[policycoreutils/f15/master] Rewrite seunshare to make sure /tmp is mounted stickybit owned by root Only allow names in polgengui
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Mar 3 18:46:47 UTC 2011
commit aae6082678bcf9dff303c1df6ea14b64f8e20dda
Author: Dan Walsh <dwalsh at redhat.com>
Date: Thu Mar 3 13:46:30 2011 -0500
Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
Only allow names in polgengui that contain letters and numbers
Fix up node handling in semanage command
Update translations
policycoreutils-gui.patch | 85 ++--
policycoreutils-po.patch | 546 ++++++++++++------------
policycoreutils-rhat.patch | 951 +++++++++++++++++++++++++++--------------
policycoreutils.spec | 12 +-
selinux-polgengui.desktop | 4 +-
system-config-selinux.desktop | 2 +
6 files changed, 966 insertions(+), 634 deletions(-)
---
diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 51b6629..96b8a6c 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.85/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/booleansPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/booleansPage.py 2011-02-17 15:23:37.138754056 -0500
@@ -0,0 +1,247 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -251,7 +251,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.85/gui/domainsPage.py
--- nsapolicycoreutils/gui/domainsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/domainsPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/domainsPage.py 2011-02-17 15:23:37.140754070 -0500
@@ -0,0 +1,154 @@
+## domainsPage.py - show selinux domains
+## Copyright (C) 2009 Red Hat, Inc.
@@ -409,7 +409,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py polic
+ self.error(e.args[0])
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.85/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-02-17 15:23:37.142754084 -0500
@@ -0,0 +1,223 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -636,7 +636,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.85/gui/html_util.py
--- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/html_util.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/html_util.py 2011-02-17 15:23:37.144754100 -0500
@@ -0,0 +1,164 @@
+# Authors: John Dennis <jdennis at redhat.com>
+#
@@ -804,7 +804,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policyc
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.85/gui/lockdown.glade
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.glade 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/lockdown.glade 2011-02-17 15:23:37.148754129 -0500
@@ -0,0 +1,771 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1579,7 +1579,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.85/gui/lockdown.gladep
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-02-17 15:23:37.150754143 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -1590,7 +1590,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep poli
+</glade-project>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.85/gui/lockdown.py
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/lockdown.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/lockdown.py 2011-02-17 15:23:37.153754164 -0500
@@ -0,0 +1,382 @@
+#!/usr/bin/python -Es
+#
@@ -1976,7 +1976,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.85/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/loginsPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/loginsPage.py 2011-02-17 15:23:37.155754180 -0500
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2165,7 +2165,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.85/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/Makefile 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/Makefile 2011-02-17 15:23:37.136754042 -0500
@@ -0,0 +1,40 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -2209,7 +2209,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu
+relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.85/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-02-17 15:23:37.157754195 -0500
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2269,7 +2269,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.85/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/modulesPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/modulesPage.py 2011-02-17 15:23:37.159754209 -0500
@@ -0,0 +1,190 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -2463,7 +2463,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+ self.error(e.args[0])
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.85/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/polgen.glade 2011-02-03 16:11:44.000000000 -0500
++++ policycoreutils-2.0.85/gui/polgen.glade 2011-02-17 15:23:37.178754347 -0500
@@ -0,0 +1,3432 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -5899,7 +5899,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.85/gui/polgen.gladep
--- nsapolicycoreutils/gui/polgen.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/polgen.gladep 2011-02-02 16:17:52.000000000 -0500
++++ policycoreutils-2.0.85/gui/polgen.gladep 2011-02-17 15:23:37.180754361 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -5910,7 +5910,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy
+</glade-project>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.85/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/polgengui.py 2011-02-03 15:50:31.000000000 -0500
++++ policycoreutils-2.0.85/gui/polgengui.py 2011-02-18 16:00:09.453515294 -0500
@@ -0,0 +1,750 @@
+#!/usr/bin/python -Es
+#
@@ -6609,8 +6609,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+
+ def on_name_page_next(self, *args):
+ name=self.name_entry.get_text()
-+ if name == "":
-+ self.error(_("You must enter a name"))
++ if not name.isalnum():
++ self.error(_("You must add a name made up of letters and numbers and containing no spaces."))
+ return True
+
+ for i in self.label_dict:
@@ -6664,8 +6664,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.85/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/polgen.py 2011-02-03 17:03:56.000000000 -0500
-@@ -0,0 +1,1343 @@
++++ policycoreutils-2.0.85/gui/polgen.py 2011-02-18 15:58:37.246879345 -0500
+@@ -0,0 +1,1346 @@
+#!/usr/bin/python -Es
+#
+# Copyright (C) 2007-2010 Red Hat
@@ -6981,6 +6981,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+( self.generate_sandbox_types, self.generate_sandbox_rules))
+ if name == "":
+ raise ValueError(_("You must enter a name for your confined process/user"))
++ if not name.isalnum():
++ raise ValueError(_("Name must be alpha numberic with no spaces."))
++
+ if type == CGI:
+ self.name = "httpd_%s_script" % name
+ else:
@@ -8011,7 +8014,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ usage(e)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.85/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/portsPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/portsPage.py 2011-02-17 15:23:37.199754500 -0500
@@ -0,0 +1,259 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8274,7 +8277,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.85/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/selinux.tbl 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/selinux.tbl 2011-02-17 15:23:37.203754529 -0500
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -8512,7 +8515,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.85/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/semanagePage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/semanagePage.py 2011-02-17 15:23:37.205754545 -0500
@@ -0,0 +1,168 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8684,7 +8687,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.85/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/statusPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/statusPage.py 2011-02-17 15:23:37.207754560 -0500
@@ -0,0 +1,190 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -8878,7 +8881,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.85/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-02-17 15:23:37.133754019 -0500
@@ -0,0 +1,3024 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -11906,7 +11909,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.gladep policycoreutils-2.0.85/gui/system-config-selinux.gladep
--- nsapolicycoreutils/gui/system-config-selinux.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-02-17 15:23:37.208754567 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -11917,7 +11920,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+</glade-project>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.85/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-02-17 15:23:37.210754581 -0500
@@ -0,0 +1,187 @@
+#!/usr/bin/python -Es
+#
@@ -12108,7 +12111,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.85/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-02-17 15:23:37.083753654 -0500
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12152,7 +12155,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.85/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-02-17 15:23:37.085753669 -0500
@@ -0,0 +1,113 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12269,7 +12272,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.85/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/executable.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/executable.py 2011-02-17 15:23:37.088753691 -0500
@@ -0,0 +1,447 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12720,7 +12723,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.85/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-02-17 15:23:37.073753581 -0500
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -12742,7 +12745,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.85/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/network.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/network.py 2011-02-17 15:23:37.092753720 -0500
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -12826,7 +12829,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.85/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/rw.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/rw.py 2011-02-17 15:23:37.094753736 -0500
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12961,7 +12964,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.85/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/script.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/script.py 2011-02-17 15:23:37.097753757 -0500
@@ -0,0 +1,126 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13091,7 +13094,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.85/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-02-17 15:23:37.099753771 -0500
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13136,7 +13139,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.85/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-02-17 15:23:37.102753793 -0500
@@ -0,0 +1,102 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13242,7 +13245,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.85/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/user.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/user.py 2011-02-17 15:23:37.104753809 -0500
@@ -0,0 +1,205 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13451,7 +13454,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache.py policycoreutils-2.0.85/gui/templates/var_cache.py
--- nsapolicycoreutils/gui/templates/var_cache.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-02-17 15:23:37.106753823 -0500
@@ -0,0 +1,133 @@
+# Copyright (C) 2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13588,7 +13591,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache.
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.85/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-02-17 15:23:37.109753844 -0500
@@ -0,0 +1,161 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13753,7 +13756,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.85/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-02-17 15:23:37.112753865 -0500
@@ -0,0 +1,116 @@
+# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13873,7 +13876,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.85/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-02-17 15:23:37.114753881 -0500
@@ -0,0 +1,101 @@
+# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13978,7 +13981,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.85/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-02-17 15:23:37.116753896 -0500
@@ -0,0 +1,133 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -14115,7 +14118,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.85/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/gui/usersPage.py 2011-01-21 09:25:41.000000000 -0500
++++ policycoreutils-2.0.85/gui/usersPage.py 2011-02-17 15:23:37.212754595 -0500
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
diff --git a/policycoreutils-po.patch b/policycoreutils-po.patch
index a07a510..a1162c4 100644
--- a/policycoreutils-po.patch
+++ b/policycoreutils-po.patch
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.85/po/af.po
---- nsapolicycoreutils/po/af.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/af.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/af.po 2011-02-17 15:11:25.504728610 -0500
++++ policycoreutils-2.0.85/po/af.po 2011-02-18 16:03:41.328975464 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -3030,8 +3030,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.85/po/am.po
---- nsapolicycoreutils/po/am.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/am.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/am.po 2011-02-17 15:11:25.659726051 -0500
++++ policycoreutils-2.0.85/po/am.po 2011-02-18 16:03:41.332975492 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -6061,8 +6061,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.85/po/ar.po
---- nsapolicycoreutils/po/ar.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ar.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ar.po 2011-02-17 15:11:25.688725570 -0500
++++ policycoreutils-2.0.85/po/ar.po 2011-02-18 16:03:41.336975520 -0500
@@ -1,20 +1,44 @@
-# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
@@ -10007,8 +10007,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "مستوى الحساسية"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.85/po/as.po
---- nsapolicycoreutils/po/as.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/as.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/as.po 2011-02-17 15:11:25.843723011 -0500
++++ policycoreutils-2.0.85/po/as.po 2011-02-18 16:03:41.339975541 -0500
@@ -1,23 +1,43 @@
-# translation of as.po to Assamese
+# translation of policycoreutils.HEAD.po to Assamese
@@ -14676,8 +14676,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils
+#~ msgid "Sensitivity Level"
#~ msgstr "স্তৰ"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.85/po/be.po
---- nsapolicycoreutils/po/be.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/be.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/be.po 2011-02-17 15:11:25.556727752 -0500
++++ policycoreutils-2.0.85/po/be.po 2011-02-18 16:03:41.342975562 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -17707,8 +17707,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.85/po/bg.po
---- nsapolicycoreutils/po/bg.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/bg.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/bg.po 2011-02-17 15:11:25.232733103 -0500
++++ policycoreutils-2.0.85/po/bg.po 2011-02-18 16:03:41.343975569 -0500
@@ -8,14 +8,34 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -22264,8 +22264,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils
#~ msgstr "Изисква стойност"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.85/po/bn_IN.po
---- nsapolicycoreutils/po/bn_IN.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/bn_IN.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/bn_IN.po 2011-02-17 15:11:24.953737714 -0500
++++ policycoreutils-2.0.85/po/bn_IN.po 2011-02-18 16:03:41.345975583 -0500
@@ -2,17 +2,18 @@
# This file is distributed under the same license as the PACKAGE package.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
@@ -27071,8 +27071,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreut
+msgid "SELinux user '%s' is required"
+msgstr "SELinux ব্যবহারকারী '%s'-র উপস্থিত আবশ্যক"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.85/po/bn.po
---- nsapolicycoreutils/po/bn.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/bn.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/bn.po 2011-02-17 15:11:25.920721738 -0500
++++ policycoreutils-2.0.85/po/bn.po 2011-02-18 16:03:41.345975583 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -30102,8 +30102,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.85/po/bs.po
---- nsapolicycoreutils/po/bs.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/bs.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/bs.po 2011-02-17 15:11:25.440729666 -0500
++++ policycoreutils-2.0.85/po/bs.po 2011-02-18 16:03:41.345975583 -0500
@@ -4,10 +4,11 @@
msgstr ""
"Project-Id-Version: bs\n"
@@ -33228,8 +33228,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Zahtijeva vrijednost"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.85/po/ca.po
---- nsapolicycoreutils/po/ca.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ca.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ca.po 2011-02-17 15:11:25.745724636 -0500
++++ policycoreutils-2.0.85/po/ca.po 2011-02-18 16:03:41.346975590 -0500
@@ -5,6 +5,8 @@
#
# Josep Puigdemont Casamajó <josep.puigdemont at gmail.com>, 2006.
@@ -36819,8 +36819,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "Nivell de sensibilitat"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.85/po/cs.po
---- nsapolicycoreutils/po/cs.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/cs.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/cs.po 2011-02-17 15:11:25.036736340 -0500
++++ policycoreutils-2.0.85/po/cs.po 2011-02-18 16:03:41.346975590 -0500
@@ -9,16 +9,35 @@
msgstr ""
"Project-Id-Version: cs\n"
@@ -40503,8 +40503,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils
#~ msgstr "<b>Číslo zařízení:</b>"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.85/po/cy.po
---- nsapolicycoreutils/po/cy.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/cy.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/cy.po 2011-02-17 15:11:25.483728954 -0500
++++ policycoreutils-2.0.85/po/cy.po 2011-02-18 16:03:41.347975597 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -43534,9 +43534,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.85/po/da.po
---- nsapolicycoreutils/po/da.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/da.po 2010-12-21 16:18:01.000000000 -0500
-@@ -1,24 +1,45 @@
+--- nsapolicycoreutils/po/da.po 2011-02-17 15:11:25.544727951 -0500
++++ policycoreutils-2.0.85/po/da.po 2011-02-18 16:03:41.347975597 -0500
+@@ -1,24 +1,43 @@
-# translation of da.po to
-# Danish messages for policycoreutils.
+# Danish translation of policycoreutils.
@@ -43561,28 +43561,26 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
-"Last-Translator: Keld Simonsen <keld at rap.dk>\n"
-"Language-Team: <da at li.org>\n"
+"POT-Creation-Date: 2010-07-27 10:03-0400\n"
-+"PO-Revision-Date: 2010-03-14 13:18+0100\n"
++"PO-Revision-Date: 2010-12-21 20:00+0100\n"
+"Last-Translator: Kris Thomsen <lakristho at gmail.com>\n"
+"Language-Team: Danish <dansk at dansk-gruppen.dk>\n"
-+"Language: da\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"X-Generator: KBabel 1.10.2\n"
++"Language: da\n"
+
+#: system-config-selinux.desktop.in.h:1
+msgid "Configure SELinux in a graphical setting"
-+msgstr ""
++msgstr "Konfigurér SELinux i et grafisk miljø"
+
+#: system-config-selinux.desktop.in.h:2
-+#, fuzzy
+msgid "SELinux Management"
-+msgstr "SELinux kontekst"
++msgstr "Håndtering af SELinux"
+
+#: selinux-polgengui.desktop.in.h:1
-+#, fuzzy
+msgid "Generate SELinux policy modules"
-+msgstr "Generér nyt regelsætmodul"
++msgstr "Generér SELinux-regelsætmodul"
+
+#: selinux-polgengui.desktop.in.h:2 ../gui/polgen.glade:91
+#: ../gui/polgen.glade:124
@@ -43591,7 +43589,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../run_init/run_init.c:67
msgid ""
-@@ -27,18 +48,18 @@
+@@ -27,18 +46,18 @@
" <args ...> are the arguments to that script."
msgstr ""
"BRUG: run_init <skript> <args ...>\n"
@@ -43614,7 +43612,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../run_init/run_init.c:162 ../newrole/newrole.c:338
msgid "Password:"
-@@ -47,7 +68,7 @@
+@@ -47,7 +66,7 @@
#: ../run_init/run_init.c:197 ../newrole/newrole.c:363
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
@@ -43623,7 +43621,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../run_init/run_init.c:203 ../newrole/newrole.c:370
#, c-format
-@@ -72,12 +93,12 @@
+@@ -72,12 +91,12 @@
#: ../run_init/run_init.c:361
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
@@ -43638,7 +43636,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../run_init/run_init.c:405 ../newrole/newrole.c:1321
#, c-format
-@@ -85,61 +106,57 @@
+@@ -85,61 +104,57 @@
msgstr "Kunne ikke sætte kørselskontekst til %s.\n"
#: ../audit2allow/audit2allow:217
@@ -43716,7 +43714,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../semanage/seobject.py:250
#, python-format
-@@ -158,788 +175,788 @@
+@@ -158,788 +173,788 @@
#: ../semanage/seobject.py:290
msgid "Not yet implemented"
@@ -44837,7 +44835,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:436
#, c-format
-@@ -949,27 +966,27 @@
+@@ -949,27 +964,27 @@
#: ../newrole/newrole.c:447
#, c-format
msgid "Out of memory!\n"
@@ -44871,7 +44869,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:570
#, c-format
-@@ -979,12 +996,12 @@
+@@ -979,12 +994,12 @@
#: ../newrole/newrole.c:578 ../newrole/newrole.c:652
#, c-format
msgid "Error dropping capabilities, aborting\n"
@@ -44886,7 +44884,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:590 ../newrole/newrole.c:646 ../newrole/newrole.c:678
#, c-format
-@@ -994,7 +1011,7 @@
+@@ -994,7 +1009,7 @@
#: ../newrole/newrole.c:597
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
@@ -44895,7 +44893,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:602 ../newrole/newrole.c:657
#, c-format
-@@ -1004,27 +1021,27 @@
+@@ -1004,27 +1019,27 @@
#: ../newrole/newrole.c:701
#, c-format
msgid "Error connecting to audit system.\n"
@@ -44928,7 +44926,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:771
#, c-format
-@@ -1034,7 +1051,7 @@
+@@ -1034,7 +1049,7 @@
#: ../newrole/newrole.c:781
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
@@ -44937,7 +44935,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:791
#, c-format
-@@ -1044,17 +1061,17 @@
+@@ -1044,17 +1059,17 @@
#: ../newrole/newrole.c:838
#, c-format
msgid "%s changed labels.\n"
@@ -44958,7 +44956,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:909
#, c-format
-@@ -1064,7 +1081,7 @@
+@@ -1064,7 +1079,7 @@
#: ../newrole/newrole.c:916
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
@@ -44967,7 +44965,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:921
#, c-format
-@@ -1075,26 +1092,27 @@
+@@ -1075,26 +1090,27 @@
#, c-format
msgid "Error: you are not allowed to change levels on a non secure terminal \n"
msgstr ""
@@ -44999,7 +44997,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:991
#, c-format
-@@ -1104,7 +1122,7 @@
+@@ -1104,7 +1120,7 @@
#: ../newrole/newrole.c:996
#, c-format
msgid "failed to set new range %s\n"
@@ -45008,7 +45006,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:1004
#, c-format
-@@ -1119,42 +1137,42 @@
+@@ -1119,42 +1135,42 @@
#: ../newrole/newrole.c:1016
#, c-format
msgid "Unable to allocate memory for new_context"
@@ -45060,7 +45058,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:1223
#, c-format
-@@ -1164,7 +1182,7 @@
+@@ -1164,7 +1180,7 @@
#: ../newrole/newrole.c:1226 ../newrole/newrole.c:1249
#, c-format
msgid "Unable to restore tty label...\n"
@@ -45069,7 +45067,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:1228 ../newrole/newrole.c:1255
#, c-format
-@@ -1179,7 +1197,7 @@
+@@ -1179,7 +1195,7 @@
#: ../newrole/newrole.c:1314
#, c-format
msgid "Error allocating shell's argv0.\n"
@@ -45078,7 +45076,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../newrole/newrole.c:1346
#, c-format
-@@ -1188,27 +1206,27 @@
+@@ -1188,27 +1204,27 @@
#: ../newrole/newrole.c:1357
msgid "failed to exec shell\n"
@@ -45113,7 +45111,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../scripts/chcat:92 ../scripts/chcat:169
msgid "Requires at least one category"
-@@ -1217,12 +1235,12 @@
+@@ -1217,12 +1233,12 @@
#: ../scripts/chcat:106 ../scripts/chcat:183
#, c-format
msgid "Can not modify sensitivity levels using '+' on %s"
@@ -45128,7 +45126,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#: ../scripts/chcat:188 ../scripts/chcat:198
#, c-format
-@@ -1279,101 +1297,2231 @@
+@@ -1279,101 +1295,2231 @@
#: ../scripts/chcat:333
msgid "Use -- to end option list. For example"
@@ -45574,8 +45572,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
+
+#: ../gui/polgen.glade:1457 ../gui/polgen.glade:1677
+msgid ""
-+"Allow application/user role to call bindresvport with 0. Binding to port "
-+"600-1024"
++"Allow application/user role to call bindresvport with 0. Binding to port 600-"
++"1024"
+msgstr ""
+"Tillad program-/brugerrolle at kalde bindresvport med 0. Forbinder til port "
+"600-1024"
@@ -45607,7 +45605,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
+
+#: ../gui/polgen.glade:1589 ../gui/polgen.glade:2005
+msgid "<b>UDP Ports</b>"
-+msgstr "<B>UDP-porte</b>"
++msgstr "<b>UDP-porte</b>"
+
+#: ../gui/polgen.glade:1834
+msgid "Enter network ports that application/user role connects to"
@@ -47425,7 +47423,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Kræver værdi"
-@@ -1403,7 +3551,7 @@
+@@ -1403,7 +3549,7 @@
#~ "semodule -i %s.pp\n"
#~ "\n"
#~ msgstr ""
@@ -47435,8 +47433,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils
#~ "\n"
#~ "semodule -i %s.pp\n"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.85/po/de.po
---- nsapolicycoreutils/po/de.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/de.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/de.po 2011-02-17 15:11:25.933721523 -0500
++++ policycoreutils-2.0.85/po/de.po 2011-02-18 16:03:41.347975597 -0500
@@ -1,28 +1,50 @@
-# translation of policycoreutils.HEAD.de.po to German
+# translation of policycoreutils.HEAD.po to
@@ -52457,8 +52455,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "SELinux-Benutzer '%s' wird benötigt"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/el.po policycoreutils-2.0.85/po/el.po
---- nsapolicycoreutils/po/el.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/el.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/el.po 2011-02-17 15:11:25.850722895 -0500
++++ policycoreutils-2.0.85/po/el.po 2011-02-18 16:03:41.355975653 -0500
@@ -1,22 +1,43 @@
# translation of el.po to Greek
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
@@ -55752,8 +55750,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/el.po policycoreutils
#, fuzzy
#~ msgid "Requires value"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/en_GB.po policycoreutils-2.0.85/po/en_GB.po
---- nsapolicycoreutils/po/en_GB.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/en_GB.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/en_GB.po 2011-02-17 15:11:25.910721905 -0500
++++ policycoreutils-2.0.85/po/en_GB.po 2011-02-18 16:03:41.357975667 -0500
@@ -1,19 +1,42 @@
# English (British) translation.
# Copyright (C) 2007 THE PACKAGE'S COPYRIGHT HOLDER
@@ -59256,8 +59254,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/en_GB.po policycoreut
#~ msgid "Requires value"
#~ msgstr "Requires value"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/es.po policycoreutils-2.0.85/po/es.po
---- nsapolicycoreutils/po/es.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/es.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/es.po 2011-02-17 15:11:25.399730344 -0500
++++ policycoreutils-2.0.85/po/es.po 2011-02-18 16:03:41.359975681 -0500
@@ -1,22 +1,44 @@
# translation of policycoreutils.HEAD.es.po to Spanish
+# Fedora Spanish translation of policycoreutils.HEAD.
@@ -64268,8 +64266,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/es.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "Se requiere el usuario SELinux '%s'"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/et.po policycoreutils-2.0.85/po/et.po
---- nsapolicycoreutils/po/et.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/et.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/et.po 2011-02-17 15:11:25.969720930 -0500
++++ policycoreutils-2.0.85/po/et.po 2011-02-18 16:03:41.361975695 -0500
@@ -1,3 +1,20 @@
+#: system-config-selinux.desktop.in.h:1
+msgid "Configure SELinux in a graphical setting"
@@ -67286,8 +67284,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/et.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/eu_ES.po policycoreutils-2.0.85/po/eu_ES.po
---- nsapolicycoreutils/po/eu_ES.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/eu_ES.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/eu_ES.po 2011-02-17 15:11:25.722725008 -0500
++++ policycoreutils-2.0.85/po/eu_ES.po 2011-02-18 16:03:41.362975702 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -70317,8 +70315,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/eu_ES.po policycoreut
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/fa.po policycoreutils-2.0.85/po/fa.po
---- nsapolicycoreutils/po/fa.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/fa.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/fa.po 2011-02-17 15:11:25.649726215 -0500
++++ policycoreutils-2.0.85/po/fa.po 2011-02-18 16:03:41.363975709 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -73348,8 +73346,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/fa.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/fi.po policycoreutils-2.0.85/po/fi.po
---- nsapolicycoreutils/po/fi.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/fi.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/fi.po 2011-02-17 15:11:24.918738320 -0500
++++ policycoreutils-2.0.85/po/fi.po 2011-02-18 16:03:41.364975716 -0500
@@ -1,20 +1,37 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
@@ -77342,8 +77340,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/fi.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "Herkkyystaso"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/fr.po policycoreutils-2.0.85/po/fr.po
---- nsapolicycoreutils/po/fr.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/fr.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/fr.po 2011-02-17 15:11:25.965720995 -0500
++++ policycoreutils-2.0.85/po/fr.po 2011-02-18 16:03:41.366975730 -0500
@@ -1,22 +1,43 @@
-# translation of policycoreutils.HEAD.fr_modifié(1).po to french
-# Thomas Canniot <mrtom at fedoraproject.org>, 2006.
@@ -82165,8 +82163,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/fr.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "L'identité SELinux « %s » est exigée"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/gl.po policycoreutils-2.0.85/po/gl.po
---- nsapolicycoreutils/po/gl.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/gl.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/gl.po 2011-02-17 15:11:25.062735914 -0500
++++ policycoreutils-2.0.85/po/gl.po 2011-02-18 16:03:41.368975744 -0500
@@ -1,3 +1,20 @@
+#: system-config-selinux.desktop.in.h:1
+msgid "Configure SELinux in a graphical setting"
@@ -85183,8 +85181,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/gl.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/gu.po policycoreutils-2.0.85/po/gu.po
---- nsapolicycoreutils/po/gu.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/gu.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/gu.po 2011-02-17 15:11:25.602726991 -0500
++++ policycoreutils-2.0.85/po/gu.po 2011-02-18 16:03:41.369975751 -0500
@@ -3,19 +3,38 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
#
@@ -90004,8 +90002,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/gu.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "SELinux વપરાશકર્તા '%s' જરૂરી છે"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/he.po policycoreutils-2.0.85/po/he.po
---- nsapolicycoreutils/po/he.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/he.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/he.po 2011-02-17 15:11:25.161734275 -0500
++++ policycoreutils-2.0.85/po/he.po 2011-02-18 16:03:41.369975751 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -93035,8 +93033,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/he.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hi.po policycoreutils-2.0.85/po/hi.po
---- nsapolicycoreutils/po/hi.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/hi.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/hi.po 2011-02-17 15:11:25.876722465 -0500
++++ policycoreutils-2.0.85/po/hi.po 2011-02-18 16:03:41.369975751 -0500
@@ -1,16 +1,17 @@
-# translation of policycoreutils.HEAD.hi.po to Hindi
+# translation of policycoreutils.HEAD.po to Hindi
@@ -97893,8 +97891,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hi.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "SELinux उपयोक्ता '%s' जरूरी हैं"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hr.po policycoreutils-2.0.85/po/hr.po
---- nsapolicycoreutils/po/hr.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/hr.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/hr.po 2011-02-17 15:11:25.790723886 -0500
++++ policycoreutils-2.0.85/po/hr.po 2011-02-18 16:03:41.370975758 -0500
@@ -2,16 +2,36 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -102099,8 +102097,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hr.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Zahtijeva vrijednost"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hu.po policycoreutils-2.0.85/po/hu.po
---- nsapolicycoreutils/po/hu.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/hu.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/hu.po 2011-02-17 15:11:25.123734902 -0500
++++ policycoreutils-2.0.85/po/hu.po 2011-02-18 16:03:41.370975758 -0500
@@ -1,19 +1,42 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
#
@@ -105674,8 +105672,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hu.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Meg kell adni egy értéket"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hy.po policycoreutils-2.0.85/po/hy.po
---- nsapolicycoreutils/po/hy.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/hy.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/hy.po 2011-02-17 15:11:24.927738117 -0500
++++ policycoreutils-2.0.85/po/hy.po 2011-02-18 16:03:41.378975814 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -108705,8 +108703,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/hy.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/id.po policycoreutils-2.0.85/po/id.po
---- nsapolicycoreutils/po/id.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/id.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/id.po 2011-02-17 15:11:25.825723306 -0500
++++ policycoreutils-2.0.85/po/id.po 2011-02-18 16:03:41.378975814 -0500
@@ -1,3 +1,20 @@
+#: system-config-selinux.desktop.in.h:1
+msgid "Configure SELinux in a graphical setting"
@@ -111723,8 +111721,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/id.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/is.po policycoreutils-2.0.85/po/is.po
---- nsapolicycoreutils/po/is.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/is.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/is.po 2011-02-17 15:11:25.943721358 -0500
++++ policycoreutils-2.0.85/po/is.po 2011-02-18 16:03:41.378975814 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -114754,8 +114752,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/is.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/it.po policycoreutils-2.0.85/po/it.po
---- nsapolicycoreutils/po/it.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/it.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/it.po 2011-02-17 15:11:25.522728311 -0500
++++ policycoreutils-2.0.85/po/it.po 2011-02-18 16:03:41.380975827 -0500
@@ -1,20 +1,41 @@
# translation of it.po to
# This file is distributed under the same license as the policycoreutils package.
@@ -119645,8 +119643,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/it.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "E' richiesto l'utente '%s' di SELinux"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ja.po policycoreutils-2.0.85/po/ja.po
---- nsapolicycoreutils/po/ja.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ja.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ja.po 2011-02-17 15:11:25.206733533 -0500
++++ policycoreutils-2.0.85/po/ja.po 2011-02-18 16:03:41.381975833 -0500
@@ -1,25 +1,45 @@
# translation of ja.po to Japanese
-# translation of ja.po to
@@ -124568,8 +124566,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ja.po policycoreutils
-#~ msgstr "前(_P)"
+#~ msgstr "敏感度レベル"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ka.po policycoreutils-2.0.85/po/ka.po
---- nsapolicycoreutils/po/ka.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ka.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ka.po 2011-02-17 15:11:25.313731764 -0500
++++ policycoreutils-2.0.85/po/ka.po 2011-02-18 16:03:41.381975833 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -127599,8 +127597,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ka.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/kn.po policycoreutils-2.0.85/po/kn.po
---- nsapolicycoreutils/po/kn.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/kn.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/kn.po 2011-02-17 15:11:25.717725091 -0500
++++ policycoreutils-2.0.85/po/kn.po 2011-02-18 16:03:41.382975840 -0500
@@ -2,20 +2,21 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
@@ -132537,8 +132535,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/kn.po policycoreutils
+#~ msgid "Executable required"
+#~ msgstr "ಕಾರ್ಯಗತಗೊಳಿಸಬಲ್ಲದರ ಅಗತ್ಯವಿದೆ"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ko.po policycoreutils-2.0.85/po/ko.po
---- nsapolicycoreutils/po/ko.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ko.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ko.po 2011-02-17 15:11:25.492728806 -0500
++++ policycoreutils-2.0.85/po/ko.po 2011-02-18 16:03:41.382975840 -0500
@@ -1,20 +1,42 @@
-# translation of ko.po to Korean
-# Eunju Kim <eukim at redhat.com>, 2006, 2007.
@@ -136143,8 +136141,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ko.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "SELinux 사용자 '%s'이(가) 필요합니다"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ku.po policycoreutils-2.0.85/po/ku.po
---- nsapolicycoreutils/po/ku.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ku.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ku.po 2011-02-17 15:11:25.362730954 -0500
++++ policycoreutils-2.0.85/po/ku.po 2011-02-18 16:03:41.382975840 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -139174,8 +139172,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ku.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lo.po policycoreutils-2.0.85/po/lo.po
---- nsapolicycoreutils/po/lo.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/lo.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/lo.po 2011-02-17 15:11:25.938721441 -0500
++++ policycoreutils-2.0.85/po/lo.po 2011-02-18 16:03:41.383975847 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -142205,8 +142203,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lo.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lt.po policycoreutils-2.0.85/po/lt.po
---- nsapolicycoreutils/po/lt.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/lt.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/lt.po 2011-02-17 15:11:25.284732243 -0500
++++ policycoreutils-2.0.85/po/lt.po 2011-02-18 16:03:41.383975847 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -145236,8 +145234,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lt.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lv.po policycoreutils-2.0.85/po/lv.po
---- nsapolicycoreutils/po/lv.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/lv.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/lv.po 2011-02-17 15:11:24.992737067 -0500
++++ policycoreutils-2.0.85/po/lv.po 2011-02-18 16:03:41.383975847 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -148268,7 +148266,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/lv.po policycoreutils
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mai.po policycoreutils-2.0.85/po/mai.po
--- nsapolicycoreutils/po/mai.po 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/po/mai.po 2010-12-21 16:18:01.000000000 -0500
++++ policycoreutils-2.0.85/po/mai.po 2011-02-18 16:03:41.384975854 -0500
@@ -0,0 +1,3493 @@
+# translation of policycoreutils.HEAD.policycoreutils.po to Maithili
+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
@@ -151764,8 +151762,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mai.po policycoreutil
+#~ msgid "Sensitivity Level"
+#~ msgstr "संवेदनशीलता स्तर"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/Makefile policycoreutils-2.0.85/po/Makefile
---- nsapolicycoreutils/po/Makefile 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/Makefile 2010-12-21 16:16:39.000000000 -0500
+--- nsapolicycoreutils/po/Makefile 2011-02-17 15:11:25.174734053 -0500
++++ policycoreutils-2.0.85/po/Makefile 2011-02-17 15:23:37.422756127 -0500
@@ -45,6 +45,33 @@
../restorecond/stringslist.h \
../restorecond/restorecond.c \
@@ -151814,8 +151812,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/Makefile policycoreut
%.mo: %.po
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/Makefile.in.in policycoreutils-2.0.85/po/Makefile.in.in
---- nsapolicycoreutils/po/Makefile.in.in 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/Makefile.in.in 2010-12-21 16:16:39.000000000 -0500
+--- nsapolicycoreutils/po/Makefile.in.in 2011-02-17 15:11:25.153734404 -0500
++++ policycoreutils-2.0.85/po/Makefile.in.in 2011-02-17 15:23:37.434756214 -0500
@@ -117,9 +117,11 @@
$(INSTALL_DATA) $$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \
echo "installing $$cat as $$dir/$(PACKAGE)$(INSTOBJEXT)"; \
@@ -151832,8 +151830,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/Makefile.in.in policy
if test -r $$cat.m; then \
$(INSTALL_DATA) $$cat.m $$dir/$(PACKAGE)$(INSTOBJEXT).m; \
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mk.po policycoreutils-2.0.85/po/mk.po
---- nsapolicycoreutils/po/mk.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/mk.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/mk.po 2011-02-17 15:11:25.778724070 -0500
++++ policycoreutils-2.0.85/po/mk.po 2011-02-18 16:03:41.384975854 -0500
@@ -8,15 +8,35 @@
msgstr ""
"Project-Id-Version: mk\n"
@@ -154962,8 +154960,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mk.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Побарува вредност"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ml.po policycoreutils-2.0.85/po/ml.po
---- nsapolicycoreutils/po/ml.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ml.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ml.po 2011-02-17 15:11:25.821723374 -0500
++++ policycoreutils-2.0.85/po/ml.po 2011-02-18 16:03:41.385975861 -0500
@@ -1,3 +1,4 @@
+# translation of policycoreutils.HEAD.ml.po to
# translation of ml.po to
@@ -159931,8 +159929,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ml.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "'%s' എന്ന SELinux ഉപയോക്താവ് ആവശ്യമുണ്ട്"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mr.po policycoreutils-2.0.85/po/mr.po
---- nsapolicycoreutils/po/mr.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/mr.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/mr.po 2011-02-17 15:11:25.579727370 -0500
++++ policycoreutils-2.0.85/po/mr.po 2011-02-18 16:03:41.385975861 -0500
@@ -1,25 +1,44 @@
-# translation of policycoreutils.HEAD.mr.po to marathi
+# translation of mr.po to Marathi
@@ -164929,8 +164927,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/mr.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "संवेदनशीलता स्तर"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ms.po policycoreutils-2.0.85/po/ms.po
---- nsapolicycoreutils/po/ms.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ms.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ms.po 2011-02-17 15:11:25.105735199 -0500
++++ policycoreutils-2.0.85/po/ms.po 2011-02-18 16:03:41.385975861 -0500
@@ -7,14 +7,34 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -168046,8 +168044,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ms.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Memerlukan nilai"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/my.po policycoreutils-2.0.85/po/my.po
---- nsapolicycoreutils/po/my.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/my.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/my.po 2011-02-17 15:11:25.679725718 -0500
++++ policycoreutils-2.0.85/po/my.po 2011-02-18 16:03:41.386975868 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -171077,8 +171075,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/my.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nb.po policycoreutils-2.0.85/po/nb.po
---- nsapolicycoreutils/po/nb.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/nb.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/nb.po 2011-02-17 15:11:25.268732508 -0500
++++ policycoreutils-2.0.85/po/nb.po 2011-02-18 16:03:41.386975868 -0500
@@ -1,20 +1,38 @@
# Norwegian bokmål translation of policycoreutils.
# Copyright (C) 2006 Red Hat, Inc.
@@ -174253,7 +174251,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nb.po policycoreutils
+msgstr "SELinux bruker «%s» kreves"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nds_DE.po policycoreutils-2.0.85/po/nds_DE.po
--- nsapolicycoreutils/po/nds_DE.po 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/po/nds_DE.po 2010-12-21 16:18:01.000000000 -0500
++++ policycoreutils-2.0.85/po/nds_DE.po 2011-02-18 16:03:41.386975868 -0500
@@ -0,0 +1,3363 @@
+# translation of policycoreutils.HEAD.po to
+# translation of policycoreutils.HEAD.nds.po to
@@ -177620,7 +177618,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nds_DE.po policycoreu
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nds.po policycoreutils-2.0.85/po/nds.po
--- nsapolicycoreutils/po/nds.po 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.85/po/nds.po 2010-12-21 16:18:01.000000000 -0500
++++ policycoreutils-2.0.85/po/nds.po 2011-02-18 16:03:41.436976206 -0500
@@ -0,0 +1,3363 @@
+# translation of policycoreutils.HEAD.po to
+# translation of policycoreutils.HEAD.nds.po to
@@ -180986,8 +180984,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nds.po policycoreutil
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nl.po policycoreutils-2.0.85/po/nl.po
---- nsapolicycoreutils/po/nl.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/nl.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/nl.po 2011-02-17 15:11:25.137734670 -0500
++++ policycoreutils-2.0.85/po/nl.po 2011-02-18 16:03:41.436976207 -0500
@@ -1,19 +1,42 @@
+# translation of policycoreutils.HEAD.nl.po to Dutch
# translation of policycoreutils to Dutch
@@ -184907,8 +184905,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nl.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "Gevoeligheid niveau"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nn.po policycoreutils-2.0.85/po/nn.po
---- nsapolicycoreutils/po/nn.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/nn.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/nn.po 2011-02-17 15:11:25.165734209 -0500
++++ policycoreutils-2.0.85/po/nn.po 2011-02-18 16:03:41.436976207 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -187938,7 +187936,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nn.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/no.po policycoreutils-2.0.85/po/no.po
---- nsapolicycoreutils/po/no.po 2010-05-19 14:45:51.000000000 -0400
+--- nsapolicycoreutils/po/no.po 2011-02-17 15:11:25.260732640 -0500
+++ policycoreutils-2.0.85/po/no.po 1969-12-31 19:00:00.000000000 -0500
@@ -1,1272 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
@@ -189214,8 +189212,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/no.po policycoreutils
-msgid "Options Error %s "
-msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nso.po policycoreutils-2.0.85/po/nso.po
---- nsapolicycoreutils/po/nso.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/nso.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/nso.po 2011-02-17 15:11:25.375730741 -0500
++++ policycoreutils-2.0.85/po/nso.po 2011-02-18 16:03:41.436976207 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -192245,8 +192243,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/nso.po policycoreutil
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/or.po policycoreutils-2.0.85/po/or.po
---- nsapolicycoreutils/po/or.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/or.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/or.po 2011-02-17 15:11:25.251732789 -0500
++++ policycoreutils-2.0.85/po/or.po 2011-02-18 16:03:41.437976214 -0500
@@ -1,17 +1,19 @@
-# translation of policycoreutils.HEAD.or.po to Oriya
+# translation of or.po to Oriya
@@ -196971,8 +196969,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/or.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "ସ୍ପର୍ଶକାତର ସ୍ତର"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pa.po policycoreutils-2.0.85/po/pa.po
---- nsapolicycoreutils/po/pa.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/pa.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/pa.po 2011-02-17 15:11:24.981737250 -0500
++++ policycoreutils-2.0.85/po/pa.po 2011-02-18 16:03:41.437976214 -0500
@@ -3,22 +3,40 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER.
#
@@ -201746,8 +201744,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pa.po policycoreutils
+#~ "tcp\n"
+#~ "udp"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pl.po policycoreutils-2.0.85/po/pl.po
---- nsapolicycoreutils/po/pl.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/pl.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/pl.po 2011-02-17 15:11:25.342731280 -0500
++++ policycoreutils-2.0.85/po/pl.po 2011-02-18 16:03:41.438976221 -0500
@@ -5,28 +5,46 @@
msgstr ""
"Project-Id-Version: pl\n"
@@ -206759,8 +206757,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pl.po policycoreutils
-#~ msgid "SELinux user '%s' is required"
-#~ msgstr "Użytkownik SELinuksa \"%s\" jest wymagany"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/policycoreutils.pot policycoreutils-2.0.85/po/policycoreutils.pot
---- nsapolicycoreutils/po/policycoreutils.pot 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/policycoreutils.pot 2010-12-21 16:16:39.000000000 -0500
+--- nsapolicycoreutils/po/policycoreutils.pot 2011-02-17 15:11:25.050736108 -0500
++++ policycoreutils-2.0.85/po/policycoreutils.pot 2011-02-17 15:23:38.811766269 -0500
@@ -8,10 +8,11 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -209973,8 +209971,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/policycoreutils.pot p
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/POTFILES policycoreutils-2.0.85/po/POTFILES
---- nsapolicycoreutils/po/POTFILES 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/POTFILES 2010-12-21 16:16:39.000000000 -0500
+--- nsapolicycoreutils/po/POTFILES 2011-02-17 15:11:26.009720263 -0500
++++ policycoreutils-2.0.85/po/POTFILES 2011-02-17 15:23:37.438756244 -0500
@@ -22,5 +22,32 @@
../restorecond/stringslist.h \
../restorecond/restorecond.c \
@@ -210009,8 +210007,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/POTFILES policycoreut
../secon/secon.c \
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/POTFILES.in policycoreutils-2.0.85/po/POTFILES.in
---- nsapolicycoreutils/po/POTFILES.in 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/POTFILES.in 2010-12-21 16:16:39.000000000 -0500
+--- nsapolicycoreutils/po/POTFILES.in 2011-02-17 15:11:25.894722166 -0500
++++ policycoreutils-2.0.85/po/POTFILES.in 2011-02-17 15:23:37.440756258 -0500
@@ -21,6 +21,7 @@
restorecond/restorecond.c
restorecond/utmpwatcher.c
@@ -210028,8 +210026,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/POTFILES.in policycor
gui/templates/executable.py
gui/templates/__init__.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pt_BR.po policycoreutils-2.0.85/po/pt_BR.po
---- nsapolicycoreutils/po/pt_BR.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/pt_BR.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/pt_BR.po 2011-02-17 15:11:25.358731021 -0500
++++ policycoreutils-2.0.85/po/pt_BR.po 2011-02-18 16:03:41.438976221 -0500
@@ -1,26 +1,49 @@
-# Brazilian Portuguese translation of policycoreutils
+# translation of pt_BR.po to Portuguese
@@ -215948,8 +215946,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pt_BR.po policycoreut
-#~ msgstr "Erro de Opções: %s "
+#~ msgstr "Nível de sensibilidade"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pt.po policycoreutils-2.0.85/po/pt.po
---- nsapolicycoreutils/po/pt.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/pt.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/pt.po 2011-02-17 15:11:25.640726363 -0500
++++ policycoreutils-2.0.85/po/pt.po 2011-02-18 16:03:41.441976242 -0500
@@ -1,22 +1,38 @@
+# Rui Gouveia <rui.gouveia at gmail.com>, 2010.
+# Sérgio Mesquita <smesquita at gmail.com>, 2010.
@@ -221316,8 +221314,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pt.po policycoreutils
#~ msgid "Allow httpd to access samba/cifs file systems"
#~ msgstr "Permitir ao HTTPD aceder a sistemas de ficheiros Samba/CIFS"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ro.po policycoreutils-2.0.85/po/ro.po
---- nsapolicycoreutils/po/ro.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ro.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ro.po 2011-02-17 15:11:25.881722382 -0500
++++ policycoreutils-2.0.85/po/ro.po 2011-02-18 16:03:41.441976242 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -224347,8 +224345,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ro.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ru.po policycoreutils-2.0.85/po/ru.po
---- nsapolicycoreutils/po/ru.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ru.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ru.po 2011-02-17 15:11:25.611726842 -0500
++++ policycoreutils-2.0.85/po/ru.po 2011-02-18 16:03:41.442976249 -0500
@@ -1,21 +1,42 @@
+# translation of ru.po to Russian
+# translation of ru.po to
@@ -229273,8 +229271,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ru.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "Необходим SELinux пользователь «%s»"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils-2.0.85/po/si.po
---- nsapolicycoreutils/po/si.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/si.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/si.po 2011-02-17 15:11:25.272732440 -0500
++++ policycoreutils-2.0.85/po/si.po 2011-02-18 16:03:41.442976249 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -232304,8 +232302,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils-2.0.85/po/sk.po
---- nsapolicycoreutils/po/sk.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/sk.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/sk.po 2011-02-17 15:11:25.302731946 -0500
++++ policycoreutils-2.0.85/po/sk.po 2011-02-18 16:03:41.442976249 -0500
@@ -7,16 +7,36 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -235429,8 +235427,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils
#~ msgid "Requires value"
#~ msgstr "Požaduje hodnotu"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils-2.0.85/po/sl.po
---- nsapolicycoreutils/po/sl.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/sl.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/sl.po 2011-02-17 15:11:25.560727684 -0500
++++ policycoreutils-2.0.85/po/sl.po 2011-02-18 16:03:41.443976256 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -238460,8 +238458,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils-2.0.85/po/sq.po
---- nsapolicycoreutils/po/sq.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/sq.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/sq.po 2011-02-17 15:11:25.382730625 -0500
++++ policycoreutils-2.0.85/po/sq.po 2011-02-18 16:03:41.443976256 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -241491,8 +241489,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycoreutils-2.0.85/po/sr at latin.po
---- nsapolicycoreutils/po/sr at latin.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/sr at latin.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/sr at latin.po 2011-02-17 15:11:25.433729780 -0500
++++ policycoreutils-2.0.85/po/sr at latin.po 2011-02-18 16:03:41.443976256 -0500
@@ -1,26 +1,44 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian(Latin) translations for policycoreutils
@@ -246379,8 +246377,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycor
-#~ "Dopuštanje\n"
-#~ "Isključeno\n"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils-2.0.85/po/sr.po
---- nsapolicycoreutils/po/sr.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/sr.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/sr.po 2011-02-17 15:11:25.985720665 -0500
++++ policycoreutils-2.0.85/po/sr.po 2011-02-18 16:03:41.444976263 -0500
@@ -1,26 +1,44 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian translations for policycoreutils
@@ -251259,8 +251257,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils
-#~ "Допуштање\n"
-#~ "Искључено\n"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils-2.0.85/po/sv.po
---- nsapolicycoreutils/po/sv.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/sv.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/sv.po 2011-02-17 15:11:25.293732093 -0500
++++ policycoreutils-2.0.85/po/sv.po 2011-02-18 16:03:41.444976263 -0500
@@ -1,21 +1,41 @@
# Swedish messages for policycoreutils.
-# Copyright © 2001-2008 Free Software Foundation, Inc.
@@ -255358,8 +255356,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "SELinux-användare \"%s\" krävs"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils-2.0.85/po/ta.po
---- nsapolicycoreutils/po/ta.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ta.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ta.po 2011-02-17 15:11:24.904738516 -0500
++++ policycoreutils-2.0.85/po/ta.po 2011-02-18 16:03:41.445976270 -0500
@@ -1,30 +1,44 @@
-# translation of ta.po to Tamil
+# translation of policycoreutils.HEAD.ta.po to Tamil
@@ -259736,8 +259734,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils
+#~ msgid "Executable required"
+#~ msgstr "இயங்கக்கூடியது தேவைப்படுகிறது"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.85/po/te.po
---- nsapolicycoreutils/po/te.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/te.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/te.po 2011-02-17 15:11:25.474729106 -0500
++++ policycoreutils-2.0.85/po/te.po 2011-02-18 16:03:41.445976270 -0500
@@ -1,16 +1,17 @@
-# translation of new_policycoreutils.HEAD.te.po to Telugu
+# translation of policycoreutils.HEAD.te.po to Telugu
@@ -264499,8 +264497,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr "SELinux వినియోగదారి '%s' అవసరము"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.85/po/th.po
---- nsapolicycoreutils/po/th.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/th.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/th.po 2011-02-17 15:11:25.075735680 -0500
++++ policycoreutils-2.0.85/po/th.po 2011-02-18 16:03:41.446976277 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -267530,8 +267528,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.85/po/tr.po
---- nsapolicycoreutils/po/tr.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/tr.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/tr.po 2011-02-17 15:11:25.141734605 -0500
++++ policycoreutils-2.0.85/po/tr.po 2011-02-18 16:03:41.446976277 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -270561,8 +270559,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.85/po/uk.po
---- nsapolicycoreutils/po/uk.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/uk.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/uk.po 2011-02-17 15:11:25.994720514 -0500
++++ policycoreutils-2.0.85/po/uk.po 2011-02-18 16:03:41.446976277 -0500
@@ -1,19 +1,40 @@
# Ukraqinian translation of policycoreutils.
# Copyright (C) 2006 Free software Foundation
@@ -270605,7 +270603,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: selinux-polgengui.desktop.in.h:2 ../gui/polgen.glade:91
+#: ../gui/polgen.glade:124
+msgid "SELinux Policy Generation Tool"
-+msgstr "Утиліта генерації політики SELinux"
++msgstr "Утиліта генерації правил SELinux"
#: ../run_init/run_init.c:67
msgid ""
@@ -270618,7 +270616,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
#: ../run_init/run_init.c:203 ../newrole/newrole.c:370
#, c-format
-@@ -77,23 +98,19 @@
+@@ -77,58 +98,54 @@
#: ../run_init/run_init.c:405 ../newrole/newrole.c:1321
#, c-format
msgid "Could not set exec context to %s.\n"
@@ -270636,7 +270634,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
#: ../audit2allow/audit2allow:218
msgid "To make this policy package active, execute:"
-msgstr ""
-+msgstr "Для активації пакету політики виконайте:"
++msgstr "Для активації пакету правил виконайте:"
#: ../semanage/seobject.py:48
-#, fuzzy
@@ -270646,7 +270644,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
#: ../semanage/seobject.py:55
msgid "SELinux policy is not managed or store cannot be accessed."
-@@ -108,27 +125,27 @@
+-msgstr "Політика SELinux не є призначеною або немає доступу до сховища."
++msgstr "Правила SELinux не призначено або немає доступу до сховища."
+
+ #: ../semanage/seobject.py:60
+ msgid "Cannot read policy store."
+-msgstr "Не вдається прочитати сховище політики."
++msgstr "Не вдається прочитати дані сховища правил."
+
+ #: ../semanage/seobject.py:65
+ msgid "Could not establish semanage connection"
msgstr "Не вдається встановити з'єднання з semanage"
#: ../semanage/seobject.py:70
@@ -270855,7 +270862,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../semanage/seobject.py:524
#, python-format
msgid "Login mapping for %s is defined in policy, cannot be deleted"
- msgstr "mapping входу для %s визначено у політиці, не вдається видалити"
+-msgstr "mapping входу для %s визначено у політиці, не вдається видалити"
++msgstr "mapping входу для %s визначено у правилах, не вдається видалити"
-#: ../semanage/seobject.py:532
+#: ../semanage/seobject.py:528
@@ -270984,7 +270992,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../semanage/seobject.py:731
#, python-format
msgid "SELinux user %s is defined in policy, cannot be deleted"
- msgstr "Користувач SELinux %s визначено у політиці, не може бути видалений"
+-msgstr "Користувач SELinux %s визначено у політиці, не може бути видалений"
++msgstr "Користувач SELinux %s визначено у правилах, не може бути видалений"
-#: ../semanage/seobject.py:739
+#: ../semanage/seobject.py:735
@@ -271172,7 +271181,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
#, python-format
msgid "Port %s/%s is defined in policy, cannot be deleted"
-msgstr "Порт %s/%s визначено у політиці, не можу бути видалений"
-+msgstr "Порт %s/%s визначено у політиці, не може бути видалений"
++msgstr "Порт %s/%s визначено у правилах, не може бути видалений"
-#: ../semanage/seobject.py:958
+#: ../semanage/seobject.py:954
@@ -271368,7 +271377,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#, python-format
msgid "Addr %s is defined in policy, cannot be deleted"
-msgstr "Порт %s/%s визначено у політиці, не можу бути видалений"
-+msgstr "Addr %s визначено у політиці та не може бути видалена"
++msgstr "Addr %s визначено у правилах та не може бути видалена"
-#: ../semanage/seobject.py:1196
-#, fuzzy, python-format
@@ -271475,7 +271484,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../semanage/seobject.py:1363
#, python-format
msgid "Interface %s is defined in policy, cannot be deleted"
- msgstr "Інтерфейс %s визначений у політиці, не може бути видалений"
+-msgstr "Інтерфейс %s визначений у політиці, не може бути видалений"
++msgstr "Інтерфейс %s визначений у правилах, не може бути видалений"
-#: ../semanage/seobject.py:1371
+#: ../semanage/seobject.py:1367
@@ -271613,7 +271623,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../semanage/seobject.py:1588
#, python-format
msgid "File context for %s is defined in policy, cannot be deleted"
- msgstr "Контекст файлу для %s визначено у політиці, його не можна видалити"
+-msgstr "Контекст файлу для %s визначено у політиці, його не можна видалити"
++msgstr "Контекст файлу для %s визначено у правилах, його не можна видалити"
-#: ../semanage/seobject.py:1598
+#: ../semanage/seobject.py:1594
@@ -271696,7 +271707,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../semanage/seobject.py:1721
#, python-format
msgid "Boolean %s is defined in policy, cannot be deleted"
- msgstr "Логічне значення %s визначено у політиці, його не можна видалити"
+-msgstr "Логічне значення %s визначено у політиці, його не можна видалити"
++msgstr "Логічне значення %s визначено у правилах, його не можна видалити"
-#: ../semanage/seobject.py:1729
+#: ../semanage/seobject.py:1725
@@ -271805,7 +271817,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
#: ../newrole/newrole.c:1196
#, c-format
-@@ -1189,19 +1204,19 @@
+@@ -1189,24 +1204,24 @@
msgstr "не вдається виконати оболонку\n"
#: ../load_policy/load_policy.c:22
@@ -271819,17 +271831,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
#, c-format
msgid "%s: Policy is already loaded and initial load requested\n"
-msgstr ""
-+msgstr "%s: Політика вже завантажена, запитано початкове завантаження\n"
++msgstr "%s: правила вже завантажено, запитано початкове завантаження\n"
#: ../load_policy/load_policy.c:80
-#, fuzzy, c-format
+#, c-format
msgid "%s: Can't load policy and enforcing mode requested: %s\n"
-msgstr "%s: Не вдається завантажити політику: %s\n"
-+msgstr "%s: Не вдається завантажити запитану політику у примусовий режим: %s\n"
++msgstr "%s: не вдається завантажити запитані правила у примусовому режимі: %s\n"
#: ../load_policy/load_policy.c:90
#, c-format
+ msgid "%s: Can't load policy: %s\n"
+-msgstr "%s: Не вдається завантажити політику: %s\n"
++msgstr "%s: Не вдається завантажити правила: %s\n"
+
+ #: ../scripts/chcat:92 ../scripts/chcat:169
+ msgid "Requires at least one category"
@@ -1233,7 +1248,7 @@
#: ../scripts/chcat:319
@@ -271952,7 +271970,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
-#~ msgstr "Контекст файлу для %s не визначено"
+#: ../gui/modulesPage.py:48 ../gui/system-config-selinux.glade:3151
+msgid "Policy Module"
-+msgstr "Модуль політики"
++msgstr "Модуль правил"
-#, fuzzy
-#~ msgid "SELinux Service Protection"
@@ -271987,7 +272005,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
-#~ msgstr "Не вдається додати користувача SELinux %s"
+#: ../gui/modulesPage.py:162
+msgid "Load Policy Module"
-+msgstr "Завантажити модуль політики"
++msgstr "Завантажити модуль правил"
-#, fuzzy
-#~ msgid "Modify SELinux User Mapping"
@@ -272032,14 +272050,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"File context file (fc)\n"
+"Shell script (sh) - used to compile and install the policy. "
+msgstr ""
-+"Використовуючи цю утиліту можна створити інфраструктуру політики, обмежити "
++"Використовуючи цю утиліту можна створити інфраструктуру правил, обмежити "
+"роботу програм та користувачів за допомогою SELinux.\n"
+"\n"
+"Утиліта генерує:\n"
+"Файл примусового типу (te)\n"
+"Файл інтерфейсу (if)\n"
+"Файл контексту (fc)\n"
-+"Сценарій оболонки (sh) для компіляції та параметри політики."
++"Сценарій оболонки (sh) для компіляції та параметри правил."
+
+#: ../gui/polgen.glade:165
+msgid "Select type of the application/user role to be confined"
@@ -272071,7 +272089,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/polgen.glade:301
+msgid "Internet Services Daemon (inetd)"
-+msgstr "Служба Інтернет-сервісів (inetd)"
++msgstr "Служба Інтернет-служб (inetd)"
+
+#: ../gui/polgen.glade:320
+msgid ""
@@ -272157,7 +272175,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../gui/polgen.glade:583
+msgid "<b>Root Users</b>"
+msgstr "<b>Користувачі root</b>"
-+
+
+-#~ msgid "Requires value"
+-#~ msgstr "Потрібно вказати значення"
+#: ../gui/polgen.glade:645
+msgid ""
+"Select Root Administrator User Role, if this user will be used to administer "
@@ -272189,37 +272209,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#: ../gui/polgen.glade:804 ../gui/polgen.glade:924 ../gui/polgen.glade:2927
+msgid "..."
+msgstr "..."
-+
-+#: ../gui/polgen.glade:823
-+msgid "Enter unique name for the confined application or user role."
-+msgstr "Введіть унікальну назву для обмежуваної ролі програми/ користувача."
-+
-+#: ../gui/polgen.glade:845
-+msgid "Executable"
-+msgstr "Виконуваний компонент"
-+
-+#: ../gui/polgen.glade:873
-+msgid "Init script"
-+msgstr "Сценарій init"
-+
-+#: ../gui/polgen.glade:901
-+msgid ""
-+"Enter complete path to init script used to start the confined application."
-+msgstr ""
-+"Вкажіть повний шлях до сценарію init, що використовується для запуску "
-+"обмежуваної програми."
-
--#~ msgid "Requires value"
--#~ msgstr "Потрібно вказати значення"
-+#: ../gui/polgen.glade:981
-+msgid "Select user roles that you want to customize"
-+msgstr "Виберіть ролі користувачів, які хочете змінити"
-#~ msgid "Invalid prefix %s"
-#~ msgstr "Неправильний префікс %s"
-+#: ../gui/polgen.glade:1002 ../gui/polgen.glade:1150
-+msgid "Select the user roles that will transiton to this applications domains."
-+msgstr "Виберіть ролі користувачів, які слід перенести у домени програм."
++#: ../gui/polgen.glade:823
++msgid "Enter unique name for the confined application or user role."
++msgstr "Введіть унікальну назву для обмежуваної ролі програми/ користувача."
-#~ msgid "Requires 2 or more arguments"
-#~ msgstr "Потрібно 2 або більше аргументів"
@@ -272248,12 +272243,35 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
-#~ "\n"
-#~ "semodule -i %s.pp\n"
-#~ "\n"
-+#: ../gui/polgen.glade:1055
-+msgid "Select additional domains to which this user role will transition"
-+msgstr "Виберіть додаткові домени, у яких має бути ця роль"
++#: ../gui/polgen.glade:845
++msgid "Executable"
++msgstr "Виконуваний компонент"
-#~ msgid "Options Error: %s "
-#~ msgstr "Помилка у аргументах: %s "
++#: ../gui/polgen.glade:873
++msgid "Init script"
++msgstr "Сценарій init"
++
++#: ../gui/polgen.glade:901
++msgid ""
++"Enter complete path to init script used to start the confined application."
++msgstr ""
++"Вкажіть повний шлях до сценарію init, що використовується для запуску "
++"обмежуваної програми."
++
++#: ../gui/polgen.glade:981
++msgid "Select user roles that you want to customize"
++msgstr "Виберіть ролі користувачів, які хочете змінити"
++
++#: ../gui/polgen.glade:1002 ../gui/polgen.glade:1150
++msgid "Select the user roles that will transiton to this applications domains."
++msgstr "Виберіть ролі користувачів, які слід перенести у домени програм."
++
++#: ../gui/polgen.glade:1055
++msgid "Select additional domains to which this user role will transition"
++msgstr "Виберіть додаткові домени, у яких має бути ця роль"
++
+#: ../gui/polgen.glade:1076
+msgid ""
+"Select the applications domains that you would like this user role to "
@@ -272414,15 +272432,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/polgen.glade:2864
+msgid "Select directory to generate policy in"
-+msgstr "Виберіть каталог, у якому буде створюватись політика"
++msgstr "Виберіть каталог, у якому будуть створюватись правила"
+
+#: ../gui/polgen.glade:2882
+msgid "Policy Directory"
-+msgstr "Каталог політики"
++msgstr "Каталог правил"
+
+#: ../gui/polgen.glade:2981 ../gui/polgen.glade:3024
+msgid "Generated Policy Files"
-+msgstr "Створені файли полчтики"
++msgstr "Створені файли правил"
+
+#: ../gui/polgen.glade:2982
+msgid ""
@@ -272516,7 +272534,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/polgengui.py:541
+msgid "Select directory to generate policy files in"
-+msgstr "Виберіть каталог, у якому будуть створюватись файли політики"
++msgstr "Виберіть каталог, у якому будуть створюватись файли правил"
+
+#: ../gui/polgengui.py:554
+#, python-format
@@ -272524,7 +272542,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"Type %s_t already defined in current policy.\n"
+"Do you want to continue?"
+msgstr ""
-+"Тип %s_t вже визначено у поточні політиці.\n"
++"Тип %s_t вже визначено у поточні правила.\n"
+"Продовжити?"
+
+#: ../gui/polgengui.py:554 ../gui/polgengui.py:558
@@ -272537,7 +272555,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"Module %s.pp already loaded in current policy.\n"
+"Do you want to continue?"
+msgstr ""
-+"Модуль %s.pp вже завантажено у поточну політику .\n"
++"Модуль %s.pp вже завантажено у поточні правила.\n"
+"Продовжити?"
+
+#: ../gui/polgengui.py:604
@@ -273035,7 +273053,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/selinux.tbl:71
+msgid "Disable SELinux protection for Evolution"
-+msgstr "Вимкнути захист SELinux для Evolution"
++msgstr "Захист SELinux для Evolution вимкнено"
+
+#: ../gui/selinux.tbl:72
+msgid "Games"
@@ -273043,7 +273061,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/selinux.tbl:72
+msgid "Disable SELinux protection for games"
-+msgstr "Защита SELinux для ігор вимкнено"
++msgstr "Захист SELinux для ігор вимкнено"
+
+#: ../gui/selinux.tbl:73
+msgid "Disable SELinux protection for the web browsers"
@@ -273478,7 +273496,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/selinux.tbl:170
+msgid "Do not allow any processes to modify kernel SELinux policy"
-+msgstr "Не дозволяти процесам змінювати політику SELinux у ядрі"
++msgstr "Не дозволяти процесам змінювати правила SELinux у ядрі"
+
+#: ../gui/selinux.tbl:171
+msgid "Disable SELinux protection for sendmail daemon"
@@ -273825,7 +273843,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"the next boot. Relabeling takes a long time depending on the size of the "
+"file system. Do you wish to continue?"
+msgstr ""
-+"Зміна типу політики вимагає повторної розмітки всієї файлової системи при "
++"Зміна типу правил вимагає повторної розмітки всієї файлової системи при "
+"наступному завантаженні. Процес розмітки може бути досить тривалим залежно "
+"від розміру файлової системи. Продовжити?"
+
@@ -273838,11 +273856,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"enforce SELinux policy. Permissive mode does not require a reboot Do you "
+"wish to continue?"
+msgstr ""
-+"Вимикання політики SELinux вимагає перезавантаження та не рекомендується. "
++"Вимикання правил SELinux вимагає перезавантаження та не рекомендується. "
+"Якщо у подальшому ви захочете увімкнути SELinux, знадобиться виконати "
+"повторну розмітку файлової системи. Якщо ж ви просто хочете перевірити, чи "
+"не викликає SELinux проблем у системі, використовуйте дозволений режим, який "
-+"не робить політику примусовою, але при цьому реєструє помилки у журналі. "
++"не примушує до виконання правил, але при цьому реєструє помилки у журналі. "
+"Дозволений режим не вимагає перезавантаження. Продовжити?"
+
+#: ../gui/statusPage.py:152
@@ -273851,7 +273869,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"on the next boot. Relabeling takes a long time depending on the size of the "
+"file system. Do you wish to continue?"
+msgstr ""
-+"Активація політики SELinux вимагає повторної розмітки всієї файлової системи "
++"Активація правил SELinux вимагає повторної розмітки всієї файлової системи "
+"при наступному завантаженні. Процес розмітки може бути досить тривалим "
+"залежно від розміру файлової системи. Продовжити?"
+
@@ -273913,9 +273931,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+"звичайний файл\n"
+"каталог\n"
+"символьний пристрій\n"
-+"блочний пристрій\n"
++"блоковий пристрій\n"
+"сокет\n"
-+"символьне посилання\n"
++"символічне посилання\n"
+"канал\n"
+
+#: ../gui/system-config-selinux.glade:965
@@ -273970,7 +273988,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/system-config-selinux.glade:1611
+msgid "System Default Policy Type: "
-+msgstr "Тип типової політики:"
++msgstr "Тип типових правил системи:"
+
+#: ../gui/system-config-selinux.glade:1656
+msgid ""
@@ -273981,7 +273999,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+msgstr ""
+"Виберіть, якщо хочете виконати повторну розмітку всієї файлової системи при "
+"наступному завантаженні. Процес повторної розмітки може бути досить тривалим "
-+"залежно від розміру файлової системи. При зміні типу політики також "
++"залежно від розміру файлової системи. При зміні типу правил також "
+"знадобиться повторна розмітка."
+
+#: ../gui/system-config-selinux.glade:1702
@@ -274115,15 +274133,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/system-config-selinux.glade:2991
+msgid "Generate new policy module"
-+msgstr "Генерувати модуль нової політики"
++msgstr "Генерувати модуль нових правил"
+
+#: ../gui/system-config-selinux.glade:3007
+msgid "Load policy module"
-+msgstr "Завантажити модуль політики"
++msgstr "Завантажити модуль правил"
+
+#: ../gui/system-config-selinux.glade:3023
+msgid "Remove loadable policy module"
-+msgstr "Видалити завантажувальний модуль політики"
++msgstr "Видалити завантажувальний модуль правил"
+
+#: ../gui/system-config-selinux.glade:3059
+msgid ""
@@ -274139,7 +274157,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+
+#: ../gui/system-config-selinux.glade:3216
+msgid "Change process mode to permissive."
-+msgstr "Змінити режим процесу на дозволяючий."
++msgstr "Змінити режим процесу на нестрогий."
+
+#: ../gui/system-config-selinux.glade:3234
+msgid "Change process mode to enforcing"
@@ -274162,8 +274180,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils
+#~ msgid "Sensitivity Level"
+#~ msgstr "Рівень чутливості"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.85/po/ur.po
---- nsapolicycoreutils/po/ur.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/ur.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/ur.po 2011-02-17 15:11:25.753724502 -0500
++++ policycoreutils-2.0.85/po/ur.po 2011-02-18 16:03:41.452976319 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -277193,8 +277211,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.85/po/vi.po
---- nsapolicycoreutils/po/vi.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/vi.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/vi.po 2011-02-17 15:11:25.403730277 -0500
++++ policycoreutils-2.0.85/po/vi.po 2011-02-18 16:03:41.452976319 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -280224,8 +280242,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils
+msgid "SELinux user '%s' is required"
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.85/po/zh_CN.po
---- nsapolicycoreutils/po/zh_CN.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/zh_CN.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/zh_CN.po 2011-02-17 15:11:25.091735430 -0500
++++ policycoreutils-2.0.85/po/zh_CN.po 2011-02-18 16:03:41.452976319 -0500
@@ -1,22 +1,40 @@
-# translation of policycoreutils.HEAD.po to Simplified Chinese
+# translation of policycoreutils.HEAD.po to Wei Liu
@@ -284858,8 +284876,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreut
+msgid "SELinux user '%s' is required"
+msgstr "SELinux 用户 '%s' 是必需的"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.85/po/zh_TW.po
---- nsapolicycoreutils/po/zh_TW.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/zh_TW.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/zh_TW.po 2011-02-17 15:11:25.674725801 -0500
++++ policycoreutils-2.0.85/po/zh_TW.po 2011-02-18 16:03:41.453976326 -0500
@@ -1,31 +1,51 @@
# translation of policycoreutils.HEAD.po to Traditional Chinese
+# translation of policycoreutils.HEAD.po to
@@ -289825,8 +289843,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreut
+msgid "SELinux user '%s' is required"
+msgstr "需要 SELinux 用戶「%s」"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.85/po/zu.po
---- nsapolicycoreutils/po/zu.po 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.85/po/zu.po 2010-12-21 16:18:01.000000000 -0500
+--- nsapolicycoreutils/po/zu.po 2011-02-17 15:11:25.728724910 -0500
++++ policycoreutils-2.0.85/po/zu.po 2011-02-18 16:03:41.453976326 -0500
@@ -8,14 +8,32 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 3f2f161..dcc70e4 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1022,10 +1022,10 @@ index 0000000..f88a29a
+
diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
new file mode 100644
-index 0000000..272479a
+index 0000000..8cf2f20
--- /dev/null
+++ b/policycoreutils/restorecond/user.c
-@@ -0,0 +1,239 @@
+@@ -0,0 +1,242 @@
+/*
+ * restorecond
+ *
@@ -1245,12 +1245,12 @@ index 0000000..272479a
+#ifdef HAVE_DBUS
+ if (dbus_server(loop) != 0)
+#endif /* HAVE_DBUS */
-+ if (local_server(loop) != 0)
-+ return 0;
++ if (local_server(loop))
++ goto end;
+
+ read_config(master_fd, watch_file);
+
-+ if (watch_list_isempty()) return 0;
++ if (watch_list_isempty()) goto end;
+
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+
@@ -1262,6 +1262,9 @@ index 0000000..272479a
+ io_channel_callback, NULL, NULL);
+
+ g_main_loop_run (loop);
++
++end:
++ g_main_loop_unref (loop);
+ return 0;
+}
+
@@ -1281,7 +1284,7 @@ index f182c22..feddb5a 100644
return changed;
diff --git a/policycoreutils/restorecond/watch.c b/policycoreutils/restorecond/watch.c
new file mode 100644
-index 0000000..c0caab2
+index 0000000..20a861f
--- /dev/null
+++ b/policycoreutils/restorecond/watch.c
@@ -0,0 +1,270 @@
@@ -1337,7 +1340,7 @@ index 0000000..c0caab2
+ char *dir = dirname(x);
+ ptr = firstDir;
+
-+ if (exclude(path)) return;
++ if (exclude(path)) goto end;
+
+ globbuf.gl_offs = 1;
+ if (glob(path,
@@ -1357,8 +1360,7 @@ index 0000000..c0caab2
+ while (ptr != NULL) {
+ if (strcmp(dir, ptr->dir) == 0) {
+ strings_list_add(&ptr->files, file);
-+ free(x);
-+ return;
++ goto end;
+ }
+ prev = ptr;
+ ptr = ptr->next;
@@ -1370,11 +1372,10 @@ index 0000000..c0caab2
+ ptr->wd = inotify_add_watch(fd, dir, IN_CREATE | IN_MOVED_TO);
+ if (ptr->wd == -1) {
+ free(ptr);
-+ free(x);
+ if (! run_as_user)
+ syslog(LOG_ERR, "Unable to watch (%s) %s\n",
+ path, strerror(errno));
-+ return;
++ goto end;
+ }
+
+ ptr->dir = strdup(dir);
@@ -1390,7 +1391,9 @@ index 0000000..c0caab2
+ if (debug_mode)
+ printf("%d: Dir=%s, File=%s\n", ptr->wd, ptr->dir, file);
+
++end:
+ free(x);
++ return;
+}
+
+/*
@@ -1621,7 +1624,7 @@ index ff0ee7c..0c8a085 100644
test:
@python test_sandbox.py -v
diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
-index 48a26c2..d1037bd 100644
+index 48a26c2..79cbb2d 100644
--- a/policycoreutils/sandbox/sandbox
+++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
@@ -1694,9 +1697,14 @@ index 48a26c2..d1037bd 100644
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
-@@ -161,10 +167,10 @@ class Sandbox:
- if not self.__options.homedir or not self.__options.tmpdir:
- self.usage(_("Homedir and tempdir required for level mounts"))
+@@ -158,13 +164,13 @@ class Sandbox:
+
+ def __validate_mount(self):
+ if self.__options.level:
+- if not self.__options.homedir or not self.__options.tmpdir:
+- self.usage(_("Homedir and tempdir required for level mounts"))
++ if not self.__options.homedir:
++ self.usage(_("Homedir required for level mounts"))
- if not os.path.exists("/usr/sbin/seunshare"):
+ if not os.path.exists(SEUNSHARE):
@@ -1770,9 +1778,9 @@ index 48a26c2..d1037bd 100644
+
usage = _("""
-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
-+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
++sandbox [-h] [-l level ] [-[X|M] [-H homedir] ] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+
-+sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
++sandbox [-h] [-l level ] [-[X|M] [-H homedir] ] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+%s
+""") % types
@@ -1781,18 +1789,21 @@ index 48a26c2..d1037bd 100644
parser = OptionParser(version=self.VERSION, usage=usage)
parser.disable_interspersed_args()
-@@ -268,6 +298,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
- action="callback", callback=self.__validdir,
- help=_("alternate /tmp directory to use for mounting"))
-
+@@ -263,10 +293,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ dest="homedir",
+ help=_("alternate home directory to use for mounting"))
+
+- parser.add_option("-T", "--tmpdir", dest="tmpdir",
+- type="string",
+- action="callback", callback=self.__validdir,
+- help=_("alternate /tmp directory to use for mounting"))
+ parser.add_option("-w", "--windowsize", dest="windowsize",
+ type="string", default=DEFAULT_WINDOWSIZE,
+ help="size of the sandbox window")
-+
+
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
- default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +310,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -276,13 +305,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -1811,17 +1822,52 @@ index 48a26c2..d1037bd 100644
if self.__options.setype:
self.setype = self.__options.setype
-@@ -299,6 +337,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -292,13 +325,14 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ if self.__options.session:
+ if not self.__options.setype:
+ self.setype = selinux.getcon()[1].split(":")[2]
+- if not self.__options.homedir or not self.__options.tmpdir:
+- self.usage(_("You must specify a Homedir and tempdir when setting up a session sandbox"))
++ if not self.__options.homedir:
++ self.usage(_("You must specify a Homedir when setting up a session sandbox"))
+ if len(cmds) > 0:
+ self.usage(_("Commands are not allowed in a session sandbox"))
self.__options.X_ind = True
self.__homedir = self.__options.homedir
- self.__tmpdir = self.__options.tmpdir
+- self.__tmpdir = self.__options.tmpdir
+ elif self.__options.level:
+ self.__homedir = self.__options.homedir
-+ self.__tmpdir = self.__options.tmpdir
else:
if len(cmds) == 0:
self.usage(_("Command required"))
-@@ -351,22 +392,24 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+@@ -323,9 +357,8 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+
+ con = selinux.getcon()[1].split(":")
+ self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.setype, level)
+- self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r",
+- "%s_file_t" % self.setype[:-2],
+- level)
++ self.__filecon = "%s:object_r:sandbox_file_t:%s" % (con[0],level)
++
+ def __setup_dir(self):
+ if self.__options.level or self.__options.session:
+ return
+@@ -339,34 +372,33 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+ else:
+ selinux.setfscreatecon(self.__filecon)
+ self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
++ self.__tmpdir = self.__homedir + "/.sandboxtmp";
++ if not os.path.exists(self.__tmpdir):
++ os.makedirs(self.__tmpdir)
+
+- if self.__options.tmpdir:
+- selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
+- self.__tmpdir = self.__options.tmpdir
+- else:
+- selinux.setfscreatecon(self.__filecon)
+- self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
+ selinux.setfscreatecon(None)
+ self.__copyfiles()
def __execute(self):
try:
@@ -1844,7 +1890,7 @@ index 48a26c2..d1037bd 100644
- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths
- rc = subprocess.Popen(cmds).wait()
- return rc
-+ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
++ cmds += [ "-h", self.__homedir ]
+
+ if self.__options.X_ind:
+ xmodmapfile = self.__homedir + "/.xmodmap"
@@ -1861,7 +1907,17 @@ index 48a26c2..d1037bd 100644
selinux.setexeccon(self.__execcon)
rc = subprocess.Popen(self.__cmds).wait()
-@@ -404,7 +447,7 @@ if __name__ == '__main__':
+@@ -383,8 +415,7 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
+
+ if self.__homedir and not self.__options.homedir:
+ shutil.rmtree(self.__homedir)
+- if self.__tmpdir and not self.__options.tmpdir:
+- shutil.rmtree(self.__tmpdir)
++
+ def main(self):
+ try:
+ self.__parse_options()
+@@ -404,7 +435,7 @@ if __name__ == '__main__':
sandbox = Sandbox()
rc = sandbox.main()
except OSError, error:
@@ -1871,7 +1927,7 @@ index 48a26c2..d1037bd 100644
error_exit(error.args[0])
except KeyError, error:
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
-index 1479364..73d33b3 100644
+index 1479364..7b4318a 100644
--- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8
@@ -1,10 +1,13 @@
@@ -1883,28 +1939,43 @@ index 1479364..73d33b3 100644
.B sandbox
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
-[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
-+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
++[-l level ] [[-M | -X] -H homedir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+
+.br
+.B sandbox
-+[-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
++[-l level ] [[-M | -X] -H homedir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
.br
.SH DESCRIPTION
.PP
-@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
- \fB\-T\ tmpdir
- Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
+@@ -18,11 +21,11 @@ package installed, you can use the -X option and the -M option.
+ .B sandbox -X
+ allows you to run X applications within a sandbox. These applications will start up their own X Server and create a temporary home directory and /tmp. The default SELinux policy does not allow any capabilities or network access. It also prevents all access to the users other processes and files. Files specified on the command that are in the home directory or /tmp will be copied into the sandbox directories.
+
+-If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels.
++If directories are specified with -H option the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels.
+ .PP
+ .TP
+ \fB\-H\ homedir
+-Use alternate homedir to mount over your home directory. Defaults to temporary. Requires -X or -M.
++Use alternate homedir to mount over your home directory. The /tmp dir will be prepopulated from homedir/.sandboxtmp directory if it exists. Defaults to temporary. Requires -X or -M.
.TP
+ \fB\-i file\fR
+ Copy this file into the appropriate temporary sandbox directory. Command can be repeated.
+@@ -39,8 +42,11 @@ Create a Sandbox with temporary files for $HOME and /tmp.
+ \fB\-t type\fR
+ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
+ .TP
+-\fB\-T\ tmpdir
+-Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
+\fB\-S
+Run a full desktop session, Requires level, and home and tmpdir.
+.TP
+\fB\-w windowsize\fR
+Specifies the windowsize when creating an X based Sandbox. The default windowsize is 1000x700.
-+.TP
+ .TP
\fB\-W windowmanager\fR
Select alternative window manager to run within
- .B sandbox -X.
-@@ -50,8 +59,17 @@ Default to /usr/bin/matchbox-window-manager.
+@@ -50,8 +56,17 @@ Default to /usr/bin/matchbox-window-manager.
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
@@ -2037,29 +2108,26 @@ index 8338203..e501b03 100644
break
diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8
new file mode 100644
-index 0000000..67beca0
+index 0000000..6063d6a
--- /dev/null
+++ b/policycoreutils/sandbox/seunshare.8
-@@ -0,0 +1,37 @@
+@@ -0,0 +1,34 @@
+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
+.SH NAME
+seunshare \- Run cmd with alternate homedir, tmpdir and/or SELinux context
+.SH SYNOPSIS
+.B seunshare
-+[ -v ] [ -t tmpdir ] [ -h homedir ] [ -Z context ] -- executable [args]
++[ -v ] -h homedir [ -Z context ] -- executable [args]
+.br
+.SH DESCRIPTION
+.PP
+Run the
+.I executable
-+within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir and tmpdir over the default homedir and /tmp. Finally it tells the kernel to execute the application under the specified SELinux context.
++within the specified context, using the alternate home directory and /tmp directory. The seunshare command unshares from the default namespace, then mounts the specified homedir over the default homedir. It also creates a temporary directori in /tmp and mounts it on top of /tmp and /var/tmp. Optionally it tells the kernel to execute the application under the specified SELinux context.
+
+.TP
+\fB\-h homedir\fR
-+Alternate homedir to be used by the application. Homedir must be owned by the user.
-+.TP
-+\fB\-t\ tmpdir
-+Use alternate temporary directory to mount on /tmp. tmpdir must be owned by the user.
++Alternate homedir to be used by the application. Homedir must be owned by the user. Can not be on /tmp. (seunsahre will create a new /tmp and copy the contents of homedir/.sandboxtmp into the newly created /tmp.
+.TP
+\fB\-c cgroups\fR
+Use cgroups to control this copy of seunshare. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
@@ -2079,7 +2147,7 @@ index 0000000..67beca0
+and
+.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index ec692e7..de694ad 100644
+index ec692e7..995f78a 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -1,28 +1,34 @@
@@ -2146,17 +2214,64 @@ index ec692e7..de694ad 100644
/* Change uid */
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
-@@ -134,42 +146,98 @@ static int verify_shell(const char *shell_name)
- static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) {
+@@ -90,18 +102,37 @@ static int set_signal_handles(void)
+ * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
+ */
+ static int verify_mount(const char *mntdir, struct passwd *pwd) {
++ int rc = -1;
+ struct stat sb;
+- if (stat(mntdir, &sb) == -1) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir, strerror(errno));
+- return -1;
++ if ((strncmp(mntdir, "/tmp", 4) == 0 ) || (strncmp(mntdir, "/var/tmp", 8) == 0 )) {
++ fprintf(stderr, _("Invalid mount point %s, you can not mount from the /tmp or /var/tmp directory\n"), mntdir);
++ return rc;
++ }
++
++ int fd = open(mntdir, O_RDONLY);
++ if (fd < 0) {
++ fprintf(stderr, _("Invalid mount point: %s does not exist\n"), mntdir);
++ return rc;
++ }
++
++ if (fstat(fd, &sb) == -1) {
++ fprintf(stderr, _("Invalid mount point: can not stat %s: %s\n"), mntdir, strerror(errno));
++ goto err;
++ }
++ if (! S_ISDIR(sb.st_mode)) {
++ fprintf(stderr, _("Invalid mount point: %s is not a directory: %s\n"), mntdir, strerror(errno));
++ goto err;
+ }
+ if (sb.st_uid != pwd->pw_uid) {
+ errno = EPERM;
+- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
+- perror(_("Invalid mount point, reporting to administrator"));
+- return -1;
++ syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory not owned by user, %s", pwd->pw_name, mntdir);
++ perror(_("Invalid mount point, not owned by user reporting to administrator"));
++ goto err;
+ }
+- return 0;
++ rc = 0;
++err:
++ close(fd);
++ return rc;
+ }
+
+ /**
+@@ -131,45 +162,330 @@ static int verify_shell(const char *shell_name)
+ return rc;
+ }
+
+-static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) {
++static int seunshare_mount_home(const char *src, struct passwd *pwd) {
++
++ const char *dst = pwd->pw_dir;
if (verbose)
printf("Mount %s on %s\n", src, dst);
- if (mount(dst, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
+
+ int flags = MS_REC;
-+ if (strcmp("/tmp", dst) == 0) {
-+ flags = flags | MS_NODEV | MS_NOSUID | MS_NOEXEC;
-+ }
-+
+ if (mount(dst, dst, NULL, MS_BIND | flags, NULL) < 0) {
fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
return -1;
@@ -2174,40 +2289,108 @@ index ec692e7..de694ad 100644
return -1;
}
- if (verify_mount(dst, pwd) < 0)
+- if (verify_mount(dst, pwd) < 0)
++ if (verify_mount(dst, pwd) < 0)
return -1;
+
-+ if (strcmp("/tmp", dst) == 0) {
-+ struct stat sb;
-+ int fd = open(dst,O_RDONLY);
-+ if ( fd == -1 ) goto err;
-+ if (fstat(fd, &sb) == -1) {
-+ close(fd);
-+ goto err;
-+ }
-+ if (fchmod(fd, sb.st_mode | S_ISVTX) < 0) {
-+ close(fd);
-+ goto err;
-+ }
-+ close(fd);
++ return 0;
++}
++
++static int set_label(char *srcdir) {
++ int rc = -1;
++ security_context_t filecon = NULL;
++ if (getfilecon(srcdir, &filecon) < 0) {
++ fprintf(stderr, _("Failed to get context of %s: %s\n"), srcdir, strerror(errno));
++ goto err;
+ }
++ rc =setfilecon("/tmp", filecon);
++ if (rc < 0) {
++ fprintf(stderr, _("Failed to set context %s on /tmp: %s\n"), filecon, strerror(errno));
++ freecon(filecon);
++ goto err;
++ }
++ rc = 0;
++err:
++ freecon(filecon);
++ return rc;
+ }
+
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++static char *seunshare_mount_tmp(void) {
+
-+ return 0;
++ char * tmpdir = NULL;
++ int rc = -1;
++ if (verbose)
++ printf("Mount tmpfs on /tmp\n");
++
++ int flags = MS_REC | MS_NODEV | MS_NOSUID | MS_NOEXEC;
++ if (mount("/tmp", "/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /tmp on /tmp: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ if (mount("/tmp", "/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to make /tmp private: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ if (mount("/var/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to make /tmp private: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ if (seteuid(0)) {
++ fprintf(stderr, _("Error changing uid, aborting.\n"));
++ goto err;
++ }
++/* if (setegid(0)) {
++ fprintf(stderr, _("Error changing gid, aborting.\n"));
++ goto err;
++ }
++*/
++ char template[] = "/tmp/.sandboxXXXXXX";
++ tmpdir = mkdtemp(template);
++ if (! tmpdir) {
++ fprintf(stderr, _("Failed to make temporary directory: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ if (mount(tmpdir, "/tmp", NULL, MS_BIND | flags, NULL ) < 0) {
++ fprintf(stderr, _("Failed to mount %s on /tmp: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++
++ if (mount("/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /tmp on /var/tmp: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ if (chmod("/tmp", strtol("1770",0,8))) {
++ fprintf(stderr, _("Unable to change mode on /tmp: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ rc = 0;
+err:
-+ fprintf(stderr, _("Invalid mount point %s: %s\n"), src, strerror(errno));
-+ return -1;
++ if (rc < 0) {
++ unlink(tmpdir);
++ return NULL;
++ }
++ return tmpdir;
+}
+
-+#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] [-Z CONTEXT] -- executable [args] ")
++#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -c ] -h homedir [-Z CONTEXT] -- executable [args] ")
+
+int sandbox_error(const char *string) {
+ fprintf(stderr, string);
+ syslog(LOG_AUTHPRIV | LOG_ALERT, string);
+ exit(-1);
-+
- }
-
--#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++}
+
+int match(const char *string, char *pattern) {
+ int status;
@@ -2223,17 +2406,184 @@ index ec692e7..de694ad 100644
+ return 1;
+}
+
-+void config_error() {
-+ fprintf(stderr, "Error parsing config file.");
-+ exit(-1);
++int setup_cgroups() {
++ char *cpus = NULL; /* which CPUs to use */
++ char *cgroupname = NULL;/* name for the cgroup */
++ char *mem = NULL; /* string for memory amount to pass to cgroup */
++ int64_t memusage = 0; /* amount of memory to use max (percent) */
++ int cpupercentage = 0; /* what percentage of cpu to allow usage */
++ FILE* fp;
++ char buf[BUF_SIZE];
++ char *tok = NULL;
++ int rc = -1;
++ const char* fname = "/etc/sysconfig/sandbox";
++
++ if ((fp = fopen(fname, "rt")) == NULL) {
++ fprintf(stderr, "Error opening sandbox config file.");
++ return rc;
++ }
++ while(fgets(buf, BUF_SIZE, fp) != NULL) {
++ /* Skip comments */
++ if (buf[0] == '#') continue;
++
++ /* Copy the string, ignoring whitespace */
++ int len = strlen(buf);
++ char *str = malloc((len + 1) * sizeof(char));
++
++ int ind = 0;
++ int i;
++ for (i = 0; i < len; i++) {
++ char cur = buf[i];
++ if (cur != ' ' && cur != '\t') {
++ str[ind] = cur;
++ ind++;
++ }
++ }
++ str[ind] = '\0';
++
++ tok = strtok(str, "=\n");
++ if (tok != NULL) {
++ if (!strcmp(tok, "CPUAFFINITY")) {
++ tok = strtok(NULL, "=\n");
++ cpus = strdup(tok);
++ if (!strcmp(cpus, "ALL")) {
++ free(cpus);
++ cpus = NULL;
++ }
++ } else if (!strcmp(tok, "MEMUSAGE")) {
++ tok = strtok(NULL, "=\n");
++ if (match(tok, "^[0-9]+[kKmMgG%]")) {
++ char *ind = strchr(tok, '%');
++ if (ind != NULL) {
++ *ind = '\0';;
++ memusage = atoi(tok);
++ } else {
++ mem = strdup(tok);
++ }
++ } else {
++ fprintf(stderr, "Error parsing config file.");
++ goto err;
++ }
++
++ } else if (!strcmp(tok, "CPUUSAGE")) {
++ tok = strtok(NULL, "=\n");
++ if (match(tok, "^[0-9]+\%")) {
++ char* ind = strchr(tok, '%');
++ *ind = '\0';
++ cpupercentage = atoi(tok);
++ } else {
++ fprintf(stderr, "Error parsing config file.");
++ goto err;
++ }
++ } else if (!strcmp(tok, "NAME")) {
++ tok = strtok(NULL, "=\n");
++ cgroupname = strdup(tok);
++ } else {
++ continue;
++ }
++ }
++
++ }
++ if (mem == NULL) {
++ long phypz = sysconf(_SC_PHYS_PAGES);
++ long psize = sysconf(_SC_PAGE_SIZE);
++ memusage = phypz * psize * (float) memusage / 100.0;
++ }
++
++ cgroup_init();
++
++ int64_t current_runtime = 0;
++ int64_t current_period = 0 ;
++ int64_t current_mem = 0;
++ char *curr_cpu_path = NULL;
++ char *curr_mem_path = NULL;
++ int ret = cgroup_get_current_controller_path(getpid(), "cpu", &curr_cpu_path);
++ if (ret) {
++ sandbox_error("Error while trying to get current controller path.\n");
++ } else {
++ struct cgroup *curr = cgroup_new_cgroup(curr_cpu_path);
++ cgroup_get_cgroup(curr);
++ cgroup_get_value_int64(cgroup_get_controller(curr, "cpu"), "cpu.rt_runtime_us", ¤t_runtime);
++ cgroup_get_value_int64(cgroup_get_controller(curr, "cpu"), "cpu.rt_period_us", ¤t_period);
++ }
++
++ ret = cgroup_get_current_controller_path(getpid(), "memory", &curr_mem_path);
++ if (ret) {
++ sandbox_error("Error while trying to get current controller path.\n");
++ } else {
++ struct cgroup *curr = cgroup_new_cgroup(curr_mem_path);
++ cgroup_get_cgroup(curr);
++ cgroup_get_value_int64(cgroup_get_controller(curr, "memory"), "memory.limit_in_bytes", ¤t_mem);
++ }
++
++ if (((float) cpupercentage) / 100.0> (float)current_runtime / (float) current_period) {
++ sandbox_error("CPU usage restricted!\n");
++ goto err;
++ }
++
++ if (mem == NULL) {
++ if (memusage > current_mem) {
++ sandbox_error("Attempting to use more memory than allowed!");
++ goto err;
++ }
++ }
++
++ long nprocs = sysconf(_SC_NPROCESSORS_ONLN);
++
++ struct sched_param sp;
++ sp.sched_priority = sched_get_priority_min(SCHED_FIFO);
++ sched_setscheduler(getpid(), SCHED_FIFO, &sp);
++ struct cgroup *sandbox_group = cgroup_new_cgroup(cgroupname);
++ cgroup_add_controller(sandbox_group, "memory");
++ cgroup_add_controller(sandbox_group, "cpu");
++
++ if (mem == NULL) {
++ if (memusage > 0) {
++ cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", memusage);
++ }
++ } else {
++ cgroup_set_value_string(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", mem);
++ }
++ if (cpupercentage > 0) {
++ cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "cpu"), "cpu.rt_runtime_us",
++ (float) cpupercentage / 100.0 * 60000);
++ cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "cpu"), "cpu.rt_period_us",60000 * nprocs);
++ }
++ if (cpus != NULL) {
++ cgroup_set_value_string(cgroup_get_controller(sandbox_group, "cpu"), "cgroup.procs",cpus);
++ }
++
++ uint64_t allocated_mem;
++ if (cgroup_get_value_uint64(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", &allocated_mem) > current_mem) {
++ sandbox_error("Attempting to use more memory than allowed!\n");
++ goto err;
++ }
++
++ rc = cgroup_create_cgroup(sandbox_group, 1);
++ if (rc != 0) {
++ sandbox_error("Failed to create group. Ensure that cgconfig service is running. \n");
++ goto err;
++ }
++
++ cgroup_attach_task(sandbox_group);
++
++ rc = 0;
++err:
++ free(mem);
++ free(cgroupname);
++ free(cpus);
++ return rc;
+}
int main(int argc, char **argv) {
- int rc;
+- int rc;
++ int rc = -1;
int status = -1;
-
+-
- security_context_t scontext;
-+ security_context_t scontext = NULL;
++ security_context_t execcon = NULL;
++ char *tmpdir = NULL;
++ char *cpbuf=NULL;
int flag_index; /* flag index in argv[] */
int clflag; /* holds codes for command line flags */
@@ -2243,22 +2593,17 @@ index ec692e7..de694ad 100644
const struct option long_options[] = {
{"homedir", 1, 0, 'h'},
- {"tmpdir", 1, 0, 't'},
+- {"tmpdir", 1, 0, 't'},
{"verbose", 1, 0, 'v'},
+ {"cgroups", 1, 0, 'c'},
+ {"context", 1, 0, 'Z'},
{NULL, 0, 0, 0}
};
-@@ -180,6 +248,17 @@ int main(int argc, char **argv) {
+@@ -180,6 +496,12 @@ int main(int argc, char **argv) {
return -1;
}
-+ if (setfsuid(uid) < 0) {
-+ fprintf(stderr, _("setfsuid failed. %s"), strerror(errno));
-+ return -1;
-+ }
-+
+#ifdef USE_NLS
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
@@ -2268,33 +2613,32 @@ index ec692e7..de694ad 100644
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -192,30 +271,30 @@ int main(int argc, char **argv) {
+@@ -192,80 +514,99 @@ int main(int argc, char **argv) {
}
while (1) {
- clflag = getopt_long(argc, argv, "h:t:", long_options,
-+ clflag = getopt_long(argc, argv, "cvh:t:c:m:p:Z:", long_options,
++ clflag = getopt_long(argc, argv, "cvh:Z:", long_options,
&flag_index);
if (clflag == -1)
break;
switch (clflag) {
- case 't':
+- case 't':
- if (!(tmpdir_s = realpath(optarg, NULL))) {
- fprintf(stderr, _("Invalid mount point %s: %s\n"), optarg, strerror(errno));
- return -1;
- }
-+ tmpdir_s = optarg;
- if (verify_mount(tmpdir_s, pwd) < 0) return -1;
- break;
+- if (verify_mount(tmpdir_s, pwd) < 0) return -1;
+- break;
case 'h':
- if (!(homedir_s = realpath(optarg, NULL))) {
- fprintf(stderr, _("Invalid mount point %s: %s\n"), optarg, strerror(errno));
- return -1;
- }
+- if (verify_mount(homedir_s, pwd) < 0) return -1;
+- if (verify_mount(pwd->pw_dir, pwd) < 0) return -1;
+ homedir_s = optarg;
- if (verify_mount(homedir_s, pwd) < 0) return -1;
- if (verify_mount(pwd->pw_dir, pwd) < 0) return -1;
break;
case 'v':
verbose = 1;
@@ -2303,18 +2647,19 @@ index ec692e7..de694ad 100644
+ usecgroups = 1;
+ break;
+ case 'Z':
-+ scontext = strdup(optarg);
++ execcon = strdup(optarg);
+ break;
default:
fprintf(stderr, "%s\n", USAGE_STRING);
return -1;
-@@ -223,21 +302,179 @@ int main(int argc, char **argv) {
+ }
}
- if (! homedir_s && ! tmpdir_s) {
+- if (! homedir_s && ! tmpdir_s) {
- fprintf(stderr, _("Error: tmpdir and/or homedir required \n"),
- "%s\n", USAGE_STRING);
-+ fprintf(stderr, _("Error: tmpdir and/or homedir required \n %s\n"),USAGE_STRING);
++ if (! homedir_s ) {
++ fprintf(stderr, _("Error: homedir required \n %s\n"),USAGE_STRING);
return -1;
}
@@ -2327,174 +2672,83 @@ index ec692e7..de694ad 100644
}
- scontext = argv[optind++];
-
+-
if (set_signal_handles())
return -1;
-+ if (usecgroups) {
-+ char *cpus = NULL; /* which CPUs to use */
-+ char *cgroupname = NULL;/* name for the cgroup */
-+ char *mem = NULL; /* string for memory amount to pass to cgroup */
-+ int64_t memusage = 0; /* amount of memory to use max (percent) */
-+ int cpupercentage = 0; /* what percentage of cpu to allow usage */
-+ FILE* fp;
-+ char buf[BUF_SIZE];
-+ char *tok = NULL;
-+ const char* fname = "/etc/sysconfig/sandbox";
-+
-+ if ((fp = fopen(fname, "rt")) == NULL) {
-+ fprintf(stderr, "Error opening sandbox config file.");
-+ exit(-1);
-+ }
-+ while(fgets(buf, BUF_SIZE, fp) != NULL) {
-+ /* Skip comments */
-+ if (buf[0] == '#') continue;
-+
-+ /* Copy the string, ignoring whitespace */
-+ int len = strlen(buf);
-+ char *str = malloc((len + 1) * sizeof(char));
-+
-+ int ind = 0;
-+ int i;
-+ for (i = 0; i < len; i++) {
-+ char cur = buf[i];
-+ if (cur != ' ' && cur != '\t') {
-+ str[ind] = cur;
-+ ind++;
-+ }
-+ }
-+ str[ind] = '\0';
-+
-+ tok = strtok(str, "=\n");
-+ if (tok != NULL) {
-+ if (!strcmp(tok, "CPUAFFINITY")) {
-+ tok = strtok(NULL, "=\n");
-+ cpus = strdup(tok);
-+ if (!strcmp(cpus, "ALL")) {
-+ cpus = NULL;
-+ }
-+ } else if (!strcmp(tok, "MEMUSAGE")) {
-+ tok = strtok(NULL, "=\n");
-+ if (match(tok, "^[0-9]+[kKmMgG%]")) {
-+ char *ind = strchr(tok, '%');
-+ if (ind != NULL) {
-+ *ind = '\0';;
-+ memusage = atoi(tok);
-+ } else {
-+ mem = strdup(tok);
-+ }
-+ } else {
-+ config_error();
-+ }
-+
-+ } else if (!strcmp(tok, "CPUUSAGE")) {
-+ tok = strtok(NULL, "=\n");
-+ if (match(tok, "^[0-9]+\%")) {
-+ char* ind = strchr(tok, '%');
-+ *ind = '\0';
-+ cpupercentage = atoi(tok);
-+ } else {
-+ config_error();
-+ }
-+ } else if (!strcmp(tok, "NAME")) {
-+ tok = strtok(NULL, "=\n");
-+ cgroupname = strdup(tok);
-+ } else {
-+ continue;
-+ }
-+ }
-+
-+
-+ }
-+ if (mem == NULL) {
-+ long phypz = sysconf(_SC_PHYS_PAGES);
-+ long psize = sysconf(_SC_PAGE_SIZE);
-+ memusage = phypz * psize * (float) memusage / 100.0;
-+ }
-+
-+ cgroup_init();
+
++ if (usecgroups && setup_cgroups() < 0) return -1;
+
-+ int64_t current_runtime = 0;
-+ int64_t current_period = 0 ;
-+ int64_t current_mem = 0;
-+ char *curr_cpu_path = NULL;
-+ char *curr_mem_path = NULL;
-+ int ret = cgroup_get_current_controller_path(getpid(), "cpu", &curr_cpu_path);
-+ if (ret) {
-+ sandbox_error("Error while trying to get current controller path.\n");
-+ } else {
-+ struct cgroup *curr = cgroup_new_cgroup(curr_cpu_path);
-+ cgroup_get_cgroup(curr);
-+ cgroup_get_value_int64(cgroup_get_controller(curr, "cpu"), "cpu.rt_runtime_us", ¤t_runtime);
-+ cgroup_get_value_int64(cgroup_get_controller(curr, "cpu"), "cpu.rt_period_us", ¤t_period);
-+ }
-+
-+ ret = cgroup_get_current_controller_path(getpid(), "memory", &curr_mem_path);
-+ if (ret) {
-+ sandbox_error("Error while trying to get current controller path.\n");
-+ } else {
-+ struct cgroup *curr = cgroup_new_cgroup(curr_mem_path);
-+ cgroup_get_cgroup(curr);
-+ cgroup_get_value_int64(cgroup_get_controller(curr, "memory"), "memory.limit_in_bytes", ¤t_mem);
-+ }
-+
-+ if (((float) cpupercentage) / 100.0> (float)current_runtime / (float) current_period) {
-+ sandbox_error("CPU usage restricted!\n");
-+ exit(-1);
-+ }
-+
-+ if (mem == NULL) {
-+ if (memusage > current_mem) {
-+ sandbox_error("Attempting to use more memory than allowed!");
-+ exit(-1);
-+ }
-+ }
-+
-+ long nprocs = sysconf(_SC_NPROCESSORS_ONLN);
-+
-+ struct sched_param sp;
-+ sp.sched_priority = sched_get_priority_min(SCHED_FIFO);
-+ sched_setscheduler(getpid(), SCHED_FIFO, &sp);
-+ struct cgroup *sandbox_group = cgroup_new_cgroup(cgroupname);
-+ cgroup_add_controller(sandbox_group, "memory");
-+ cgroup_add_controller(sandbox_group, "cpu");
-+
-+ if (mem == NULL) {
-+ if (memusage > 0) {
-+ cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", memusage);
-+ }
-+ } else {
-+ cgroup_set_value_string(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", mem);
-+ }
-+ if (cpupercentage > 0) {
-+ cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "cpu"), "cpu.rt_runtime_us",
-+ (float) cpupercentage / 100.0 * 60000);
-+ cgroup_set_value_uint64(cgroup_get_controller(sandbox_group, "cpu"), "cpu.rt_period_us",60000 * nprocs);
-+ }
-+ if (cpus != NULL) {
-+ cgroup_set_value_string(cgroup_get_controller(sandbox_group, "cpu"), "cgroup.procs",cpus);
-+ }
++ /* on NFS machines you need to setfsuid to be able to access files
++ on homedir, if this fails on a non NFS machine, we don't care,
++ if it fails on an NFS machine, the code below will fail.
++ */
++ if (setfsuid(uid) < 0) {
++ fprintf(stderr, _("setfsuid failed. %s"), strerror(errno));
++ return -1;
++ }
+
-+ uint64_t allocated_mem;
-+ if (cgroup_get_value_uint64(cgroup_get_controller(sandbox_group, "memory"), "memory.limit_in_bytes", &allocated_mem) > current_mem) {
-+ sandbox_error("Attempting to use more memory than allowed!\n");
-+ exit(-1);
-+ }
++ if (verify_mount(pwd->pw_dir, pwd) < 0) return -1;
++ if (verify_mount(homedir_s, pwd) < 0) return -1;
+
+ if (unshare(CLONE_NEWNS) < 0) {
+ perror(_("Failed to unshare"));
+ return -1;
+ }
+
+- if (homedir_s && tmpdir_s && (strncmp(pwd->pw_dir, tmpdir_s, strlen(pwd->pw_dir)) == 0)) {
+- if (seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
+- return -1;
+- if (seunshare_mount(homedir_s, pwd->pw_dir, pwd) < 0)
+- return -1;
+- } else {
+- if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir, pwd) < 0)
+- return -1;
+-
+- if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
+- return -1;
++ if ((tmpdir = seunshare_mount_tmp()) == NULL) return -1;
+
-+ int r = cgroup_create_cgroup(sandbox_group, 1);
-+ if (r != 0) {
-+ sandbox_error("Failed to create group. Ensure that cgconfig service is running. \n");
-+ exit(-1);
-+ }
++ /* you must mount the homedir first, since the tmpdir will use
++ the file context from the homedir to set its label*/
++ if (seunshare_mount_home(homedir_s, pwd) < 0) return -1;
+
++ if (asprintf(&tmpdir_s, "%s/.sandboxtmp", pwd->pw_dir) < 0) {
++ fprintf(stderr, _("Failed to allocate tmpdir path: %s\n"), strerror(errno));
++ return -1;
+ }
+
++ if (execcon && is_selinux_enabled() > 0)
++ set_label(tmpdir_s);
+
-+ cgroup_attach_task(sandbox_group);
+ if (drop_capabilities(uid)) {
+ perror(_("Failed to drop all capabilities"));
+- return -1;
++ goto err;
++ }
+
++ /* Since we have dropped capabilities and we have reset the UID,
++ the system call below should be safe */
++ if (asprintf(&cpbuf, "/usr/bin/rsync -r %s/ /tmp", tmpdir_s) < 0) {
++ fprintf(stderr, _("Failed to allocate copy command: %s\n"), strerror(errno));
++ goto err;
+ }
++
++ rc = system(cpbuf);
++ free(cpbuf);
++ if (rc < 0) {
++ fprintf(stderr, _("Failed to copy %s to /tmp: %s\n"), tmpdir_s, strerror(errno));
++ goto err;
+ }
- if (unshare(CLONE_NEWNS) < 0) {
- perror(_("Failed to unshare"));
-@@ -286,11 +523,13 @@ int main(int argc, char **argv) {
+ int child = fork();
+ if (child == -1) {
+ perror(_("Unable to fork"));
+- return -1;
++ goto err;
+ }
+
+ if (!child) {
+@@ -286,11 +627,15 @@ int main(int argc, char **argv) {
exit(-1);
}
@@ -2503,31 +2757,45 @@ index ec692e7..de694ad 100644
- scontext);
- free(display);
- exit(-1);
-+ if (scontext) {
-+ if (setexeccon(scontext)) {
++ if (execcon) {
++ if (setexeccon(execcon)) {
+ fprintf(stderr, _("Could not set exec context to %s.\n"),
-+ scontext);
++ execcon);
+ free(display);
++ free(execcon);
+ exit(-1);
+ }
++ free(execcon);
}
if (display)
-@@ -305,17 +544,14 @@ int main(int argc, char **argv) {
+@@ -305,17 +650,26 @@ int main(int argc, char **argv) {
perror(_("Failed to change dir to homedir"));
exit(-1);
}
- setsid();
execv(argv[optind], argv + optind);
free(display);
-+ freecon(scontext);
perror("execv");
exit(-1);
} else {
waitpid(child, &status, 0);
++ if (asprintf(&cpbuf, "/usr/bin/rsync --delete -ur /tmp/ %s 2>/dev/null", tmpdir_s) < 0) {
++ fprintf(stderr, _("Failed to allocate copy command: %s\n"), strerror(errno));
++ } else {
++ rc = system(cpbuf);
++ free(cpbuf);
++ if (rc < 0) {
++ fprintf(stderr, _("Failed to copy /tmp to %s: %s\n"), tmpdir_s, strerror(errno));
++ }
++ }
++ if (system("rm -rf /tmp 2>/dev/null") < 0) {
++ fprintf(stderr, _("Failed to cleanup /tmp: %s\n"), strerror(errno));
++ }
}
-
-- free(tmpdir_s);
+-
++err:
+ free(tmpdir_s);
- free(homedir_s);
-
return status;
@@ -3603,10 +3871,15 @@ index 70d1a20..fb6a79b 100644
+.br
Examples by Thomas Bleher <ThomasBleher at gmx.de>.
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index b7d257b..735c1ba 100644
+index b7d257b..d5920aa 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
-@@ -29,47 +29,12 @@ import sepolgen.module as module
+@@ -25,51 +25,17 @@ import pwd, grp, string, selinux, tempfile, os, re, sys, stat
+ from semanage import *;
+ PROGNAME = "policycoreutils"
+ import sepolgen.module as module
++from IPy import IP
+
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -3617,7 +3890,7 @@ index b7d257b..735c1ba 100644
- __builtin__.__dict__['_'] = unicode
-
-import syslog
--
+
-handle = None
-
-def get_handle(store):
@@ -3644,7 +3917,7 @@ index b7d257b..735c1ba 100644
- if rc < 0:
- semanage_handle_destroy(handle)
- raise ValueError(_("Could not establish semanage connection"))
-
+-
- is_mls_enabled = semanage_mls_enabled(handle)
- if is_mls_enabled < 0:
- semanage_handle_destroy(handle)
@@ -3658,7 +3931,7 @@ index b7d257b..735c1ba 100644
file_types = {}
file_types[""] = SEMANAGE_FCONTEXT_ALL;
-@@ -194,45 +159,148 @@ def untranslate(trans, prepend = 1):
+@@ -194,45 +160,148 @@ def untranslate(trans, prepend = 1):
return trans
else:
return raw
@@ -3821,7 +4094,7 @@ index b7d257b..735c1ba 100644
class dontauditClass(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
-@@ -259,14 +327,23 @@ class permissiveRecords(semanageRecords):
+@@ -259,14 +328,23 @@ class permissiveRecords(semanageRecords):
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -3849,7 +4122,7 @@ index b7d257b..735c1ba 100644
def add(self, type):
import glob
-@@ -343,7 +420,9 @@ class loginRecords(semanageRecords):
+@@ -343,7 +421,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -3860,7 +4133,7 @@ index b7d257b..735c1ba 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -475,6 +554,16 @@ class loginRecords(semanageRecords):
+@@ -475,6 +555,16 @@ class loginRecords(semanageRecords):
mylog.log(1, "delete SELinux user mapping", name);
@@ -3877,7 +4150,7 @@ index b7d257b..735c1ba 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -489,6 +578,15 @@ class loginRecords(semanageRecords):
+@@ -489,6 +579,15 @@ class loginRecords(semanageRecords):
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@@ -3893,7 +4166,7 @@ index b7d257b..735c1ba 100644
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -531,7 +629,8 @@ class seluserRecords(semanageRecords):
+@@ -531,7 +630,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -3903,7 +4176,7 @@ index b7d257b..735c1ba 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -682,6 +781,16 @@ class seluserRecords(semanageRecords):
+@@ -682,6 +782,16 @@ class seluserRecords(semanageRecords):
mylog.log(1,"delete SELinux user record", name)
@@ -3920,7 +4193,7 @@ index b7d257b..735c1ba 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -702,6 +811,15 @@ class seluserRecords(semanageRecords):
+@@ -702,6 +812,15 @@ class seluserRecords(semanageRecords):
return ddict
@@ -3936,7 +4209,7 @@ index b7d257b..735c1ba 100644
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -740,12 +858,16 @@ class portRecords(semanageRecords):
+@@ -740,12 +859,16 @@ class portRecords(semanageRecords):
low = int(ports[0])
high = int(ports[1])
@@ -3953,7 +4226,7 @@ index b7d257b..735c1ba 100644
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -808,6 +930,7 @@ class portRecords(semanageRecords):
+@@ -808,6 +931,7 @@ class portRecords(semanageRecords):
self.commit()
def __modify(self, port, proto, serange, setype):
@@ -3961,7 +4234,7 @@ index b7d257b..735c1ba 100644
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
-@@ -942,6 +1065,18 @@ class portRecords(semanageRecords):
+@@ -942,6 +1066,18 @@ class portRecords(semanageRecords):
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@@ -3980,35 +4253,53 @@ index b7d257b..735c1ba 100644
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -958,7 +1093,8 @@ class portRecords(semanageRecords):
+@@ -958,21 +1094,35 @@ class portRecords(semanageRecords):
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
-
+- def __add(self, addr, mask, proto, serange, ctype):
+ self.protocol = ["ipv4", "ipv6"]
+
- def __add(self, addr, mask, proto, serange, ctype):
++ def validate(self, addr, mask, protocol):
++ newaddr=""
++ newmask=""
++ newprotocol=""
if addr == "":
raise ValueError(_("Node Address is required"))
-@@ -966,14 +1102,11 @@ class nodeRecords(semanageRecords):
- if mask == "":
- raise ValueError(_("Node Netmask is required"))
+- if mask == "":
+- raise ValueError(_("Node Netmask is required"))
+-
- if proto == "ipv4":
- proto = 0
- elif proto == "ipv6":
- proto = 1
- else:
++ # verify valid comination
++ if len(mask) == 0 or mask[0] == "/":
++ i = IP(addr + mask)
++ else:
++ i = IP(addr + "/" + mask)
++ newaddr = i.strNormal(0)
++ newmask = str(i.netmask())
++ if protocol == "":
++ protocol = "ipv%d" % i.version()
++
+ try:
-+ proto = self.protocol.index(proto)
++ newprotocol = self.protocol.index(protocol)
+ except:
raise ValueError(_("Unknown or missing protocol"))
--
++ return newaddr, newmask, newprotocol
++
++ def __add(self, addr, mask, proto, serange, ctype):
++
++ addr, mask, proto = self.validate(addr, mask, proto)
+
if is_mls_enabled == 1:
if serange == "":
- serange = "s0"
-@@ -991,11 +1124,13 @@ class nodeRecords(semanageRecords):
+@@ -991,11 +1141,13 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -4023,7 +4314,7 @@ index b7d257b..735c1ba 100644
rc = semanage_node_set_addr(self.sh, node, proto, addr)
(rc, con) = semanage_context_create(self.sh)
-@@ -1005,8 +1140,7 @@ class nodeRecords(semanageRecords):
+@@ -1005,8 +1157,7 @@ class nodeRecords(semanageRecords):
rc = semanage_node_set_mask(self.sh, node, proto, mask)
if rc < 0:
raise ValueError(_("Could not set mask for %s") % addr)
@@ -4033,25 +4324,27 @@ index b7d257b..735c1ba 100644
rc = semanage_context_set_user(self.sh, con, "system_u")
if rc < 0:
raise ValueError(_("Could not set user in addr context for %s") % addr)
-@@ -1047,13 +1181,10 @@ class nodeRecords(semanageRecords):
+@@ -1042,18 +1193,8 @@ class nodeRecords(semanageRecords):
+ self.commit()
- if mask == "":
- raise ValueError(_("Node Netmask is required"))
+ def __modify(self, addr, mask, proto, serange, setype):
+- if addr == "":
+- raise ValueError(_("Node Address is required"))
+-
+- if mask == "":
+- raise ValueError(_("Node Netmask is required"))
- if proto == "ipv4":
- proto = 0
- elif proto == "ipv6":
- proto = 1
- else:
- raise ValueError(_("Unknown or missing protocol"))
--
-+ try:
-+ proto = self.protocol.index(proto)
-+ except:
-+ raise ValueError(_("Unknown or missing protocol"))
+
++ addr, mask, proto = self.validate(addr, mask, proto)
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
-@@ -1068,12 +1199,11 @@ class nodeRecords(semanageRecords):
+@@ -1068,12 +1209,11 @@ class nodeRecords(semanageRecords):
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
@@ -4065,22 +4358,27 @@ index b7d257b..735c1ba 100644
if serange != "":
semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
-@@ -1098,11 +1228,9 @@ class nodeRecords(semanageRecords):
- if mask == "":
- raise ValueError(_("Node Netmask is required"))
+@@ -1092,18 +1232,8 @@ class nodeRecords(semanageRecords):
+ self.commit()
+
+ def __delete(self, addr, mask, proto):
+- if addr == "":
+- raise ValueError(_("Node Address is required"))
+-
+- if mask == "":
+- raise ValueError(_("Node Netmask is required"))
- if proto == "ipv4":
- proto = 0
- elif proto == "ipv6":
- proto = 1
- else:
-+ try:
-+ proto = self.protocol.index(proto)
-+ except:
- raise ValueError(_("Unknown or missing protocol"))
+- raise ValueError(_("Unknown or missing protocol"))
++ addr, mask, proto = self.validate(addr, mask, proto)
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
-@@ -1132,6 +1260,16 @@ class nodeRecords(semanageRecords):
+ if rc < 0:
+@@ -1132,6 +1262,16 @@ class nodeRecords(semanageRecords):
self.__delete(addr, mask, proto)
self.commit()
@@ -4097,7 +4395,7 @@ index b7d257b..735c1ba 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist :
-@@ -1145,15 +1283,20 @@ class nodeRecords(semanageRecords):
+@@ -1145,15 +1285,20 @@ class nodeRecords(semanageRecords):
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@@ -4123,7 +4421,7 @@ index b7d257b..735c1ba 100644
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1193,7 +1336,8 @@ class interfaceRecords(semanageRecords):
+@@ -1193,7 +1338,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -4133,7 +4431,7 @@ index b7d257b..735c1ba 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1307,6 +1451,16 @@ class interfaceRecords(semanageRecords):
+@@ -1307,6 +1453,16 @@ class interfaceRecords(semanageRecords):
self.__delete(interface)
self.commit()
@@ -4150,7 +4448,7 @@ index b7d257b..735c1ba 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -1322,6 +1476,15 @@ class interfaceRecords(semanageRecords):
+@@ -1322,6 +1478,15 @@ class interfaceRecords(semanageRecords):
return ddict
@@ -4166,7 +4464,7 @@ index b7d257b..735c1ba 100644
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1338,6 +1501,48 @@ class interfaceRecords(semanageRecords):
+@@ -1338,6 +1503,48 @@ class interfaceRecords(semanageRecords):
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -4215,7 +4513,7 @@ index b7d257b..735c1ba 100644
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1364,6 +1569,8 @@ class fcontextRecords(semanageRecords):
+@@ -1364,6 +1571,8 @@ class fcontextRecords(semanageRecords):
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@@ -4224,7 +4522,7 @@ index b7d257b..735c1ba 100644
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
-@@ -1388,7 +1595,8 @@ class fcontextRecords(semanageRecords):
+@@ -1388,7 +1597,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -4234,7 +4532,7 @@ index b7d257b..735c1ba 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1504,9 +1712,16 @@ class fcontextRecords(semanageRecords):
+@@ -1504,9 +1714,16 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -4251,7 +4549,7 @@ index b7d257b..735c1ba 100644
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1561,12 +1776,22 @@ class fcontextRecords(semanageRecords):
+@@ -1561,12 +1778,22 @@ class fcontextRecords(semanageRecords):
return ddict
@@ -4276,7 +4574,7 @@ index b7d257b..735c1ba 100644
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1575,6 +1800,12 @@ class fcontextRecords(semanageRecords):
+@@ -1575,6 +1802,12 @@ class fcontextRecords(semanageRecords):
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -4289,7 +4587,7 @@ index b7d257b..735c1ba 100644
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
-@@ -1587,6 +1818,18 @@ class booleanRecords(semanageRecords):
+@@ -1587,6 +1820,18 @@ class booleanRecords(semanageRecords):
self.dict["1"] = 1
self.dict["0"] = 0
@@ -4308,7 +4606,7 @@ index b7d257b..735c1ba 100644
def __mod(self, name, value):
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
-@@ -1606,9 +1849,10 @@ class booleanRecords(semanageRecords):
+@@ -1606,9 +1851,10 @@ class booleanRecords(semanageRecords):
else:
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
@@ -4322,7 +4620,7 @@ index b7d257b..735c1ba 100644
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
-@@ -1691,8 +1935,12 @@ class booleanRecords(semanageRecords):
+@@ -1691,8 +1937,12 @@ class booleanRecords(semanageRecords):
value = []
name = semanage_bool_get_name(boolean)
value.append(semanage_bool_get_value(boolean))
@@ -4337,7 +4635,7 @@ index b7d257b..735c1ba 100644
ddict[name] = value
return ddict
-@@ -1706,6 +1954,16 @@ class booleanRecords(semanageRecords):
+@@ -1706,6 +1956,16 @@ class booleanRecords(semanageRecords):
else:
return _("unknown")
@@ -4387,10 +4685,10 @@ index 0000000..211580d
+relabel: ;
diff --git a/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c b/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
new file mode 100644
-index 0000000..995b270
+index 0000000..8f5c8e0
--- /dev/null
+++ b/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
-@@ -0,0 +1,230 @@
+@@ -0,0 +1,233 @@
+/* Authors: Frank Mayer <mayerf at tresys.com>
+ * and Karl MacMillan <kmacmillan at tresys.com>
+ *
@@ -4561,6 +4859,7 @@ index 0000000..995b270
+
+ if (policydb_init(policydb)) {
+ fprintf(stderr, "Out of memory!\n");
++ free(policydb);
+ return NULL;
+ }
+
@@ -4568,6 +4867,7 @@ index 0000000..995b270
+ if (ret) {
+ fprintf(stderr,
+ "error(s) encountered while parsing configuration\n");
++ free(policydb);
+ return NULL;
+ }
+
@@ -4590,13 +4890,13 @@ index 0000000..995b270
+
+ if (argc != 3) {
+ usage(argv[0]);
-+ exit(1);
++ return -1;
+ }
+
+ /* Open the policy. */
+ p = load_policy(argv[1]);
+ if (p == NULL) {
-+ exit(1);
++ return -1;
+ }
+
+ /* Open the output policy. */
@@ -4605,6 +4905,7 @@ index 0000000..995b270
+ fprintf(stderr, "error opening output file\n");
+ policydb_destroy(p);
+ free(p);
++ return -1;
+ }
+
+ /* Find all of the attributes and output their access. */
diff --git a/policycoreutils.spec b/policycoreutils.spec
index e8410c0..645980d 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.85
-Release: 12%{?dist}
+Release: 13%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -156,7 +156,7 @@ exit 0
Summary: SELinux sandbox utilities
Group: System Environment/Base
Requires: policycoreutils-python = %{version}-%{release}
-Requires: xorg-x11-server-Xephyr
+Requires: xorg-x11-server-Xephyr /usr/bin/rsync
Requires: matchbox-window-manager
Requires(post): /sbin/chkconfig
BuildRequires: libcap-ng-devel
@@ -168,7 +168,7 @@ The policycoreutils-python package contains the scripts to create graphical sand
%defattr(-,root,root,-)
%{_datadir}/sandbox/sandboxX.sh
%{_datadir}/sandbox/start
-%attr(0755,root,root) %caps(cap_setpcap,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
+%attr(0755,root,root) %caps(cap_setpcap,cap_setuid,cap_setgid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
%{_mandir}/man8/seunshare.8*
%{_mandir}/man5/sandbox.conf.5*
@@ -329,6 +329,12 @@ fi
exit 0
%changelog
+* Fri Feb 25 2011 Dan Walsh <dwalsh at redhat.com> 2.0.85-13
+- Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
+- Only allow names in polgengui that contain letters and numbers
+- Fix up node handling in semanage command
+- Update translations
+
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.85-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
diff --git a/selinux-polgengui.desktop b/selinux-polgengui.desktop
index 6cec1d1..bbcb18f 100644
--- a/selinux-polgengui.desktop
+++ b/selinux-polgengui.desktop
@@ -2,6 +2,7 @@
Name=SELinux Policy Generation Tool
Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী
Name[ca]=Eina de generació de polítiques del SELinux
+Name[da]=Regelsætgenereringsværktøj til SELinux
Name[de]=Tool zur Erstellung von SELinux-Richtlinien
Name[es]=Generador de Políticas de SELinux
Name[fi]=SELinux-käytäntöjen generointityökalu
@@ -24,12 +25,13 @@ Name[ru]=Средство создания политики SELinux
Name[sv]=Genereringsverktyg för SELinuxpolicy
Name[ta]=SELinux பாலிசி உற்பத்தி கருவி
Name[te]=SELinux నిర్వహణ
-Name[uk]=Утиліта генерації політики SELinux
+Name[uk]=Утиліта генерації правил SELinux
Name[zh_CN]=SELinux 策略生成工具
Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool)
Comment=Generate SELinux policy modules
Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন
Comment[ca]=Genera els mòduls de les polítiques de SELinux
+Comment[da]=Generér SELinux-regelsætmodul
Comment[de]=Tool zur Erstellung von SELinux-Richtlinien
Comment[es]=Generar módulos de política de SELinux
Comment[fi]=Generoi SELinuxin käytäntömoduuleja
diff --git a/system-config-selinux.desktop b/system-config-selinux.desktop
index 563acbf..befdb23 100644
--- a/system-config-selinux.desktop
+++ b/system-config-selinux.desktop
@@ -1,6 +1,7 @@
[Desktop Entry]
Name=SELinux Management
Name[bn_IN]=SELinux পরিচালনা
+Name[da]=Håndtering af SELinux
Name[de]=SELinux-Management
Name[ca]=Gestió de SELinux
Name[es]=Administración de SELinux
@@ -30,6 +31,7 @@ Name[zh_TW]=SELinux 管理
Comment=Configure SELinux in a graphical setting
Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন
Comment[ca]=Configura SELinuc an mode de preferències gràfiques
+Comment[da]=Konfigurér SELinux i et grafisk miljø
Comment[de]=SELinux in einer grafischen Einstellung konfigurieren
Comment[es]=Defina SELinux en una configuración de interfaz gráfica
Comment[fi]=Tee SELinuxin asetukset graafisesti
More information about the scm-commits
mailing list