[policycoreutils] - Change to allow sandbox to run on nfs homedirs, add start python script
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 15 21:47:46 UTC 2010
commit 8937a040d8c6d637659c233cea617324fe5fcafb
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Dec 15 16:47:38 2010 -0500
- Change to allow sandbox to run on nfs homedirs, add start python script
policycoreutils-rhat.patch | 953 +++++++++++++++++++++-----------------------
policycoreutils.spec | 8 +-
2 files changed, 461 insertions(+), 500 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 6336ce2..0232668 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -1,13 +1,24 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.84/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/audit2allow/audit2allow 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
+index 86ed03f..67d0ee8 100644
+--- a/policycoreutils/Makefile
++++ b/policycoreutils/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
++SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui
+
+ INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
+
+diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
+index 5435e9d..fddcdaa 100644
+--- a/policycoreutils/audit2allow/audit2allow
++++ b/policycoreutils/audit2allow/audit2allow
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
# Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
#
# Copyright (C) 2006-2007 Red Hat
-@@ -28,6 +28,7 @@
+@@ -28,6 +28,7 @@ import sepolgen.objectmodel as objectmodel
import sepolgen.defaults as defaults
import sepolgen.module as module
from sepolgen.sepolgeni18n import _
@@ -15,7 +26,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
class AuditToPolicy:
VERSION = "%prog .1"
-@@ -46,6 +47,7 @@
+@@ -46,6 +47,7 @@ class AuditToPolicy:
help="audit messages since last boot conflicts with -i")
parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
help="read input from audit log - conflicts with -i")
@@ -23,7 +34,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
help="read input from dmesg - conflicts with --all and --input")
parser.add_option("-i", "--input", dest="input",
-@@ -231,63 +233,44 @@
+@@ -231,63 +233,44 @@ class AuditToPolicy:
def __output_audit2why(self):
import selinux
@@ -99,7 +110,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
print "\t\tMissing role allow rule.\n"
print "\t\tAdd an allow rule for the role pair.\n"
continue
-@@ -350,11 +333,19 @@
+@@ -350,11 +333,19 @@ class AuditToPolicy:
def main(self):
try:
self.__parse_options()
@@ -119,9 +130,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if __name__ == "__main__":
app = AuditToPolicy()
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.84/audit2allow/audit2allow.1
---- nsapolicycoreutils/audit2allow/audit2allow.1 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/audit2allow/audit2allow.1 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
+index 6178cc8..b6f386d 100644
+--- a/policycoreutils/audit2allow/audit2allow.1
++++ b/policycoreutils/audit2allow/audit2allow.1
@@ -1,5 +1,6 @@
.\" Hey, Emacs! This is an -*- nroff -*- source file.
.\" Copyright (c) 2005 Manoj Srivastava <srivasta at debian.org>
@@ -138,7 +150,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.SH NAME
.BR audit2allow
\- generate SELinux policy allow/dontaudit rules from logs of denied operations
-@@ -66,6 +67,9 @@
+@@ -66,6 +67,9 @@ Generate module/require output <modulename>
.B "\-M <modulename>"
Generate loadable module package, conflicts with -o
.TP
@@ -148,7 +160,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.B "\-o <outputfile>" | "\-\-output <outputfile>"
append output to
.I <outputfile>
-@@ -117,14 +121,6 @@
+@@ -117,14 +121,6 @@ an 'allow' rule.
.B Please substitute /var/log/messages for /var/log/audit/audit.log in the
.B examples.
.PP
@@ -163,7 +175,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.B Using audit2allow to generate module policy
$ cat /var/log/audit/audit.log | audit2allow -m local > local.te
-@@ -132,20 +128,38 @@
+@@ -132,20 +128,38 @@ $ cat local.te
module local 1.0;
require {
@@ -208,7 +220,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.B Building module policy manually
# Compile the module
-@@ -168,6 +182,14 @@
+@@ -168,6 +182,14 @@ you are required to execute
semodule -i local.pp
@@ -223,9 +235,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.fi
.PP
.SH AUTHOR
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.84/audit2allow/sepolgen-ifgen
---- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/audit2allow/sepolgen-ifgen 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
+index 03f95a1..5986b23 100644
+--- a/policycoreutils/audit2allow/sepolgen-ifgen
++++ b/policycoreutils/audit2allow/sepolgen-ifgen
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@@ -243,7 +256,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
import sepolgen.refparser as refparser
import sepolgen.defaults as defaults
-@@ -35,6 +39,7 @@
+@@ -35,6 +39,7 @@ import sepolgen.interfaces as interfaces
VERSION = "%prog .1"
@@ -251,7 +264,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def parse_options():
from optparse import OptionParser
-@@ -44,14 +49,43 @@
+@@ -44,14 +49,43 @@ def parse_options():
help="filename to store output")
parser.add_option("-i", "--interfaces", dest="headers", default=defaults.headers(),
help="location of the interface header files")
@@ -295,7 +308,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def main():
options = parse_options()
-@@ -68,6 +102,14 @@
+@@ -68,6 +102,14 @@ def main():
else:
log = None
@@ -310,7 +323,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
try:
headers = refparser.parse_headers(options.headers, output=log, debug=options.debug)
except ValueError, e:
-@@ -76,7 +118,7 @@
+@@ -76,7 +118,7 @@ def main():
return 1
if_set = interfaces.InterfaceSet(output=log)
@@ -319,22 +332,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if_set.to_file(f)
f.close()
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/load_policy/load_policy.c policycoreutils-2.0.84/load_policy/load_policy.c
---- nsapolicycoreutils/load_policy/load_policy.c 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/load_policy/load_policy.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/load_policy/load_policy.c b/policycoreutils/load_policy/load_policy.c
+index 47d9b0f..566565f 100644
+--- a/policycoreutils/load_policy/load_policy.c
++++ b/policycoreutils/load_policy/load_policy.c
@@ -1,3 +1,4 @@
+#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
-@@ -17,12 +18,21 @@
- #define PACKAGE "policycoreutils" /* the name of this package lang translation */
- #endif
-
-+
- void usage(char *progname)
- {
- fprintf(stderr, _("usage: %s [-qi]\n"), progname);
+@@ -23,6 +24,14 @@ void usage(char *progname)
exit(1);
}
@@ -349,7 +356,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
int main(int argc, char **argv)
{
int ret, opt, quiet = 0, nargs, init=0, enforce=0;
-@@ -64,6 +74,7 @@
+@@ -64,6 +73,7 @@ int main(int argc, char **argv)
"%s: Warning! Boolean file argument (%s) is no longer supported, installed booleans file is always used. Continuing...\n",
argv[0], argv[optind++]);
}
@@ -357,7 +364,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (init) {
if (is_selinux_enabled() == 1) {
/* SELinux is already enabled, we should not do an initial load again */
-@@ -76,9 +87,11 @@
+@@ -76,9 +86,11 @@ int main(int argc, char **argv)
if (ret != 0 ) {
if (enforce > 0) {
/* SELinux in enforcing mode but load_policy failed */
@@ -371,7 +378,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
exit(3);
}
}
-@@ -86,9 +99,16 @@
+@@ -86,9 +98,16 @@ int main(int argc, char **argv)
else {
ret = selinux_mkload_policy(1);
}
@@ -391,19 +398,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
exit(2);
}
exit(0);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.84/Makefile
---- nsapolicycoreutils/Makefile 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/Makefile 2010-11-30 11:57:21.000000000 -0500
-@@ -1,4 +1,4 @@
--SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
-+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool po gui
-
- INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/Makefile policycoreutils-2.0.84/newrole/Makefile
---- nsapolicycoreutils/newrole/Makefile 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/newrole/Makefile 2010-11-30 11:57:21.000000000 -0500
-@@ -50,7 +50,7 @@
+diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
+index 6c19bd1..bd8e7a7 100644
+--- a/policycoreutils/newrole/Makefile
++++ b/policycoreutils/newrole/Makefile
+@@ -50,7 +50,7 @@ ifeq (${NAMESPACE_PRIV},y)
endif
ifeq (${IS_SUID},y)
MODE := 4555
@@ -412,9 +411,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
else
MODE := 0555
endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.84/newrole/newrole.c
---- nsapolicycoreutils/newrole/newrole.c 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/newrole/newrole.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
+index d191be6..071b393 100644
+--- a/policycoreutils/newrole/newrole.c
++++ b/policycoreutils/newrole/newrole.c
@@ -77,7 +77,7 @@
#endif
#if defined(AUDIT_LOG_PRIV) || (NAMESPACE_PRIV)
@@ -434,7 +434,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/* USAGE_STRING describes the command-line args of this program. */
#define USAGE_STRING "USAGE: newrole [ -r role ] [ -t type ] [ -l level ] [ -p ] [ -V ] [ -- args ]"
-@@ -538,69 +541,23 @@
+@@ -538,69 +541,23 @@ static int restore_environment(int preserve_environment,
* Returns zero on success, non-zero otherwise
*/
#if defined(AUDIT_LOG_PRIV) && !defined(NAMESPACE_PRIV)
@@ -514,7 +514,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
}
#elif defined(NAMESPACE_PRIV)
/**
-@@ -616,50 +573,25 @@
+@@ -616,50 +573,25 @@ static int drop_capabilities(void)
*
* Returns zero on success, non-zero otherwise
*/
@@ -577,7 +577,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
{
return 0;
}
-@@ -1098,7 +1030,7 @@
+@@ -1098,7 +1030,7 @@ int main(int argc, char *argv[])
* if it makes sense to continue to run newrole, and setting up
* a scrubbed environment.
*/
@@ -586,7 +586,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
return -1;
if (set_signal_handles())
return -1;
-@@ -1334,11 +1266,15 @@
+@@ -1334,11 +1266,15 @@ int main(int argc, char *argv[])
if (send_audit_message(1, old_context, new_context, ttyn))
goto err_close_pam_session;
@@ -602,9 +602,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/* Handle environment changes */
if (restore_environment(preserve_environment, old_environ, &pw)) {
fprintf(stderr, _("Unable to restore the environment, "
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.84/restorecond/Makefile
---- nsapolicycoreutils/restorecond/Makefile 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/Makefile 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/Makefile b/policycoreutils/restorecond/Makefile
+index 3f235e6..7552668 100644
+--- a/policycoreutils/restorecond/Makefile
++++ b/policycoreutils/restorecond/Makefile
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -637,7 +638,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
-@@ -22,7 +33,12 @@
+@@ -22,7 +33,12 @@ install: all
-mkdir -p $(INITDIR)
install -m 755 restorecond.init $(INITDIR)/restorecond
-mkdir -p $(SELINUXDIR)
@@ -651,16 +652,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
relabel: install
/sbin/restorecon $(SBINDIR)/restorecond
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.84/restorecond/org.selinux.Restorecond.service
---- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/restorecond/org.selinux.Restorecond.service 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/org.selinux.Restorecond.service b/policycoreutils/restorecond/org.selinux.Restorecond.service
+new file mode 100644
+index 0000000..0ef5f0b
+--- /dev/null
++++ b/policycoreutils/restorecond/org.selinux.Restorecond.service
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.84/restorecond/restorecond.8
---- nsapolicycoreutils/restorecond/restorecond.8 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/restorecond.8 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/restorecond.8 b/policycoreutils/restorecond/restorecond.8
+index b149dcb..0c14c94 100644
+--- a/policycoreutils/restorecond/restorecond.8
++++ b/policycoreutils/restorecond/restorecond.8
@@ -3,7 +3,7 @@
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
@@ -670,7 +674,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.P
.SH "DESCRIPTION"
-@@ -19,13 +19,22 @@
+@@ -19,13 +19,22 @@ the correct file context associated with the policy.
.B \-d
Turns on debugging mode. Application will stay in the foreground and lots of
debugs messages start printing.
@@ -695,9 +699,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.SH "SEE ALSO"
.BR restorecon (8),
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.84/restorecond/restorecond.c
---- nsapolicycoreutils/restorecond/restorecond.c 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/restorecond.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c
+index 58774e6..77c8013 100644
+--- a/policycoreutils/restorecond/restorecond.c
++++ b/policycoreutils/restorecond/restorecond.c
@@ -30,9 +30,11 @@
* and makes sure that there security context matches the systems defaults
*
@@ -739,7 +744,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
-#include <selinux/selinux.h>
-#include <utmp.h>
-
+-
-/* size of the event structure, not counting name */
-#define EVENT_SIZE (sizeof (struct inotify_event))
-/* reasonable guess as to size of 1024 events */
@@ -824,11 +829,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- }
- firstDir = NULL;
-}
-+static char *server_watch_file = "/etc/selinux/restorecond.conf";
-+static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
-+static char *watch_file;
-+static struct restore_opts r_opts;
-
+-
-/*
- Set the file context to the default file context for this system.
- Same as restorecon.
@@ -937,7 +938,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- }
- free(line_buf);
-}
--
+
-/*
- Read config file ignoring Comment lines
- Files specified one per line. Files with "~" will be expanded to the logged in users
@@ -966,8 +967,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- if (master_wd == -1)
- exitApp("Error watching config file.");
-}
-+#include <selinux/selinux.h>
-
+-
-/*
- Inotify watch loop
-*/
@@ -1001,11 +1001,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- if (event->len)
- watch_list_find(event->wd, event->name);
- break;
--
++static char *server_watch_file = "/etc/selinux/restorecond.conf";
++static char *user_watch_file = "/etc/selinux/restorecond_user.conf";
++static char *watch_file;
++static struct restore_opts r_opts;
+
- case 1: /* utmp has changed need to reload */
- read_config(fd);
- break;
--
++#include <selinux/selinux.h>
+
- default: /* No users logged in or out */
- break;
- }
@@ -1026,7 +1031,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
}
static const char *pidfile = "/var/run/restorecond.pid";
-@@ -374,7 +120,7 @@
+@@ -374,7 +120,7 @@ static void term_handler()
static void usage(char *program)
{
@@ -1035,7 +1040,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
exit(0);
}
-@@ -390,74 +136,35 @@
+@@ -390,74 +136,35 @@ void exitApp(const char *msg)
to see if it is one that we are watching.
*/
@@ -1134,7 +1139,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/* Register sighandlers */
sa.sa_flags = 0;
-@@ -467,36 +174,56 @@
+@@ -467,36 +174,56 @@ int main(int argc, char **argv)
set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
@@ -1200,9 +1205,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (pidfile)
unlink(pidfile);
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.84/restorecond/restorecond.conf
---- nsapolicycoreutils/restorecond/restorecond.conf 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/restorecond.conf 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/restorecond.conf b/policycoreutils/restorecond/restorecond.conf
+index 3fc9376..58b723a 100644
+--- a/policycoreutils/restorecond/restorecond.conf
++++ b/policycoreutils/restorecond/restorecond.conf
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@@ -1213,9 +1219,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/root/.ssh/*
-
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.84/restorecond/restorecond.desktop
---- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/restorecond/restorecond.desktop 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/restorecond.desktop b/policycoreutils/restorecond/restorecond.desktop
+new file mode 100644
+index 0000000..23ff89d
+--- /dev/null
++++ b/policycoreutils/restorecond/restorecond.desktop
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@@ -1224,9 +1232,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+Encoding=UTF-8
+Type=Application
+StartupNotify=false
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.84/restorecond/restorecond.h
---- nsapolicycoreutils/restorecond/restorecond.h 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/restorecond.h 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/restorecond.h b/policycoreutils/restorecond/restorecond.h
+index e1666bf..8c85ef0 100644
+--- a/policycoreutils/restorecond/restorecond.h
++++ b/policycoreutils/restorecond/restorecond.h
@@ -24,7 +24,22 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@@ -1252,10 +1261,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+extern int watch_list_isempty();
#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.84/restorecond/restorecond.init
---- nsapolicycoreutils/restorecond/restorecond.init 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/restorecond.init 2010-11-30 11:57:21.000000000 -0500
-@@ -26,7 +26,7 @@
+diff --git a/policycoreutils/restorecond/restorecond.init b/policycoreutils/restorecond/restorecond.init
+index b966db6..775c52b 100644
+--- a/policycoreutils/restorecond/restorecond.init
++++ b/policycoreutils/restorecond/restorecond.init
+@@ -26,7 +26,7 @@ PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library.
. /etc/rc.d/init.d/functions
@@ -1264,7 +1274,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
# Check that we are root ... so non-root users stop here
test $EUID = 0 || exit 4
-@@ -75,16 +75,15 @@
+@@ -75,16 +75,15 @@ case "$1" in
status restorecond
RETVAL=$?
;;
@@ -1283,15 +1293,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
exit $RETVAL
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.84/restorecond/restorecond_user.conf
---- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/restorecond/restorecond_user.conf 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/restorecond_user.conf b/policycoreutils/restorecond/restorecond_user.conf
+new file mode 100644
+index 0000000..d97bc72
+--- /dev/null
++++ b/policycoreutils/restorecond/restorecond_user.conf
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.84/restorecond/user.c
---- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/restorecond/user.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/user.c b/policycoreutils/restorecond/user.c
+new file mode 100644
+index 0000000..272479a
+--- /dev/null
++++ b/policycoreutils/restorecond/user.c
@@ -0,0 +1,239 @@
+/*
+ * restorecond
@@ -1532,10 +1546,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ return 0;
+}
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.84/restorecond/utmpwatcher.c
---- nsapolicycoreutils/restorecond/utmpwatcher.c 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/restorecond/utmpwatcher.c 2010-11-30 11:57:21.000000000 -0500
-@@ -72,8 +72,8 @@
+diff --git a/policycoreutils/restorecond/utmpwatcher.c b/policycoreutils/restorecond/utmpwatcher.c
+index f182c22..feddb5a 100644
+--- a/policycoreutils/restorecond/utmpwatcher.c
++++ b/policycoreutils/restorecond/utmpwatcher.c
+@@ -72,8 +72,8 @@ unsigned int utmpwatcher_handle(int inotify_fd, int wd)
if (utmp_wd == -1)
exitApp("Error watching utmp file.");
@@ -1545,9 +1560,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
strings_list_free(prev_utmp_ptr);
}
return changed;
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.84/restorecond/watch.c
---- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/restorecond/watch.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/restorecond/watch.c b/policycoreutils/restorecond/watch.c
+new file mode 100644
+index 0000000..ab67a02
+--- /dev/null
++++ b/policycoreutils/restorecond/watch.c
@@ -0,0 +1,260 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1809,107 +1826,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.84/sandbox/deliverables/basicwrapper
---- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sandbox/deliverables/basicwrapper 2010-11-30 11:57:21.000000000 -0500
-@@ -0,0 +1,4 @@
-+import os, sys
-+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
-+SANDBOX_ARGS.extend(sys.argv[1::])
-+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.84/sandbox/deliverables/README
---- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sandbox/deliverables/README 2010-11-30 11:57:21.000000000 -0500
-@@ -0,0 +1,32 @@
-+Files:
-+run-in-sandbox.py:
-+ adds the run in sandbox extension to nautilus
-+ copy to .nautilus/python-extensions
-+ yum install nautilus-python
-+
-+sandbox:
-+ adds support for file checking, This was working I don't know why it didn't at that presentation
-+ adds support for file relabeling, This is/was also working.
-+
-+basicwrapper:
-+ This is pretty much the most basic condor wrapper you can create, it requires the -f option in sandbox. Also I can't make this work, maybe the grid team will have more luck.
-+
-+Other:
-+Xguest Live cd:
-+ There's a tutorial on live cds here: http://www.ibm.com/developerworks/library/l-fedora-livecd/index.html?ca=dgr-lnxw16FedoraLiveCD
-+ It looks like David Zeuthen is head guy in the live cd department, he might be worth talking to.
-+
-+System-config-selinux:
-+ wiki: fedorahosted.org/system-config-selinux
-+ realeases: fedorahosted.org/releases/s/y/system-config-selinux/ includes a spec,srpm, and tarball of current version
-+ The project is technically owned by Roman Rakus (rrakus at redhat.com) I've sent him an email asking him to make you a git contributor.
-+ I'll continue making updates to this and make sure it gets into the repos.
-+
-+Assuming I don't get to keep my RedHat email you can contact me:
-+email: chris.pardy at gmail.com
-+phone: 1-207-838-7119
-+
-+I'll probably continue to be on the #fedora-selinux and #selinux irc channels
-+
-+Thanks for a great summer.
-+Chris Pardy
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.84/sandbox/deliverables/run-in-sandbox.py
---- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sandbox/deliverables/run-in-sandbox.py 2010-11-30 11:57:21.000000000 -0500
-@@ -0,0 +1,49 @@
-+import os
-+import os.path
-+import urllib
-+
-+import nautilus
-+import gtk
-+import gconf
-+
-+class RunInSandboxExtension(nautilus.MenuProvider):
-+ def __init__(self):
-+ self.client = gconf.client_get_default()
-+
-+ def sandbox_init(self,file,path):
-+ if os.path.basename(path).endswith('.desktop'):
-+ import re
-+ f = open(path,'r')
-+ for i in f.readlines():
-+ m = re.match(r'Exec=(?P<name>\S+)',i)
-+ if m:
-+ path = m.group('name')
-+ f.close()
-+ break
-+ os.system('/usr/bin/sandbox -X %s &' % path)
-+
-+ def get_file_items(self, window, files):
-+ if len(files) != 1:
-+ return
-+
-+ file = files[0]
-+
-+ if file.is_directory():
-+ return
-+
-+ if file.get_uri_scheme() != 'file':
-+ return
-+
-+ path = file.get_uri().replace('file://','',1)
-+ if not os.access(path,os.X_OK):
-+ return
-+
-+ path = os.path.realpath(path)
-+
-+ item = nautilus.MenuItem('NautilusPython::openterminal_file_items','Run In Sandbox','Run %s in Sandbox' % file.get_name())
-+ item.connect('activate',self.sandbox_init,path)
-+ return item,
-+
-+ def get_background_items(self, window, file):
-+ return
-+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.84/sandbox/Makefile
---- nsapolicycoreutils/sandbox/Makefile 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/sandbox/Makefile 2010-11-30 11:57:21.000000000 -0500
-@@ -7,8 +7,8 @@
+diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile
+index ff0ee7c..0c8a085 100644
+--- a/policycoreutils/sandbox/Makefile
++++ b/policycoreutils/sandbox/Makefile
+@@ -7,10 +7,10 @@ SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
SHAREDIR ?= $(PREFIX)/share/sandbox
@@ -1918,9 +1839,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra
+LDLIBS += -lcgroup -lselinux -lcap-ng
- all: sandbox seunshare sandboxX.sh
+-all: sandbox seunshare sandboxX.sh
++all: sandbox seunshare sandboxX.sh start
-@@ -20,6 +20,9 @@
+ seunshare: seunshare.o $(EXTRA_OBJS)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+@@ -20,14 +20,18 @@ install: all
install -m 755 sandbox $(BINDIR)
-mkdir -p $(MANDIR)/man8
install -m 644 sandbox.8 $(MANDIR)/man8/
@@ -1930,7 +1854,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-mkdir -p $(SBINDIR)
install -m 4755 seunshare $(SBINDIR)/
-mkdir -p $(SHAREDIR)
-@@ -27,7 +30,7 @@
+ install -m 755 sandboxX.sh $(SHAREDIR)
++ install -m 755 start $(SHAREDIR)
-mkdir -p $(INITDIR)
install -m 755 sandbox.init $(INITDIR)/sandbox
-mkdir -p $(SYSCONFDIR)
@@ -1939,9 +1864,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
test:
@python test_sandbox.py -v
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.84/sandbox/sandbox
---- nsapolicycoreutils/sandbox/sandbox 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/sandbox/sandbox 2010-11-30 12:08:16.000000000 -0500
+diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
+index 48a26c2..224b9d1 100644
+--- a/policycoreutils/sandbox/sandbox
++++ b/policycoreutils/sandbox/sandbox
@@ -1,5 +1,6 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@@ -1971,7 +1897,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
-@@ -41,6 +45,7 @@
+@@ -41,6 +45,7 @@ except IOError:
import __builtin__
__builtin__.__dict__['_'] = unicode
@@ -1979,7 +1905,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
DEFAULT_TYPE = "sandbox_t"
DEFAULT_X_TYPE = "sandbox_x_t"
SAVE_FILES = {}
-@@ -63,15 +68,15 @@
+@@ -63,15 +68,15 @@ def error_exit(msg):
sys.stderr.flush()
sys.exit(1)
@@ -1999,7 +1925,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if not os.path.exists(newdir):
os.makedirs(newdir)
dest = newdir + "/" + bname
-@@ -81,9 +86,10 @@
+@@ -81,9 +86,10 @@ def copyfile(file, dir, dest):
shutil.copytree(file, dest)
else:
shutil.copy2(file, dest)
@@ -2012,7 +1938,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
SAVE_FILES[file] = (dest, os.path.getmtime(dest))
-@@ -161,10 +167,10 @@
+@@ -161,10 +167,10 @@ class Sandbox:
if not self.__options.homedir or not self.__options.tmpdir:
self.usage(_("Homedir and tempdir required for level mounts"))
@@ -2026,7 +1952,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __mount_callback(self, option, opt, value, parser):
self.__mount = True
-@@ -172,6 +178,15 @@
+@@ -172,6 +178,15 @@ class Sandbox:
def __x_callback(self, option, opt, value, parser):
self.__mount = True
setattr(parser.values, option.dest, True)
@@ -2042,7 +1968,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __validdir(self, option, opt, value, parser):
if not os.path.isdir(value):
-@@ -194,6 +209,8 @@
+@@ -194,6 +209,8 @@ class Sandbox:
self.__include(option, opt, i[:-1], parser)
except IOError, e:
sys.stderr.write(str(e))
@@ -2051,7 +1977,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
fd.close()
def __copyfiles(self):
-@@ -212,13 +229,15 @@
+@@ -212,13 +229,15 @@ class Sandbox:
/etc/gdm/Xsession
""")
else:
@@ -2069,7 +1995,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
kill -TERM $WM_PID 2> /dev/null
""" % (command, wm, command))
fd.close()
-@@ -226,14 +245,25 @@
+@@ -226,14 +245,25 @@ kill -TERM $WM_PID 2> /dev/null
def usage(self, message = ""):
error_exit("%s\n%s" % (self.__parser.usage, message))
@@ -2099,7 +2025,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
parser = OptionParser(version=self.VERSION, usage=usage)
parser.disable_interspersed_args()
-@@ -268,6 +298,10 @@
+@@ -268,6 +298,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
action="callback", callback=self.__validdir,
help=_("alternate /tmp directory to use for mounting"))
@@ -2110,7 +2036,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
default="/usr/bin/matchbox-window-manager -use_titlebar no",
-@@ -276,13 +310,17 @@
+@@ -276,13 +310,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-l", "--level", dest="level",
help=_("MCS/MLS level for the sandbox"))
@@ -2129,7 +2055,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if self.__options.setype:
self.setype = self.__options.setype
-@@ -299,6 +337,9 @@
+@@ -299,6 +337,9 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
self.__options.X_ind = True
self.__homedir = self.__options.homedir
self.__tmpdir = self.__options.tmpdir
@@ -2139,7 +2065,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
else:
if len(cmds) == 0:
self.usage(_("Command required"))
-@@ -351,22 +392,24 @@
+@@ -351,22 +392,24 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-
def __execute(self):
try:
@@ -2179,9 +2105,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
selinux.setexeccon(self.__execcon)
rc = subprocess.Popen(self.__cmds).wait()
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.84/sandbox/sandbox.8
---- nsapolicycoreutils/sandbox/sandbox.8 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/sandbox/sandbox.8 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
+index 1479364..73d33b3 100644
+--- a/policycoreutils/sandbox/sandbox.8
++++ b/policycoreutils/sandbox/sandbox.8
@@ -1,10 +1,13 @@
-.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.TH SANDBOX "8" "May 2010" "sandbox" "User Commands"
@@ -2199,7 +2126,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.br
.SH DESCRIPTION
.PP
-@@ -42,6 +45,12 @@
+@@ -42,6 +45,12 @@ Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
\fB\-T\ tmpdir
Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
.TP
@@ -2212,7 +2139,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
\fB\-W windowmanager\fR
Select alternative window manager to run within
.B sandbox -X.
-@@ -50,8 +59,17 @@
+@@ -50,8 +59,17 @@ Default to /usr/bin/matchbox-window-manager.
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
@@ -2231,9 +2158,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Dan Walsh <dwalsh at redhat.com>
+and
+.I Thomas Liu <tliu at fedoraproject.org>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf policycoreutils-2.0.84/sandbox/sandbox.conf
---- nsapolicycoreutils/sandbox/sandbox.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sandbox/sandbox.conf 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sandbox/sandbox.conf b/policycoreutils/sandbox/sandbox.conf
+new file mode 100644
+index 0000000..7c35808
+--- /dev/null
++++ b/policycoreutils/sandbox/sandbox.conf
@@ -0,0 +1,7 @@
+# Space separate list of homedirs
+HOMEDIRS="/home"
@@ -2242,9 +2171,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+CPUAFFINITY=ALL
+MEMUSAGE=80%
+CPUUSAGE=80%
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.conf.5 policycoreutils-2.0.84/sandbox/sandbox.conf.5
---- nsapolicycoreutils/sandbox/sandbox.conf.5 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sandbox/sandbox.conf.5 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5
+new file mode 100644
+index 0000000..ee97e10
+--- /dev/null
++++ b/policycoreutils/sandbox/sandbox.conf.5
@@ -0,0 +1,40 @@
+.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
+.SH NAME
@@ -2286,9 +2217,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.SH AUTHOR
+This manual page was written by
+.I Thomas Liu <tliu at fedoraproject.org>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.84/sandbox/sandbox.init
---- nsapolicycoreutils/sandbox/sandbox.init 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/sandbox/sandbox.init 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
+index ff8b3ef..8508647 100644
+--- a/policycoreutils/sandbox/sandbox.init
++++ b/policycoreutils/sandbox/sandbox.init
@@ -10,17 +10,12 @@
#
# chkconfig: 345 1 99
@@ -2313,10 +2245,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#
# Source function library.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.84/sandbox/sandboxX.sh
---- nsapolicycoreutils/sandbox/sandboxX.sh 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/sandbox/sandboxX.sh 2010-11-30 11:57:21.000000000 -0500
-@@ -1,13 +1,26 @@
+diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
+index 8338203..e501b03 100644
+--- a/policycoreutils/sandbox/sandboxX.sh
++++ b/policycoreutils/sandbox/sandboxX.sh
+@@ -1,13 +1,17 @@
#!/bin/bash
context=`id -Z | secon -t -l -P`
export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
@@ -2332,23 +2265,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+#!/bin/sh
+DISPLAY=$DISPLAY "\$@"
+__EOF
-+chmod +x ~/seremote
-+ python << __EOF
-+import gtk, os, commands
-+rc = [-1,'']
-+try:
-+ rc=commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])
-+except:
-+ pass
-+if rc[0] == 0:
-+ print rc[1]
-+__EOF
++ chmod +x ~/seremote
++ /usr/share/sandbox/start $HOME/.sandboxrc
export EXITCODE=$?
kill -HUP 0
break
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.8 policycoreutils-2.0.84/sandbox/seunshare.8
---- nsapolicycoreutils/sandbox/seunshare.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sandbox/seunshare.8 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sandbox/seunshare.8 b/policycoreutils/sandbox/seunshare.8
+new file mode 100644
+index 0000000..e7b8991
+--- /dev/null
++++ b/policycoreutils/sandbox/seunshare.8
@@ -0,0 +1,37 @@
+.TH SEUNSHARE "8" "May 2010" "seunshare" "User Commands"
+.SH NAME
@@ -2387,10 +2313,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.I Dan Walsh <dwalsh at redhat.com>
+and
+.I Thomas Liu <tliu at fedoraproject.org>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.84/sandbox/seunshare.c
---- nsapolicycoreutils/sandbox/seunshare.c 2010-06-16 08:03:38.000000000 -0400
-+++ policycoreutils-2.0.84/sandbox/seunshare.c 2010-11-30 11:57:21.000000000 -0500
-@@ -1,13 +1,21 @@
+diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
+index ec692e7..de694ad 100644
+--- a/policycoreutils/sandbox/seunshare.c
++++ b/policycoreutils/sandbox/seunshare.c
+@@ -1,28 +1,34 @@
+/*
+ * Authors: Dan Walsh <dwalsh at redhat.com>
+ * Authors: Thomas Liu <tliu at fedoraproject.org>
@@ -2411,9 +2338,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#include <stdio.h>
+#include <regex.h>
#include <unistd.h>
++#include <sys/fsuid.h>
#include <stdlib.h>
#include <cap-ng.h>
-@@ -15,14 +23,11 @@
+ #include <getopt.h> /* for getopt_long() form of getopt() */
#include <limits.h>
#include <stdlib.h>
#include <errno.h>
@@ -2429,7 +2357,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#ifdef USE_NLS
#include <locale.h> /* for setlocale() */
#include <libintl.h> /* for gettext() */
-@@ -39,6 +44,12 @@
+@@ -39,6 +45,12 @@
#define MS_PRIVATE 1<<18
#endif
@@ -2442,7 +2370,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/**
* This function will drop all capabilities
* Returns zero on success, non-zero otherwise
-@@ -46,9 +57,9 @@
+@@ -46,9 +58,9 @@
static int drop_capabilities(uid_t uid)
{
capng_clear(CAPNG_SELECT_BOTH);
@@ -2453,7 +2381,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
/* Change uid */
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
-@@ -134,42 +145,98 @@
+@@ -134,42 +146,98 @@ static int verify_shell(const char *shell_name)
static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) {
if (verbose)
printf("Mount %s on %s\n", src, dst);
@@ -2512,8 +2440,9 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ syslog(LOG_AUTHPRIV | LOG_ALERT, string);
+ exit(-1);
+
-+}
-+
+ }
+
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
+
+int match(const char *string, char *pattern) {
+ int status;
@@ -2527,9 +2456,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ return 0;
+ }
+ return 1;
- }
-
--#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++}
++
+void config_error() {
+ fprintf(stderr, "Error parsing config file.");
+ exit(-1);
@@ -2557,10 +2485,15 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
{NULL, 0, 0, 0}
};
-@@ -180,6 +247,12 @@
+@@ -180,6 +248,17 @@ int main(int argc, char **argv) {
return -1;
}
++ if (setfsuid(uid) < 0) {
++ fprintf(stderr, _("setfsuid failed. %s"), strerror(errno));
++ return -1;
++ }
++
+#ifdef USE_NLS
+ setlocale(LC_ALL, "");
+ bindtextdomain(PACKAGE, LOCALEDIR);
@@ -2570,7 +2503,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
struct passwd *pwd=getpwuid(uid);
if (!pwd) {
perror(_("getpwduid failed"));
-@@ -192,30 +265,30 @@
+@@ -192,30 +271,30 @@ int main(int argc, char **argv) {
}
while (1) {
@@ -2610,7 +2543,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
default:
fprintf(stderr, "%s\n", USAGE_STRING);
return -1;
-@@ -223,21 +296,179 @@
+@@ -223,21 +302,179 @@ int main(int argc, char **argv) {
}
if (! homedir_s && ! tmpdir_s) {
@@ -2796,7 +2729,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (unshare(CLONE_NEWNS) < 0) {
perror(_("Failed to unshare"));
-@@ -286,11 +517,13 @@
+@@ -286,11 +523,13 @@ int main(int argc, char **argv) {
exit(-1);
}
@@ -2815,7 +2748,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
}
if (display)
-@@ -305,17 +538,14 @@
+@@ -305,17 +544,14 @@ int main(int argc, char **argv) {
perror(_("Failed to change dir to homedir"));
exit(-1);
}
@@ -2834,19 +2767,48 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
return status;
}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.84/scripts/chcat
---- nsapolicycoreutils/scripts/chcat 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/scripts/chcat 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sandbox/start b/policycoreutils/sandbox/start
+new file mode 100755
+index 0000000..52950d7
+--- /dev/null
++++ b/policycoreutils/sandbox/start
+@@ -0,0 +1,9 @@
++#! /usr/bin/python -Es
++import gtk, commands, sys
++rc = [-1,'']
++try:
++ rc=commands.getstatusoutput(sys.argv[1])
++except:
++ pass
++if rc[0] == 0:
++ print rc[1]
+diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
+index 53b65b6..cc75a96 100644
+--- a/policycoreutils/scripts/Makefile
++++ b/policycoreutils/scripts/Makefile
+@@ -14,6 +14,7 @@ install: all
+ install -m 755 genhomedircon $(SBINDIR)
+ -mkdir -p $(MANDIR)/man8
+ install -m 644 fixfiles.8 $(MANDIR)/man8/
++ install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ install -m 644 chcat.8 $(MANDIR)/man8/
+
+ clean:
+diff --git a/policycoreutils/scripts/chcat b/policycoreutils/scripts/chcat
+index 4038a99..9efcb22 100755
+--- a/policycoreutils/scripts/chcat
++++ b/policycoreutils/scripts/chcat
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
# Copyright (C) 2005 Red Hat
# see file 'COPYING' for use and warranty information
#
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.84/scripts/fixfiles
---- nsapolicycoreutils/scripts/fixfiles 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/scripts/fixfiles 2010-11-30 11:57:21.000000000 -0500
-@@ -21,6 +21,17 @@
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index ae519fc..0890811 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -21,6 +21,25 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
@@ -2860,11 +2822,19 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+done
+}
+
++exclude_dirs() {
++ exclude=
++ for i in /var/lib/BackupPC /home /tmp /dev; do
++ [ -e $i ] && exclude="$exclude -e $i";
++ done
++ echo "$exclude"
++}
++
+#
# Set global Variables
#
fullFlag=0
-@@ -35,9 +46,7 @@
+@@ -35,9 +54,7 @@ SYSLOGFLAG="-l"
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
@@ -2875,7 +2845,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
. /etc/selinux/config
-@@ -87,23 +96,10 @@
+@@ -87,23 +104,10 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then
esac; \
fi; \
done | \
@@ -2884,7 +2854,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
- done 2> /dev/null | \
- ${RESTORECON} $* -0 -f -
-+ ${RESTORECON} -f - -R -p -e /var/lib/BackupPC -e /home -e /tmp -r /dev; \
++ ${RESTORECON} -f - -R -p `exclude_dirs`; \
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
@@ -2900,7 +2870,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
rpmlist() {
rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
-@@ -121,23 +117,16 @@
+@@ -121,23 +125,16 @@ if [ ! -z "$PREFC" ]; then
fi
if [ ! -z "$RPMFILES" ]; then
for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do
@@ -2927,7 +2897,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
-@@ -146,8 +135,7 @@
+@@ -146,8 +143,7 @@ exit $?
fullrelabel() {
logit "Cleaning out /tmp"
@@ -2937,9 +2907,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
restore
}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/genhomedircon.8 policycoreutils-2.0.84/scripts/genhomedircon.8
---- nsapolicycoreutils/scripts/genhomedircon.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/scripts/genhomedircon.8 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
+new file mode 100644
+index 0000000..6331660
+--- /dev/null
++++ b/policycoreutils/scripts/genhomedircon.8
@@ -0,0 +1,37 @@
+.\" Hey, Emacs! This is an -*- nroff -*- source file.
+.\" Copyright (c) 2010 Dan Walsh <dwalsh at redhat.com>
@@ -2978,45 +2950,25 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.SH AUTHOR
+This manual page was written by
+.I Dan Walsh <dwalsh at redhat.com>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/Makefile policycoreutils-2.0.84/scripts/Makefile
---- nsapolicycoreutils/scripts/Makefile 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/scripts/Makefile 2010-11-30 11:57:21.000000000 -0500
-@@ -14,6 +14,7 @@
- install -m 755 genhomedircon $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
-+ install -m 644 genhomedircon.8 $(MANDIR)/man8/
- install -m 644 chcat.8 $(MANDIR)/man8/
-
- clean:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/severify.py policycoreutils-2.0.84/scripts/severify.py
---- nsapolicycoreutils/scripts/severify.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/scripts/severify.py 2010-11-30 11:57:21.000000000 -0500
-@@ -0,0 +1,21 @@
-+#! /usr/bin/python -Es
-+import seobject
-+import selinux
-+import setools
-+import sys
-+#store = selinux.selinux_getpolicytype()[1]
-+#mod=seobject.moduleRecords(store = store, reload=False)
-+#mod.disable("zebra")
-+fd = open(sys.argv[1], "r")
-+lines = fd.readlines()
-+#fd.close()
-+#for i in lines:
-+# j = i.split()
-+# if len(j) == 0 or ( j[0] != "allow" and j[0] != "dontaudit"):
-+# continue
-+# allow = j[0]
-+# print j[1]
-+#sys.exit()
-+#setools.sesearch([ setools.ALLOW ], { setools.SCONTEXT:"rwho_t", setools.TCONTEXT:"rwho_spool_t" } )
-+#mod.enable("zebra")
-+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.84/semanage/default_encoding/default_encoding.c
---- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/semanage/default_encoding/default_encoding.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile
+new file mode 100644
+index 0000000..176b11f
+--- /dev/null
++++ b/policycoreutils/semanage/default_encoding/Makefile
+@@ -0,0 +1,8 @@
++all:
++ LDFLAGS="" python setup.py build
++
++install: all
++ LDFLAGS="" python setup.py install --root=$(DESTDIR)/
++
++clean:
++ rm -rf build *~
+diff --git a/policycoreutils/semanage/default_encoding/default_encoding.c b/policycoreutils/semanage/default_encoding/default_encoding.c
+new file mode 100644
+index 0000000..c3cdd4e
+--- /dev/null
++++ b/policycoreutils/semanage/default_encoding/default_encoding.c
@@ -0,0 +1,59 @@
+/*
+ * Authors:
@@ -3077,21 +3029,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ PyUnicode_SetDefaultEncoding("utf-8");
+ m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.84/semanage/default_encoding/Makefile
---- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/semanage/default_encoding/Makefile 2010-11-30 11:57:21.000000000 -0500
-@@ -0,0 +1,8 @@
-+all:
-+ LDFLAGS="" python setup.py build
-+
-+install: all
-+ LDFLAGS="" python setup.py install --root=$(DESTDIR)/
-+
-+clean:
-+ rm -rf build *~
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.84/semanage/default_encoding/policycoreutils/__init__.py
---- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/semanage/default_encoding/policycoreutils/__init__.py 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py
+new file mode 100644
+index 0000000..ccb6b8b
+--- /dev/null
++++ b/policycoreutils/semanage/default_encoding/policycoreutils/__init__.py
@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
@@ -3110,9 +3052,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.84/semanage/default_encoding/setup.py
---- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/semanage/default_encoding/setup.py 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/semanage/default_encoding/setup.py b/policycoreutils/semanage/default_encoding/setup.py
+new file mode 100644
+index 0000000..e2befdb
+--- /dev/null
++++ b/policycoreutils/semanage/default_encoding/setup.py
@@ -0,0 +1,38 @@
+# Authors:
+# John Dennis <jdennis at redhat.com>
@@ -3152,9 +3096,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ ext_modules = [default_encoding_utf8],
+ packages=["policycoreutils"],
+)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.84/semanage/semanage
---- nsapolicycoreutils/semanage/semanage 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/semanage/semanage 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
+index ffaca5b..75b53e8 100644
+--- a/policycoreutils/semanage/semanage
++++ b/policycoreutils/semanage/semanage
@@ -1,4 +1,4 @@
-#! /usr/bin/python -E
+#! /usr/bin/python -Es
@@ -3169,7 +3114,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
import sys, getopt, re
import seobject
import selinux
-@@ -32,27 +33,36 @@
+@@ -32,27 +33,36 @@ gettext.textdomain(PROGNAME)
try:
gettext.install(PROGNAME,
localedir="/usr/share/locale",
@@ -3211,7 +3156,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
semanage dontaudit [ on | off ]
Primary Options:
-@@ -61,7 +71,9 @@
+@@ -61,7 +71,9 @@ Primary Options:
-d, --delete Delete a OBJECT record NAME
-m, --modify Modify a OBJECT record NAME
-i, --input Input multiple semange commands in a transaction
@@ -3221,7 +3166,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-C, --locallist List OBJECTS local customizations
-D, --deleteall Remove all OBJECTS local customizations
-@@ -84,12 +96,15 @@
+@@ -84,12 +96,15 @@ Object-specific Options (see above):
-F, --file Treat target as an input file for command, change multiple settings
-p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6)
-M, --mask Netmask
@@ -3237,7 +3182,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
""")
raise ValueError("%s\n%s" % (text, message))
-@@ -101,7 +116,7 @@
+@@ -101,7 +116,7 @@ Object-specific Options (see above):
def get_options():
valid_option={}
@@ -3246,7 +3191,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
valid_option["login"] = []
valid_option["login"] += valid_everyone + [ '-s', '--seuser', '-r', '--range']
valid_option["user"] = []
-@@ -112,8 +127,10 @@
+@@ -112,8 +127,10 @@ Object-specific Options (see above):
valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range']
valid_option["node"] = []
valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol']
@@ -3258,7 +3203,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
valid_option["dontaudit"] = [ '-S', '--store' ]
valid_option["boolean"] = []
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"]
-@@ -168,6 +185,8 @@
+@@ -168,6 +185,8 @@ Object-specific Options (see above):
return ret
def process_args(argv):
@@ -3267,7 +3212,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
serange = ""
port = ""
proto = ""
-@@ -184,11 +203,17 @@
+@@ -184,11 +203,17 @@ Object-specific Options (see above):
modify = False
delete = False
deleteall = False
@@ -3285,7 +3230,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
object = argv[0]
option_dict=get_options()
if object not in option_dict.keys():
-@@ -197,10 +222,14 @@
+@@ -197,10 +222,14 @@ Object-specific Options (see above):
args = argv[1:]
gopts, cmds = getopt.getopt(args,
@@ -3301,7 +3246,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
'ftype=',
'file',
'help',
-@@ -225,29 +254,47 @@
+@@ -225,29 +254,47 @@ Object-specific Options (see above):
for o, a in gopts:
if o not in option_dict[object]:
sys.stderr.write(_("%s not valid for %s objects\n") % ( o, object) );
@@ -3356,7 +3301,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if o == "-n" or o == "--noheading":
heading = False
-@@ -256,8 +303,7 @@
+@@ -256,8 +303,7 @@ Object-specific Options (see above):
locallist = True
if o == "-m"or o == "--modify":
@@ -3366,7 +3311,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
modify = True
if o == "-S" or o == '--store':
-@@ -292,8 +338,10 @@
+@@ -292,8 +338,10 @@ Object-specific Options (see above):
if o == "--on" or o == "-1":
value = "on"
@@ -3377,7 +3322,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if object == "login":
OBJECT = seobject.loginRecords(store)
-@@ -315,6 +363,11 @@
+@@ -315,6 +363,11 @@ Object-specific Options (see above):
if object == "boolean":
OBJECT = seobject.booleanRecords(store)
@@ -3389,7 +3334,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if object == "permissive":
OBJECT = seobject.permissiveRecords(store)
-@@ -330,65 +383,97 @@
+@@ -330,65 +383,97 @@ Object-specific Options (see above):
OBJECT.deleteall()
return
@@ -3499,7 +3444,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if delete:
if object == "port":
OBJECT.delete(target, proto)
-@@ -401,15 +486,14 @@
+@@ -401,15 +486,14 @@ Object-specific Options (see above):
else:
OBJECT.delete(target)
@@ -3517,7 +3462,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
input = None
store = ""
-@@ -417,7 +501,7 @@
+@@ -417,7 +501,7 @@ Object-specific Options (see above):
usage(_("Requires 2 or more arguments"))
gopts, cmds = getopt.getopt(sys.argv[1:],
@@ -3526,7 +3471,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
['add',
'delete',
'deleteall',
-@@ -431,6 +515,7 @@
+@@ -431,6 +515,7 @@ Object-specific Options (see above):
'localist',
'off',
'on',
@@ -3534,7 +3479,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
'proto=',
'seuser=',
'store=',
-@@ -438,6 +523,7 @@
+@@ -438,6 +523,7 @@ Object-specific Options (see above):
'level=',
'roles=',
'type=',
@@ -3542,7 +3487,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
'prefix='
])
for o, a in gopts:
-@@ -445,6 +531,16 @@
+@@ -445,6 +531,16 @@ Object-specific Options (see above):
store = a
if o == "-i" or o == '--input':
input = a
@@ -3559,15 +3504,16 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if input != None:
if input == "-":
-@@ -467,3 +563,5 @@
+@@ -467,3 +563,5 @@ Object-specific Options (see above):
errorExit(_("Invalid value %s") % error.args[0])
except IOError, error:
errorExit(error.args[1])
+ except OSError, error:
+ errorExit(error.args[1])
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.84/semanage/semanage.8
---- nsapolicycoreutils/semanage/semanage.8 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/semanage/semanage.8 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
+index 70d1a20..fb6a79b 100644
+--- a/policycoreutils/semanage/semanage.8
++++ b/policycoreutils/semanage/semanage.8
@@ -1,29 +1,69 @@
-.TH "semanage" "8" "2005111103" "" ""
+.TH "semanage" "8" "20100223" "" ""
@@ -3582,14 +3528,12 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.B semanage [ -S store ] -o [ output_file | - ]
+
+Input local customizations
- .br
--.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
++.br
+.B semanage [ -S store ] -i [ input_file | - ]
+
+Manage booleans. Booleans allow the administrator to modify the confinement of
+processes based on his configuration.
- .br
--.B semanage user \-{a|d|m} [\-LrRP] selinux_name
++.br
+.B semanage boolean [\-S store] \-{d|m|l|n|D} \-[\-on|\-off|\1|0] -F boolean | boolean_file
+
+Manage SELinux confined users (Roles and levels for an SELinux user)
@@ -3605,39 +3549,41 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+.B semanage module [\-S store] \-{a|d|l} [-m [--enable | --disable] ] module_name
+
+Manage network port type definitions
-+.br
+ .br
+-.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
+.B semanage port [\-S store] \-{a|d|m|l|n|D} [\-tr] [\-p proto] port | port_range
-+.br
+ .br
+-.B semanage user \-{a|d|m} [\-LrRP] selinux_name
+
+Manage network interface type definitions
+.br
+.B semanage interface [\-S store] \-{a|d|m|l|n|D} [\-tr] interface_spec
+
+Manage network node type definitions
-+.br
+ .br
+-.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
+.B semanage node [\-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address
-+.br
+ .br
+-.B semanage interface \-{a|d|m} [\-tr] interface_spec
+
+Manage file context mapping definitions
- .br
--.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
++.br
+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec
.br
--.B semanage interface \-{a|d|m} [\-tr] interface_spec
+-.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
+.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target
.br
--.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
+-.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+
+Manage processes type enforcement mode
.br
--.B semanage fcontext \-{a|d|m} [\-frst] file_spec
+-.B semanage permissive \-{a|d} type
+.B semanage permissive [\-S store] \-{a|d|l|n|D} type
.br
--.B semanage permissive \-{a|d} type
+-.B semanage dontaudit [ on | off ]
+
+Disable/Enable dontaudit rules in policy
- .br
--.B semanage dontaudit [ on | off ]
++.br
+.B semanage dontaudit [\-S store] [ on | off ]
.P
@@ -3649,7 +3595,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.SH "DESCRIPTION"
semanage is used to configure certain elements of
SELinux policy without requiring modification to or recompilation
-@@ -52,6 +92,22 @@
+@@ -52,6 +92,22 @@ Delete a OBJECT record NAME
.I \-D, \-\-deleteall
Remove all OBJECTS local customizations
.TP
@@ -3672,7 +3618,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
-@@ -60,6 +116,7 @@
+@@ -60,6 +116,7 @@ Requires a file type as shown in the mode field by ls, e.g. use -d to match only
Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format.
Currently booleans only.
@@ -3680,7 +3626,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.TP
.I \-h, \-\-help
display this message
-@@ -76,6 +133,9 @@
+@@ -76,6 +133,9 @@ Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
.I \-m, \-\-modify
Modify a OBJECT record NAME
.TP
@@ -3690,7 +3636,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.I \-n, \-\-noheading
Do not print heading when listing OBJECTS.
.TP
-@@ -99,26 +159,67 @@
+@@ -99,26 +159,67 @@ Select and alternate SELinux store to manage
.TP
.I \-t, \-\-type
SELinux Type for the object
@@ -3774,10 +3720,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+and Russell Coker <rcoker at redhat.com>.
+.br
Examples by Thomas Bleher <ThomasBleher at gmx.de>.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.84/semanage/seobject.py
---- nsapolicycoreutils/semanage/seobject.py 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/semanage/seobject.py 2010-11-30 11:57:21.000000000 -0500
-@@ -29,47 +29,12 @@
+diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
+index b7d257b..40e57e9 100644
+--- a/policycoreutils/semanage/seobject.py
++++ b/policycoreutils/semanage/seobject.py
+@@ -29,47 +29,12 @@ import sepolgen.module as module
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -3801,7 +3748,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
-
- if store != "":
- semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
-
+-
- if not semanage_is_managed(handle):
- semanage_handle_destroy(handle)
- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
@@ -3815,7 +3762,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
- if rc < 0:
- semanage_handle_destroy(handle)
- raise ValueError(_("Could not establish semanage connection"))
--
+
- is_mls_enabled = semanage_mls_enabled(handle)
- if is_mls_enabled < 0:
- semanage_handle_destroy(handle)
@@ -3829,7 +3776,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
file_types = {}
file_types[""] = SEMANAGE_FCONTEXT_ALL;
-@@ -194,44 +159,153 @@
+@@ -194,45 +159,154 @@ def untranslate(trans, prepend = 1):
return trans
else:
return raw
@@ -3922,8 +3869,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
raise ValueError(_("Semanage transaction not in progress"))
- self.transaction = False
+ semanageRecords.transaction = False
-+ self.commit()
-+
+ self.commit()
+
+class moduleRecords(semanageRecords):
+ def __init__(self, store):
+ semanageRecords.__init__(self, store)
@@ -3987,17 +3934,18 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ if rc < 0 and rc != -2:
+ raise ValueError(_("Could not remove module %s (remove failed)") % m)
+
- self.commit()
++ self.commit()
+
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+ all = " ".join(l[0])
+ self.delete(all)
-
++
class dontauditClass(semanageRecords):
def __init__(self, store):
-@@ -259,14 +333,23 @@
+ semanageRecords.__init__(self, store)
+@@ -259,14 +333,23 @@ class permissiveRecords(semanageRecords):
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -4025,7 +3973,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def add(self, type):
import glob
-@@ -343,7 +426,9 @@
+@@ -343,7 +426,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -4036,7 +3984,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -475,6 +560,16 @@
+@@ -475,6 +560,16 @@ class loginRecords(semanageRecords):
mylog.log(1, "delete SELinux user mapping", name);
@@ -4053,7 +4001,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -489,6 +584,15 @@
+@@ -489,6 +584,15 @@ class loginRecords(semanageRecords):
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@@ -4069,7 +4017,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -531,7 +635,8 @@
+@@ -531,7 +635,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -4079,7 +4027,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -682,6 +787,16 @@
+@@ -682,6 +787,16 @@ class seluserRecords(semanageRecords):
mylog.log(1,"delete SELinux user record", name)
@@ -4096,7 +4044,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -702,6 +817,15 @@
+@@ -702,6 +817,15 @@ class seluserRecords(semanageRecords):
return ddict
@@ -4112,7 +4060,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -740,12 +864,16 @@
+@@ -740,12 +864,16 @@ class portRecords(semanageRecords):
low = int(ports[0])
high = int(ports[1])
@@ -4129,7 +4077,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -808,6 +936,7 @@
+@@ -808,6 +936,7 @@ class portRecords(semanageRecords):
self.commit()
def __modify(self, port, proto, serange, setype):
@@ -4137,7 +4085,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
-@@ -942,6 +1071,18 @@
+@@ -942,6 +1071,18 @@ class portRecords(semanageRecords):
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@@ -4156,7 +4104,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -958,7 +1099,8 @@
+@@ -958,7 +1099,8 @@ class portRecords(semanageRecords):
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
@@ -4166,7 +4114,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __add(self, addr, mask, proto, serange, ctype):
if addr == "":
raise ValueError(_("Node Address is required"))
-@@ -966,14 +1108,11 @@
+@@ -966,14 +1108,11 @@ class nodeRecords(semanageRecords):
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -4184,7 +4132,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -991,11 +1130,13 @@
+@@ -991,11 +1130,13 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -4199,7 +4147,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
rc = semanage_node_set_addr(self.sh, node, proto, addr)
(rc, con) = semanage_context_create(self.sh)
-@@ -1005,8 +1146,7 @@
+@@ -1005,8 +1146,7 @@ class nodeRecords(semanageRecords):
rc = semanage_node_set_mask(self.sh, node, proto, mask)
if rc < 0:
raise ValueError(_("Could not set mask for %s") % addr)
@@ -4209,7 +4157,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
rc = semanage_context_set_user(self.sh, con, "system_u")
if rc < 0:
raise ValueError(_("Could not set user in addr context for %s") % addr)
-@@ -1047,13 +1187,10 @@
+@@ -1047,13 +1187,10 @@ class nodeRecords(semanageRecords):
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -4227,7 +4175,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
-@@ -1068,12 +1205,11 @@
+@@ -1068,12 +1205,11 @@ class nodeRecords(semanageRecords):
if not exists:
raise ValueError(_("Addr %s is not defined") % addr)
@@ -4241,7 +4189,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if serange != "":
semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
-@@ -1098,11 +1234,9 @@
+@@ -1098,11 +1234,9 @@ class nodeRecords(semanageRecords):
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -4256,7 +4204,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
raise ValueError(_("Unknown or missing protocol"))
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
-@@ -1132,6 +1266,16 @@
+@@ -1132,6 +1266,16 @@ class nodeRecords(semanageRecords):
self.__delete(addr, mask, proto)
self.commit()
@@ -4273,7 +4221,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist :
-@@ -1145,15 +1289,20 @@
+@@ -1145,15 +1289,20 @@ class nodeRecords(semanageRecords):
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@@ -4299,7 +4247,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1193,7 +1342,8 @@
+@@ -1193,7 +1342,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -4309,7 +4257,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1307,6 +1457,16 @@
+@@ -1307,6 +1457,16 @@ class interfaceRecords(semanageRecords):
self.__delete(interface)
self.commit()
@@ -4326,7 +4274,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -1322,6 +1482,15 @@
+@@ -1322,6 +1482,15 @@ class interfaceRecords(semanageRecords):
return ddict
@@ -4342,7 +4290,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1338,6 +1507,48 @@
+@@ -1338,6 +1507,48 @@ class interfaceRecords(semanageRecords):
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -4391,7 +4339,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1364,6 +1575,8 @@
+@@ -1364,6 +1575,8 @@ class fcontextRecords(semanageRecords):
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@@ -4400,7 +4348,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
-@@ -1388,7 +1601,8 @@
+@@ -1388,7 +1601,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -4410,7 +4358,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1504,9 +1718,16 @@
+@@ -1504,9 +1718,16 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -4427,7 +4375,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1561,12 +1782,22 @@
+@@ -1561,12 +1782,22 @@ class fcontextRecords(semanageRecords):
return ddict
@@ -4452,7 +4400,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1575,6 +1806,12 @@
+@@ -1575,6 +1806,12 @@ class fcontextRecords(semanageRecords):
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -4465,7 +4413,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
-@@ -1587,6 +1824,18 @@
+@@ -1587,6 +1824,18 @@ class booleanRecords(semanageRecords):
self.dict["1"] = 1
self.dict["0"] = 0
@@ -4484,7 +4432,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def __mod(self, name, value):
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
-@@ -1606,9 +1855,10 @@
+@@ -1606,9 +1855,10 @@ class booleanRecords(semanageRecords):
else:
raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) )
@@ -4498,7 +4446,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
-@@ -1691,8 +1941,12 @@
+@@ -1691,8 +1941,12 @@ class booleanRecords(semanageRecords):
value = []
name = semanage_bool_get_name(boolean)
value.append(semanage_bool_get_value(boolean))
@@ -4513,7 +4461,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
ddict[name] = value
return ddict
-@@ -1706,6 +1960,16 @@
+@@ -1706,6 +1960,16 @@ class booleanRecords(semanageRecords):
else:
return _("unknown")
@@ -4530,9 +4478,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"), _("on"))
if use_file:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/Makefile policycoreutils-2.0.84/sepolgen-ifgen/Makefile
---- nsapolicycoreutils/sepolgen-ifgen/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sepolgen-ifgen/Makefile 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sepolgen-ifgen/Makefile b/policycoreutils/sepolgen-ifgen/Makefile
+new file mode 100644
+index 0000000..211580d
+--- /dev/null
++++ b/policycoreutils/sepolgen-ifgen/Makefile
@@ -0,0 +1,25 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -4559,9 +4509,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel: ;
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c policycoreutils-2.0.84/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
---- nsapolicycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.84/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c b/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
+new file mode 100644
+index 0000000..995b270
+--- /dev/null
++++ b/policycoreutils/sepolgen-ifgen/sepolgen-ifgen-attr-helper.c
@@ -0,0 +1,230 @@
+/* Authors: Frank Mayer <mayerf at tresys.com>
+ * and Karl MacMillan <kmacmillan at tresys.com>
@@ -4793,16 +4745,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+
+ return 0;
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.84/setfiles/restore.c
---- nsapolicycoreutils/setfiles/restore.c 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/setfiles/restore.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
+index b649d8f..38416d8 100644
+--- a/policycoreutils/setfiles/restore.c
++++ b/policycoreutils/setfiles/restore.c
@@ -1,4 +1,5 @@
#include "restore.h"
+#include <glob.h>
#define SKIP -2
#define ERR -1
-@@ -31,7 +32,6 @@
+@@ -31,7 +32,6 @@ struct edir {
static file_spec_t *fl_head;
@@ -4810,7 +4763,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
static int filespec_add(ino_t ino, const security_context_t con, const char *file);
static int only_changed_user(const char *a, const char *b);
struct restore_opts *r_opts = NULL;
-@@ -53,7 +53,6 @@
+@@ -53,7 +53,6 @@ void remove_exclude(const char *directory)
}
}
return;
@@ -4818,7 +4771,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
}
void restore_init(struct restore_opts *opts)
-@@ -300,8 +299,14 @@
+@@ -300,8 +299,14 @@ static int process_one(char *name, int recurse_this_path)
int rc = 0;
const char *namelist[2] = {name, NULL};
dev_t dev_num = 0;
@@ -4835,7 +4788,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
fts_handle = fts_open((char **)namelist, r_opts->fts_flags, NULL);
if (fts_handle == NULL) {
-@@ -357,11 +362,34 @@
+@@ -357,11 +362,34 @@ err:
goto out;
}
@@ -4871,7 +4824,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (r_opts == NULL){
fprintf(stderr,
-@@ -372,8 +400,9 @@
+@@ -372,8 +400,9 @@ int process_one_realpath(char *name, int recurse)
if (!r_opts->expand_realpath) {
return process_one(name, recurse);
} else {
@@ -4882,7 +4835,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
fprintf(stderr, "%s: lstat(%s) failed: %s\n",
r_opts->progname, name, strerror(errno));
return -1;
-@@ -409,7 +438,7 @@
+@@ -409,7 +438,7 @@ int process_one_realpath(char *name, int recurse)
}
}
@@ -4891,7 +4844,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
{
int i = 0;
for (i = 0; i < excludeCtr; i++) {
-@@ -537,7 +566,7 @@
+@@ -537,7 +566,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
{
file_spec_t *prevfl, *fl;
int h, ret;
@@ -4900,7 +4853,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (!fl_head) {
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
-@@ -550,7 +579,7 @@
+@@ -550,7 +579,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
prevfl = fl, fl = fl->next) {
if (ino == fl->ino) {
@@ -4909,7 +4862,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
if (ret < 0 || sb.st_ino != ino) {
freecon(fl->con);
free(fl->file);
-@@ -602,5 +631,67 @@
+@@ -602,5 +631,67 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
return -1;
}
@@ -4977,10 +4930,34 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
+ free(buf);
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.84/setfiles/restorecon.8
---- nsapolicycoreutils/setfiles/restorecon.8 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/setfiles/restorecon.8 2010-11-30 11:57:21.000000000 -0500
-@@ -4,10 +4,10 @@
+diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h
+index 03b82e8..8b50ff8 100644
+--- a/policycoreutils/setfiles/restore.h
++++ b/policycoreutils/setfiles/restore.h
+@@ -27,6 +27,7 @@ struct restore_opts {
+ int hard_links;
+ int verbose;
+ int logging;
++ int ignore_enoent;
+ char *rootpath;
+ int rootpathlen;
+ char *progname;
+@@ -44,7 +45,10 @@ struct restore_opts {
+ void restore_init(struct restore_opts *opts);
+ void restore_finish();
+ int add_exclude(const char *directory);
++int exclude(const char *path);
+ void remove_exclude(const char *directory);
+ int process_one_realpath(char *name, int recurse);
++int process_glob(char *name, int recurse);
+
++void exclude_non_seclabel_mounts();
+ #endif
+diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
+index 1eb6a43..c8ea4bb 100644
+--- a/policycoreutils/setfiles/restorecon.8
++++ b/policycoreutils/setfiles/restorecon.8
+@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
.SH "SYNOPSIS"
.B restorecon
@@ -4993,7 +4970,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.SH "DESCRIPTION"
This manual page describes the
-@@ -40,6 +40,9 @@
+@@ -40,6 +40,9 @@ don't change any file labels.
.TP
.B \-o outfilename
save list of files with incorrect context in outfilename.
@@ -5003,32 +4980,11 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.TP
.B \-v
show changes in file labels.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.84/setfiles/restore.h
---- nsapolicycoreutils/setfiles/restore.h 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/setfiles/restore.h 2010-11-30 11:57:21.000000000 -0500
-@@ -27,6 +27,7 @@
- int hard_links;
- int verbose;
- int logging;
-+ int ignore_enoent;
- char *rootpath;
- int rootpathlen;
- char *progname;
-@@ -44,7 +45,10 @@
- void restore_init(struct restore_opts *opts);
- void restore_finish();
- int add_exclude(const char *directory);
-+int exclude(const char *path);
- void remove_exclude(const char *directory);
- int process_one_realpath(char *name, int recurse);
-+int process_glob(char *name, int recurse);
-
-+void exclude_non_seclabel_mounts();
- #endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.84/setfiles/setfiles.8
---- nsapolicycoreutils/setfiles/setfiles.8 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/setfiles/setfiles.8 2010-11-30 11:57:21.000000000 -0500
-@@ -31,6 +31,9 @@
+diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
+index ac68b94..28f99d9 100644
+--- a/policycoreutils/setfiles/setfiles.8
++++ b/policycoreutils/setfiles/setfiles.8
+@@ -31,6 +31,9 @@ log changes in file labels to syslog.
.TP
.B \-n
don't change any file labels.
@@ -5038,9 +4994,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
.TP
.B \-q
suppress non-error output.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.84/setfiles/setfiles.c
---- nsapolicycoreutils/setfiles/setfiles.c 2010-05-19 14:45:51.000000000 -0400
-+++ policycoreutils-2.0.84/setfiles/setfiles.c 2010-11-30 11:57:21.000000000 -0500
+diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
+index 8f4f663..b0a7e09 100644
+--- a/policycoreutils/setfiles/setfiles.c
++++ b/policycoreutils/setfiles/setfiles.c
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>
@@ -5049,7 +5006,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
#define __USE_XOPEN_EXTENDED 1 /* nftw */
#include <libgen.h>
#ifdef USE_AUDIT
-@@ -25,7 +24,6 @@
+@@ -25,7 +24,6 @@ static char *policyfile = NULL;
static int warn_no_match = 0;
static int null_terminated = 0;
static int errors;
@@ -5057,7 +5014,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
static struct restore_opts r_opts;
#define STAT_BLOCK_SIZE 1
-@@ -44,13 +42,13 @@
+@@ -44,13 +42,13 @@ void usage(const char *const name)
{
if (iamrestorecon) {
fprintf(stderr,
@@ -5073,7 +5030,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
name);
}
exit(1);
-@@ -138,69 +136,6 @@
+@@ -138,69 +136,6 @@ static void maybe_audit_mass_relabel(void)
#endif
}
@@ -5143,7 +5100,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
int main(int argc, char **argv)
{
struct stat sb;
-@@ -335,7 +270,7 @@
+@@ -335,7 +270,7 @@ int main(int argc, char **argv)
r_opts.debug = 1;
break;
case 'i':
@@ -5152,7 +5109,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
break;
case 'l':
r_opts.logging = 1;
-@@ -371,7 +306,7 @@
+@@ -371,7 +306,7 @@ int main(int argc, char **argv)
break;
}
if (optind + 1 >= argc) {
@@ -5161,7 +5118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
argv[0]);
exit(1);
}
-@@ -475,7 +410,7 @@
+@@ -475,7 +410,7 @@ int main(int argc, char **argv)
buf[len - 1] = 0;
if (!strcmp(buf, "/"))
mass_relabel = 1;
@@ -5170,7 +5127,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po
}
if (strcmp(input_filename, "-") != 0)
fclose(f);
-@@ -483,7 +418,8 @@
+@@ -483,7 +418,8 @@ int main(int argc, char **argv)
for (i = optind; i < argc; i++) {
if (!strcmp(argv[i], "/"))
mass_relabel = 1;
diff --git a/policycoreutils.spec b/policycoreutils.spec
index f70fe16..bebfaee 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.84
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -58,7 +58,7 @@ context.
%prep
%setup -q -a 1
-%patch -p1 -b .rhat
+%patch -p2 -b .rhat
%patch1 -p1 -b .rhatpo
%patch3 -p1 -b .gui
%patch4 -p1 -b .sepolgen
@@ -166,6 +166,7 @@ The policycoreutils-python package contains the scripts to create graphical sand
%files sandbox
%defattr(-,root,root,-)
%{_datadir}/sandbox/sandboxX.sh
+%{_datadir}/sandbox/start
%attr(0755,root,root) %caps(cap_setpcap,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
%{_mandir}/man8/seunshare.8*
%{_mandir}/man5/sandbox.conf.5*
@@ -327,6 +328,9 @@ fi
exit 0
%changelog
+* Thu Dec 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-5
+- Change to allow sandbox to run on nfs homedirs, add start python script
+
* Wed Dec 15 2010 Dan Walsh <dwalsh at redhat.com> 2.0.84-4
- Move seunshare to sandbox package
More information about the scm-commits
mailing list