 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
-@@ -1,4 +1,5 @@
- #include "restore.h"
-+#include <glob.h>
-
- #define SKIP -2
- #define ERR -1
-@@ -31,7 +32,6 @@ struct edir {
-
-
- static file_spec_t *fl_head;
--static int exclude(const char *file);
- static int filespec_add(ino_t ino, const security_context_t con, const char *file);
- static int only_changed_user(const char *a, const char *b);
- struct restore_opts *r_opts = NULL;
@@ -318,11 +318,16 @@ static int process_one(char *name, int recurse_this_path)
@@ -5384,33 +4163,7 @@ index 20817fb..66cb950 100644
do {
rc = 0;
/* Skip the post order nodes. */
-@@ -362,11 +367,33 @@ err:
- goto out;
- }
-
-+int process_glob(char *name, int recurse) {
-+ glob_t globbuf;
-+ size_t i = 0;
-+ int errors;
-+ memset(&globbuf, 0, sizeof(globbuf));
-+ errors = glob(name, GLOB_TILDE | GLOB_PERIOD, NULL, &globbuf);
-+ if (errors)
-+ errors = process_one_realpath(name, recurse);
-+ else {
-+ for (i = 0; i < globbuf.gl_pathc; i++) {
-+ int len = strlen(globbuf.gl_pathv[i]) -2;
-+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0)
-+ continue;
-+ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
-+ continue;
-+ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse);
-+ }
-+ globfree(&globbuf);
-+ }
-+ return errors;
-+}
-+
- int process_one_realpath(char *name, int recurse)
+@@ -388,7 +393,7 @@ int process_one_realpath(char *name, int recurse)
{
int rc = 0;
char *p;
@@ -5419,7 +4172,7 @@ index 20817fb..66cb950 100644
if (r_opts == NULL){
fprintf(stderr,
-@@ -377,7 +404,7 @@ int process_one_realpath(char *name, int recurse)
+@@ -399,7 +404,7 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) {
return process_one(name, recurse);
} else {
@@ -5428,16 +4181,7 @@ index 20817fb..66cb950 100644
if (rc < 0) {
if (r_opts->ignore_enoent && errno == ENOENT)
return 0;
-@@ -416,7 +443,7 @@ int process_one_realpath(char *name, int recurse)
- }
- }
-
--static int exclude(const char *file)
-+int exclude(const char *file)
- {
- int i = 0;
- for (i = 0; i < excludeCtr; i++) {
-@@ -544,7 +571,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -566,7 +571,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{
file_spec_t *prevfl, *fl;
int h, ret;
@@ -5446,7 +4190,7 @@ index 20817fb..66cb950 100644
if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -557,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -579,7 +584,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) {
if (ino == fl->ino) {
@@ -5455,7 +4199,7 @@ index 20817fb..66cb950 100644
if (ret < 0 || sb.st_ino != ino) {
freecon(fl->con);
free(fl->file);
-@@ -609,5 +636,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
+@@ -631,5 +636,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
return -1;
}
@@ -5480,11 +4224,11 @@ index 20817fb..66cb950 100644
+ return;
+ if (is_selinux_enabled() <= 0)
+ return;
-
++
+ fp = fopen("/proc/mounts", "r");
+ if (!fp)
+ return;
-+
+
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ found = 0;
+ index = 0;
@@ -5524,22 +4268,18 @@ index 20817fb..66cb950 100644
+}
diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
-index fb90734..ac27222 100644
+index 7e988d5..ac27222 100644
--- a/policycoreutils/setfiles/restore.h
+++ b/policycoreutils/setfiles/restore.h
-@@ -45,7 +45,10 @@ struct restore_opts {
- void restore_init(struct restore_opts *opts);
- void restore_finish();
- int add_exclude(const char *directory);
-+int exclude(const char *path);
+@@ -49,5 +49,6 @@ int exclude(const char *path);
void remove_exclude(const char *directory);
int process_one_realpath(char *name, int recurse);
-+int process_glob(char *name, int recurse);
+ int process_glob(char *name, int recurse);
+void exclude_non_seclabel_mounts();
#endif
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
-index 5cb3b5d..7f6fb9a 100644
+index d320e9f..fa0cd6a 100644
--- a/policycoreutils/setfiles/setfiles.c
+++ b/policycoreutils/setfiles/setfiles.c
@@ -5,7 +5,6 @@
@@ -5567,12 +4307,13 @@ index 5cb3b5d..7f6fb9a 100644
static struct restore_opts r_opts;
#define STAT_BLOCK_SIZE 1
-@@ -108,10 +104,10 @@ int canoncon(char **contextp)
+@@ -108,10 +104,11 @@ int canoncon(char **contextp)
}
#ifndef USE_AUDIT
-static void maybe_audit_mass_relabel(void)
-+static void maybe_audit_mass_relabel(int mass_relabel, int mass_relabel_errs)
++static void maybe_audit_mass_relabel(int mass_relabel __attribute__((unused)),
++ int mass_relabel_errs __attribute__((unused)))
{
#else
-static void maybe_audit_mass_relabel(void)
@@ -5580,7 +4321,7 @@ index 5cb3b5d..7f6fb9a 100644
{
int audit_fd = -1;
int rc = 0;
-@@ -137,69 +133,6 @@ static void maybe_audit_mass_relabel(void)
+@@ -137,69 +134,6 @@ static void maybe_audit_mass_relabel(void)
#endif
}
@@ -5650,7 +4391,7 @@ index 5cb3b5d..7f6fb9a 100644
int main(int argc, char **argv)
{
struct stat sb;
-@@ -210,6 +143,7 @@ int main(int argc, char **argv)
+@@ -210,6 +144,7 @@ int main(int argc, char **argv)
size_t buf_len;
int recurse; /* Recursive descent. */
char *base;
@@ -5658,31 +4399,7 @@ index 5cb3b5d..7f6fb9a 100644
memset(&r_opts, 0, sizeof(r_opts));
-@@ -251,7 +185,7 @@ int main(int argc, char **argv)
- r_opts.abort_on_error = 1;
- r_opts.add_assoc = 1;
- r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV;
-- ctx_validate = 1;
-+ ctx_validate = 0;
- } else {
- /*
- * restorecon:
-@@ -474,7 +408,7 @@ int main(int argc, char **argv)
- buf[len - 1] = 0;
- if (!strcmp(buf, "/"))
- mass_relabel = 1;
-- errors |= process_one_realpath(buf, recurse) < 0;
-+ errors |= process_glob(buf, recurse);
- }
- if (strcmp(input_filename, "-") != 0)
- fclose(f);
-@@ -482,13 +416,12 @@ int main(int argc, char **argv)
- for (i = optind; i < argc; i++) {
- if (!strcmp(argv[i], "/"))
- mass_relabel = 1;
-- errors |= process_one_realpath(argv[i], recurse) < 0;
-+
-+ errors |= process_glob(argv[i], recurse);
+@@ -487,9 +422,7 @@ int main(int argc, char **argv)
}
}
diff --git a/policycoreutils.spec b/policycoreutils.spec
index a5bf0d9..c275768 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -1,12 +1,12 @@
%define libauditver 1.4.2-1
-%define libsepolver 2.0.1-0
-%define libsemanagever 2.0.46-6
-%define libselinuxver 2.0.90-3
+%define libsepolver 2.1.0-1
+%define libsemanagever 2.1.0-0
+%define libselinuxver 2.1.0-1
%define sepolgenver 1.0.23
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.1.3
+Version: 2.1.4
Release: 1%{?dist}
License: GPLv2
Group: System Environment/Base
@@ -90,6 +90,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
cp COPYING %{buildroot}/%{_usr}/share/doc/%{name}-%{version}/
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
+make -C gui LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
# Systemd
mkdir -p %{buildroot}%{_unitdir}
install -m644 %{SOURCE10} %{buildroot}%{_unitdir}
@@ -351,11 +352,79 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
-* Mon Aug 1 2011 Dan Walsh <dwalsh at redhat.com> 2.1.1-1
-- Update to upstream
+* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-1
+-Update to upstream
+2.1.4 2011-08-17
+ * run_init: clarification of the usage in the
+ * semanage: fix usage header around booleans
+ * semanage: remove useless empty lines
+ * semanage: update man page with new examples
+ * semanage: update usage text
+ * semanage: introduce file context equivalencies
+ * semanage: enable and disable modules
+ * semanage: output all local modifications
+ * semanage: introduce extraction of local configuration
+ * semanage: cleanup error on invalid operation
+ * semanage: handle being called with no arguments
+ * semanage: return sooner to save CPU time
+ * semanage: surround getopt with try/except
+ * semanage: use define/raise instead of lots of
+ * semanage: some options are only valid for
+ * semanage: introduce better deleteall support
+ * semanage: do not allow spaces in file
+ * semanage: distinguish between builtin and local permissive
+ * semanage: centralized ip node handling
+ * setfiles: make the restore function exclude() non-static
+ * setfiles: use glob to handle ~ and
+ * fixfiles: do not hard code types
+ * fixfiles: stop trying to be smart about
+ * fixfiles: use new kernel seclabel option
+ * fixfiles: pipe everything to cat before sending
+ * fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
+ * semodule: support for alternative root paths
+
+2.1.3 2011-08-03
+ * semanage: fix indention
+ * semodule_package: fix man page typo
+ * semodule_expand: update man page with -a
+ * semanage: handle os errors
+ * semanage: fix traceback with bad options
+ * semanage: show usage on -h or --help
+ * semanage: introduce more deleteall options
+ * semanage: verify ports < 65536
+ * transaction into semanageRecords
+ * make get_handle a method of semanageRecords
+ * remove a needless blank line
+ * make process_one error if not initialized correctly
+ * fixfiles: correct usage for r_opts.rootpath
+ * put -p in help for restorecon and
+ * fixfiles: do not try to only label
+ * fixfiles clean up /var/run and /var/lib/debug
+ * fixfiles delete tmp sockets and pipes rather
+ * fixfile use find -delete instead of pipe
+ * chcat man page typo
+ * add man page for genhomedircon
+ * setfiles fix typo
+ * setsebool should inform users they need to
+ * setsebool typos
+ * open_init_tty man page typos
+ * Don't add user site directory to sys.path
+ * newrole retain CAP_SETPCAP
+
+2.1.2 2011-08-02
+ * seunshare: define _GNU_SOURCE earlier
+ * make ignore_enoent do something
+ * restorecond: first user logged in is not noticed
+ * Repo: update .gitignore
+
+2.1.1 2011-08-01
* Man page updates
* restorecon fix for bad inotify assumptions
+
+2.1.0 2011-07-27
* Release, minor version bump
+
+* Tue Jul 26 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-20
- Fix sepolgen usage statement
- Stop using -k insandbox
- Fix seunshare usage statement
diff --git a/sources b/sources
index 8bd5748..53b109d 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
-4e1ed1d1bdeae47af5c27d88eb682ed1 policycoreutils-2.1.1.tgz
+7e1e18c09798ffb44913bce3d60c667d policycoreutils-2.1.4.tgz
More information about the scm-commits
mailing list