rpms/policycoreutils/devel policycoreutils-gui.patch, 1.103, 1.104 policycoreutils.spec, 1.691, 1.692
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Jun 15 17:15:48 UTC 2010
- Previous message: rpms/zeitgeist/F-12 sources,1.2,1.3 zeitgeist.spec,1.1,1.2
- Next message: rpms/policycoreutils/F-13 policycoreutils-gui.patch, 1.106, 1.107 policycoreutils-rhat.patch, 1.505, 1.506 policycoreutils.spec, 1.722, 1.723
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/pkgs/rpms/policycoreutils/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv23663
Modified Files:
policycoreutils-gui.patch policycoreutils.spec
Log Message:
* Tue Jun 15 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-31
- Fix sepolgen code generation
Resolve: #603001
policycoreutils-gui.patch:
Makefile | 40
booleansPage.py | 247 +++
domainsPage.py | 154 ++
fcontextPage.py | 223 ++
html_util.py | 164 ++
lockdown.glade | 771 ++++++++++
lockdown.gladep | 7
lockdown.py | 382 ++++
loginsPage.py | 185 ++
mappingsPage.py | 56
modulesPage.py | 190 ++
polgen.glade | 3305 +++++++++++++++++++++++++++++++++++++++++++
polgen.gladep | 7
polgen.py | 1286 ++++++++++++++++
polgengui.py | 627 ++++++++
portsPage.py | 259 +++
selinux.tbl | 234 +++
semanagePage.py | 168 ++
statusPage.py | 190 ++
system-config-selinux.glade | 3024 +++++++++++++++++++++++++++++++++++++++
system-config-selinux.gladep | 7
system-config-selinux.py | 187 ++
templates/__init__.py | 18
templates/boolean.py | 40
templates/etc_rw.py | 113 +
templates/executable.py | 382 ++++
templates/network.py | 80 +
templates/rw.py | 131 +
templates/script.py | 126 +
templates/semodule.py | 41
templates/tmp.py | 102 +
templates/user.py | 195 ++
templates/var_cache.py | 133 +
templates/var_lib.py | 161 ++
templates/var_log.py | 116 +
templates/var_run.py | 101 +
templates/var_spool.py | 133 +
usersPage.py | 150 +
38 files changed, 13735 insertions(+)
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -p -r1.103 -r1.104
--- policycoreutils-gui.patch 7 Jun 2010 20:48:46 -0000 1.103
+++ policycoreutils-gui.patch 15 Jun 2010 17:15:47 -0000 1.104
@@ -6414,8 +6414,8 @@ diff --exclude-from=exclude -N -u -r nsa
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.82/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/polgen.py 2010-06-07 16:38:00.000000000 -0400
-@@ -0,0 +1,1273 @@
++++ policycoreutils-2.0.82/gui/polgen.py 2010-06-15 12:01:00.000000000 -0400
+@@ -0,0 +1,1286 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2007-2010 Red Hat
@@ -7115,7 +7115,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ if self.type == USER:
+ for u in self.transition_users:
-+ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
++ temp = re.sub("TEMPLATETYPE", self.name, user.te_user_trans_rules)
+ newte += re.sub("USER", u.split("_u")[0], temp)
+
+ return newte
@@ -7131,6 +7131,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ for u in self.transition_users:
+ role = u.split("_u")[0]
++
+ if (role + "_r") in self.all_roles:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules)
+ newte += re.sub("USER", role, tmp)
@@ -7265,11 +7266,13 @@ diff --exclude-from=exclude -N -u -r nsa
+ newif =""
+ if self.use_terminal or self.type == USER:
+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
++ newif = re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules)
+ return newif
+
+
+ def generate_if(self):
+ newif = ""
++ newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules)
+ if self.program != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
+ if self.initscript != "":
@@ -7299,6 +7302,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER):
+ roles = ""
+ if len(self.roles) > 0:
++ newte += re.sub("TEMPLATETYPE", self.name, user.te_sudo_rules)
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
+ for role in self.roles:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
@@ -7317,7 +7321,8 @@ diff --exclude-from=exclude -N -u -r nsa
+########################################
+#
+# %s local policy
-+#""" % self.name
++#
++""" % self.name
+ newte += self.generate_capabilities()
+ newte += self.generate_process()
+ newte += self.generate_network_types()
@@ -7357,6 +7362,8 @@ diff --exclude-from=exclude -N -u -r nsa
+ def generate_fc(self):
+ newfc = ""
+ fclist = []
++ if self.type in USERS:
++ return re.sub("EXECUTABLE", self.program, executable.fc_user)
+ if self.program == "":
+ raise ValueError(_("You must enter the executable path for your confined process"))
+
@@ -7480,10 +7487,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ fcfile = "%s/my%s.fc" % (out_dir, self.file_name)
+ else:
+ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
-+ if self.type in APPLICATIONS:
-+ fd = open(fcfile, "w")
-+ fd.write(self.generate_fc())
-+ fd.close()
++ fd = open(fcfile, "w")
++ fd.write(self.generate_fc())
++ fd.close()
+ return fcfile
+
+ def generate(self, out_dir = "."):
@@ -7501,6 +7507,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ sys.exit(1)
+
+def test():
++ import tempfile
++
++ tmpdir = tempfile.mkdtemp()
+ mypolicy = policy("mycgi", CGI)
+ mypolicy.set_program("/var/www/cgi-bin/cgi")
+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
@@ -7510,7 +7519,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
+ mypolicy.set_out_tcp(0,"8000")
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+ mypolicy = policy("myuser", USER)
+ mypolicy.set_program("/usr/bin/myuser")
@@ -7523,7 +7532,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
+ mypolicy.set_out_tcp(0,"8000")
+ mypolicy.set_transition_users(["unconfined_u", "staff_u"])
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+
+ mypolicy = policy("myrwho", DAEMON)
@@ -7537,7 +7546,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ mypolicy.set_use_pam(True)
+ mypolicy.add_dir("/var/run/myrwho")
+ mypolicy.add_dir("/var/lib/myrwho")
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+ mypolicy = policy("myinetd", INETD)
+ mypolicy.set_program("/usr/bin/mytest")
@@ -7562,7 +7571,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ mypolicy.set_use_terminal(True)
+ mypolicy.set_use_mail(True)
+ mypolicy.set_out_tcp(0,"8000")
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+
+ mypolicy = policy("mydbus", DBUS)
@@ -7573,24 +7582,27 @@ diff --exclude-from=exclude -N -u -r nsa
+ mypolicy.set_use_tmp(True)
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+ mypolicy = policy("mytuser", TUSER)
-+ mypolicy.set_transition_domains(["sudo"])
+ mypolicy.set_admin_roles(["mydbadm"])
+ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+ mypolicy = policy("myxuser", XUSER)
+ mypolicy.set_in_tcp(1, 1, 1, "28920")
+ mypolicy.set_in_udp(0, 0, 1, "1513")
+ mypolicy.set_transition_domains(["mozilla"])
-+ print mypolicy.generate("/var/tmp")
++ print mypolicy.generate(tmpdir)
+
+ mypolicy = policy("mydbadm", RUSER)
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
-+ print mypolicy.generate("/var/tmp")
-+
++ print mypolicy.generate(tmpdir)
++ os.chdir(tmpdir)
++ rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile1")
++ print output
++ print type(rc), os.WEXITSTATUS(rc)
++ sys.exit(os.WEXITSTATUS(rc))
+
+import os, sys, getopt, socket, random, fcntl
+
@@ -7610,7 +7622,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ print _("""
+%s
+
-+polgen [ -m ] [ -t type ] executable
++polgen [ -m ] [ -t type ] [ executable | Name ]
+valid Types:
+""") % msg
+ keys=poltype.keys()
@@ -7655,35 +7667,36 @@ diff --exclude-from=exclude -N -u -r nsa
+ usage(_("Options Error %s ") % error.msg)
+
+ if len(cmds) == 0:
-+ usage(_("Executable required"))
++ usage(_("Executable or Name required"))
+
+ try:
+ if not name:
+ name = os.path.basename(cmds[0]).replace("-","_")
+ cmd = cmds[0]
+ mypolicy = policy(name, setype)
-+ mypolicy.set_program(cmd)
-+ for f in gen_writeable(cmd):
-+ for b in mypolicy.DEFAULT_DIRS:
-+ if b == "/etc":
-+ continue
-+ if f.startswith(b):
-+ if os.path.isfile(f):
-+ mypolicy.add_file(f)
-+ else:
-+ mypolicy.add_dir(f)
-+
-+ if os.path.isfile("/var/run/%s.pid" % name):
-+ mypolicy.add_file("/var/run/%s.pid" % name)
-+
-+ if os.path.isfile("/etc/rc.d/init.d/%s" % name):
-+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
-+
-+ symbols = gen_symbols(cmd)
-+ for s in symbols:
-+ for b in mypolicy.symbols:
-+ if s.startswith(b):
-+ exec "mypolicy.%s" % mypolicy.symbols[b]
++ if setype in APPLICATIONS:
++ mypolicy.set_program(cmd)
++ for f in gen_writeable(cmd):
++ for b in mypolicy.DEFAULT_DIRS:
++ if b == "/etc":
++ continue
++ if f.startswith(b):
++ if os.path.isfile(f):
++ mypolicy.add_file(f)
++ else:
++ mypolicy.add_dir(f)
++
++ if os.path.isfile("/var/run/%s.pid" % name):
++ mypolicy.add_file("/var/run/%s.pid" % name)
++
++ if os.path.isfile("/etc/rc.d/init.d/%s" % name):
++ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
++
++ symbols = gen_symbols(cmd)
++ for s in symbols:
++ for b in mypolicy.symbols:
++ if s.startswith(b):
++ exec "mypolicy.%s" % mypolicy.symbols[b]
+
+ print mypolicy.generate()
+ sys.exit(0)
@@ -11788,7 +11801,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.82/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/boolean.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/boolean.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11832,7 +11845,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.82/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/etc_rw.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/etc_rw.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,113 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11949,8 +11962,8 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.82/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/executable.py 2010-06-07 16:40:33.000000000 -0400
-@@ -0,0 +1,361 @@
++++ policycoreutils-2.0.82/gui/templates/executable.py 2010-06-11 17:08:24.000000000 -0400
+@@ -0,0 +1,382 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12049,7 +12062,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
+apache_content_template(TEMPLATETYPE)
+
-+permissive http_TEMPLATETYPE_script_t;
++permissive httpd_TEMPLATETYPE_script_t;
+"""
+
+te_daemon_rules="""
@@ -12127,20 +12140,13 @@ diff --exclude-from=exclude -N -u -r nsa
+miscfiles_read_localization(TEMPLATETYPE_t)
+"""
+
-+te_userapp_trans_rules="""
-+optional_policy(`
-+ gen_require(`
-+ type USER_t;
-+ role USER_r;
-+ ')
++########################### Interface File #############################
+
-+ TEMPLATETYPE_run(USER_t, USER_r)
-+')
++if_heading_rules="""
++## <summary>policy for TEMPLATETYPE</summary>
+"""
+
-+########################### Interface File #############################
+if_program_rules="""
-+## <summary>policy for TEMPLATETYPE</summary>
+
+########################################
+## <summary>
@@ -12215,6 +12221,29 @@ diff --exclude-from=exclude -N -u -r nsa
+ ps_process_pattern($2, TEMPLATETYPE_t)
+ allow $2 TEMPLATETYPE_t:process signal;
+')
++
++"""
++
++if_role_change_rules="""
++########################################
++## <summary>
++## Change to the TEMPLATETYPE role.
++## </summary>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`TEMPLATETYPE_role_change',`
++ gen_require(`
++ role TEMPLATETYPE_r;
++ ')
++
++ allow $1 TEMPLATETYPE_r;
++')
++
+"""
+
+if_initscript_rules="""
@@ -12308,13 +12337,18 @@ diff --exclude-from=exclude -N -u -r nsa
+
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
+"""
++
++fc_user="""\
++# Users do not have file context, leave blank
++"""
++
+fc_initscript="""\
+
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.82/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/__init__.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/__init__.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -12336,7 +12370,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.82/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/network.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/network.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -12420,7 +12454,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.82/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/rw.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/rw.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12555,7 +12589,7 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.82/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/script.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/script.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,126 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12685,7 +12719,7 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.82/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/semodule.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/semodule.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12730,7 +12764,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.82/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/tmp.py 2010-04-28 17:12:20.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/tmp.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,102 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12836,8 +12870,8 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.82/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/user.py 2010-04-28 17:12:20.000000000 -0400
-@@ -0,0 +1,179 @@
++++ policycoreutils-2.0.82/gui/templates/user.py 2010-06-11 17:08:24.000000000 -0400
+@@ -0,0 +1,195 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12880,7 +12914,7 @@ diff --exclude-from=exclude -N -u -r nsa
+# Declarations
+#
+
-+userdom_admin_login_user_template(TEMPLATETYPE)
++userdom_admin_user_template(TEMPLATETYPE)
+"""
+
+te_min_login_user_types="""\
@@ -12933,6 +12967,7 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+# TEMPLATETYPE local policy
+#
++
+"""
+
+te_existing_user_rules="""\
@@ -12966,6 +13001,16 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
++te_user_trans_rules="""
++optional_policy(`
++ gen_require(`
++ role USER_r;
++ ')
++
++ TEMPLATETYPE_role_change(USER_r)
++')
++"""
++
+te_admin_rules="""
+allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+files_dontaudit_search_all_dirs(TEMPLATETYPE_t)
@@ -12981,45 +13026,50 @@ diff --exclude-from=exclude -N -u -r nsa
+domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t)
+domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t)
+
-+userdom_dontaudit_search_sysadm_home_dirs(TEMPLATETYPE_t)
-+userdom_dontaudit_search_generic_user_home_dirs(TEMPLATETYPE_t)
++userdom_dontaudit_search_admin_dir(TEMPLATETYPE_t)
++userdom_dontaudit_search_user_home_dirs(TEMPLATETYPE_t)
+
+bool TEMPLATETYPE_read_user_files false;
+bool TEMPLATETYPE_manage_user_files false;
+
+if (TEMPLATETYPE_read_user_files) {
-+ userdom_read_unpriv_users_home_content_files(TEMPLATETYPE_t)
-+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
++ userdom_read_user_home_content_files(TEMPLATETYPE_t)
++ userdom_read_user_tmp_files(TEMPLATETYPE_t)
+}
+
+if (TEMPLATETYPE_manage_user_files) {
-+ userdom_manage_unpriv_users_home_content_dirs(TEMPLATETYPE_t)
-+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
-+ userdom_write_unpriv_users_tmp_files(TEMPLATETYPE_t)
++ userdom_manage_user_home_content(TEMPLATETYPE_t)
++ userdom_manage_user_tmp_files(TEMPLATETYPE_t)
+}
+
+"""
+
+te_admin_trans_rules="""
-+userdom_role_change_template(USER, TEMPLATETYPE)
++allow user_r TEMPLATETYPE_r;
+"""
+
+te_admin_domain_rules="""
+optional_policy(`
-+ APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
++ APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r, { TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+')
+"""
+
+te_roles_rules="""
-+userdom_role_change_template(TEMPLATETYPE, ROLE)
++ROLE_role_change(TEMPLATETYPE_r)
++"""
++
++te_sudo_rules="""
++optional_policy(`
++ sudo_role_template(TEMPLATETYPE, TEMPLATETYPE_r, TEMPLATETYPE_t)
++')
+"""
+
+te_newrole_rules="""
-+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
++seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r, { TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache.py policycoreutils-2.0.82/gui/templates/var_cache.py
--- nsapolicycoreutils/gui/templates/var_cache.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/var_cache.py 2010-06-07 16:46:31.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/var_cache.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,133 @@
+# Copyright (C) 2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13156,7 +13206,7 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.82/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/var_lib.py 2010-05-26 09:29:58.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/var_lib.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,161 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13321,7 +13371,7 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.82/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/var_log.py 2010-05-26 09:32:01.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/var_log.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,116 @@
+# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13441,7 +13491,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.82/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/var_run.py 2010-05-26 09:28:54.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/var_run.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,101 @@
+# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -13546,7 +13596,7 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.82/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.82/gui/templates/var_spool.py 2010-06-07 16:46:58.000000000 -0400
++++ policycoreutils-2.0.82/gui/templates/var_spool.py 2010-06-11 17:08:24.000000000 -0400
@@ -0,0 +1,133 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.691
retrieving revision 1.692
diff -u -p -r1.691 -r1.692
--- policycoreutils.spec 8 Jun 2010 19:13:42 -0000 1.691
+++ policycoreutils.spec 15 Jun 2010 17:15:48 -0000 1.692
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.82
-Release: 30%{?dist}
+Release: 31%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -314,6 +314,10 @@ fi
exit 0
%changelog
+* Tue Jun 15 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-31
+- Fix sepolgen code generation
+Resolve: #603001
+
* Tue Jun 8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-30
- Add cgroup support for sandbox
- Previous message: rpms/zeitgeist/F-12 sources,1.2,1.3 zeitgeist.spec,1.1,1.2
- Next message: rpms/policycoreutils/F-13 policycoreutils-gui.patch, 1.106, 1.107 policycoreutils-rhat.patch, 1.505, 1.506 policycoreutils.spec, 1.722, 1.723
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list