rpms/policycoreutils/F-12 policycoreutils-gui.patch, 1.99, 1.100 policycoreutils-rhat.patch, 1.459, 1.460 policycoreutils.spec, 1.669, 1.670
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Feb 3 16:49:03 UTC 2010
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv16097
Modified Files:
policycoreutils-gui.patch policycoreutils-rhat.patch
policycoreutils.spec
Log Message:
* Wed Feb 3 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-18
- Fix seobject and fixfiles
policycoreutils-gui.patch:
Makefile | 40
booleansPage.py | 247 +++
domainsPage.py | 154 ++
fcontextPage.py | 223 ++
html_util.py | 164 ++
lockdown.glade | 771 ++++++++++
lockdown.gladep | 7
lockdown.py | 382 ++++
loginsPage.py | 185 ++
mappingsPage.py | 56
modulesPage.py | 190 ++
polgen.glade | 3305 +++++++++++++++++++++++++++++++++++++++++++
polgen.gladep | 7
polgen.py | 1213 +++++++++++++++
polgengui.py | 627 ++++++++
portsPage.py | 259 +++
selinux.tbl | 234 +++
semanagePage.py | 168 ++
statusPage.py | 190 ++
system-config-selinux.glade | 3024 +++++++++++++++++++++++++++++++++++++++
system-config-selinux.gladep | 7
system-config-selinux.py | 187 ++
templates/__init__.py | 18
templates/boolean.py | 40
templates/etc_rw.py | 129 +
templates/executable.py | 363 ++++
templates/network.py | 80 +
templates/rw.py | 127 +
templates/script.py | 126 +
templates/semodule.py | 41
templates/tmp.py | 97 +
templates/user.py | 182 ++
templates/var_lib.py | 158 ++
templates/var_log.py | 110 +
templates/var_run.py | 118 +
templates/var_spool.py | 129 +
usersPage.py | 150 +
37 files changed, 13508 insertions(+)
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-gui.patch,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -p -r1.99 -r1.100
--- policycoreutils-gui.patch 21 Jan 2010 14:35:23 -0000 1.99
+++ policycoreutils-gui.patch 3 Feb 2010 16:48:59 -0000 1.100
@@ -6414,8 +6414,8 @@ diff --exclude-from=exclude -N -u -r nsa
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.py 2010-01-08 10:18:49.000000000 -0500
-@@ -0,0 +1,1197 @@
++++ policycoreutils-2.0.78/gui/polgen.py 2010-02-03 11:46:45.000000000 -0500
+@@ -0,0 +1,1213 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2007, 2008, 2009 Red Hat
@@ -6614,6 +6614,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.symbols["openlog"] = "set_use_kerberos(True)"
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
+ self.symbols["openlog"] = "set_use_syslog(True)"
++ self.symbols["gethostby"] = "set_use_resolve(True)"
++ self.symbols["getaddrinfo"] = "set_use_resolve(True)"
++ self.symbols["getnameinfo"] = "set_use_resolve(True)"
+ self.symbols["krb"] = "set_use_kerberos(True)"
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
@@ -6624,7 +6627,6 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.symbols["dbus_"] = "set_use_dbus(True)"
+ self.symbols["pam_"] = "set_use_pam(True)"
+ self.symbols["pam_"] = "set_use_audit(True)"
-+
+ self.symbols["fork"] = "add_process('fork')"
+ self.symbols["transition"] = "add_process('transition')"
+ self.symbols["sigchld"] = "add_process('sigchld')"
@@ -6727,6 +6729,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.in_udp = [False, False, False, []]
+ self.out_tcp = [False, False, False, []]
+ self.out_udp = [False, False, False, []]
++ self.use_resolve = False
+ self.use_tmp = False
+ self.use_uid = False
+ self.use_syslog = False
@@ -6816,6 +6819,12 @@ diff --exclude-from=exclude -N -u -r nsa
+ def set_out_udp(self, all, ports):
+ self.out_udp = [ all , False, False, verify_ports(ports) ]
+
++ def set_use_resolve(self, val):
++ if val != True and val != False:
++ raise ValueError(_("use_resolve must be a boolean value "))
++
++ self.use_resolve = val
++
+ def set_use_syslog(self, val):
+ if val != True and val != False:
+ raise ValueError(_("use_syslog must be a boolean value "))
@@ -6873,6 +6882,12 @@ diff --exclude-from=exclude -N -u -r nsa
+ else:
+ return ""
+
++ def generate_resolve_rules(self):
++ if self.use_resolve:
++ return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules)
++ else:
++ return ""
++
+ def generate_kerberos_rules(self):
+ if self.use_kerberos:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
@@ -7283,6 +7298,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ newte += self.generate_tmp_rules()
+ newte += self.generate_uid_rules()
+ newte += self.generate_syslog_rules()
++ newte += self.generate_resolve_rules()
+ newte += self.generate_pam_rules()
+ newte += self.generate_dbus_rules()
+ newte += self.generate_audit_rules()
@@ -11889,8 +11905,8 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-21 08:18:05.000000000 -0500
-@@ -0,0 +1,359 @@
++++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-28 12:17:43.000000000 -0500
+@@ -0,0 +1,363 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12031,6 +12047,10 @@ diff --exclude-from=exclude -N -u -r nsa
+logging_send_syslog_msg(TEMPLATETYPE_t)
+"""
+
++te_resolve_rules="""
++sysnet_dns_name_resolve(TEMPLATETYPE_t)
++"""
++
+te_pam_rules="""
+auth_domtrans_chk_passwd(TEMPLATETYPE_t)
+"""
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 64 -
audit2allow/audit2allow.1 | 3
restorecond/Makefile | 24
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +---------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 +++++
restorecond/watch.c | 260 ++++++
sandbox/.sandboxSKnKBc/.esd_auth | 1
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml | 24
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml | 8
sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml | 6
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml | 23
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml | 6
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml | 4
sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml | 8
sandbox/.sandboxSKnKBc/.xmodmap | 248 +++++
sandbox/Makefile | 31
sandbox/deliverables/README | 32
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 +
sandbox/deliverables/sandbox | 216 +++++
sandbox/sandbox | 357 ++++++++
sandbox/sandbox.8 | 50 +
sandbox/sandboxX.sh | 14
sandbox/seunshare.c | 265 ++++++
scripts/fixfiles | 21
semanage/semanage | 124 ++
semanage/semanage.8 | 10
semanage/seobject.py | 406 +++++++--
semodule/semodule.8 | 6
semodule/semodule.c | 53 +
setfiles/restore.c | 97 ++
setfiles/restore.h | 4
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 78 -
43 files changed, 2628 insertions(+), 604 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-rhat.patch,v
retrieving revision 1.459
retrieving revision 1.460
diff -u -p -r1.459 -r1.460
--- policycoreutils-rhat.patch 19 Jan 2010 17:27:15 -0000 1.459
+++ policycoreutils-rhat.patch 3 Feb 2010 16:49:00 -0000 1.460
@@ -148,6 +148,19 @@ diff --exclude-from=exclude --exclude=se
+ audit2why.init()
app = AuditToPolicy()
app.main()
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.78/audit2allow/audit2allow.1
+--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-02-18 16:44:47.000000000 -0500
++++ policycoreutils-2.0.78/audit2allow/audit2allow.1 2010-01-25 15:55:32.000000000 -0500
+@@ -44,6 +44,9 @@
+ Note that all audit messages are not available via dmesg when
+ auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
+ .TP
++.B "\-D" | "\-\-dontaudit"
++Generate dontaudit rules rather then allow rules
++.TP
+ .B "\-h" | "\-\-help"
+ Print a short usage message
+ .TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.78/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.78/Makefile 2009-12-08 17:05:49.000000000 -0500
@@ -1084,7 +1097,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.78/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/restorecond/watch.c 2009-12-16 08:16:27.000000000 -0500
++++ policycoreutils-2.0.78/restorecond/watch.c 2010-01-29 16:35:39.000000000 -0500
@@ -0,0 +1,260 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1700,8 +1713,8 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.78/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-19 11:58:50.000000000 -0500
-@@ -0,0 +1,323 @@
++++ policycoreutils-2.0.78/sandbox/sandbox 2010-01-27 16:39:26.000000000 -0500
+@@ -0,0 +1,357 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh at redhat.com>
+# Authors: Josh Cogliati
@@ -1727,6 +1740,7 @@ diff --exclude-from=exclude --exclude=se
+import selinux
+import signal
+from tempfile import mkdtemp
++import pwd
+
+PROGNAME = "policycoreutils"
+
@@ -1823,7 +1837,6 @@ diff --exclude-from=exclude --exclude=se
+ X_FILES[file] = (dest, os.path.getmtime(dest))
+
+def copyfiles(newhomedir, newtmpdir, files):
-+ import pwd
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
+ for f in files:
+ copyfile(f,homedir, newhomedir)
@@ -1850,6 +1863,29 @@ diff --exclude-from=exclude --exclude=se
+ if(copy):
+ shutil.copy2(new,orig)
+
++def setup_executable(execfile, command):
++ fd = open(execfile, "w+")
++ fd.write("""
++#! /bin/sh
++/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
++/usr/bin/matchbox-window-manager -use_titlebar no &
++WM_PID=$!
++%s
++kill -TERM $WM_PID 2> /dev/null
++""" % command)
++ fd.close()
++ os.chmod(execfile, 0700)
++
++def setup_session(execfile, command="/etc/gdm/Xsession"):
++ fd = open(execfile, "w+")
++ fd.write("""
++#!/bin/sh
++/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
++%s
++""" % command)
++ fd.close()
++ os.chmod(execfile, 0700)
++
+if __name__ == '__main__':
+ setup_sighandlers()
+ if selinux.is_selinux_enabled() != 1:
@@ -1859,7 +1895,7 @@ diff --exclude-from=exclude --exclude=se
+
+ def usage(message = ""):
+ text = _("""
-+sandbox [-h] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
++sandbox [-h] [-[X|M] [-S] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
+""")
+ error_exit("%s\n%s" % (message, text))
+
@@ -1871,8 +1907,9 @@ diff --exclude-from=exclude --exclude=se
+ newtmpdir = None
+ existing_home = False
+ existing_temp = False
++ session = False
+ try:
-+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:ht:XI:MH:T:",
++ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:hSt:XI:MH:T:",
+ ["help",
+ "include=",
+ "includefile=",
@@ -1880,6 +1917,7 @@ diff --exclude-from=exclude --exclude=se
+ "mount",
+ "homedir=",
+ "tmpdir=",
++ "session",
+ "level="
+ ])
+ for o, a in gopts:
@@ -1920,6 +1958,11 @@ diff --exclude-from=exclude --exclude=se
+ newtempdir = a
+ if o == "-h" or o == "--help":
+ usage(_("Usage"));
++
++ if o == "-S" or o == "--session":
++ session = True
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++
+
+ if len(cmds) == 0:
+ usage(_("Command required"))
@@ -1946,23 +1989,29 @@ diff --exclude-from=exclude --exclude=se
+ if existing_home:
+ if not os.path.isdir(newhomedir):
+ raise IOError("Home directory "+newhomedir+" not found")
-+ if not level:
++ if not level and not session:
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newhomedir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ else:
+ newhomedir = mkdtemp(dir=".", prefix=".sandbox")
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
++ if session:
++ chcon = ("/usr/bin/chcon --reference %s %s" %( homedir, (newhomedir))).split()
++ else:
++ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
+ if existing_temp:
+ if not os.path.isdir(newtempdir):
+ raise IOError("Temp directory "+newtempdir+" not found")
-+ if not level:
++ if not level and not session:
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+ else:
+ newtmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
++ if session:
++ chcon = ("/usr/bin/chcon --reference /tmp %s" % (newtmpdir)).split()
++ else:
++ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
+ warnings.resetwarnings()
@@ -1982,12 +2031,11 @@ diff --exclude-from=exclude --exclude=se
+ xd.close()
+
+ execfile = newhomedir + "/.sandboxrc"
-+ fd = open(execfile, "w+")
-+ fd.write("""#! /bin/sh
-+%s
-+""" % " ".join(paths))
-+ fd.close()
-+ os.chmod(execfile, 0700)
++ if session:
++ setup_session(execfile, " ".join(paths))
++ else:
++ setup_executable(execfile, " ".join(paths))
++
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
+ else:
@@ -2019,12 +2067,11 @@ diff --exclude-from=exclude --exclude=se
+ except KeyError, error:
+ error_exit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
-+ error_exit(error.args[1])
++ error_exit(error.message)
+ except KeyboardInterrupt:
+ rc = 0
+
+ sys.exit(rc)
-+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.78/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/sandbox/sandbox.8 2009-12-18 07:37:35.000000000 -0500
@@ -2079,25 +2126,385 @@ diff --exclude-from=exclude --exclude=se
+.TP
+runcon(1)
+.PP
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.esd_auth 2010-01-25 17:24:41.000000000 -0500
+@@ -0,0 +1 @@
++ÊïhÊ~©òH||â#x
+\ No newline at end of file
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,24 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="hour_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/hour_format"/>
++ <entry name="temperature_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/temperature_unit"/>
++ <entry name="expand_locations" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_locations"/>
++ <entry name="unix_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/unix_time"/>
++ <entry name="show_temperature" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_temperature"/>
++ <entry name="format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/format"/>
++ <entry name="config_tool" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/config_tool"/>
++ <entry name="expand_birthdays" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_birthdays"/>
++ <entry name="show_date" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_date"/>
++ <entry name="expand_appointments" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_appointments"/>
++ <entry name="speed_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/speed_unit"/>
++ <entry name="expand_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_weather"/>
++ <entry name="show_seconds" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_seconds"/>
++ <entry name="internet_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/internet_time"/>
++ <entry name="show_week_numbers" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_week_numbers"/>
++ <entry name="expand_tasks" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_tasks"/>
++ <entry name="show_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_weather"/>
++ <entry name="gmt_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/gmt_time"/>
++ <entry name="show_tooltip" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_tooltip"/>
++ <entry name="custom_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/custom_format"/>
++ <entry name="cities" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/cities"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,8 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="minimum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/minimum_size"/>
++ <entry name="move_unminimized_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/move_unminimized_windows"/>
++ <entry name="maximum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/maximum_size"/>
++ <entry name="group_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/group_windows"/>
++ <entry name="display_all_workspaces" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/display_all_workspaces"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,6 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="display_workspace_names" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_workspace_names"/>
++ <entry name="num_rows" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/num_rows"/>
++ <entry name="display_all_workspaces" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_all_workspaces"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 2010-01-25 17:24:41.000000000 -0500
+@@ -0,0 +1,23 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="mousekeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="stickykeys_two_key_off" mtime="1264458281" type="bool" value="true"/>
++ <entry name="mousekeys_max_speed" mtime="1264458281" type="int" value="750"/>
++ <entry name="timeout" mtime="1264458281" type="int" value="120"/>
++ <entry name="timeout_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="bouncekeys_beep_reject" mtime="1264458281" type="bool" value="true"/>
++ <entry name="mousekeys_accel_time" mtime="1264458281" type="int" value="1200"/>
++ <entry name="mousekeys_init_delay" mtime="1264458281" type="int" value="160"/>
++ <entry name="slowkeys_beep_reject" mtime="1264458281" type="bool" value="false"/>
++ <entry name="slowkeys_beep_accept" mtime="1264458281" type="bool" value="true"/>
++ <entry name="slowkeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="stickykeys_modifier_beep" mtime="1264458281" type="bool" value="true"/>
++ <entry name="bouncekeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="togglekeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="stickykeys_enable" mtime="1264458281" type="bool" value="false"/>
++ <entry name="slowkeys_beep_press" mtime="1264458281" type="bool" value="true"/>
++ <entry name="bouncekeys_delay" mtime="1264458281" type="int" value="300"/>
++ <entry name="slowkeys_delay" mtime="1264458281" type="int" value="300"/>
++ <entry name="feature_state_change_beep" mtime="1264458281" type="bool" value="false"/>
++ <entry name="enable" mtime="1264458281" type="bool" value="false"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,6 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="gtk-im-module" mtime="1264458283" type="string">
++ <stringvalue>gtk-im-context-simple</stringvalue>
++ </entry>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 2010-01-25 17:25:15.000000000 -0500
+@@ -0,0 +1,4 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="disable_xmm_and_xkb_warning" mtime="1264458288" type="bool" value="true"/>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 2010-01-25 17:24:41.000000000 -0500
+@@ -0,0 +1,8 @@
++<?xml version="1.0"?>
++<gconf>
++ <entry name="known_file_list" mtime="1264458281" type="list" ltype="string">
++ <li type="string">
++ <stringvalue>.xmodmap</stringvalue>
++ </li>
++ </entry>
++</gconf>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap
+--- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.78/sandbox/.sandboxSKnKBc/.xmodmap 2010-01-25 17:24:30.000000000 -0500
+@@ -0,0 +1,248 @@
++keycode 8 =
++keycode 9 = Escape NoSymbol Escape
++keycode 10 = 1 exclam 1 exclam
++keycode 11 = 2 at 2 at
++keycode 12 = 3 numbersign 3 numbersign
++keycode 13 = 4 dollar 4 dollar
++keycode 14 = 5 percent 5 percent
++keycode 15 = 6 asciicircum 6 asciicircum
++keycode 16 = 7 ampersand 7 ampersand
++keycode 17 = 8 asterisk 8 asterisk
++keycode 18 = 9 parenleft 9 parenleft
++keycode 19 = 0 parenright 0 parenright
++keycode 20 = minus underscore minus underscore
++keycode 21 = equal plus equal plus
++keycode 22 = BackSpace NoSymbol BackSpace
++keycode 23 = Tab ISO_Left_Tab Tab ISO_Left_Tab
++keycode 24 = q Q q Q
++keycode 25 = w W w W
++keycode 26 = e E e E
++keycode 27 = r R r R
++keycode 28 = t T t T
++keycode 29 = y Y y Y
++keycode 30 = u U u U
++keycode 31 = i I i I
++keycode 32 = o O o O
++keycode 33 = p P p P
++keycode 34 = bracketleft braceleft bracketleft braceleft
++keycode 35 = bracketright braceright bracketright braceright
++keycode 36 = Return NoSymbol Return
++keycode 37 = Control_L NoSymbol Control_L
++keycode 38 = a A a A
++keycode 39 = s S s S
++keycode 40 = d D d D
++keycode 41 = f F f F
++keycode 42 = g G g G
++keycode 43 = h H h H
++keycode 44 = j J j J
++keycode 45 = k K k K
++keycode 46 = l L l L
++keycode 47 = semicolon colon semicolon colon
++keycode 48 = apostrophe quotedbl apostrophe quotedbl
++keycode 49 = grave asciitilde grave asciitilde
++keycode 50 = Shift_L NoSymbol Shift_L
++keycode 51 = backslash bar backslash bar
++keycode 52 = z Z z Z
++keycode 53 = x X x X
++keycode 54 = c C c C
++keycode 55 = v V v V
++keycode 56 = b B b B
++keycode 57 = n N n N
++keycode 58 = m M m M
++keycode 59 = comma less comma less
++keycode 60 = period greater period greater
++keycode 61 = slash question slash question
++keycode 62 = Shift_R NoSymbol Shift_R
++keycode 63 = KP_Multiply XF86_ClearGrab KP_Multiply XF86_ClearGrab
++keycode 64 = Alt_L Meta_L Alt_L Meta_L
++keycode 65 = space NoSymbol space
++keycode 66 = Caps_Lock NoSymbol Caps_Lock
++keycode 67 = F1 XF86_Switch_VT_1 F1 XF86_Switch_VT_1
++keycode 68 = F2 XF86_Switch_VT_2 F2 XF86_Switch_VT_2
++keycode 69 = F3 XF86_Switch_VT_3 F3 XF86_Switch_VT_3
++keycode 70 = F4 XF86_Switch_VT_4 F4 XF86_Switch_VT_4
++keycode 71 = F5 XF86_Switch_VT_5 F5 XF86_Switch_VT_5
++keycode 72 = F6 XF86_Switch_VT_6 F6 XF86_Switch_VT_6
++keycode 73 = F7 XF86_Switch_VT_7 F7 XF86_Switch_VT_7
++keycode 74 = F8 XF86_Switch_VT_8 F8 XF86_Switch_VT_8
++keycode 75 = F9 XF86_Switch_VT_9 F9 XF86_Switch_VT_9
++keycode 76 = F10 XF86_Switch_VT_10 F10 XF86_Switch_VT_10
++keycode 77 = Num_Lock Pointer_EnableKeys Num_Lock Pointer_EnableKeys
++keycode 78 = Scroll_Lock NoSymbol Scroll_Lock
++keycode 79 = KP_Home KP_7 KP_Home KP_7
++keycode 80 = KP_Up KP_8 KP_Up KP_8
++keycode 81 = KP_Prior KP_9 KP_Prior KP_9
++keycode 82 = KP_Subtract XF86_Prev_VMode KP_Subtract XF86_Prev_VMode
++keycode 83 = KP_Left KP_4 KP_Left KP_4
++keycode 84 = KP_Begin KP_5 KP_Begin KP_5
++keycode 85 = KP_Right KP_6 KP_Right KP_6
++keycode 86 = KP_Add XF86_Next_VMode KP_Add XF86_Next_VMode
++keycode 87 = KP_End KP_1 KP_End KP_1
++keycode 88 = KP_Down KP_2 KP_Down KP_2
++keycode 89 = KP_Next KP_3 KP_Next KP_3
++keycode 90 = KP_Insert KP_0 KP_Insert KP_0
++keycode 91 = KP_Delete KP_Decimal KP_Delete KP_Decimal
++keycode 92 = ISO_Level3_Shift NoSymbol ISO_Level3_Shift
++keycode 93 =
++keycode 94 = less greater less greater bar brokenbar
++keycode 95 = F11 XF86_Switch_VT_11 F11 XF86_Switch_VT_11
++keycode 96 = F12 XF86_Switch_VT_12 F12 XF86_Switch_VT_12
++keycode 97 =
++keycode 98 = Katakana NoSymbol Katakana
++keycode 99 = Hiragana NoSymbol Hiragana
++keycode 100 = Henkan_Mode NoSymbol Henkan_Mode
++keycode 101 = Hiragana_Katakana NoSymbol Hiragana_Katakana
++keycode 102 = Muhenkan NoSymbol Muhenkan
++keycode 103 =
++keycode 104 = KP_Enter NoSymbol KP_Enter
++keycode 105 = Control_R NoSymbol Control_R
++keycode 106 = KP_Divide XF86_Ungrab KP_Divide XF86_Ungrab
++keycode 107 = Print Sys_Req Print Sys_Req
++keycode 108 = Alt_R Meta_R Alt_R Meta_R
++keycode 109 = Linefeed NoSymbol Linefeed
++keycode 110 = Home NoSymbol Home
++keycode 111 = Up NoSymbol Up
++keycode 112 = Prior NoSymbol Prior
++keycode 113 = Left NoSymbol Left
++keycode 114 = Right NoSymbol Right
++keycode 115 = End NoSymbol End
++keycode 116 = Down NoSymbol Down
++keycode 117 = Next NoSymbol Next
++keycode 118 = Insert NoSymbol Insert
++keycode 119 = Delete NoSymbol Delete
++keycode 120 =
++keycode 121 = XF86AudioMute NoSymbol XF86AudioMute
++keycode 122 = XF86AudioLowerVolume NoSymbol XF86AudioLowerVolume
++keycode 123 = XF86AudioRaiseVolume NoSymbol XF86AudioRaiseVolume
++keycode 124 = XF86PowerOff NoSymbol XF86PowerOff
++keycode 125 = KP_Equal NoSymbol KP_Equal
++keycode 126 = plusminus NoSymbol plusminus
++keycode 127 = Pause Break Pause Break
++keycode 128 =
++keycode 129 = KP_Decimal NoSymbol KP_Decimal
++keycode 130 = Hangul NoSymbol Hangul
++keycode 131 = Hangul_Hanja NoSymbol Hangul_Hanja
++keycode 132 =
++keycode 133 = Super_L NoSymbol Super_L
++keycode 134 = Super_R NoSymbol Super_R
++keycode 135 = Menu NoSymbol Menu
++keycode 136 = Cancel NoSymbol Cancel
++keycode 137 = Redo NoSymbol Redo
++keycode 138 = SunProps NoSymbol SunProps
++keycode 139 = Undo NoSymbol Undo
++keycode 140 = SunFront NoSymbol SunFront
++keycode 141 = XF86Copy NoSymbol XF86Copy
++keycode 142 = SunOpen NoSymbol SunOpen
++keycode 143 = XF86Paste NoSymbol XF86Paste
++keycode 144 = Find NoSymbol Find
++keycode 145 = XF86Cut NoSymbol XF86Cut
++keycode 146 = Help NoSymbol Help
++keycode 147 = XF86MenuKB NoSymbol XF86MenuKB
++keycode 148 = XF86Calculator NoSymbol XF86Calculator
++keycode 149 =
++keycode 150 = XF86Sleep NoSymbol XF86Sleep
++keycode 151 = XF86WakeUp NoSymbol XF86WakeUp
++keycode 152 = XF86Explorer NoSymbol XF86Explorer
++keycode 153 = XF86Send NoSymbol XF86Send
++keycode 154 =
++keycode 155 = XF86Xfer NoSymbol XF86Xfer
++keycode 156 = XF86Launch1 NoSymbol XF86Launch1
++keycode 157 = XF86Launch2 NoSymbol XF86Launch2
++keycode 158 = XF86WWW NoSymbol XF86WWW
++keycode 159 = XF86DOS NoSymbol XF86DOS
++keycode 160 = XF86ScreenSaver NoSymbol XF86ScreenSaver
++keycode 161 =
++keycode 162 = XF86RotateWindows NoSymbol XF86RotateWindows
++keycode 163 = XF86Mail NoSymbol XF86Mail
++keycode 164 = XF86Favorites NoSymbol XF86Favorites
++keycode 165 = XF86MyComputer NoSymbol XF86MyComputer
++keycode 166 = XF86Back NoSymbol XF86Back
++keycode 167 = XF86Forward NoSymbol XF86Forward
++keycode 168 =
++keycode 169 = XF86Eject NoSymbol XF86Eject
++keycode 170 = XF86Eject XF86Eject XF86Eject XF86Eject
++keycode 171 = XF86AudioNext NoSymbol XF86AudioNext
++keycode 172 = XF86AudioPlay XF86AudioPause XF86AudioPlay XF86AudioPause
++keycode 173 = XF86AudioPrev NoSymbol XF86AudioPrev
++keycode 174 = XF86AudioStop XF86Eject XF86AudioStop XF86Eject
++keycode 175 = XF86AudioRecord NoSymbol XF86AudioRecord
++keycode 176 = XF86AudioRewind NoSymbol XF86AudioRewind
++keycode 177 = XF86Phone NoSymbol XF86Phone
++keycode 178 =
++keycode 179 = XF86Tools NoSymbol XF86Tools
++keycode 180 = XF86HomePage NoSymbol XF86HomePage
++keycode 181 = XF86Reload NoSymbol XF86Reload
++keycode 182 = XF86Close NoSymbol XF86Close
++keycode 183 =
++keycode 184 =
++keycode 185 = XF86ScrollUp NoSymbol XF86ScrollUp
++keycode 186 = XF86ScrollDown NoSymbol XF86ScrollDown
++keycode 187 = parenleft NoSymbol parenleft
++keycode 188 = parenright NoSymbol parenright
++keycode 189 = XF86New NoSymbol XF86New
++keycode 190 = Redo NoSymbol Redo
++keycode 191 =
++keycode 192 =
++keycode 193 =
++keycode 194 =
++keycode 195 =
++keycode 196 =
++keycode 197 =
++keycode 198 =
++keycode 199 =
++keycode 200 = XF86TouchpadToggle NoSymbol XF86TouchpadToggle
++keycode 201 =
++keycode 202 =
++keycode 203 = Mode_switch NoSymbol Mode_switch
++keycode 204 = NoSymbol Alt_L NoSymbol Alt_L
++keycode 205 = NoSymbol Meta_L NoSymbol Meta_L
++keycode 206 = NoSymbol Super_L NoSymbol Super_L
++keycode 207 = NoSymbol Hyper_L NoSymbol Hyper_L
++keycode 208 = XF86AudioPlay NoSymbol XF86AudioPlay
++keycode 209 = XF86AudioPause NoSymbol XF86AudioPause
++keycode 210 = XF86Launch3 NoSymbol XF86Launch3
++keycode 211 = XF86Launch4 NoSymbol XF86Launch4
++keycode 212 =
++keycode 213 = XF86Suspend NoSymbol XF86Suspend
++keycode 214 = XF86Close NoSymbol XF86Close
++keycode 215 = XF86AudioPlay NoSymbol XF86AudioPlay
++keycode 216 = XF86AudioForward NoSymbol XF86AudioForward
++keycode 217 =
++keycode 218 = Print NoSymbol Print
++keycode 219 =
++keycode 220 = XF86WebCam NoSymbol XF86WebCam
++keycode 221 =
++keycode 222 =
++keycode 223 = XF86Mail NoSymbol XF86Mail
++keycode 224 =
++keycode 225 = XF86Search NoSymbol XF86Search
++keycode 226 =
++keycode 227 = XF86Finance NoSymbol XF86Finance
++keycode 228 =
++keycode 229 = XF86Shop NoSymbol XF86Shop
++keycode 230 =
++keycode 231 = Cancel NoSymbol Cancel
++keycode 232 = XF86MonBrightnessDown NoSymbol XF86MonBrightnessDown
++keycode 233 = XF86MonBrightnessUp NoSymbol XF86MonBrightnessUp
++keycode 234 = XF86AudioMedia NoSymbol XF86AudioMedia
++keycode 235 = XF86Display NoSymbol XF86Display
++keycode 236 = XF86KbdLightOnOff NoSymbol XF86KbdLightOnOff
++keycode 237 = XF86KbdBrightnessDown NoSymbol XF86KbdBrightnessDown
++keycode 238 = XF86KbdBrightnessUp NoSymbol XF86KbdBrightnessUp
++keycode 239 = XF86Send NoSymbol XF86Send
++keycode 240 = XF86Reply NoSymbol XF86Reply
++keycode 241 = XF86MailForward NoSymbol XF86MailForward
++keycode 242 = XF86Save NoSymbol XF86Save
++keycode 243 = XF86Documents NoSymbol XF86Documents
++keycode 244 = XF86Battery NoSymbol XF86Battery
++keycode 245 = XF86Bluetooth NoSymbol XF86Bluetooth
++keycode 246 = XF86WLAN NoSymbol XF86WLAN
++keycode 247 =
++keycode 248 =
++keycode 249 =
++keycode 250 =
++keycode 251 =
++keycode 252 =
++keycode 253 =
++keycode 254 =
++keycode 255 =
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.78/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-19 12:20:41.000000000 -0500
-@@ -0,0 +1,19 @@
++++ policycoreutils-2.0.78/sandbox/sandboxX.sh 2010-01-27 16:49:23.000000000 -0500
+@@ -0,0 +1,14 @@
+#!/bin/bash
-+export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70`"
-+
++export TITLE="Sandbox: `/usr/bin/tail -1 ~/.sandboxrc | /usr/bin/cut -b1-70` Running as `secon -t -l -P`"
++export SCREENSIZE="1000x700"
++#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+trap "exit 0" HUP
+
-+(/usr/bin/Xephyr -title "$TITLE" -terminate -screen 1000x700 -displayfd 5 5>&1 2>/dev/null) | while read D; do
++(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
-+ (/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap) &
-+ /usr/bin/matchbox-window-manager -use_titlebar no &
-+ WM_PID=$!
-+ ~/.sandboxrc &
-+ CLIENT_PID=$!
-+ wait $CLIENT_PID
++ python -c 'import gtk, os; os.system("%s/.sandboxrc" % os.environ["HOME"])'
+ export EXITCODE=$?
-+ kill -TERM $WM_PID 2> /dev/null
+ kill -HUP 0
+ break
+done
@@ -2371,6 +2778,58 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.78/scripts/fixfiles
+--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
++++ policycoreutils-2.0.78/scripts/fixfiles 2010-01-29 16:40:10.000000000 -0500
+@@ -75,7 +75,8 @@
+ -e 's|\(.*|*|g' \
+ -e 's|\[.*|*|g' \
+ -e 's|\.\*.*|*|g' \
+- -e 's|\.\+.*|*|g' | \
++ -e 's|\.\+.*|*|g' \
++ -e 's,/\*$,,g'| \
+ # These two sorts need to be separate commands \
+ sort -u | \
+ sort -d | \
+@@ -87,11 +88,9 @@
+ esac; \
+ fi; \
+ done | \
+- while read pattern ; do sh -c "find $pattern \
+- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o \
+- \( -wholename /home -o -wholename /root -o -wholename /tmp -wholename /dev \) -prune -o -print0"; \
+- done 2> /dev/null | \
+- ${RESTORECON} $* -0 -f -
++ xargs -r echo
++#${RESTORECON} -F -R -p -e /home -e /tmp -e /dev
++
+ rm -f ${TEMPFILE} ${PREFCTEMPFILE}
+ fi
+ }
+@@ -126,13 +125,7 @@
+ exit $?
+ fi
+ if [ ! -z "$FILEPATH" ]; then
+- if [ -x /usr/bin/find ]; then
+- /usr/bin/find "$FILEPATH" \
+- ! \( -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype ext4dev -o -fstype gfs2 -o -fstype jfs -o -fstype xfs -o -fstype btrfs \) -prune -o -print0 | \
+- ${RESTORECON} ${FORCEFLAG} $* -0 -f - 2>&1 >> $LOGFILE
+- else
+- ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+- fi
++ ${RESTORECON} ${FORCEFLAG} -R $* $FILEPATH 2>&1 >> $LOGFILE
+ return
+ fi
+ [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
+@@ -146,7 +139,7 @@
+
+ fullrelabel() {
+ logit "Cleaning out /tmp"
+- find /tmp/ -mindepth 1 -print0 | xargs -0 /bin/rm -f
++ find /tmp/ -mindepth 1 -delete
+ LogReadOnly
+ restore
+ }
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.78/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.78/semanage/semanage 2010-01-08 09:24:07.000000000 -0500
@@ -2741,10 +3200,18 @@ diff --exclude-from=exclude --exclude=se
# Change apache to a permissive domain
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.78/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500
-+++ policycoreutils-2.0.78/semanage/seobject.py 2009-12-08 17:05:49.000000000 -0500
-@@ -37,40 +37,6 @@
-
- import syslog
++++ policycoreutils-2.0.78/semanage/seobject.py 2010-02-03 11:39:44.000000000 -0500
+@@ -29,47 +29,12 @@
+ import gettext
+ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+ gettext.textdomain(PROGNAME)
+-try:
+- gettext.install(PROGNAME, localedir = "/usr/share/locale", unicode = 1)
+-except IOError:
+- import __builtin__
+- __builtin__.__dict__['_'] = unicode
+-
+-import syslog
-handle = None
-
@@ -2777,13 +3244,16 @@ diff --exclude-from=exclude --exclude=se
- if is_mls_enabled < 0:
- semanage_handle_destroy(handle)
- raise ValueError(_("Could not test MLS enabled status"))
--
++import gettext
++translation=gettext.translation(PROGNAME, localedir = "/usr/share/locale", fallback=True)
++_=translation.ugettext
+
- return handle
--
++import syslog
+
file_types = {}
file_types[""] = SEMANAGE_FCONTEXT_ALL;
- file_types["all files"] = SEMANAGE_FCONTEXT_ALL;
-@@ -194,44 +160,151 @@
+@@ -194,45 +159,152 @@
return trans
else:
return raw
@@ -2874,8 +3344,8 @@ diff --exclude-from=exclude --exclude=se
raise ValueError(_("Semanage transaction not in progress"))
- self.transaction = False
+ semanageRecords.transaction = False
-+ self.commit()
-+
+ self.commit()
+
+class moduleRecords(semanageRecords):
+ def __init__(self, store):
+ semanageRecords.__init__(self, store)
@@ -2939,17 +3409,18 @@ diff --exclude-from=exclude --exclude=se
+ if rc < 0 and rc != -2:
+ raise ValueError(_("Could not remove module %s (remove failed)") % m)
+
- self.commit()
++ self.commit()
+
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+ all = " ".join(l[0])
+ self.delete(all)
-
++
class dontauditClass(semanageRecords):
def __init__(self, store):
-@@ -259,6 +332,7 @@
+ semanageRecords.__init__(self, store)
+@@ -259,6 +331,7 @@
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -2957,7 +3428,7 @@ diff --exclude-from=exclude --exclude=se
return l
def list(self, heading = 1, locallist = 0):
-@@ -343,7 +417,9 @@
+@@ -343,7 +416,9 @@
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -2968,7 +3439,7 @@ diff --exclude-from=exclude --exclude=se
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -475,6 +551,16 @@
+@@ -475,6 +550,16 @@
mylog.log(1, "delete SELinux user mapping", name);
@@ -2985,7 +3456,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -489,6 +575,15 @@
+@@ -489,6 +574,15 @@
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@@ -3001,7 +3472,7 @@ diff --exclude-from=exclude --exclude=se
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -531,7 +626,8 @@
+@@ -531,7 +625,8 @@
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -3011,7 +3482,7 @@ diff --exclude-from=exclude --exclude=se
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -682,6 +778,16 @@
+@@ -682,6 +777,16 @@
mylog.log(1,"delete SELinux user record", name)
@@ -3028,7 +3499,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -702,6 +808,15 @@
+@@ -702,6 +807,15 @@
return ddict
@@ -3044,7 +3515,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -740,12 +855,16 @@
+@@ -740,12 +854,16 @@
low = int(ports[0])
high = int(ports[1])
@@ -3061,7 +3532,7 @@ diff --exclude-from=exclude --exclude=se
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -808,6 +927,7 @@
+@@ -808,6 +926,7 @@
self.commit()
def __modify(self, port, proto, serange, setype):
@@ -3069,7 +3540,7 @@ diff --exclude-from=exclude --exclude=se
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
-@@ -942,6 +1062,18 @@
+@@ -942,6 +1061,18 @@
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@@ -3088,7 +3559,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -958,7 +1090,8 @@
+@@ -958,7 +1089,8 @@
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
@@ -3098,7 +3569,7 @@ diff --exclude-from=exclude --exclude=se
def __add(self, addr, mask, proto, serange, ctype):
if addr == "":
raise ValueError(_("Node Address is required"))
-@@ -966,14 +1099,11 @@
+@@ -966,14 +1098,11 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -3116,7 +3587,7 @@ diff --exclude-from=exclude --exclude=se
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -991,7 +1121,8 @@
+@@ -991,7 +1120,8 @@
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -3126,7 +3597,7 @@ diff --exclude-from=exclude --exclude=se
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1047,13 +1178,10 @@
+@@ -1047,13 +1177,10 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -3144,7 +3615,7 @@ diff --exclude-from=exclude --exclude=se
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
-@@ -1098,11 +1226,9 @@
+@@ -1098,11 +1225,9 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -3159,7 +3630,7 @@ diff --exclude-from=exclude --exclude=se
raise ValueError(_("Unknown or missing protocol"))
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
-@@ -1132,6 +1258,16 @@
+@@ -1132,6 +1257,16 @@
self.__delete(addr, mask, proto)
self.commit()
@@ -3176,7 +3647,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist :
-@@ -1145,15 +1281,20 @@
+@@ -1145,15 +1280,20 @@
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@@ -3202,7 +3673,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1193,7 +1334,8 @@
+@@ -1193,7 +1333,8 @@
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -3212,7 +3683,7 @@ diff --exclude-from=exclude --exclude=se
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1307,6 +1449,16 @@
+@@ -1307,6 +1448,16 @@
self.__delete(interface)
self.commit()
@@ -3229,7 +3700,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -1322,6 +1474,15 @@
+@@ -1322,6 +1473,15 @@
return ddict
@@ -3245,7 +3716,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1338,6 +1499,48 @@
+@@ -1338,6 +1498,48 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -3294,7 +3765,7 @@ diff --exclude-from=exclude --exclude=se
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1364,6 +1567,8 @@
+@@ -1364,6 +1566,8 @@
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@@ -3303,7 +3774,7 @@ diff --exclude-from=exclude --exclude=se
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
-@@ -1388,7 +1593,8 @@
+@@ -1388,7 +1592,8 @@
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -3313,7 +3784,7 @@ diff --exclude-from=exclude --exclude=se
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1504,9 +1710,16 @@
+@@ -1504,9 +1709,16 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -3330,7 +3801,7 @@ diff --exclude-from=exclude --exclude=se
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1561,12 +1774,22 @@
+@@ -1561,12 +1773,22 @@
return ddict
@@ -3355,7 +3826,7 @@ diff --exclude-from=exclude --exclude=se
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1575,6 +1798,12 @@
+@@ -1575,6 +1797,12 @@
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -3368,7 +3839,7 @@ diff --exclude-from=exclude --exclude=se
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
-@@ -1706,6 +1935,16 @@
+@@ -1706,6 +1934,16 @@
else:
return _("unknown")
@@ -3523,8 +3994,14 @@ diff --exclude-from=exclude --exclude=se
}
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.78/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.78/setfiles/restore.c 2009-12-16 08:14:21.000000000 -0500
-@@ -31,7 +31,6 @@
++++ policycoreutils-2.0.78/setfiles/restore.c 2010-01-29 16:37:02.000000000 -0500
+@@ -1,4 +1,5 @@
+ #include "restore.h"
++#include <glob.h>
+
+ #define SKIP -2
+ #define ERR -1
+@@ -31,7 +32,6 @@
static file_spec_t *fl_head;
@@ -3532,7 +4009,7 @@ diff --exclude-from=exclude --exclude=se
static int filespec_add(ino_t ino, const security_context_t con, const char *file);
static int only_changed_user(const char *a, const char *b);
struct restore_opts *r_opts = NULL;
-@@ -53,7 +52,6 @@
+@@ -53,7 +53,6 @@
}
}
return;
@@ -3540,7 +4017,7 @@ diff --exclude-from=exclude --exclude=se
}
void restore_init(struct restore_opts *opts)
-@@ -303,6 +301,12 @@
+@@ -303,6 +302,12 @@
FTS *fts_handle;
FTSENT *ftsent;
@@ -3553,7 +4030,37 @@ diff --exclude-from=exclude --exclude=se
fts_handle = fts_open((char **)namelist, r_opts->fts_flags, NULL);
if (fts_handle == NULL) {
fprintf(stderr,
-@@ -374,6 +378,7 @@
+@@ -357,6 +362,29 @@
+ goto out;
+ }
+
++int process_glob(char *name, int recurse) {
++ glob_t globbuf;
++ size_t i = 0;
++ int errors = 0;
++ memset(&globbuf, 0, sizeof(globbuf));
++ globbuf.gl_offs = 0;
++ if (glob(name,
++ GLOB_TILDE | GLOB_PERIOD,
++ NULL,
++ &globbuf) >= 0) {
++ for (i = 0; i < globbuf.gl_pathc; i++) {
++ int len = strlen(globbuf.gl_pathv[i]) -2;
++ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len--], "/.") == 0) continue;
++ if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) continue;
++ errors |= process_one_realpath(globbuf.gl_pathv[i], recurse) < 0;
++ }
++ globfree(&globbuf);
++ }
++ else
++ errors |= process_one_realpath(name, recurse) < 0;
++ return errors;
++}
++
+ int process_one_realpath(char *name, int recurse)
+ {
+ int rc = 0;
+@@ -374,6 +402,7 @@
} else {
rc = lstat(name, &sb);
if (rc < 0) {
@@ -3561,7 +4068,7 @@ diff --exclude-from=exclude --exclude=se
fprintf(stderr, "%s: lstat(%s) failed: %s\n",
r_opts->progname, name, strerror(errno));
return -1;
-@@ -409,7 +414,7 @@
+@@ -409,7 +438,7 @@
}
}
@@ -3570,7 +4077,7 @@ diff --exclude-from=exclude --exclude=se
{
int i = 0;
for (i = 0; i < excludeCtr; i++) {
-@@ -602,5 +607,67 @@
+@@ -602,5 +631,67 @@
return -1;
}
@@ -3599,7 +4106,7 @@ diff --exclude-from=exclude --exclude=se
+ fp = fopen("/proc/mounts", "r");
+ if (!fp)
+ return;
-
++
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ found = 0;
+ index = 0;
@@ -3617,7 +4124,7 @@ diff --exclude-from=exclude --exclude=se
+ buf);
+ continue;
+ }
-+
+
+ /* remove pre-existing entry */
+ remove_exclude(mount_info[1]);
+
@@ -3666,7 +4173,7 @@ diff --exclude-from=exclude --exclude=se
show changes in file labels.
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.78/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.78/setfiles/restore.h 2009-12-16 08:14:23.000000000 -0500
++++ policycoreutils-2.0.78/setfiles/restore.h 2010-01-29 16:27:56.000000000 -0500
@@ -27,6 +27,7 @@
int hard_links;
int verbose;
@@ -3675,15 +4182,16 @@ diff --exclude-from=exclude --exclude=se
char *rootpath;
int rootpathlen;
char *progname;
-@@ -44,7 +45,9 @@
+@@ -44,7 +45,10 @@
void restore_init(struct restore_opts *opts);
void restore_finish();
int add_exclude(const char *directory);
+int exclude(const char *path);
void remove_exclude(const char *directory);
int process_one_realpath(char *name, int recurse);
-+void exclude_non_seclabel_mounts();
++int process_glob(char *name, int recurse);
++void exclude_non_seclabel_mounts();
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.78/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
@@ -3700,7 +4208,7 @@ diff --exclude-from=exclude --exclude=se
suppress non-error output.
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.78/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.78/setfiles/setfiles.c 2009-12-16 08:14:26.000000000 -0500
++++ policycoreutils-2.0.78/setfiles/setfiles.c 2010-01-29 16:31:10.000000000 -0500
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>
@@ -3821,3 +4329,22 @@ diff --exclude-from=exclude --exclude=se
argv[0]);
exit(1);
}
+@@ -475,7 +410,7 @@
+ buf[len - 1] = 0;
+ if (!strcmp(buf, "/"))
+ mass_relabel = 1;
+- errors |= process_one_realpath(buf, recurse) < 0;
++ errors |= process_glob(buf, recurse) < 0;
+ }
+ if (strcmp(input_filename, "-") != 0)
+ fclose(f);
+@@ -483,7 +418,8 @@
+ for (i = optind; i < argc; i++) {
+ if (!strcmp(argv[i], "/"))
+ mass_relabel = 1;
+- errors |= process_one_realpath(argv[i], recurse) < 0;
++
++ errors |= process_glob(argv[i], recurse) < 0;
+ }
+ }
+
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils.spec,v
retrieving revision 1.669
retrieving revision 1.670
diff -u -p -r1.669 -r1.670
--- policycoreutils.spec 1 Feb 2010 14:46:34 -0000 1.669
+++ policycoreutils.spec 3 Feb 2010 16:49:02 -0000 1.670
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.78
-Release: 17%{?dist}
+Release: 18%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -298,6 +298,9 @@ fi
exit 0
%changelog
+* Wed Feb 3 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-18
+- Fix seobject and fixfiles
+
* Fri Jan 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.78-17
- Change seobject to use translations properly
More information about the scm-commits
mailing list