[policycoreutils/f16] Fix dpi handling in sandbox
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Nov 29 20:40:45 UTC 2011
commit 602f9edb4ef5bddf0d40740e86420bbc5dc99f8e
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Nov 29 15:40:41 2011 -0500
Fix dpi handling in sandbox
policycoreutils-f17.patch | 115 +++++++++++++++++++++++---------------------
policycoreutils.spec | 5 ++-
2 files changed, 64 insertions(+), 56 deletions(-)
---
diff --git a/policycoreutils-f17.patch b/policycoreutils-f17.patch
index 6e1fa7e..9450be1 100644
--- a/policycoreutils-f17.patch
+++ b/policycoreutils-f17.patch
@@ -1,6 +1,6 @@
diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4/audit2allow/audit2allow
---- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-11-16 11:31:29.915038771 -0500
-+++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-11-16 11:31:30.303038032 -0500
+--- policycoreutils-2.1.4/audit2allow/audit2allow.f17 2011-11-29 15:26:05.659031642 -0500
++++ policycoreutils-2.1.4/audit2allow/audit2allow 2011-11-29 15:26:06.191031947 -0500
@@ -104,7 +104,7 @@ class AuditToPolicy:
if name:
options.requires = True
@@ -12,7 +12,7 @@ diff -up policycoreutils-2.1.4/audit2allow/audit2allow.f17 policycoreutils-2.1.4
# Make -M and -o conflict
diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
--- policycoreutils-2.1.4/.gitignore.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/.gitignore 2011-11-16 11:31:30.305038028 -0500
++++ policycoreutils-2.1.4/.gitignore 2011-11-29 15:26:06.192031948 -0500
@@ -9,6 +9,7 @@ semodule_deps/semodule_deps
semodule_expand/semodule_expand
semodule_link/semodule_link
@@ -23,7 +23,7 @@ diff -up policycoreutils-2.1.4/.gitignore.f17 policycoreutils-2.1.4/.gitignore
setfiles/setfiles
diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/mcstrans/man/Makefile
--- policycoreutils-2.1.4/mcstrans/man/Makefile.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-11-16 11:31:30.306038026 -0500
++++ policycoreutils-2.1.4/mcstrans/man/Makefile 2011-11-29 15:26:06.193031949 -0500
@@ -1,7 +1,9 @@
# Installation directories.
MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
@@ -36,8 +36,8 @@ diff -up policycoreutils-2.1.4/mcstrans/man/Makefile.f17 policycoreutils-2.1.4/m
install -m 644 man8/*.8 $(MAN8DIR)
diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newrole/newrole.c
---- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-11-16 11:31:29.918038765 -0500
-+++ policycoreutils-2.1.4/newrole/newrole.c 2011-11-16 11:31:30.307038024 -0500
+--- policycoreutils-2.1.4/newrole/newrole.c.f17 2011-11-29 15:26:05.663031645 -0500
++++ policycoreutils-2.1.4/newrole/newrole.c 2011-11-29 15:26:06.195031950 -0500
@@ -543,13 +543,13 @@ static int restore_environment(int prese
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
static int drop_capabilities(int full)
@@ -56,16 +56,16 @@ diff -up policycoreutils-2.1.4/newrole/newrole.c.f17 policycoreutils-2.1.4/newro
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
diff -up policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 policycoreutils-2.1.4/restorecond/restorecond_user.conf
---- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2011-11-16 11:31:29.926038751 -0500
-+++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2011-11-16 11:31:30.308038022 -0500
+--- policycoreutils-2.1.4/restorecond/restorecond_user.conf.f17 2011-11-29 15:26:05.669031648 -0500
++++ policycoreutils-2.1.4/restorecond/restorecond_user.conf 2011-11-29 15:26:06.196031950 -0500
@@ -5,3 +5,4 @@
~/.fonts/*
~/.cache/*
~/.config/*
+~/.local/share/*
diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/restorecond/user.c
---- policycoreutils-2.1.4/restorecond/user.c.f17 2011-11-16 11:31:29.927038749 -0500
-+++ policycoreutils-2.1.4/restorecond/user.c 2011-11-16 11:31:30.309038021 -0500
+--- policycoreutils-2.1.4/restorecond/user.c.f17 2011-11-29 15:26:05.670031648 -0500
++++ policycoreutils-2.1.4/restorecond/user.c 2011-11-29 15:26:06.196031950 -0500
@@ -123,6 +123,11 @@ io_channel_callback
sizeof (buffer),
&bytes_read);
@@ -110,8 +110,8 @@ diff -up policycoreutils-2.1.4/restorecond/user.c.f17 policycoreutils-2.1.4/rest
read_config(master_fd, watch_file);
diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandbox/sandbox.8
---- policycoreutils-2.1.4/sandbox/sandbox.8.f17 2011-11-16 11:31:29.932038739 -0500
-+++ policycoreutils-2.1.4/sandbox/sandbox.8 2011-11-16 11:31:30.310038020 -0500
+--- policycoreutils-2.1.4/sandbox/sandbox.8.f17 2011-11-29 15:26:05.673031651 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.8 2011-11-29 15:26:06.197031950 -0500
@@ -3,11 +3,11 @@
sandbox \- Run cmd under an SELinux sandbox
.SH SYNOPSIS
@@ -137,8 +137,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.8.f17 policycoreutils-2.1.4/sandb
Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
.TP
diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox/sandbox
---- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-11-16 11:31:29.931038741 -0500
-+++ policycoreutils-2.1.4/sandbox/sandbox 2011-11-16 11:31:30.311038018 -0500
+--- policycoreutils-2.1.4/sandbox/sandbox.f17 2011-11-29 15:26:05.672031650 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox 2011-11-29 15:39:57.547581985 -0500
@@ -118,10 +118,30 @@ def reserve(level):
sock.bind("\0%s" % level)
fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
@@ -185,25 +185,16 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
def fullpath(cmd):
for i in [ "/", "./", "../" ]:
-@@ -160,6 +183,17 @@ class Sandbox:
+@@ -160,7 +183,7 @@ class Sandbox:
self.__level = None
self.__homedir = None
self.__tmpdir = None
-+ self.__set_dpi()
+-
+
-+ def __set_dpi(self):
-+ rc, out = commands.getstatusoutput("/usr/bin/xrdb -query")
-+ if rc != 0:
-+ self.dpi = 96
-+ else:
-+ for i in out.split("\n"):
-+ if i.startswith("Xft.dpi:"):
-+ self.dpi = i.split()[1]
-+ break;
-
def __validate_mount(self):
if self.__options.level:
-@@ -263,7 +297,6 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
+ if not self.__options.homedir or not self.__options.tmpdir:
+@@ -263,7 +286,6 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
%s
""") % types
@@ -211,17 +202,18 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
parser = OptionParser(version=self.VERSION, usage=usage)
parser.disable_interspersed_args()
parser.add_option("-i", "--include",
-@@ -279,6 +312,9 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
+@@ -279,6 +301,10 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
action="callback", callback=self.__mount_callback,
help=_("mount new home and/or tmp directory"))
+ parser.add_option("-d", "--dpi",
-+ dest="dpi", action="store",default=self.dpi,
-+ help=_("dots per inch for X display: (%s)" % self.dpi))
++ dest="dpi", action="store",
++ help=_("dots per inch for X display"))
++
parser.add_option("-S", "--session", action="store_true", dest="session",
default=False, help=_("run complete desktop session within sandbox"))
-@@ -323,7 +359,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
+@@ -323,7 +349,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
if self.__options.X_ind:
self.setype = DEFAULT_X_TYPE
@@ -230,18 +222,31 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.f17 policycoreutils-2.1.4/sandbox
if self.__options.setype:
self.setype = self.__options.setype
-@@ -409,7 +445,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
+@@ -402,6 +428,12 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
+ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
+
+ if self.__options.X_ind:
++ if self.__options.dpi:
++ dpi = self.__options.dpi
++ else:
++ import gtk
++ dpi = str(gtk.settings_get_default().props.gtk_xft_dpi/1024)
++
+ xmodmapfile = self.__homedir + "/.xmodmap"
+ xd = open(xmodmapfile,"w")
+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
+@@ -409,7 +441,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-
self.__setup_sandboxrc(self.__options.wm)
- cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
-+ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.__options.dpi ]
++ cmds += [ "--", SANDBOXSH, self.__options.windowsize, dpi ]
else:
cmds += [ "--" ] + self.__paths
return subprocess.Popen(cmds).wait()
diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sandbox/sandbox.init
---- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-11-16 11:31:29.933038737 -0500
-+++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-11-16 11:31:30.312038016 -0500
+--- policycoreutils-2.1.4/sandbox/sandbox.init.f17 2011-11-29 15:26:05.674031652 -0500
++++ policycoreutils-2.1.4/sandbox/sandbox.init 2011-11-29 15:26:06.199031952 -0500
@@ -13,7 +13,7 @@
# description: sandbox, xguest and other apps that want to use pam_namespace \
# require this script be run at boot. This service script does \
@@ -272,8 +277,8 @@ diff -up policycoreutils-2.1.4/sandbox/sandbox.init.f17 policycoreutils-2.1.4/sa
touch $LOCKFILE
mount --make-rshared / || return $?
diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/sandbox/seunshare.c
---- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-11-16 11:31:29.937038729 -0500
-+++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-11-16 11:31:30.313038014 -0500
+--- policycoreutils-2.1.4/sandbox/seunshare.c.f17 2011-11-29 15:26:05.677031652 -0500
++++ policycoreutils-2.1.4/sandbox/seunshare.c 2011-11-29 15:26:06.200031953 -0500
@@ -5,8 +5,9 @@
#define _GNU_SOURCE
@@ -343,8 +348,8 @@ diff -up policycoreutils-2.1.4/sandbox/seunshare.c.f17 policycoreutils-2.1.4/san
}
diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c
---- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2011-11-16 11:31:29.941038721 -0500
-+++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2011-11-16 11:31:30.314038012 -0500
+--- policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17 2011-11-29 15:26:05.679031654 -0500
++++ policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c 2011-11-29 15:26:06.200031953 -0500
@@ -52,8 +52,6 @@ static PyMethodDef methods[] = {
PyMODINIT_FUNC
initdefault_encoding_utf8(void)
@@ -357,7 +362,7 @@ diff -up policycoreutils-2.1.4/semanage/default_encoding/default_encoding.c.f17
}
diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/semanage/semanage.8
--- policycoreutils-2.1.4/semanage/semanage.8.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/semanage/semanage.8 2011-11-16 11:31:30.315038010 -0500
++++ policycoreutils-2.1.4/semanage/semanage.8 2011-11-29 15:26:06.201031954 -0500
@@ -163,6 +163,9 @@ SELinux Type for the object
.I \-i, \-\-input
Take a set of commands from a specified file and load them in a single
@@ -369,8 +374,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.8.f17 policycoreutils-2.1.4/sem
.SH EXAMPLE
.nf
diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/semanage/semanage
---- policycoreutils-2.1.4/semanage/semanage.f17 2011-11-16 11:31:29.944038715 -0500
-+++ policycoreutils-2.1.4/semanage/semanage 2011-11-16 11:31:30.317038006 -0500
+--- policycoreutils-2.1.4/semanage/semanage.f17 2011-11-29 15:26:05.681031656 -0500
++++ policycoreutils-2.1.4/semanage/semanage 2011-11-29 15:26:06.202031954 -0500
@@ -575,3 +575,5 @@ Object-specific Options (see above):
errorExit(error.args[1])
except OSError, error:
@@ -378,8 +383,8 @@ diff -up policycoreutils-2.1.4/semanage/semanage.f17 policycoreutils-2.1.4/seman
+ except RuntimeError, error:
+ errorExit(error.args[0])
diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/semanage/seobject.py
---- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-11-16 11:31:29.947038710 -0500
-+++ policycoreutils-2.1.4/semanage/seobject.py 2011-11-16 15:42:22.719523501 -0500
+--- policycoreutils-2.1.4/semanage/seobject.py.f17 2011-11-29 15:26:05.683031656 -0500
++++ policycoreutils-2.1.4/semanage/seobject.py 2011-11-29 15:26:06.203031954 -0500
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007, 2008, 2009 Red Hat
@@ -593,8 +598,8 @@ diff -up policycoreutils-2.1.4/semanage/seobject.py.f17 policycoreutils-2.1.4/se
-
+ print "%-30s (%-5s,%5s) %s" % (k, on_off[selinux.security_get_boolean_active(k)], on_off[ddict[k][2]], self.get_desc(k))
diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1.4/semodule_package/Makefile
---- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-11-16 11:31:29.947038710 -0500
-+++ policycoreutils-2.1.4/semodule_package/Makefile 2011-11-16 11:31:30.320038000 -0500
+--- policycoreutils-2.1.4/semodule_package/Makefile.f17 2011-11-29 15:26:05.684031656 -0500
++++ policycoreutils-2.1.4/semodule_package/Makefile 2011-11-29 15:26:06.204031954 -0500
@@ -24,7 +24,7 @@ install: all
relabel:
@@ -606,7 +611,7 @@ diff -up policycoreutils-2.1.4/semodule_package/Makefile.f17 policycoreutils-2.1
../../scripts/Lindent $(wildcard *.[ch])
diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/semodule/semodule.8
--- policycoreutils-2.1.4/semodule/semodule.8.f17 2011-08-18 06:52:31.000000000 -0400
-+++ policycoreutils-2.1.4/semodule/semodule.8 2011-11-16 11:31:30.321037998 -0500
++++ policycoreutils-2.1.4/semodule/semodule.8 2011-11-29 15:26:06.205031955 -0500
@@ -41,6 +41,9 @@ disable existing module
.B \-e,\-\-enable=MODULE_NAME
enable existing module
@@ -618,8 +623,8 @@ diff -up policycoreutils-2.1.4/semodule/semodule.8.f17 policycoreutils-2.1.4/sem
remove existing module
.TP
diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setfiles/restore.c
---- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-11-16 11:31:29.952038700 -0500
-+++ policycoreutils-2.1.4/setfiles/restore.c 2011-11-16 11:31:30.322037996 -0500
+--- policycoreutils-2.1.4/setfiles/restore.c.f17 2011-11-29 15:26:05.732031685 -0500
++++ policycoreutils-2.1.4/setfiles/restore.c 2011-11-29 15:26:06.205031955 -0500
@@ -1,5 +1,6 @@
#include "restore.h"
#include <glob.h>
@@ -842,7 +847,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.c.f17 policycoreutils-2.1.4/setf
*/
diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/setfiles/restorecon.8
--- policycoreutils-2.1.4/setfiles/restorecon.8.f17 2011-08-18 06:52:32.000000000 -0400
-+++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-11-16 11:31:30.323037994 -0500
++++ policycoreutils-2.1.4/setfiles/restorecon.8 2011-11-29 15:26:06.206031956 -0500
@@ -4,22 +4,27 @@ restorecon \- restore file(s) default SE
.SH "SYNOPSIS"
@@ -901,8 +906,8 @@ diff -up policycoreutils-2.1.4/setfiles/restorecon.8.f17 policycoreutils-2.1.4/s
.SH "ARGUMENTS"
.B pathname...
diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setfiles/restore.h
---- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-11-16 11:31:29.953038698 -0500
-+++ policycoreutils-2.1.4/setfiles/restore.h 2011-11-16 11:31:30.324037992 -0500
+--- policycoreutils-2.1.4/setfiles/restore.h.f17 2011-11-29 15:26:05.733031684 -0500
++++ policycoreutils-2.1.4/setfiles/restore.h 2011-11-29 15:26:06.207031957 -0500
@@ -40,6 +40,7 @@ struct restore_opts {
int fts_flags; /* Flags to fts, e.g. follow links, follow mounts */
const char *selabel_opt_validate;
@@ -913,7 +918,7 @@ diff -up policycoreutils-2.1.4/setfiles/restore.h.f17 policycoreutils-2.1.4/setf
void restore_init(struct restore_opts *opts);
diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/setfiles/setfiles.8
--- policycoreutils-2.1.4/setfiles/setfiles.8.f17 2011-08-18 06:52:32.000000000 -0400
-+++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-11-16 11:31:30.325037990 -0500
++++ policycoreutils-2.1.4/setfiles/setfiles.8 2011-11-29 15:26:06.207031957 -0500
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security co
.SH "SYNOPSIS"
@@ -960,8 +965,8 @@ diff -up policycoreutils-2.1.4/setfiles/setfiles.8.f17 policycoreutils-2.1.4/set
.B \-W
display warnings about entries that had no matching files.
diff -up policycoreutils-2.1.4/setfiles/setfiles.c.f17 policycoreutils-2.1.4/setfiles/setfiles.c
---- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-11-16 11:31:29.954038696 -0500
-+++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-11-16 11:31:30.326037988 -0500
+--- policycoreutils-2.1.4/setfiles/setfiles.c.f17 2011-11-29 15:26:05.733031684 -0500
++++ policycoreutils-2.1.4/setfiles/setfiles.c 2011-11-29 15:26:06.208031958 -0500
@@ -39,7 +39,7 @@ void usage(const char *const name)
{
if (iamrestorecon) {
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 9fcb86b..7ea5ae4 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.4
-Release: 10%{?dist}
+Release: 11%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -354,6 +354,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Tue Nov 29 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-10
+- Fix dpi handling in sandbox
+
* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.4-10
- Add listing of distribution equivalence class from semanage fcontext -l
- Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence
More information about the scm-commits
mailing list