rpms/policycoreutils/F-13 policycoreutils-po.patch, 1.59, 1.60 policycoreutils-rhat.patch, 1.477, 1.478 policycoreutils-sepolgen.patch, 1.34, 1.35 policycoreutils.spec, 1.687, 1.688
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Mar 4 21:49:20 UTC 2010
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-13
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11308
Modified Files:
policycoreutils-po.patch policycoreutils-rhat.patch
policycoreutils-sepolgen.patch policycoreutils.spec
Log Message:
* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-5
- Rewrite of sandbox script, add unit test for sandbox
- Update translations
policycoreutils-po.patch:
Makefile | 27
POTFILES | 28
POTFILES.in | 2
af.po | 2499 +++++++++++++++++++++++++---
am.po | 2499 +++++++++++++++++++++++++---
ar.po | 2499 +++++++++++++++++++++++++---
as.po | 3775 +++++++++++++++++++++++++-----------------
be.po | 2499 +++++++++++++++++++++++++---
bg.po | 3670 ++++++++++++++++++++++++-----------------
bn.po | 2499 +++++++++++++++++++++++++---
bn_IN.po | 4080 ++++++++++++++++++++++++++-------------------
bs.po | 2591 ++++++++++++++++++++++++++---
ca.po | 3027 +++++++++++++++++++++++++++++-----
cs.po | 2926 +++++++++++++++++++++++++++-----
cy.po | 2499 +++++++++++++++++++++++++---
da.po | 3206 ++++++++++++++++++++++++++++++------
de.po | 3983 +++++++++++++++++++++++++-------------------
el.po | 2841 ++++++++++++++++++++++++++++---
en_GB.po | 2590 ++++++++++++++++++++++++++---
es.po | 4095 ++++++++++++++++++++++++++--------------------
et.po | 2497 +++++++++++++++++++++++++---
eu_ES.po | 2499 +++++++++++++++++++++++++---
fa.po | 2499 +++++++++++++++++++++++++---
fi.po | 3254 +++++++++++++++++++++++++++++++-----
fr.po | 3923 ++++++++++++++++++++++++++------------------
gl.po | 2497 +++++++++++++++++++++++++---
gu.po | 4160 ++++++++++++++++++++++++++--------------------
he.po | 2499 +++++++++++++++++++++++++---
hi.po | 4175 ++++++++++++++++++++++++++--------------------
hr.po | 3105 +++++++++++++++++++++++-----------
hu.po | 3052 +++++++++++++++++++++++++++++-----
hy.po | 2499 +++++++++++++++++++++++++---
id.po | 2497 +++++++++++++++++++++++++---
is.po | 2499 +++++++++++++++++++++++++---
it.po | 4196 ++++++++++++++++++++++++++---------------------
ja.po | 4183 ++++++++++++++++++++++++++---------------------
ka.po | 2499 +++++++++++++++++++++++++---
kn.po | 4621 ++++++++++++++++++++++++++++++++--------------------
ko.po | 2991 +++++++++++++++++++++++++++------
ku.po | 2499 +++++++++++++++++++++++++---
lo.po | 2499 +++++++++++++++++++++++++---
lt.po | 2499 +++++++++++++++++++++++++---
lv.po | 2499 +++++++++++++++++++++++++---
mai.po | 3527 +++++++++++++++++++++++++++++++++++++++
mk.po | 2593 ++++++++++++++++++++++++++---
ml.po | 4276 +++++++++++++++++++++++++++---------------------
mr.po | 4219 +++++++++++++++++++++++++++--------------------
ms.po | 2574 +++++++++++++++++++++++++---
my.po | 2499 +++++++++++++++++++++++++---
nb.po | 2539 +++++++++++++++++++++++++---
nl.po | 3028 +++++++++++++++++++++++++++-------
nn.po | 2499 +++++++++++++++++++++++++---
no.po | 1272 --------------
nso.po | 2499 +++++++++++++++++++++++++---
or.po | 4031 ++++++++++++++++++++++++++-------------------
pa.po | 4101 ++++++++++++++++++++++++++--------------------
pl.po | 4116 ++++++++++++++++++++++++++--------------------
policycoreutils.pot | 2499 +++++++++++++++++++++++++---
pt.po | 4467 ++++++++++++++++++++++++++++----------------------
pt_BR.po | 4543 +++++++++++++++++++++++++++++----------------------
ro.po | 2499 +++++++++++++++++++++++++---
ru.po | 3508 ++++++++++++++++++++++++++-------------
si.po | 2499 +++++++++++++++++++++++++---
sk.po | 2592 ++++++++++++++++++++++++++---
sl.po | 2499 +++++++++++++++++++++++++---
sq.po | 2499 +++++++++++++++++++++++++---
sr.po | 4211 ++++++++++++++++++++++++++---------------------
sr at latin.po | 4221 +++++++++++++++++++++++++++--------------------
sv.po | 3267 +++++++++++++++++++++++++-----------
ta.po | 3588 ++++++++++++++++++++++++++--------------
te.po | 4060 ++++++++++++++++++++++++++-------------------
th.po | 2499 +++++++++++++++++++++++++---
tr.po | 2499 +++++++++++++++++++++++++---
uk.po | 2592 ++++++++++++++++++++++++++---
ur.po | 2499 +++++++++++++++++++++++++---
vi.po | 2499 +++++++++++++++++++++++++---
zh_CN.po | 3954 +++++++++++++++++++++++++-------------------
zh_TW.po | 4234 ++++++++++++++++++++++++++---------------------
zu.po | 2499 +++++++++++++++++++++++++---
79 files changed, 177772 insertions(+), 58204 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.59 -r 1.60 policycoreutils-po.patchIndex: policycoreutils-po.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-po.patch,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -p -r1.59 -r1.60
--- policycoreutils-po.patch 16 Dec 2009 13:21:49 -0000 1.59
+++ policycoreutils-po.patch 4 Mar 2010 21:49:04 -0000 1.60
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.78/po/af.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.79/po/af.po
--- nsapolicycoreutils/po/af.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/af.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/af.po 2010-02-26 14:14:26.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -3112,9 +3112,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.78/po/am.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.79/po/am.po
--- nsapolicycoreutils/po/am.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/am.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/am.po 2010-02-26 14:14:26.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -6226,9 +6226,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.78/po/ar.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.79/po/ar.po
--- nsapolicycoreutils/po/ar.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ar.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ar.po 2010-02-26 14:14:26.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -9340,9 +9340,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.78/po/as.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.79/po/as.po
--- nsapolicycoreutils/po/as.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/as.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/as.po 2010-02-26 14:14:26.000000000 -0500
@@ -1,23 +1,23 @@
-# translation of as.po to Assamese
+# translation of policycoreutils.HEAD.po to Assamese
@@ -14080,9 +14080,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "MLS/\n"
-#~ "MCS Level"
-#~ msgstr "স্তৰ"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.78/po/be.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.79/po/be.po
--- nsapolicycoreutils/po/be.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/be.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/be.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -17194,9 +17194,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.78/po/bg.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.79/po/bg.po
--- nsapolicycoreutils/po/bg.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bg.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bg.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -21859,9 +21859,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Изисква стойност"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.78/po/bn_IN.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.79/po/bn_IN.po
--- nsapolicycoreutils/po/bn_IN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bn_IN.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bn_IN.po 2010-02-26 14:14:27.000000000 -0500
@@ -9,10 +9,10 @@
msgstr ""
"Project-Id-Version: policycoreutils.HEAD\n"
@@ -26709,9 +26709,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Enforcing\n"
-#~ "Permissive\n"
-#~ "Disabled\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.78/po/bn.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.79/po/bn.po
--- nsapolicycoreutils/po/bn.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bn.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bn.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -29823,9 +29823,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.78/po/bs.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.79/po/bs.po
--- nsapolicycoreutils/po/bs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bs.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bs.po 2010-02-26 14:14:27.000000000 -0500
@@ -4,7 +4,7 @@
msgstr ""
"Project-Id-Version: bs\n"
@@ -33057,9 +33057,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Zahtijeva vrijednost"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.78/po/ca.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.79/po/ca.po
--- nsapolicycoreutils/po/ca.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ca.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ca.po 2010-02-26 14:14:27.000000000 -0500
@@ -5,6 +5,8 @@
#
# Josep Puigdemont Casamajó <josep.puigdemont at gmail.com>, 2006.
@@ -36727,9 +36727,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "Error en les opcions: %s "
+#~ msgid "Sensitvity Level"
+#~ msgstr "Nivell de sensibilitat"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.78/po/cs.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.79/po/cs.po
--- nsapolicycoreutils/po/cs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/cs.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/cs.po 2010-02-26 14:14:27.000000000 -0500
@@ -9,7 +9,7 @@
msgstr ""
"Project-Id-Version: cs\n"
@@ -40451,9 +40451,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "<b>Device number:</b>"
#~ msgstr "<b>Číslo zařízení:</b>"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.78/po/cy.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.79/po/cy.po
--- nsapolicycoreutils/po/cy.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/cy.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/cy.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -43565,9 +43565,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.78/po/da.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.79/po/da.po
--- nsapolicycoreutils/po/da.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/da.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/da.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,24 +1,25 @@
-# translation of da.po to
-# Danish messages for policycoreutils.
@@ -47545,9 +47545,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ "skal du køre \n"
#~ "\n"
#~ "semodule -i %s.pp\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.78/po/de.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.79/po/de.po
--- nsapolicycoreutils/po/de.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/de.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/de.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,28 +1,30 @@
-# translation of policycoreutils.HEAD.de.po to German
+# translation of policycoreutils.HEAD.de.po to
@@ -52652,10 +52652,15 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgid "SELinux user '%s' is required"
-#~ msgstr "SELinux-Benutzer '%s' wird benötigt"
+#~ msgstr "Sensitivitätsstufe"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/el.po policycoreutils-2.0.78/po/el.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/el.po policycoreutils-2.0.79/po/el.po
--- nsapolicycoreutils/po/el.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/el.po 2009-12-16 08:18:26.000000000 -0500
-@@ -8,15 +8,15 @@
++++ policycoreutils-2.0.79/po/el.po 2010-03-04 16:47:33.000000000 -0500
+@@ -4,19 +4,20 @@
+ #
+ # Simos Xenitellis <simos at gnome.org>, 2006.
+ # Dimitris Glezos <dimitris at glezos.com>, 2006.
++# Thalia Papoutsaki <saliyath at gmail.com>, 2010.
+ msgid ""
msgstr ""
"Project-Id-Version: el\n"
"Report-Msgid-Bugs-To: \n"
@@ -52663,8 +52668,8 @@ diff --exclude-from=exclude -N -u -r nsa
-"PO-Revision-Date: 2006-09-18 14:49+0100\n"
-"Last-Translator: Dimitris Glezos <dimitris at glezos.com>\n"
+"POT-Creation-Date: 2009-01-21 17:13-0500\n"
-+"PO-Revision-Date: 2009-10-22 01:32+0200\n"
-+"Last-Translator: nikosCharonitakis <nikosx at gmail.com>\n"
++"PO-Revision-Date: 2010-02-20 23:08+0200\n"
++"Last-Translator: Thalia Papoutsaki <saliyath at gmail.com>\n"
[...2303 lines suppressed...]
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils-2.0.78/po/si.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils-2.0.79/po/si.po
--- nsapolicycoreutils/po/si.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/si.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/si.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -228491,9 +228516,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils-2.0.78/po/sk.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils-2.0.79/po/sk.po
--- nsapolicycoreutils/po/sk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sk.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sk.po 2010-02-26 14:14:27.000000000 -0500
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -231726,9 +231751,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Požaduje hodnotu"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils-2.0.78/po/sl.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils-2.0.79/po/sl.po
--- nsapolicycoreutils/po/sl.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sl.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sl.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -234840,9 +234865,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils-2.0.78/po/sq.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils-2.0.79/po/sq.po
--- nsapolicycoreutils/po/sq.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sq.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sq.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -237954,9 +237979,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycoreutils-2.0.78/po/sr at latin.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycoreutils-2.0.79/po/sr at latin.po
--- nsapolicycoreutils/po/sr at latin.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sr at latin.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sr at latin.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,26 +1,24 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian(Latin) translations for policycoreutils
@@ -242934,9 +242959,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Primoravanje\n"
-#~ "Dopuštanje\n"
-#~ "Isključeno\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils-2.0.78/po/sr.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils-2.0.79/po/sr.po
--- nsapolicycoreutils/po/sr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sr.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sr.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,26 +1,24 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian translations for policycoreutils
@@ -247906,9 +247931,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Приморавање\n"
-#~ "Допуштање\n"
-#~ "Искључено\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils-2.0.78/po/sv.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils-2.0.79/po/sv.po
--- nsapolicycoreutils/po/sv.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sv.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sv.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,16 +1,18 @@
# Swedish messages for policycoreutils.
-# Copyright © 2001-2008 Free Software Foundation, Inc.
@@ -252098,9 +252123,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "Flaggfel: %s "
+#~ msgid "Sensitvity Level"
+#~ msgstr "Känslighetsnivå"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils-2.0.78/po/ta.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils-2.0.79/po/ta.po
--- nsapolicycoreutils/po/ta.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ta.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ta.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,28 +1,23 @@
-# translation of ta.po to Tamil
+# translation of policycoreutils.HEAD.ta.po to Tamil
@@ -256498,9 +256523,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr ""
-#~ "MLS/\n"
-#~ "MCS நிலை"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.78/po/te.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.79/po/te.po
--- nsapolicycoreutils/po/te.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/te.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/te.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,14 +1,14 @@
-# translation of new_policycoreutils.HEAD.te.po to Telugu
+# translation of policycoreutils.HEAD.te.po to Telugu
@@ -261344,9 +261369,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "బలవంతపు\n"
-#~ "అనుమతిగల\n"
-#~ "అచేతనమైన\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.78/po/th.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.79/po/th.po
--- nsapolicycoreutils/po/th.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/th.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/th.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -264458,9 +264483,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.78/po/tr.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.79/po/tr.po
--- nsapolicycoreutils/po/tr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/tr.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/tr.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -267572,9 +267597,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.78/po/uk.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.79/po/uk.po
--- nsapolicycoreutils/po/uk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/uk.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/uk.po 2010-02-26 14:14:27.000000000 -0500
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -270807,9 +270832,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Потрібно вказати значення"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.78/po/ur.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.79/po/ur.po
--- nsapolicycoreutils/po/ur.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ur.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ur.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -273921,9 +273946,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.78/po/vi.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.79/po/vi.po
--- nsapolicycoreutils/po/vi.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/vi.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/vi.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -277035,9 +277060,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.78/po/zh_CN.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.79/po/zh_CN.po
--- nsapolicycoreutils/po/zh_CN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/zh_CN.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/zh_CN.po 2010-02-26 14:14:27.000000000 -0500
@@ -3,13 +3,13 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER, 2006.
#
@@ -281768,9 +281793,9 @@ diff --exclude-from=exclude -N -u -r nsa
-
-#~ msgid "SELinux user '%s' is required"
-#~ msgstr "SELinux 用户 '%s' 是必需的"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.78/po/zh_TW.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.79/po/zh_TW.po
--- nsapolicycoreutils/po/zh_TW.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/zh_TW.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/zh_TW.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,19 +1,19 @@
-# translation of policycoreutils.HEAD.po to Traditional Chinese
+# translation of policycoreutils.HEAD.po to
@@ -286764,9 +286789,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr ""
-#~ "tcp\n"
-#~ "udp"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.78/po/zu.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.79/po/zu.po
--- nsapolicycoreutils/po/zu.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/zu.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/zu.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 66 +-
audit2allow/audit2allow.1 | 7
newrole/newrole.c | 3
restorecond/Makefile | 24 -
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 ++++++++++
restorecond/watch.c | 260 ++++++++++
sandbox/Makefile | 41 +
sandbox/deliverables/README | 32 +
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 ++
sandbox/deliverables/sandbox | 216 +++++++++
sandbox/sandbox | 415 +++++++++++++++++
sandbox/sandbox.8 | 50 ++
sandbox/sandbox.config | 2
sandbox/sandbox.init | 67 ++
sandbox/sandboxX.sh | 15
sandbox/seunshare.c | 265 +++++++++++
sandbox/test_sandbox.py | 98 ++++
scripts/fixfiles | 44 -
semanage/default_encoding/Makefile | 8
semanage/default_encoding/default_encoding.c | 59 ++
semanage/default_encoding/policycoreutils/__init__.py | 17
semanage/default_encoding/setup.py | 38 +
semanage/semanage | 127 ++++-
semanage/semanage.8 | 128 ++++-
semanage/seobject.py | 406 +++++++++++++----
semodule/semodule.8 | 6
semodule/semodule.c | 53 +-
setfiles/restore.c | 101 ++++
setfiles/restore.h | 4
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 78 ---
42 files changed, 2769 insertions(+), 650 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-rhat.patch,v
retrieving revision 1.477
retrieving revision 1.478
diff -u -p -r1.477 -r1.478
--- policycoreutils-rhat.patch 26 Feb 2010 21:17:08 -0000 1.477
+++ policycoreutils-rhat.patch 4 Mar 2010 21:49:17 -0000 1.478
@@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.79/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.79/audit2allow/audit2allow 2010-02-26 14:14:26.000000000 -0500
++++ policycoreutils-2.0.79/audit2allow/audit2allow 2010-03-01 15:27:27.000000000 -0500
@@ -28,6 +28,7 @@
import sepolgen.defaults as defaults
import sepolgen.module as module
@@ -56,6 +56,20 @@ diff --exclude-from=exclude --exclude=se
else:
# This is the default if no input is specified
f = sys.stdin
+@@ -153,11 +165,11 @@
+ def __process_input(self):
+ if self.__options.type:
+ avcfilter = audit.AVCTypeFilter(self.__options.type)
+- self.__avs = self.__parser.to_access(avcfilter)
++ self.__avs = self.__parser.to_access(avcfilter, dontaudit=self.__options.dontaudit)
+ csfilter = audit.ComputeSidTypeFilter(self.__options.type)
+ self.__role_types = self.__parser.to_role(csfilter)
+ else:
+- self.__avs = self.__parser.to_access()
++ self.__avs = self.__parser.to_access(dontaudit=self.__options.dontaudit)
+ self.__role_types = self.__parser.to_role()
+
+ def __load_interface_info(self):
@@ -220,63 +232,44 @@
def __output_audit2why(self):
@@ -132,15 +146,6 @@ diff --exclude-from=exclude --exclude=se
print "\t\tMissing role allow rule.\n"
print "\t\tAdd an allow rule for the role pair.\n"
continue
-@@ -314,7 +307,7 @@
- g.set_gen_requires(True)
-
- # Generate the policy
-- g.add_access(self.__avs)
-+ g.add_access(self.__avs, self.__options.dontaudit)
- g.add_role_types(self.__role_types)
-
- # Output
@@ -344,5 +337,6 @@
sys.exit(0)
@@ -1704,8 +1709,8 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.79/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/Makefile 2010-02-26 14:14:26.000000000 -0500
-@@ -0,0 +1,38 @@
++++ policycoreutils-2.0.79/sandbox/Makefile 2010-03-04 16:40:24.000000000 -0500
+@@ -0,0 +1,41 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
@@ -1737,6 +1742,9 @@ diff --exclude-from=exclude --exclude=se
+ -mkdir -p $(SYSCONFDIR)
+ install -m 644 sandbox.config $(SYSCONFDIR)/sandbox
+
++test:
++ @python test_sandbox.py -v
++
+clean:
+ -rm -f seunshare *.o *~
+
@@ -1746,13 +1754,13 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.79/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandbox 2010-02-26 14:14:26.000000000 -0500
-@@ -0,0 +1,377 @@
++++ policycoreutils-2.0.79/sandbox/sandbox 2010-03-04 16:39:22.000000000 -0500
+@@ -0,0 +1,415 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh at redhat.com>
+# Authors: Josh Cogliati
+#
-+# Copyright (C) 2009 Red Hat
++# Copyright (C) 2009,2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
@@ -1769,13 +1777,14 @@ diff --exclude-from=exclude --exclude=se
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
-+import os, sys, getopt, socket, random, fcntl, shutil, re, subprocess
++import os, sys, socket, random, fcntl, shutil, re, subprocess
+import selinux
+import signal
+from tempfile import mkdtemp
+import pwd
+
+PROGNAME = "policycoreutils"
++HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -1790,7 +1799,6 @@ diff --exclude-from=exclude --exclude=se
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
-+
+DEFAULT_TYPE = "sandbox_t"
+DEFAULT_X_TYPE = "sandbox_x_t"
+X_FILES = {}
@@ -1813,44 +1821,6 @@ diff --exclude-from=exclude --exclude=se
+ sys.stderr.flush()
+ sys.exit(1)
+
-+def reserve(level):
-+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-+ sock.bind("\0%s" % level)
-+ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
-+
-+def gen_mcs():
-+ while True:
-+ i1 = random.randrange(0, 1024)
-+ i2 = random.randrange(0, 1024)
-+ if i1 == i2:
-+ continue
-+ if i1 > i2:
-+ tmp = i1
-+ i1 = i2
-+ i2 = tmp
-+ level = "s0:c%d,c%d" % (i1, i2)
-+ level = "s0:c%d,c%d" % (i1, i2)
-+ try:
-+ reserve(level)
-+ except socket.error:
-+ continue
-+ break
-+ return level
-+
-+def gen_context(setype, level=None):
-+ if not level:
-+ level = gen_mcs()
-+
-+ con = selinux.getcon()[1].split(":")
-+
-+ execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, level)
-+
-+ filecon = "%s:%s:%s:%s" % (con[0],
-+ "object_r",
-+ "%s_file_t" % setype[:-2],
-+ level)
-+ return execcon, filecon
-+
+def copyfile(file, dir, dest):
+ import re
+ if file.startswith(dir):
@@ -1860,7 +1830,8 @@ diff --exclude-from=exclude --exclude=se
+ dest = dest + "/" + bname
+ else:
+ newdir = re.sub(dir, dest, dname)
-+ os.makedirs(newdir)
++ if not os.path.exists(newdir):
++ os.makedirs(newdir)
+ dest = newdir + "/" + bname
+
+ if os.path.isdir(file):
@@ -1869,12 +1840,6 @@ diff --exclude-from=exclude --exclude=se
+ shutil.copy2(file, dest)
+ X_FILES[file] = (dest, os.path.getmtime(dest))
+
-+def copyfiles(newhomedir, newtmpdir, files):
-+ homedir=pwd.getpwuid(os.getuid()).pw_dir
-+ for f in files:
-+ copyfile(f,homedir, newhomedir)
-+ copyfile(f,"/tmp", newtmpdir)
-+
+def savefile(new, orig, X_ind):
+ copy = False
+ if(X_ind):
@@ -1896,10 +1861,124 @@ diff --exclude-from=exclude --exclude=se
+ if(copy):
+ shutil.copy2(new,orig)
+
-+def setup_executable(execfile, command):
-+ fd = open(execfile, "w+")
-+ fd.write("""
-+#! /bin/sh
++def reserve(level):
++ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
++ sock.bind("\0%s" % level)
++ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
++
++def gen_mcs():
++ while True:
++ i1 = random.randrange(0, 1024)
++ i2 = random.randrange(0, 1024)
++ if i1 == i2:
++ continue
++ if i1 > i2:
++ tmp = i1
++ i1 = i2
++ i2 = tmp
++ level = "s0:c%d,c%d" % (i1, i2)
++ level = "s0:c%d,c%d" % (i1, i2)
++ try:
++ reserve(level)
++ except socket.error:
++ continue
++ break
++ return level
++
++def fullpath(cmd):
++ for i in [ "/", "./", "../" ]:
++ if cmd.startswith(i):
++ return cmd
++ for i in os.environ["PATH"].split(':'):
++ f = "%s/%s" % (i, cmd)
++ if os.access(f, os.X_OK):
++ return f
++ return cmd
++
++class Sandbox:
++ VERSION = "sandbox .1"
++ SYSLOG = "/var/log/messages"
++
++ def __init__(self):
++ self.__options = None
++ self.__cmds = None
++ self.__init_files = []
++ self.__paths = []
++ self.__mount = False
++ self.__level = None
++ self.__homedir = None
++ self.__tmpdir = None
++
++ def __validate_mount(self):
++ if self.__options.level:
++ if not self.__options.homedir or not self.__options.tmpdir:
++ self.usage(_("Homedir and tempdir required for level mounts"))
++
++ if not os.path.exists("/usr/sbin/seunshare"):
++ raise ValueError("""
++/usr/sbin/seunshare required for sandbox -M, to install you need to execute
++#yum install /usr/sbin/seunshare
++""")
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++ fd = open("/proc/self/mountinfo", "r")
++ recs = fd.readlines()
++ fd.close()
++ for i in recs:
++ x = i.split()
++ if x[3] == x[4] and homedir.startswith(x[3]+"/"):
++ return
++ raise ValueError(_("""
++'%s' is required to be a shared mount point for this tool to run.
++'%s' can be added to the HOMEDIR variable in /etc/sysconfig/sandbox
++ along with a reboot will fix the problem.
++""" % ((os.path.dirname(homedir)), os.path.dirname(homedir))))
++
++ def __mount_callback(self, option, opt, value, parser):
++ self.__mount = True
++
++ def __x_callback(self, option, opt, value, parser):
++ self.__mount = True
++ setattr(parser.values, option.dest, True)
++
++ def __validdir(self, option, opt, value, parser):
++ if not os.path.isdir(value):
++ raise IOError("Directory "+value+" not found")
++ self.__mount = True
++
++ def __include(self, option, opt, value, parser):
++ rp = os.path.realpath(os.path.expanduser(value))
++ if not os.path.exists(rp):
++ raise IOError(value+" not found")
++
++ if rp not in self.__init_files:
++ self.__init_files.append(rp)
++
++ def __includefile(self, option, opt, value, parser):
++ fd = open(value, "r")
++ for i in fd.readlines():
++ rp = os.path.realpath(os.path.expanduser(i[:-1]))
++ if rp not in self.__init_files and os.path.exists(rp):
++ self.__init_files.append(rp)
++ fd.close()
++
++ def __copyfiles(self):
++ files = self.__init_files + self.__paths
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++ for f in files:
++ copyfile(f, homedir, self.__homedir)
++ copyfile(f, "/tmp", self.__tmpdir)
++
++ def __setup_sandboxrc(self):
++ execfile =self.__homedir + "/.sandboxrc"
++ fd = open(execfile, "w+")
++ if self.__options.session:
++ fd.write("""#!/bin/sh
++#TITLE: /etc/gdm/Xsession
++/etc/gdm/Xsession
++""")
++ else:
++ command = " ".join(self.__paths)
++ fd.write("""#! /bin/sh
+#TITLE: %s
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+/usr/bin/matchbox-window-manager -use_titlebar no &
@@ -1907,212 +1986,179 @@ diff --exclude-from=exclude --exclude=se
+%s
+kill -TERM $WM_PID 2> /dev/null
+""" % (command, command))
-+ fd.close()
-+ os.chmod(execfile, 0700)
-+
-+def setup_session(execfile, command="/etc/gdm/Xsession"):
-+ fd = open(execfile, "w+")
-+ fd.write("""
-+#!/bin/sh
-+#TITLE: %s
-+%s
-+""" % (command, command))
-+ fd.close()
-+ os.chmod(execfile, 0700)
++ fd.close()
++ os.chmod(execfile, 0700)
+
-+def validate_home():
-+ homedir=pwd.getpwuid(os.getuid()).pw_dir
-+ fd = open("/proc/self/mountinfo", "r")
-+ recs = fd.readlines()
-+ fd.close()
-+ for i in recs:
-+ x = i.split()
-+ if x[3] == x[4] and homedir.startswith(x[3]+"/"):
-+ return
-+ raise ValueError(_("""
-+'%s' is required to be a shared mount point for this tool to run.
-+'%s' can be added to the HOMEDIR variable in /etc/sysconfig/sandbox
-+ along with a reboot will fix the problem.
-+""" % ((os.path.dirname(homedir)), os.path.dirname(homedir))))
++ def usage(self, message = ""):
++ error_exit("%s\n%s" % (self.__parser.usage, message))
+
-+if __name__ == '__main__':
-+ setup_sighandlers()
-+ if selinux.is_selinux_enabled() != 1:
-+ error_exit("Requires an SELinux enabled system")
-+
-+ init_files = []
-+
-+ def usage(message = ""):
-+ text = _("""
++ def __parse_options(self):
++ from optparse import OptionParser
++ usage = _("""
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
++
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] -S
+""")
-+ error_exit("%s\n%s" % (message, text))
++
++ parser = OptionParser(version=self.VERSION, usage=usage)
++ parser.disable_interspersed_args()
++ parser.add_option("-i", "--include",
++ action="callback", callback=self.__include,
++ type="string",
++ help="include file in sandbox")
++ parser.add_option("-I", "--includefile", action="callback", callback=self.__includefile,
++ type="string",
++ help="include contents of file in sandbox")
++ parser.add_option("-t", "--type", dest="setype", action="store", default=DEFAULT_TYPE,
++ help="Run sandbox with SELinux type")
++ parser.add_option("-M", "--mount",
++ action="callback", callback=self.__mount_callback,
++ help="Mount new home and tmp Dir")
++
++ parser.add_option("-S", "--session", action="store_true", dest="session",
++ default=False, help="Run complete desktop session within sandbox")
++ parser.add_option("-X", dest="X_ind",
++ action="callback", callback=self.__x_callback,
++ default=False, help="Run X sandbox")
++
++ parser.add_option("-H", "--homedir",
++ action="callback", callback=self.__validdir,
++ type="string",
++ dest="homedir",
++ help="Alternate homedir to use for mounting")
++
++ parser.add_option("-T", "--tmpdir", dest="tmpdir",
++ type="string",
++ action="callback", callback=self.__validdir,
++ help="Alternate tempdir to use for mounting")
++
++ parser.add_option("-l", "--level", dest="level",
++ help="MCS/MLS Level for the sandbox")
++
++ self.__parser=parser
++
++ self.__options, cmds = parser.parse_args()
++
++ if self.__options.X_ind:
++ if DEFAULT_TYPE == self.__options.setype:
++ self.__options.setype = DEFAULT_X_TYPE
++
++ if self.__mount:
++ self.__validate_mount()
++
++ if self.__options.session:
++ if self.__options.setype in (DEFAULT_TYPE, DEFAULT_X_TYPE):
++ self.__options.setype = selinux.getcon()[1].split(":")[2]
++ if not self.__options.homedir or not self.__options.tmpdir:
++ self.usage(_("Homedir and tempdir required for session"))
++ if len(cmds) > 0:
++ self.usage(_("Commands not allowed in a session"))
++ else:
++ if len(cmds) == 0:
++ self.usage(_("Command required"))
++ cmds[0] = fullpath(cmds[0])
++ self.__cmds = cmds
++
++ for f in cmds:
++ rp = os.path.realpath(f)
++ if os.path.exists(rp):
++ self.__paths.append(rp)
++ else:
++ self.__paths.append(f)
++
++ def __gen_context(self):
++ if self.__options.level:
++ level = self.__options.level
++ else:
++ level = gen_mcs()
++
++ con = selinux.getcon()[1].split(":")
++ self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.__options.setype, level)
++ self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r",
++ "%s_file_t" % self.__options.setype[:-2],
++ level)
++ def __setup_dir(self):
++ if self.__options.level or self.__options.session:
++ return
++ sandboxdir = HOMEDIR + "/.sandbox"
++ if not os.path.exists(sandboxdir):
++ os.mkdir(sandboxdir)
++
++ import warnings
++ warnings.simplefilter("ignore")
++ if self.__options.homedir:
++ chcon = ("/usr/bin/chcon -R %s %s" % (self.__filecon, self.__options.homedir)).split()
++ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ self.__homedir = self.__options.homedir
++ else:
++ selinux.setfscreatecon(self.__filecon)
++ self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
++
++ if self.__options.tmpdir:
++ chcon = ("/usr/bin/chcon -R %s %s" % (self.__filecon, self.__options.tmpdir)).split()
++ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ self.__tmpdir = self.__options.homedir
++ else:
++ selinux.setfscreatecon(self.__filecon)
++ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
++ warnings.resetwarnings()
++ selinux.setfscreatecon(None)
++ self.__copyfiles()
+
-+ setype = DEFAULT_TYPE
-+ X_ind = False
-+ home_and_temp = False
-+ level=None
-+ newhomedir = None
-+ newtmpdir = None
-+ existing_home = False
-+ existing_temp = False
-+ session = False
-+ try:
-+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:hSt:XI:MH:T:",
-+ ["help",
-+ "include=",
-+ "includefile=",
-+ "type=",
-+ "mount",
-+ "homedir=",
-+ "tmpdir=",
-+ "session",
-+ "level="
-+ ])
-+ for o, a in gopts:
-+ if o == "-t" or o == "--type":
-+ setype = a
++ def __execute(self):
++ try:
++ if self.__options.X_ind:
++ xmodmapfile = self.__homedir + "/.xmodmap"
++ xd = open(xmodmapfile,"w")
++ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
++ xd.close()
+
-+ if o == "-l" or o == "--level":
-+ level = a
-+
-+ if o == "-i" or o == "--include":
-+ rp = os.path.realpath(a)
-+ if rp not in init_files:
-+ init_files.append(rp)
++ self.__setup_sandboxrc()
+
-+ if o == "-I" or o == "--includefile":
-+ fd = open(a, "r")
-+ for i in fd.read().split("\n"):
-+ if os.path.exists(i):
-+ rp = os.path.realpath(i)
-+ if rp not in init_files:
-+ init_files.append(rp)
-+
-+ fd.close
-+
-+ if o == "-X":
-+ if DEFAULT_TYPE == setype:
-+ setype = DEFAULT_X_TYPE
-+ X_ind = True
-+ home_and_temp = True
-+ if o == "-M" or o == "--mount":
-+ home_and_temp = True
-+
-+ if o == "-H" or o == "--homedir":
-+ existing_home = True
-+ newhomedir = a
-+ if o == "-T" or o == "--tmpdir":
-+ existing_temp = True
-+ newtmpdir = a
-+ if o == "-h" or o == "--help":
-+ usage(_("Usage"));
-+
-+ if o == "-S" or o == "--session":
-+ session = True
-+ homedir=pwd.getpwuid(os.getuid()).pw_dir
-+ if setype in (DEFAULT_TYPE, DEFAULT_X_TYPE):
-+ setype = selinux.getcon()[1].split(":")[2]
-+
-+ if len(cmds) == 0 and not session:
-+ usage(_("Command required"))
++ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (self.__tmpdir, self.__homedir, self.__execcon)).split()
++ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ return rc
+
-+ if (existing_home or existing_temp) and not home_and_temp:
-+ usage(_("-M required when specifying home directory or temp directory"))
-+ execcon, filecon = gen_context(setype, level)
-+ rc = -1
++ if self.__mount:
++ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s " % (self.__tmpdir, self.__homedir, self.__execcon)).split()+self.__paths
++ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ return rc
+
-+ if not session and cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
-+ for i in os.environ["PATH"].split(':'):
-+ f = "%s/%s" % (i, cmds[0])
-+ if os.access(f, os.X_OK):
-+ cmds[0] = f
-+ break
++ selinux.setexeccon(self.__execcon)
++ rc = os.spawnvp(os.P_WAIT, self.__cmds[0], self.__cmds)
++ selinux.setexeccon(None)
++ return rc
+
-+ try:
-+ if home_and_temp:
-+ validate_home()
-+
-+ if not os.path.exists("/usr/sbin/seunshare"):
-+ raise ValueError("""/usr/sbin/seunshare required for sandbox -M, to install you need to execute
-+#yum install /usr/sbin/seunshare""")
-+ import warnings
-+ warnings.simplefilter("ignore")
-+ if existing_home:
-+ if not os.path.isdir(newhomedir):
-+ raise IOError("Home directory "+newhomedir+" not found")
-+ if not level and not session:
-+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newhomedir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
-+ else:
-+ newhomedir = mkdtemp(dir=".", prefix=".sandbox")
-+ if session:
-+ chcon = ("/usr/bin/chcon --reference %s %s" %( homedir, (newhomedir))).split()
-+ else:
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ finally:
++ for i in self.__paths:
++ if i not in X_FILES:
++ continue
++ (dest, mtime) = X_FILES[i]
++ if os.path.getmtime(dest) > mtime:
++ savefile(dest, i, X_ind)
++
++ if self.__homedir and not self.__options.homedir:
++ shutil.rmtree(self.__homedir)
++ if self.__tmpdir and not self.__options.tmpdir:
++ shutil.rmtree(self.__tmpdir)
++ def main(self):
++ try:
++ self.__parse_options()
++ self.__gen_context()
++ self.__setup_dir()
++ return self.__execute()
++ except KeyboardInterrupt:
++ sys.exit(0)
+
-+ if existing_temp:
-+ if not os.path.isdir(newtmpdir):
-+ raise IOError("Temp directory "+newtmpdir+" not found")
-+ if not level and not session:
-+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
-+ else:
-+ newtmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
-+ if session:
-+ chcon = ("/usr/bin/chcon --reference /tmp %s" % (newtmpdir)).split()
-+ else:
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
+
-+ warnings.resetwarnings()
-+ paths = []
-+ for i in cmds:
-+ f = os.path.realpath(i)
-+ if os.path.exists(f):
-+ paths.append(f)
-+ else:
-+ paths.append(i)
-+
-+ copyfiles(newhomedir, newtmpdir, init_files + paths)
-+ if X_ind:
-+ xmodmapfile = newhomedir + "/.xmodmap"
-+ xd = open(xmodmapfile,"w")
-+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
-+ xd.close()
-+
-+ execfile = newhomedir + "/.sandboxrc"
-+ if session:
-+ setup_session(execfile)
-+ else:
-+ setup_executable(execfile, " ".join(paths))
-+
-+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
-+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+ else:
-+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s " % (newtmpdir, newhomedir, execcon)).split()+cmds
-+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+ for i in paths:
-+ if i not in X_FILES:
-+ continue
-+ (dest, mtime) = X_FILES[i]
-+ if os.path.getmtime(dest) > mtime:
-+ savefile(dest, i, X_ind)
-+ else:
-+ selinux.setexeccon(execcon)
-+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+ selinux.setexeccon(None)
-+ finally:
-+ if home_and_temp:
-+ if newhomedir and not existing_home:
-+ shutil.rmtree(newhomedir)
-+ if newtmpdir and not existing_temp:
-+ shutil.rmtree(newtmpdir)
-+
-+ except getopt.GetoptError, error:
-+ usage(_("Options Error %s ") % error.msg)
++if __name__ == '__main__':
++ setup_sighandlers()
++ if selinux.is_selinux_enabled() != 1:
++ error_exit("Requires an SELinux enabled system")
++
++ try:
++ sandbox = Sandbox()
++ rc = sandbox.main()
+ except OSError, error:
+ error_exit(error.args[1])
+ except ValueError, error:
@@ -2120,7 +2166,7 @@ diff --exclude-from=exclude --exclude=se
+ except KeyError, error:
+ error_exit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
-+ error_exit(error.message)
++ error_exit(error)
+ except KeyboardInterrupt:
+ rc = 0
+
@@ -2258,10 +2304,11 @@ diff --exclude-from=exclude --exclude=se
+esac
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.79/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandboxX.sh 2010-02-26 14:14:26.000000000 -0500
-@@ -0,0 +1,14 @@
++++ policycoreutils-2.0.79/sandbox/sandboxX.sh 2010-03-04 16:44:32.000000000 -0500
+@@ -0,0 +1,15 @@
+#!/bin/bash
-+export TITLE="Sandbox: `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` Running as `secon -t -l -P`"
++context=`id -Z | secon -t -l -P`
++export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
+export SCREENSIZE="1000x700"
+#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+trap "exit 0" HUP
@@ -2543,6 +2590,108 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.79/sandbox/test_sandbox.py
+--- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/test_sandbox.py 2010-03-04 16:22:56.000000000 -0500
+@@ -0,0 +1,98 @@
++import unittest, os, shutil
++from tempfile import mkdtemp
++from subprocess import Popen, PIPE
++
++class SandboxTests(unittest.TestCase):
++ def assertDenied(self, err):
++ self.assert_('Permission denied' in err,
++ '"Permission denied" not found in %r' % err)
++ def assertNotFound(self, err):
++ self.assert_('not found' in err,
++ '"not found" not found in %r' % err)
++
++ def assertFailure(self, status):
++ self.assert_(status != 0,
++ '"Succeeded when it should have failed')
++
++ def assertSuccess(self, status, err):
++ self.assert_(status == 0,
++ '"Sandbox should have succeeded for this test %r' % err)
++
++ def test_simple_success(self):
++ "Verify that we can read file descriptors handed to sandbox"
++ p1 = Popen(['cat', '/etc/passwd'], stdout = PIPE)
++ p2 = Popen(['sandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE)
++ out, err = p2.communicate()
++ self.assert_('root' in out)
++
++ def test_cant_kill(self):
++ "Verify that we cannot send kill signal in the sandbox"
++ pid = os.getpid()
++ p = Popen(['sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertDenied(err)
++
++ def test_cant_ping(self):
++ "Verify that we can't ping within the sandbox"
++ p = Popen(['sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertDenied(err)
++
++ def test_cant_mkdir(self):
++ "Verify that we can't mkdir within the sandbox"
++ p = Popen(['sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertFailure(p.returncode)
++
++ def test_cant_list_homedir(self):
++ "Verify that we can't list homedir within the sandbox"
++ p = Popen(['sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertFailure(p.returncode)
++
++ def test_cant_send_mail(self):
++ "Verify that we can't send mail within the sandbox"
++ p = Popen(['sandbox', 'mail'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertDenied(err)
++
++ def test_cant_sudo(self):
++ "Verify that we can't run sudo within the sandbox"
++ p = Popen(['sandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertFailure(p.returncode)
++
++ def test_mount(self):
++ "Verify that we mount a file system"
++ p = Popen(['sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertSuccess(p.returncode, err)
++
++ def test_set_level(self):
++ "Verify that we set level a file system"
++ p = Popen(['sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertSuccess(p.returncode, err)
++
++ def test_homedir(self):
++ "Verify that we set homedir a file system"
++ homedir = mkdtemp(dir=".", prefix=".sandbox_test")
++ p = Popen(['sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ shutil.rmtree(homedir)
++ self.assertSuccess(p.returncode, err)
++
++ def test_tmpdir(self):
++ "Verify that we set tmpdir a file system"
++ tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_test")
++ p = Popen(['sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ shutil.rmtree(tmpdir)
++ self.assertSuccess(p.returncode, err)
++
++if __name__ == "__main__":
++ import selinux
++ if selinux.security_getenforce() == 1:
++ unittest.main()
++ else:
++ print "SELinux must be in enforcing mode for this test"
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.79/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
+++ policycoreutils-2.0.79/scripts/fixfiles 2010-02-26 16:12:15.000000000 -0500
policycoreutils-sepolgen.patch:
access.py | 18 ++++++++++----
audit.py | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
policygen.py | 31 +++++++++++++++++++++++-
refpolicy.py | 11 ++++++--
4 files changed, 120 insertions(+), 15 deletions(-)
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-sepolgen.patch,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -p -r1.34 -r1.35
--- policycoreutils-sepolgen.patch 26 Feb 2010 20:01:46 -0000 1.34
+++ policycoreutils-sepolgen.patch 4 Mar 2010 21:49:19 -0000 1.35
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/access.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/access.py
--- nsasepolgen/src/sepolgen/access.py 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/access.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/access.py 2010-03-01 16:43:01.000000000 -0500
@@ -32,6 +32,7 @@
"""
@@ -9,16 +9,18 @@ diff --exclude-from=exclude -N -u -r nsa
def is_idparam(id):
"""Determine if an id is a paramater in the form $N, where N is
-@@ -85,6 +86,8 @@
+@@ -85,6 +86,10 @@
self.obj_class = None
self.perms = refpolicy.IdSet()
self.audit_msgs = []
+ self.type = audit2why.TERULE
+ self.bools = []
++
++ self.dontaudit = False
# The direction of the information flow represented by this
# access vector - used for matching
-@@ -127,7 +130,7 @@
+@@ -127,7 +132,7 @@
return self.to_string()
def to_string(self):
@@ -27,12 +29,12 @@ diff --exclude-from=exclude -N -u -r nsa
self.obj_class, self.perms.to_space_str())
def __cmp__(self, other):
-@@ -253,20 +256,22 @@
+@@ -253,20 +258,23 @@
for av in l:
self.add_av(AccessVector(av))
- def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
-+ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
++ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[], dontaudit=False):
"""Add an access vector to the set.
"""
tgt = self.src.setdefault(src_type, { })
@@ -50,13 +52,14 @@ diff --exclude-from=exclude -N -u -r nsa
- cls[obj_class] = access
+ access.bools = bools
+ access.type = avc_type
++ access.dontaudit = dontaudit
+ cls[obj_class, avc_type] = access
access.perms.update(perms)
if audit_msg:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/audit.py
--- nsasepolgen/src/sepolgen/audit.py 2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py 2010-01-06 09:52:35.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/audit.py 2010-03-01 15:25:21.000000000 -0500
@@ -23,6 +23,27 @@
# Convenience functions
@@ -165,6 +168,15 @@ diff --exclude-from=exclude -N -u -r nsa
self.compute_sid_msgs = []
self.invalid_msgs = []
self.policy_load_msgs = []
+@@ -424,7 +488,7 @@
+
+ return role_types
+
+- def to_access(self, avc_filter=None, only_denials=True):
++ def to_access(self, avc_filter=None, only_denials=True, dontaudit=False):
+ """Convert the audit logs access into a an access vector set.
+
+ Convert the audit logs into an access vector set, optionally
@@ -442,16 +506,17 @@
audit logs parsed by this object.
"""
@@ -177,11 +189,11 @@ diff --exclude-from=exclude -N -u -r nsa
if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
- avc.accesses, avc)
-+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
++ avc.accesses, avc, avc_type=avc.type, bools=avc.bools, dontaudit=dontaudit)
else:
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
- avc.accesses, avc)
-+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
++ avc.accesses, avc, avc_type=avc.type, bools=avc.bools, dontaudit=dontaudit)
return av_set
class AVCTypeFilter:
@@ -191,9 +203,9 @@ diff --exclude-from=exclude -N -u -r nsa
return False
-
-
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/policygen.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/policygen.py
--- nsasepolgen/src/sepolgen/policygen.py 2008-09-12 11:48:15.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/policygen.py 2010-01-08 09:33:54.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/policygen.py 2010-03-01 14:49:37.000000000 -0500
@@ -29,6 +29,8 @@
import access
import interfaces
@@ -212,15 +224,10 @@ diff --exclude-from=exclude -N -u -r nsa
def set_gen_refpol(self, if_set=None, perm_maps=None):
"""Set whether reference policy interfaces are generated.
-@@ -141,15 +143,42 @@
- """Return the generated module"""
- return self.module
-
-- def __add_allow_rules(self, avs):
-+ def __add_allow_rules(self, avs, dontaudit):
+@@ -144,8 +146,35 @@
+ def __add_allow_rules(self, avs):
for av in avs:
-- rule = refpolicy.AVRule(av)
-+ rule = refpolicy.AVRule(av, dontaudit=dontaudit)
+ rule = refpolicy.AVRule(av)
+ rule.comment = ""
if self.explain:
rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
@@ -253,23 +260,9 @@ diff --exclude-from=exclude -N -u -r nsa
self.module.children.append(rule)
-- def add_access(self, av_set):
-+ def add_access(self, av_set, dontaudit=False):
- """Add the access from the access vector set to this
- module.
- """
-@@ -165,7 +194,7 @@
- raw_allow = av_set
-
- # Generate the raw allow rules from the filtered list
-- self.__add_allow_rules(raw_allow)
-+ self.__add_allow_rules(raw_allow, dontaudit)
-
- def add_role_types(self, role_type_set):
- for role_type in role_type_set:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refpolicy.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refpolicy.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refpolicy.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/refpolicy.py
--- nsasepolgen/src/sepolgen/refpolicy.py 2009-10-29 15:21:39.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refpolicy.py 2010-01-08 09:33:37.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/refpolicy.py 2010-03-01 14:50:42.000000000 -0500
@@ -398,6 +398,7 @@
return "attribute %s;" % self.name
@@ -278,22 +271,12 @@ diff --exclude-from=exclude -N -u -r nsa
class AVRule(Leaf):
"""SELinux access vector (AV) rule.
-@@ -420,21 +421,26 @@
- AUDITALLOW = 2
- NEVERALLOW = 3
-
-- def __init__(self, av=None, parent=None):
-+ def __init__(self, av=None, parent=None, dontaudit=False):
- Leaf.__init__(self, parent)
- self.src_types = IdSet()
+@@ -426,15 +427,17 @@
self.tgt_types = IdSet()
self.obj_classes = IdSet()
self.perms = IdSet()
- self.rule_type = self.ALLOW
-+ if dontaudit:
-+ self.rule_type = audit2why.DONTAUDIT
-+ else:
-+ self.rule_type = audit2why.TERULE
++ self.rule_type = audit2why.TERULE
if av:
self.from_av(av)
@@ -309,3 +292,12 @@ diff --exclude-from=exclude -N -u -r nsa
else:
return "auditallow"
+@@ -449,6 +452,8 @@
+ self.tgt_types.add(av.tgt_type)
+ self.obj_classes.add(av.obj_class)
+ self.perms.update(av.perms)
++ if av.dontaudit:
++ self.rule_type = audit2why.DONTAUDIT
+
+ def to_string(self):
+ """Return a string representation of the rule
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils.spec,v
retrieving revision 1.687
retrieving revision 1.688
diff -u -p -r1.687 -r1.688
--- policycoreutils.spec 26 Feb 2010 21:17:09 -0000 1.687
+++ policycoreutils.spec 4 Mar 2010 21:49:19 -0000 1.688
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.79
-Release: 2%{?dist}
+Release: 5%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -305,6 +305,16 @@ fi
exit 0
%changelog
+* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-5
+- Rewrite of sandbox script, add unit test for sandbox
+- Update translations
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-4
+- Fix patch for dontaudit rules from audit2allow for upstream acceptance
+
+* Fri Feb 26 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-3
+- Fixes for fixfiles
+
* Wed Feb 17 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-2
- Fix sandbox to complain if mount-shared has not been run
- Fix to use /etc/sysconfig/sandbox
More information about the scm-commits
mailing list