rpms/policycoreutils/F-12 policycoreutils-po.patch, 1.59, 1.60 policycoreutils-rhat.patch, 1.465, 1.466 policycoreutils-sepolgen.patch, 1.31, 1.32 policycoreutils.spec, 1.676, 1.677 sources, 1.214, 1.215
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Mar 11 16:20:00 UTC 2010
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28533
Modified Files:
policycoreutils-po.patch policycoreutils-rhat.patch
policycoreutils-sepolgen.patch policycoreutils.spec sources
Log Message:
* Mon Mar 8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.80-1
- Update to upstream
* Module enable/disable support from Dan Walsh.
policycoreutils-po.patch:
Makefile | 27
POTFILES | 28
POTFILES.in | 2
af.po | 2499 +++++++++++++++++++++++++---
am.po | 2499 +++++++++++++++++++++++++---
ar.po | 2499 +++++++++++++++++++++++++---
as.po | 3775 +++++++++++++++++++++++++-----------------
be.po | 2499 +++++++++++++++++++++++++---
bg.po | 3670 ++++++++++++++++++++++++-----------------
bn.po | 2499 +++++++++++++++++++++++++---
bn_IN.po | 4080 ++++++++++++++++++++++++++-------------------
bs.po | 2591 ++++++++++++++++++++++++++---
ca.po | 3027 +++++++++++++++++++++++++++++-----
cs.po | 2926 +++++++++++++++++++++++++++-----
cy.po | 2499 +++++++++++++++++++++++++---
da.po | 3206 ++++++++++++++++++++++++++++++------
de.po | 3983 +++++++++++++++++++++++++-------------------
el.po | 2841 ++++++++++++++++++++++++++++---
en_GB.po | 2590 ++++++++++++++++++++++++++---
es.po | 4095 ++++++++++++++++++++++++++--------------------
et.po | 2497 +++++++++++++++++++++++++---
eu_ES.po | 2499 +++++++++++++++++++++++++---
fa.po | 2499 +++++++++++++++++++++++++---
fi.po | 3254 +++++++++++++++++++++++++++++++-----
fr.po | 3923 ++++++++++++++++++++++++++------------------
gl.po | 2497 +++++++++++++++++++++++++---
gu.po | 4160 ++++++++++++++++++++++++++--------------------
he.po | 2499 +++++++++++++++++++++++++---
hi.po | 4175 ++++++++++++++++++++++++++--------------------
hr.po | 3105 +++++++++++++++++++++++-----------
hu.po | 3052 +++++++++++++++++++++++++++++-----
hy.po | 2499 +++++++++++++++++++++++++---
id.po | 2497 +++++++++++++++++++++++++---
is.po | 2499 +++++++++++++++++++++++++---
it.po | 4196 ++++++++++++++++++++++++++---------------------
ja.po | 4183 ++++++++++++++++++++++++++---------------------
ka.po | 2499 +++++++++++++++++++++++++---
kn.po | 4621 ++++++++++++++++++++++++++++++++--------------------
ko.po | 2991 +++++++++++++++++++++++++++------
ku.po | 2499 +++++++++++++++++++++++++---
lo.po | 2499 +++++++++++++++++++++++++---
lt.po | 2499 +++++++++++++++++++++++++---
lv.po | 2499 +++++++++++++++++++++++++---
mai.po | 3527 +++++++++++++++++++++++++++++++++++++++
mk.po | 2593 ++++++++++++++++++++++++++---
ml.po | 4276 +++++++++++++++++++++++++++---------------------
mr.po | 4219 +++++++++++++++++++++++++++--------------------
ms.po | 2574 +++++++++++++++++++++++++---
my.po | 2499 +++++++++++++++++++++++++---
nb.po | 2539 +++++++++++++++++++++++++---
nl.po | 3028 +++++++++++++++++++++++++++-------
nn.po | 2499 +++++++++++++++++++++++++---
no.po | 1272 --------------
nso.po | 2499 +++++++++++++++++++++++++---
or.po | 4031 ++++++++++++++++++++++++++-------------------
pa.po | 4101 ++++++++++++++++++++++++++--------------------
pl.po | 4116 ++++++++++++++++++++++++++--------------------
policycoreutils.pot | 2499 +++++++++++++++++++++++++---
pt.po | 4467 ++++++++++++++++++++++++++++----------------------
pt_BR.po | 4543 +++++++++++++++++++++++++++++----------------------
ro.po | 2499 +++++++++++++++++++++++++---
ru.po | 3508 ++++++++++++++++++++++++++-------------
si.po | 2499 +++++++++++++++++++++++++---
sk.po | 2592 ++++++++++++++++++++++++++---
sl.po | 2499 +++++++++++++++++++++++++---
sq.po | 2499 +++++++++++++++++++++++++---
sr.po | 4211 ++++++++++++++++++++++++++---------------------
sr at latin.po | 4221 +++++++++++++++++++++++++++--------------------
sv.po | 3267 +++++++++++++++++++++++++-----------
ta.po | 3588 ++++++++++++++++++++++++++--------------
te.po | 4060 ++++++++++++++++++++++++++-------------------
th.po | 2499 +++++++++++++++++++++++++---
tr.po | 2499 +++++++++++++++++++++++++---
uk.po | 2592 ++++++++++++++++++++++++++---
ur.po | 2499 +++++++++++++++++++++++++---
vi.po | 2499 +++++++++++++++++++++++++---
zh_CN.po | 3954 +++++++++++++++++++++++++-------------------
zh_TW.po | 4234 ++++++++++++++++++++++++++---------------------
zu.po | 2499 +++++++++++++++++++++++++---
79 files changed, 177772 insertions(+), 58204 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.59 -r 1.60 policycoreutils-po.patchIndex: policycoreutils-po.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-po.patch,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -p -r1.59 -r1.60
--- policycoreutils-po.patch 17 Dec 2009 14:39:22 -0000 1.59
+++ policycoreutils-po.patch 11 Mar 2010 16:19:28 -0000 1.60
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.78/po/af.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.79/po/af.po
--- nsapolicycoreutils/po/af.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/af.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/af.po 2010-02-26 14:14:26.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -3112,9 +3112,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.78/po/am.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.79/po/am.po
--- nsapolicycoreutils/po/am.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/am.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/am.po 2010-02-26 14:14:26.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -6226,9 +6226,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.78/po/ar.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.79/po/ar.po
--- nsapolicycoreutils/po/ar.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ar.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ar.po 2010-02-26 14:14:26.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -9340,9 +9340,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.78/po/as.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.79/po/as.po
--- nsapolicycoreutils/po/as.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/as.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/as.po 2010-02-26 14:14:26.000000000 -0500
@@ -1,23 +1,23 @@
-# translation of as.po to Assamese
+# translation of policycoreutils.HEAD.po to Assamese
@@ -14080,9 +14080,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "MLS/\n"
-#~ "MCS Level"
-#~ msgstr "সà§à¦¤à§°"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.78/po/be.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.79/po/be.po
--- nsapolicycoreutils/po/be.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/be.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/be.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -17194,9 +17194,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.78/po/bg.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.79/po/bg.po
--- nsapolicycoreutils/po/bg.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bg.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bg.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -21859,9 +21859,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "ИзиÑква ÑтойноÑÑ‚"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.78/po/bn_IN.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.79/po/bn_IN.po
--- nsapolicycoreutils/po/bn_IN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bn_IN.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bn_IN.po 2010-02-26 14:14:27.000000000 -0500
@@ -9,10 +9,10 @@
msgstr ""
"Project-Id-Version: policycoreutils.HEAD\n"
@@ -26709,9 +26709,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Enforcing\n"
-#~ "Permissive\n"
-#~ "Disabled\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.78/po/bn.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.79/po/bn.po
--- nsapolicycoreutils/po/bn.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bn.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bn.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -29823,9 +29823,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.78/po/bs.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.79/po/bs.po
--- nsapolicycoreutils/po/bs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/bs.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/bs.po 2010-02-26 14:14:27.000000000 -0500
@@ -4,7 +4,7 @@
msgstr ""
"Project-Id-Version: bs\n"
@@ -33057,9 +33057,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Zahtijeva vrijednost"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.78/po/ca.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.79/po/ca.po
--- nsapolicycoreutils/po/ca.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ca.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ca.po 2010-02-26 14:14:27.000000000 -0500
@@ -5,6 +5,8 @@
#
# Josep Puigdemont Casamajó <josep.puigdemont at gmail.com>, 2006.
@@ -36727,9 +36727,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "Error en les opcions: %s "
+#~ msgid "Sensitvity Level"
+#~ msgstr "Nivell de sensibilitat"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.78/po/cs.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.79/po/cs.po
--- nsapolicycoreutils/po/cs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/cs.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/cs.po 2010-02-26 14:14:27.000000000 -0500
@@ -9,7 +9,7 @@
msgstr ""
"Project-Id-Version: cs\n"
@@ -40451,9 +40451,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "<b>Device number:</b>"
#~ msgstr "<b>ÄŒÃslo zaÅ™ÃzenÃ:</b>"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.78/po/cy.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.79/po/cy.po
--- nsapolicycoreutils/po/cy.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/cy.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/cy.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -43565,9 +43565,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.78/po/da.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.79/po/da.po
--- nsapolicycoreutils/po/da.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/da.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/da.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,24 +1,25 @@
-# translation of da.po to
-# Danish messages for policycoreutils.
@@ -47545,9 +47545,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ "skal du køre \n"
#~ "\n"
#~ "semodule -i %s.pp\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.78/po/de.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.79/po/de.po
--- nsapolicycoreutils/po/de.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/de.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/de.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,28 +1,30 @@
-# translation of policycoreutils.HEAD.de.po to German
+# translation of policycoreutils.HEAD.de.po to
@@ -52652,10 +52652,15 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgid "SELinux user '%s' is required"
-#~ msgstr "SELinux-Benutzer '%s' wird benötigt"
+#~ msgstr "Sensitivitätsstufe"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/el.po policycoreutils-2.0.78/po/el.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/el.po policycoreutils-2.0.79/po/el.po
--- nsapolicycoreutils/po/el.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/el.po 2009-12-16 08:18:26.000000000 -0500
-@@ -8,15 +8,15 @@
++++ policycoreutils-2.0.79/po/el.po 2010-03-04 16:47:33.000000000 -0500
+@@ -4,19 +4,20 @@
+ #
+ # Simos Xenitellis <simos at gnome.org>, 2006.
+ # Dimitris Glezos <dimitris at glezos.com>, 2006.
++# Thalia Papoutsaki <saliyath at gmail.com>, 2010.
+ msgid ""
msgstr ""
"Project-Id-Version: el\n"
"Report-Msgid-Bugs-To: \n"
@@ -52663,8 +52668,8 @@ diff --exclude-from=exclude -N -u -r nsa
-"PO-Revision-Date: 2006-09-18 14:49+0100\n"
-"Last-Translator: Dimitris Glezos <dimitris at glezos.com>\n"
+"POT-Creation-Date: 2009-01-21 17:13-0500\n"
-+"PO-Revision-Date: 2009-10-22 01:32+0200\n"
-+"Last-Translator: nikosCharonitakis <nikosx at gmail.com>\n"
++"PO-Revision-Date: 2010-02-20 23:08+0200\n"
++"Last-Translator: Thalia Papoutsaki <saliyath at gmail.com>\n"
[...2303 lines suppressed...]
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils-2.0.78/po/si.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils-2.0.79/po/si.po
--- nsapolicycoreutils/po/si.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/si.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/si.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -228491,9 +228516,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils-2.0.78/po/sk.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils-2.0.79/po/sk.po
--- nsapolicycoreutils/po/sk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sk.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sk.po 2010-02-26 14:14:27.000000000 -0500
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -231726,9 +231751,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Požaduje hodnotu"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils-2.0.78/po/sl.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils-2.0.79/po/sl.po
--- nsapolicycoreutils/po/sl.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sl.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sl.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -234840,9 +234865,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils-2.0.78/po/sq.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils-2.0.79/po/sq.po
--- nsapolicycoreutils/po/sq.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sq.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sq.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -237954,9 +237979,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycoreutils-2.0.78/po/sr at latin.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycoreutils-2.0.79/po/sr at latin.po
--- nsapolicycoreutils/po/sr at latin.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sr at latin.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sr at latin.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,26 +1,24 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian(Latin) translations for policycoreutils
@@ -242934,9 +242959,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Primoravanje\n"
-#~ "Dopuštanje\n"
-#~ "IskljuÄeno\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils-2.0.78/po/sr.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils-2.0.79/po/sr.po
--- nsapolicycoreutils/po/sr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sr.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sr.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,26 +1,24 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian translations for policycoreutils
@@ -247906,9 +247931,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Приморавање\n"
-#~ "Допуштање\n"
-#~ "ИÑкључено\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils-2.0.78/po/sv.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils-2.0.79/po/sv.po
--- nsapolicycoreutils/po/sv.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/sv.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/sv.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,16 +1,18 @@
# Swedish messages for policycoreutils.
-# Copyright © 2001-2008 Free Software Foundation, Inc.
@@ -252098,9 +252123,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "Flaggfel: %s "
+#~ msgid "Sensitvity Level"
+#~ msgstr "Känslighetsnivå"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils-2.0.78/po/ta.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils-2.0.79/po/ta.po
--- nsapolicycoreutils/po/ta.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ta.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ta.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,28 +1,23 @@
-# translation of ta.po to Tamil
+# translation of policycoreutils.HEAD.ta.po to Tamil
@@ -256498,9 +256523,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr ""
-#~ "MLS/\n"
-#~ "MCS நிலை"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.78/po/te.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.79/po/te.po
--- nsapolicycoreutils/po/te.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/te.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/te.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,14 +1,14 @@
-# translation of new_policycoreutils.HEAD.te.po to Telugu
+# translation of policycoreutils.HEAD.te.po to Telugu
@@ -261344,9 +261369,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "బలవంతపà±\n"
-#~ "à°…à°¨à±à°®à°¤à°¿à°—à°²\n"
-#~ "అచేతనమైన\n"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.78/po/th.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.79/po/th.po
--- nsapolicycoreutils/po/th.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/th.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/th.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -264458,9 +264483,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.78/po/tr.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.79/po/tr.po
--- nsapolicycoreutils/po/tr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/tr.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/tr.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -267572,9 +267597,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.78/po/uk.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.79/po/uk.po
--- nsapolicycoreutils/po/uk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/uk.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/uk.po 2010-02-26 14:14:27.000000000 -0500
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -270807,9 +270832,9 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgid "Requires value"
#~ msgstr "Потрібно вказати значеннÑ"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.78/po/ur.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.79/po/ur.po
--- nsapolicycoreutils/po/ur.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/ur.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/ur.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -273921,9 +273946,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.78/po/vi.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.79/po/vi.po
--- nsapolicycoreutils/po/vi.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/vi.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/vi.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -277035,9 +277060,9 @@ diff --exclude-from=exclude -N -u -r nsa
+#, python-format
+msgid "SELinux user '%s' is required"
+msgstr ""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.78/po/zh_CN.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.79/po/zh_CN.po
--- nsapolicycoreutils/po/zh_CN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/zh_CN.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/zh_CN.po 2010-02-26 14:14:27.000000000 -0500
@@ -3,13 +3,13 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER, 2006.
#
@@ -281768,9 +281793,9 @@ diff --exclude-from=exclude -N -u -r nsa
-
-#~ msgid "SELinux user '%s' is required"
-#~ msgstr "SELinux 用户 '%s' 是必需的"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.78/po/zh_TW.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.79/po/zh_TW.po
--- nsapolicycoreutils/po/zh_TW.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/zh_TW.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/zh_TW.po 2010-02-26 14:14:27.000000000 -0500
@@ -1,19 +1,19 @@
-# translation of policycoreutils.HEAD.po to Traditional Chinese
+# translation of policycoreutils.HEAD.po to
@@ -286764,9 +286789,9 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr ""
-#~ "tcp\n"
-#~ "udp"
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.78/po/zu.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.79/po/zu.po
--- nsapolicycoreutils/po/zu.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/zu.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/po/zu.po 2010-02-26 14:14:27.000000000 -0500
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 66 +-
audit2allow/audit2allow.1 | 7
newrole/newrole.c | 3
restorecond/Makefile | 24 -
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 5
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 ++++++++++
restorecond/watch.c | 260 ++++++++++
sandbox/Makefile | 41 +
sandbox/deliverables/README | 32 +
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 ++
sandbox/deliverables/sandbox | 216 +++++++++
sandbox/sandbox | 415 +++++++++++++++++
sandbox/sandbox.8 | 50 ++
sandbox/sandbox.config | 2
sandbox/sandbox.init | 67 ++
sandbox/sandboxX.sh | 15
sandbox/seunshare.c | 265 +++++++++++
sandbox/test_sandbox.py | 98 ++++
scripts/fixfiles | 44 -
semanage/default_encoding/Makefile | 8
semanage/default_encoding/default_encoding.c | 59 ++
semanage/default_encoding/policycoreutils/__init__.py | 17
semanage/default_encoding/setup.py | 38 +
semanage/semanage | 127 ++++-
semanage/semanage.8 | 128 ++++-
semanage/seobject.py | 406 +++++++++++++----
setfiles/restore.c | 101 ++++
setfiles/restore.h | 4
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 78 ---
40 files changed, 2717 insertions(+), 643 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-rhat.patch,v
retrieving revision 1.465
retrieving revision 1.466
diff -u -p -r1.465 -r1.466
--- policycoreutils-rhat.patch 22 Feb 2010 19:06:59 -0000 1.465
+++ policycoreutils-rhat.patch 11 Mar 2010 16:19:54 -0000 1.466
@@ -1,6 +1,6 @@
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.79/audit2allow/audit2allow
--- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.79/audit2allow/audit2allow 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/audit2allow/audit2allow 2010-03-01 15:27:27.000000000 -0500
@@ -28,6 +28,7 @@
import sepolgen.defaults as defaults
import sepolgen.module as module
@@ -56,6 +56,20 @@ diff --exclude-from=exclude --exclude=se
else:
# This is the default if no input is specified
f = sys.stdin
+@@ -153,11 +165,11 @@
+ def __process_input(self):
+ if self.__options.type:
+ avcfilter = audit.AVCTypeFilter(self.__options.type)
+- self.__avs = self.__parser.to_access(avcfilter)
++ self.__avs = self.__parser.to_access(avcfilter, dontaudit=self.__options.dontaudit)
+ csfilter = audit.ComputeSidTypeFilter(self.__options.type)
+ self.__role_types = self.__parser.to_role(csfilter)
+ else:
+- self.__avs = self.__parser.to_access()
++ self.__avs = self.__parser.to_access(dontaudit=self.__options.dontaudit)
+ self.__role_types = self.__parser.to_role()
+
+ def __load_interface_info(self):
@@ -220,63 +232,44 @@
def __output_audit2why(self):
@@ -132,15 +146,6 @@ diff --exclude-from=exclude --exclude=se
print "\t\tMissing role allow rule.\n"
print "\t\tAdd an allow rule for the role pair.\n"
continue
-@@ -314,7 +307,7 @@
- g.set_gen_requires(True)
-
- # Generate the policy
-- g.add_access(self.__avs)
-+ g.add_access(self.__avs, self.__options.dontaudit)
- g.add_role_types(self.__role_types)
-
- # Output
@@ -344,5 +337,6 @@
sys.exit(0)
@@ -150,20 +155,33 @@ diff --exclude-from=exclude --exclude=se
app.main()
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.79/audit2allow/audit2allow.1
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.79/audit2allow/audit2allow.1 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/audit2allow/audit2allow.1 2010-02-26 14:14:26.000000000 -0500
+@@ -25,10 +25,10 @@
+ .TH AUDIT2ALLOW "1" "January 2005" "Security Enhanced Linux" NSA
+ .SH NAME
+ .BR audit2allow
+- \- generate SELinux policy allow rules from logs of denied operations
++\- generate SELinux policy allow/dontaudit rules from logs of denied operations
+
+ .BR audit2why
+- \- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
++\- translates SELinux audit messages into a description of why the access was denied (audit2allow -w)
+
+ .SH SYNOPSIS
+ .B audit2allow
@@ -44,6 +44,9 @@
Note that all audit messages are not available via dmesg when
auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
.TP
+.B "\-D" | "\-\-dontaudit"
-+Generate dontaudit rules rather then allow rules
++Generate dontaudit rules (Default: allow)
+.TP
.B "\-h" | "\-\-help"
Print a short usage message
.TP
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.79/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.79/Makefile 2010-02-16 14:03:54.000000000 -0500
++++ policycoreutils-2.0.79/Makefile 2010-02-26 14:14:26.000000000 -0500
@@ -1,4 +1,4 @@
-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po
+SUBDIRS = setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui
@@ -172,19 +190,20 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.79/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2010-02-16 12:33:05.000000000 -0500
-+++ policycoreutils-2.0.79/newrole/newrole.c 2010-02-16 13:46:01.000000000 -0500
-@@ -1338,6 +1338,8 @@
++++ policycoreutils-2.0.79/newrole/newrole.c 2010-02-26 14:14:26.000000000 -0500
+@@ -1334,6 +1334,9 @@
+
+ if (send_audit_message(1, old_context, new_context, ttyn))
+ goto err_close_pam_session;
++ freecon(old_context); old_context=NULL;
++ freecon(new_context); new_context=NULL;
++
+ #ifdef NAMESPACE_PRIV
if (transition_to_caller_uid())
goto err_close_pam_session;
- #endif
-+ freecon(old_context);
-+ freecon(new_context);
-
- /* Handle environment changes */
- if (restore_environment(preserve_environment, old_environ, &pw)) {
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.79/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.79/restorecond/Makefile 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/Makefile 2010-02-26 14:14:26.000000000 -0500
@@ -1,17 +1,28 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
@@ -233,14 +252,14 @@ diff --exclude-from=exclude --exclude=se
/sbin/restorecon $(SBINDIR)/restorecond
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.79/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/restorecond/org.selinux.Restorecond.service 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/org.selinux.Restorecond.service 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.79/restorecond/restorecond.8
--- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.79/restorecond/restorecond.8 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond.8 2010-02-26 14:14:26.000000000 -0500
@@ -3,7 +3,7 @@
restorecond \- daemon that watches for file creation and then sets the default SELinux file context
@@ -277,7 +296,7 @@ diff --exclude-from=exclude --exclude=se
.BR restorecon (8),
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.79/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.79/restorecond/restorecond.c 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond.c 2010-02-26 14:14:26.000000000 -0500
@@ -30,9 +30,11 @@
* and makes sure that there security context matches the systems defaults
*
@@ -786,7 +805,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.79/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.79/restorecond/restorecond.conf 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond.conf 2010-02-26 14:14:26.000000000 -0500
@@ -4,8 +4,5 @@
/etc/mtab
/var/run/utmp
@@ -799,7 +818,7 @@ diff --exclude-from=exclude --exclude=se
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.79/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/restorecond/restorecond.desktop 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond.desktop 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Name=File Context maintainer
@@ -810,7 +829,7 @@ diff --exclude-from=exclude --exclude=se
+StartupNotify=false
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.79/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.79/restorecond/restorecond.h 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond.h 2010-02-26 14:14:26.000000000 -0500
@@ -24,7 +24,22 @@
#ifndef RESTORED_CONFIG_H
#define RESTORED_CONFIG_H
@@ -838,7 +857,7 @@ diff --exclude-from=exclude --exclude=se
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.79/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.79/restorecond/restorecond.init 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond.init 2010-02-26 14:14:26.000000000 -0500
@@ -75,16 +75,15 @@
status restorecond
RETVAL=$?
@@ -860,13 +879,13 @@ diff --exclude-from=exclude --exclude=se
-
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.79/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/restorecond/restorecond_user.conf 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/restorecond_user.conf 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.79/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/restorecond/user.c 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/user.c 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,239 @@
+/*
+ * restorecond
@@ -1109,7 +1128,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.79/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/restorecond/watch.c 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/restorecond/watch.c 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,260 @@
+#define _GNU_SOURCE
+#include <sys/inotify.h>
@@ -1373,7 +1392,7 @@ diff --exclude-from=exclude --exclude=se
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.79/sandbox/deliverables/basicwrapper
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/deliverables/basicwrapper 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/deliverables/basicwrapper 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,4 @@
+import os, sys
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
@@ -1381,7 +1400,7 @@ diff --exclude-from=exclude --exclude=se
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.79/sandbox/deliverables/README
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/deliverables/README 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/deliverables/README 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,32 @@
+Files:
+run-in-sandbox.py:
@@ -1417,7 +1436,7 @@ diff --exclude-from=exclude --exclude=se
+Chris Pardy
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.79/sandbox/deliverables/run-in-sandbox.py
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/deliverables/run-in-sandbox.py 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/deliverables/run-in-sandbox.py 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,49 @@
+import os
+import os.path
@@ -1470,7 +1489,7 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.79/sandbox/deliverables/sandbox
--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/deliverables/sandbox 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/deliverables/sandbox 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,216 @@
+#!/usr/bin/python -E
+import os, sys, getopt, socket, random, fcntl, shutil
@@ -1690,8 +1709,8 @@ diff --exclude-from=exclude --exclude=se
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.79/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/Makefile 2010-02-22 14:05:48.000000000 -0500
-@@ -0,0 +1,38 @@
++++ policycoreutils-2.0.79/sandbox/Makefile 2010-03-04 16:40:24.000000000 -0500
+@@ -0,0 +1,41 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+INITDIR ?= ${DESTDIR}/etc/rc.d/init.d/
@@ -1723,6 +1742,9 @@ diff --exclude-from=exclude --exclude=se
+ -mkdir -p $(SYSCONFDIR)
+ install -m 644 sandbox.config $(SYSCONFDIR)/sandbox
+
++test:
++ @python test_sandbox.py -v
++
+clean:
+ -rm -f seunshare *.o *~
+
@@ -1732,13 +1754,13 @@ diff --exclude-from=exclude --exclude=se
+relabel:
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.79/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandbox 2010-02-17 14:50:21.000000000 -0500
-@@ -0,0 +1,377 @@
++++ policycoreutils-2.0.79/sandbox/sandbox 2010-03-04 16:39:22.000000000 -0500
+@@ -0,0 +1,415 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh at redhat.com>
+# Authors: Josh Cogliati
+#
-+# Copyright (C) 2009 Red Hat
++# Copyright (C) 2009,2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
@@ -1755,13 +1777,14 @@ diff --exclude-from=exclude --exclude=se
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
-+import os, sys, getopt, socket, random, fcntl, shutil, re, subprocess
++import os, sys, socket, random, fcntl, shutil, re, subprocess
+import selinux
+import signal
+from tempfile import mkdtemp
+import pwd
+
+PROGNAME = "policycoreutils"
++HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -1776,7 +1799,6 @@ diff --exclude-from=exclude --exclude=se
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
-+
+DEFAULT_TYPE = "sandbox_t"
+DEFAULT_X_TYPE = "sandbox_x_t"
+X_FILES = {}
@@ -1799,44 +1821,6 @@ diff --exclude-from=exclude --exclude=se
+ sys.stderr.flush()
+ sys.exit(1)
+
-+def reserve(level):
-+ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-+ sock.bind("\0%s" % level)
-+ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
-+
-+def gen_mcs():
-+ while True:
-+ i1 = random.randrange(0, 1024)
-+ i2 = random.randrange(0, 1024)
-+ if i1 == i2:
-+ continue
-+ if i1 > i2:
-+ tmp = i1
-+ i1 = i2
-+ i2 = tmp
-+ level = "s0:c%d,c%d" % (i1, i2)
-+ level = "s0:c%d,c%d" % (i1, i2)
-+ try:
-+ reserve(level)
-+ except socket.error:
-+ continue
-+ break
-+ return level
-+
-+def gen_context(setype, level=None):
-+ if not level:
-+ level = gen_mcs()
-+
-+ con = selinux.getcon()[1].split(":")
-+
-+ execcon = "%s:%s:%s:%s" % (con[0], con[1], setype, level)
-+
-+ filecon = "%s:%s:%s:%s" % (con[0],
-+ "object_r",
-+ "%s_file_t" % setype[:-2],
-+ level)
-+ return execcon, filecon
-+
+def copyfile(file, dir, dest):
+ import re
+ if file.startswith(dir):
@@ -1846,7 +1830,8 @@ diff --exclude-from=exclude --exclude=se
+ dest = dest + "/" + bname
+ else:
+ newdir = re.sub(dir, dest, dname)
-+ os.makedirs(newdir)
++ if not os.path.exists(newdir):
++ os.makedirs(newdir)
+ dest = newdir + "/" + bname
+
+ if os.path.isdir(file):
@@ -1855,12 +1840,6 @@ diff --exclude-from=exclude --exclude=se
+ shutil.copy2(file, dest)
+ X_FILES[file] = (dest, os.path.getmtime(dest))
+
-+def copyfiles(newhomedir, newtmpdir, files):
-+ homedir=pwd.getpwuid(os.getuid()).pw_dir
-+ for f in files:
-+ copyfile(f,homedir, newhomedir)
-+ copyfile(f,"/tmp", newtmpdir)
-+
+def savefile(new, orig, X_ind):
+ copy = False
+ if(X_ind):
@@ -1882,10 +1861,124 @@ diff --exclude-from=exclude --exclude=se
+ if(copy):
+ shutil.copy2(new,orig)
+
-+def setup_executable(execfile, command):
-+ fd = open(execfile, "w+")
-+ fd.write("""
-+#! /bin/sh
++def reserve(level):
++ sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
++ sock.bind("\0%s" % level)
++ fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
++
++def gen_mcs():
++ while True:
++ i1 = random.randrange(0, 1024)
++ i2 = random.randrange(0, 1024)
++ if i1 == i2:
++ continue
++ if i1 > i2:
++ tmp = i1
++ i1 = i2
++ i2 = tmp
++ level = "s0:c%d,c%d" % (i1, i2)
++ level = "s0:c%d,c%d" % (i1, i2)
++ try:
++ reserve(level)
++ except socket.error:
++ continue
++ break
++ return level
++
++def fullpath(cmd):
++ for i in [ "/", "./", "../" ]:
++ if cmd.startswith(i):
++ return cmd
++ for i in os.environ["PATH"].split(':'):
++ f = "%s/%s" % (i, cmd)
++ if os.access(f, os.X_OK):
++ return f
++ return cmd
++
++class Sandbox:
++ VERSION = "sandbox .1"
++ SYSLOG = "/var/log/messages"
++
++ def __init__(self):
++ self.__options = None
++ self.__cmds = None
++ self.__init_files = []
++ self.__paths = []
++ self.__mount = False
++ self.__level = None
++ self.__homedir = None
++ self.__tmpdir = None
++
++ def __validate_mount(self):
++ if self.__options.level:
++ if not self.__options.homedir or not self.__options.tmpdir:
++ self.usage(_("Homedir and tempdir required for level mounts"))
++
++ if not os.path.exists("/usr/sbin/seunshare"):
++ raise ValueError("""
++/usr/sbin/seunshare required for sandbox -M, to install you need to execute
++#yum install /usr/sbin/seunshare
++""")
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++ fd = open("/proc/self/mountinfo", "r")
++ recs = fd.readlines()
++ fd.close()
++ for i in recs:
++ x = i.split()
++ if x[3] == x[4] and homedir.startswith(x[3]+"/"):
++ return
++ raise ValueError(_("""
++'%s' is required to be a shared mount point for this tool to run.
++'%s' can be added to the HOMEDIR variable in /etc/sysconfig/sandbox
++ along with a reboot will fix the problem.
++""" % ((os.path.dirname(homedir)), os.path.dirname(homedir))))
++
++ def __mount_callback(self, option, opt, value, parser):
++ self.__mount = True
++
++ def __x_callback(self, option, opt, value, parser):
++ self.__mount = True
++ setattr(parser.values, option.dest, True)
++
++ def __validdir(self, option, opt, value, parser):
++ if not os.path.isdir(value):
++ raise IOError("Directory "+value+" not found")
++ self.__mount = True
++
++ def __include(self, option, opt, value, parser):
++ rp = os.path.realpath(os.path.expanduser(value))
++ if not os.path.exists(rp):
++ raise IOError(value+" not found")
++
++ if rp not in self.__init_files:
++ self.__init_files.append(rp)
++
++ def __includefile(self, option, opt, value, parser):
++ fd = open(value, "r")
++ for i in fd.readlines():
++ rp = os.path.realpath(os.path.expanduser(i[:-1]))
++ if rp not in self.__init_files and os.path.exists(rp):
++ self.__init_files.append(rp)
++ fd.close()
++
++ def __copyfiles(self):
++ files = self.__init_files + self.__paths
++ homedir=pwd.getpwuid(os.getuid()).pw_dir
++ for f in files:
++ copyfile(f, homedir, self.__homedir)
++ copyfile(f, "/tmp", self.__tmpdir)
++
++ def __setup_sandboxrc(self):
++ execfile =self.__homedir + "/.sandboxrc"
++ fd = open(execfile, "w+")
++ if self.__options.session:
++ fd.write("""#!/bin/sh
++#TITLE: /etc/gdm/Xsession
++/etc/gdm/Xsession
++""")
++ else:
++ command = " ".join(self.__paths)
++ fd.write("""#! /bin/sh
+#TITLE: %s
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+/usr/bin/matchbox-window-manager -use_titlebar no &
@@ -1893,212 +1986,179 @@ diff --exclude-from=exclude --exclude=se
+%s
+kill -TERM $WM_PID 2> /dev/null
+""" % (command, command))
-+ fd.close()
-+ os.chmod(execfile, 0700)
++ fd.close()
++ os.chmod(execfile, 0700)
+
-+def setup_session(execfile, command="/etc/gdm/Xsession"):
-+ fd = open(execfile, "w+")
-+ fd.write("""
-+#!/bin/sh
-+#TITLE: %s
-+%s
-+""" % (command, command))
-+ fd.close()
-+ os.chmod(execfile, 0700)
++ def usage(self, message = ""):
++ error_exit("%s\n%s" % (self.__parser.usage, message))
+
-+def validate_home():
-+ homedir=pwd.getpwuid(os.getuid()).pw_dir
-+ fd = open("/proc/self/mountinfo", "r")
-+ recs = fd.readlines()
-+ fd.close()
-+ for i in recs:
-+ x = i.split()
-+ if x[3] == x[4] and homedir.startswith(x[3]+"/"):
-+ return
-+ raise ValueError(_("""
-+'%s' is required to be a shared mount point for this tool to run.
-+'%s' can be added to the HOMEDIR variable in /etc/sysconfig/sandbox
-+ along with a reboot will fix the problem.
-+""" % ((os.path.dirname(homedir)), os.path.dirname(homedir))))
-+
-+if __name__ == '__main__':
-+ setup_sighandlers()
-+ if selinux.is_selinux_enabled() != 1:
-+ error_exit("Requires an SELinux enabled system")
-+
-+ init_files = []
-+
-+ def usage(message = ""):
-+ text = _("""
++ def __parse_options(self):
++ from optparse import OptionParser
++ usage = _("""
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
++
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] -S
+""")
-+ error_exit("%s\n%s" % (message, text))
++
++ parser = OptionParser(version=self.VERSION, usage=usage)
++ parser.disable_interspersed_args()
++ parser.add_option("-i", "--include",
++ action="callback", callback=self.__include,
++ type="string",
++ help="include file in sandbox")
++ parser.add_option("-I", "--includefile", action="callback", callback=self.__includefile,
++ type="string",
++ help="include contents of file in sandbox")
++ parser.add_option("-t", "--type", dest="setype", action="store", default=DEFAULT_TYPE,
++ help="Run sandbox with SELinux type")
++ parser.add_option("-M", "--mount",
++ action="callback", callback=self.__mount_callback,
++ help="Mount new home and tmp Dir")
++
++ parser.add_option("-S", "--session", action="store_true", dest="session",
++ default=False, help="Run complete desktop session within sandbox")
++ parser.add_option("-X", dest="X_ind",
++ action="callback", callback=self.__x_callback,
++ default=False, help="Run X sandbox")
++
++ parser.add_option("-H", "--homedir",
++ action="callback", callback=self.__validdir,
++ type="string",
++ dest="homedir",
++ help="Alternate homedir to use for mounting")
++
++ parser.add_option("-T", "--tmpdir", dest="tmpdir",
++ type="string",
++ action="callback", callback=self.__validdir,
++ help="Alternate tempdir to use for mounting")
++
++ parser.add_option("-l", "--level", dest="level",
++ help="MCS/MLS Level for the sandbox")
++
++ self.__parser=parser
++
++ self.__options, cmds = parser.parse_args()
++
++ if self.__options.X_ind:
++ if DEFAULT_TYPE == self.__options.setype:
++ self.__options.setype = DEFAULT_X_TYPE
++
++ if self.__mount:
++ self.__validate_mount()
++
++ if self.__options.session:
++ if self.__options.setype in (DEFAULT_TYPE, DEFAULT_X_TYPE):
++ self.__options.setype = selinux.getcon()[1].split(":")[2]
++ if not self.__options.homedir or not self.__options.tmpdir:
++ self.usage(_("Homedir and tempdir required for session"))
++ if len(cmds) > 0:
++ self.usage(_("Commands not allowed in a session"))
++ else:
++ if len(cmds) == 0:
++ self.usage(_("Command required"))
++ cmds[0] = fullpath(cmds[0])
++ self.__cmds = cmds
++
++ for f in cmds:
++ rp = os.path.realpath(f)
++ if os.path.exists(rp):
++ self.__paths.append(rp)
++ else:
++ self.__paths.append(f)
++
++ def __gen_context(self):
++ if self.__options.level:
++ level = self.__options.level
++ else:
++ level = gen_mcs()
++
++ con = selinux.getcon()[1].split(":")
++ self.__execcon = "%s:%s:%s:%s" % (con[0], con[1], self.__options.setype, level)
++ self.__filecon = "%s:%s:%s:%s" % (con[0], "object_r",
++ "%s_file_t" % self.__options.setype[:-2],
++ level)
++ def __setup_dir(self):
++ if self.__options.level or self.__options.session:
++ return
++ sandboxdir = HOMEDIR + "/.sandbox"
++ if not os.path.exists(sandboxdir):
++ os.mkdir(sandboxdir)
++
++ import warnings
++ warnings.simplefilter("ignore")
++ if self.__options.homedir:
++ chcon = ("/usr/bin/chcon -R %s %s" % (self.__filecon, self.__options.homedir)).split()
++ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ self.__homedir = self.__options.homedir
++ else:
++ selinux.setfscreatecon(self.__filecon)
++ self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
++
++ if self.__options.tmpdir:
++ chcon = ("/usr/bin/chcon -R %s %s" % (self.__filecon, self.__options.tmpdir)).split()
++ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ self.__tmpdir = self.__options.homedir
++ else:
++ selinux.setfscreatecon(self.__filecon)
++ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
++ warnings.resetwarnings()
++ selinux.setfscreatecon(None)
++ self.__copyfiles()
+
-+ setype = DEFAULT_TYPE
-+ X_ind = False
-+ home_and_temp = False
-+ level=None
-+ newhomedir = None
-+ newtmpdir = None
-+ existing_home = False
-+ existing_temp = False
-+ session = False
-+ try:
-+ gopts, cmds = getopt.getopt(sys.argv[1:], "l:i:hSt:XI:MH:T:",
-+ ["help",
-+ "include=",
-+ "includefile=",
-+ "type=",
-+ "mount",
-+ "homedir=",
-+ "tmpdir=",
-+ "session",
-+ "level="
-+ ])
-+ for o, a in gopts:
-+ if o == "-t" or o == "--type":
-+ setype = a
++ def __execute(self):
++ try:
++ if self.__options.X_ind:
++ xmodmapfile = self.__homedir + "/.xmodmap"
++ xd = open(xmodmapfile,"w")
++ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
++ xd.close()
+
-+ if o == "-l" or o == "--level":
-+ level = a
-+
-+ if o == "-i" or o == "--include":
-+ rp = os.path.realpath(a)
-+ if rp not in init_files:
-+ init_files.append(rp)
-+
-+ if o == "-I" or o == "--includefile":
-+ fd = open(a, "r")
-+ for i in fd.read().split("\n"):
-+ if os.path.exists(i):
-+ rp = os.path.realpath(i)
-+ if rp not in init_files:
-+ init_files.append(rp)
-+
-+ fd.close
++ self.__setup_sandboxrc()
+
-+ if o == "-X":
-+ if DEFAULT_TYPE == setype:
-+ setype = DEFAULT_X_TYPE
-+ X_ind = True
-+ home_and_temp = True
-+ if o == "-M" or o == "--mount":
-+ home_and_temp = True
-+
-+ if o == "-H" or o == "--homedir":
-+ existing_home = True
-+ newhomedir = a
-+ if o == "-T" or o == "--tmpdir":
-+ existing_temp = True
-+ newtmpdir = a
-+ if o == "-h" or o == "--help":
-+ usage(_("Usage"));
-+
-+ if o == "-S" or o == "--session":
-+ session = True
-+ homedir=pwd.getpwuid(os.getuid()).pw_dir
-+ if setype in (DEFAULT_TYPE, DEFAULT_X_TYPE):
-+ setype = selinux.getcon()[1].split(":")[2]
-+
-+ if len(cmds) == 0 and not session:
-+ usage(_("Command required"))
-+
-+ if (existing_home or existing_temp) and not home_and_temp:
-+ usage(_("-M required when specifying home directory or temp directory"))
-+ execcon, filecon = gen_context(setype, level)
-+ rc = -1
++ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (self.__tmpdir, self.__homedir, self.__execcon)).split()
++ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ return rc
+
-+ if not session and cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
-+ for i in os.environ["PATH"].split(':'):
-+ f = "%s/%s" % (i, cmds[0])
-+ if os.access(f, os.X_OK):
-+ cmds[0] = f
-+ break
++ if self.__mount:
++ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s " % (self.__tmpdir, self.__homedir, self.__execcon)).split()+self.__paths
++ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
++ return rc
+
-+ try:
-+ if home_and_temp:
-+ validate_home()
-+
-+ if not os.path.exists("/usr/sbin/seunshare"):
-+ raise ValueError("""/usr/sbin/seunshare required for sandbox -M, to install you need to execute
-+#yum install /usr/sbin/seunshare""")
-+ import warnings
-+ warnings.simplefilter("ignore")
-+ if existing_home:
-+ if not os.path.isdir(newhomedir):
-+ raise IOError("Home directory "+newhomedir+" not found")
-+ if not level and not session:
-+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newhomedir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
-+ else:
-+ newhomedir = mkdtemp(dir=".", prefix=".sandbox")
-+ if session:
-+ chcon = ("/usr/bin/chcon --reference %s %s" %( homedir, (newhomedir))).split()
-+ else:
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newhomedir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ selinux.setexeccon(self.__execcon)
++ rc = os.spawnvp(os.P_WAIT, self.__cmds[0], self.__cmds)
++ selinux.setexeccon(None)
++ return rc
+
-+ if existing_temp:
-+ if not os.path.isdir(newtmpdir):
-+ raise IOError("Temp directory "+newtmpdir+" not found")
-+ if not level and not session:
-+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
-+ else:
-+ newtmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
-+ if session:
-+ chcon = ("/usr/bin/chcon --reference /tmp %s" % (newtmpdir)).split()
-+ else:
-+ chcon = ("/usr/bin/chcon %s %s" % (filecon, newtmpdir)).split()
-+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
++ finally:
++ for i in self.__paths:
++ if i not in X_FILES:
++ continue
++ (dest, mtime) = X_FILES[i]
++ if os.path.getmtime(dest) > mtime:
++ savefile(dest, i, X_ind)
++
++ if self.__homedir and not self.__options.homedir:
++ shutil.rmtree(self.__homedir)
++ if self.__tmpdir and not self.__options.tmpdir:
++ shutil.rmtree(self.__tmpdir)
++ def main(self):
++ try:
++ self.__parse_options()
++ self.__gen_context()
++ self.__setup_dir()
++ return self.__execute()
++ except KeyboardInterrupt:
++ sys.exit(0)
+
-+ warnings.resetwarnings()
-+ paths = []
-+ for i in cmds:
-+ f = os.path.realpath(i)
-+ if os.path.exists(f):
-+ paths.append(f)
-+ else:
-+ paths.append(i)
-+
-+ copyfiles(newhomedir, newtmpdir, init_files + paths)
-+ if X_ind:
-+ xmodmapfile = newhomedir + "/.xmodmap"
-+ xd = open(xmodmapfile,"w")
-+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
-+ xd.close()
-+
-+ execfile = newhomedir + "/.sandboxrc"
-+ if session:
-+ setup_session(execfile)
-+ else:
-+ setup_executable(execfile, " ".join(paths))
+
-+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (newtmpdir, newhomedir, execcon)).split()
-+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+ else:
-+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s " % (newtmpdir, newhomedir, execcon)).split()+cmds
-+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+ for i in paths:
-+ if i not in X_FILES:
-+ continue
-+ (dest, mtime) = X_FILES[i]
-+ if os.path.getmtime(dest) > mtime:
-+ savefile(dest, i, X_ind)
-+ else:
-+ selinux.setexeccon(execcon)
-+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
-+ selinux.setexeccon(None)
-+ finally:
-+ if home_and_temp:
-+ if newhomedir and not existing_home:
-+ shutil.rmtree(newhomedir)
-+ if newtmpdir and not existing_temp:
-+ shutil.rmtree(newtmpdir)
-+
-+ except getopt.GetoptError, error:
-+ usage(_("Options Error %s ") % error.msg)
++if __name__ == '__main__':
++ setup_sighandlers()
++ if selinux.is_selinux_enabled() != 1:
++ error_exit("Requires an SELinux enabled system")
++
++ try:
++ sandbox = Sandbox()
++ rc = sandbox.main()
+ except OSError, error:
+ error_exit(error.args[1])
+ except ValueError, error:
@@ -2106,14 +2166,14 @@ diff --exclude-from=exclude --exclude=se
+ except KeyError, error:
+ error_exit(_("Invalid value %s") % error.args[0])
+ except IOError, error:
-+ error_exit(error.message)
++ error_exit(error)
+ except KeyboardInterrupt:
+ rc = 0
+
+ sys.exit(rc)
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.79/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandbox.8 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/sandbox.8 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,50 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
@@ -2167,13 +2227,13 @@ diff --exclude-from=exclude --exclude=se
+.PP
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.79/sandbox/sandbox.config
--- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandbox.config 2010-02-17 13:29:45.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/sandbox.config 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,2 @@
+# Space separate list of homedirs
+HOMEDIRS="/home"
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.79/sandbox/sandbox.init
--- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandbox.init 2010-02-17 13:29:54.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/sandbox.init 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,67 @@
+#!/bin/bash
+## BEGIN INIT INFO
@@ -2242,377 +2302,13 @@ diff --exclude-from=exclude --exclude=se
+ exit 3
+ ;;
+esac
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.esd_auth
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.esd_auth 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.esd_auth 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1 @@
-+Ê�ïhÊ~©òH||”â#xˆ
-\ No newline at end of file
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/clock/prefs/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,24 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="hour_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/hour_format"/>
-+ <entry name="temperature_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/temperature_unit"/>
-+ <entry name="expand_locations" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_locations"/>
-+ <entry name="unix_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/unix_time"/>
-+ <entry name="show_temperature" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_temperature"/>
-+ <entry name="format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/format"/>
-+ <entry name="config_tool" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/config_tool"/>
-+ <entry name="expand_birthdays" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_birthdays"/>
-+ <entry name="show_date" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_date"/>
-+ <entry name="expand_appointments" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_appointments"/>
-+ <entry name="speed_unit" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/speed_unit"/>
-+ <entry name="expand_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_weather"/>
-+ <entry name="show_seconds" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_seconds"/>
-+ <entry name="internet_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/internet_time"/>
-+ <entry name="show_week_numbers" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_week_numbers"/>
-+ <entry name="expand_tasks" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/expand_tasks"/>
-+ <entry name="show_weather" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_weather"/>
-+ <entry name="gmt_time" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/gmt_time"/>
-+ <entry name="show_tooltip" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/show_tooltip"/>
-+ <entry name="custom_format" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/custom_format"/>
-+ <entry name="cities" mtime="1264458282" schema="/schemas/apps/clock_applet/prefs/cities"/>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/window_list/prefs/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,8 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="minimum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/minimum_size"/>
-+ <entry name="move_unminimized_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/move_unminimized_windows"/>
-+ <entry name="maximum_size" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/maximum_size"/>
-+ <entry name="group_windows" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/group_windows"/>
-+ <entry name="display_all_workspaces" mtime="1264458281" schema="/schemas/apps/window_list_applet/prefs/display_all_workspaces"/>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/apps/panel/applets/workspace_switcher/prefs/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,6 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="display_workspace_names" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_workspace_names"/>
-+ <entry name="num_rows" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/num_rows"/>
-+ <entry name="display_all_workspaces" mtime="1264458282" schema="/schemas/apps/workspace_switcher_applet/prefs/display_all_workspaces"/>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/accessibility/keyboard/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,23 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="mousekeys_enable" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="stickykeys_two_key_off" mtime="1264458281" type="bool" value="true"/>
-+ <entry name="mousekeys_max_speed" mtime="1264458281" type="int" value="750"/>
-+ <entry name="timeout" mtime="1264458281" type="int" value="120"/>
-+ <entry name="timeout_enable" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="bouncekeys_beep_reject" mtime="1264458281" type="bool" value="true"/>
-+ <entry name="mousekeys_accel_time" mtime="1264458281" type="int" value="1200"/>
-+ <entry name="mousekeys_init_delay" mtime="1264458281" type="int" value="160"/>
-+ <entry name="slowkeys_beep_reject" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="slowkeys_beep_accept" mtime="1264458281" type="bool" value="true"/>
-+ <entry name="slowkeys_enable" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="stickykeys_modifier_beep" mtime="1264458281" type="bool" value="true"/>
-+ <entry name="bouncekeys_enable" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="togglekeys_enable" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="stickykeys_enable" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="slowkeys_beep_press" mtime="1264458281" type="bool" value="true"/>
-+ <entry name="bouncekeys_delay" mtime="1264458281" type="int" value="300"/>
-+ <entry name="slowkeys_delay" mtime="1264458281" type="int" value="300"/>
-+ <entry name="feature_state_change_beep" mtime="1264458281" type="bool" value="false"/>
-+ <entry name="enable" mtime="1264458281" type="bool" value="false"/>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/interface/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,6 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="gtk-im-module" mtime="1264458283" type="string">
-+ <stringvalue>gtk-im-context-simple</stringvalue>
-+ </entry>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,4 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="disable_xmm_and_xkb_warning" mtime="1264458288" type="bool" value="true"/>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.gconf/desktop/gnome/peripherals/keyboard/general/%gconf.xml 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,8 @@
-+<?xml version="1.0"?>
-+<gconf>
-+ <entry name="known_file_list" mtime="1264458281" type="list" ltype="string">
-+ <li type="string">
-+ <stringvalue>.xmodmap</stringvalue>
-+ </li>
-+ </entry>
-+</gconf>
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.xmodmap
---- nsapolicycoreutils/sandbox/.sandboxSKnKBc/.xmodmap 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/.sandboxSKnKBc/.xmodmap 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,248 @@
-+keycode 8 =
-+keycode 9 = Escape NoSymbol Escape
-+keycode 10 = 1 exclam 1 exclam
-+keycode 11 = 2 at 2 at
-+keycode 12 = 3 numbersign 3 numbersign
-+keycode 13 = 4 dollar 4 dollar
-+keycode 14 = 5 percent 5 percent
-+keycode 15 = 6 asciicircum 6 asciicircum
-+keycode 16 = 7 ampersand 7 ampersand
-+keycode 17 = 8 asterisk 8 asterisk
-+keycode 18 = 9 parenleft 9 parenleft
-+keycode 19 = 0 parenright 0 parenright
-+keycode 20 = minus underscore minus underscore
-+keycode 21 = equal plus equal plus
-+keycode 22 = BackSpace NoSymbol BackSpace
-+keycode 23 = Tab ISO_Left_Tab Tab ISO_Left_Tab
-+keycode 24 = q Q q Q
-+keycode 25 = w W w W
-+keycode 26 = e E e E
-+keycode 27 = r R r R
-+keycode 28 = t T t T
-+keycode 29 = y Y y Y
-+keycode 30 = u U u U
-+keycode 31 = i I i I
-+keycode 32 = o O o O
-+keycode 33 = p P p P
-+keycode 34 = bracketleft braceleft bracketleft braceleft
-+keycode 35 = bracketright braceright bracketright braceright
-+keycode 36 = Return NoSymbol Return
-+keycode 37 = Control_L NoSymbol Control_L
-+keycode 38 = a A a A
-+keycode 39 = s S s S
-+keycode 40 = d D d D
-+keycode 41 = f F f F
-+keycode 42 = g G g G
-+keycode 43 = h H h H
-+keycode 44 = j J j J
-+keycode 45 = k K k K
-+keycode 46 = l L l L
-+keycode 47 = semicolon colon semicolon colon
-+keycode 48 = apostrophe quotedbl apostrophe quotedbl
-+keycode 49 = grave asciitilde grave asciitilde
-+keycode 50 = Shift_L NoSymbol Shift_L
-+keycode 51 = backslash bar backslash bar
-+keycode 52 = z Z z Z
-+keycode 53 = x X x X
-+keycode 54 = c C c C
-+keycode 55 = v V v V
-+keycode 56 = b B b B
-+keycode 57 = n N n N
-+keycode 58 = m M m M
-+keycode 59 = comma less comma less
-+keycode 60 = period greater period greater
-+keycode 61 = slash question slash question
-+keycode 62 = Shift_R NoSymbol Shift_R
-+keycode 63 = KP_Multiply XF86_ClearGrab KP_Multiply XF86_ClearGrab
-+keycode 64 = Alt_L Meta_L Alt_L Meta_L
-+keycode 65 = space NoSymbol space
-+keycode 66 = Caps_Lock NoSymbol Caps_Lock
-+keycode 67 = F1 XF86_Switch_VT_1 F1 XF86_Switch_VT_1
-+keycode 68 = F2 XF86_Switch_VT_2 F2 XF86_Switch_VT_2
-+keycode 69 = F3 XF86_Switch_VT_3 F3 XF86_Switch_VT_3
-+keycode 70 = F4 XF86_Switch_VT_4 F4 XF86_Switch_VT_4
-+keycode 71 = F5 XF86_Switch_VT_5 F5 XF86_Switch_VT_5
-+keycode 72 = F6 XF86_Switch_VT_6 F6 XF86_Switch_VT_6
-+keycode 73 = F7 XF86_Switch_VT_7 F7 XF86_Switch_VT_7
-+keycode 74 = F8 XF86_Switch_VT_8 F8 XF86_Switch_VT_8
-+keycode 75 = F9 XF86_Switch_VT_9 F9 XF86_Switch_VT_9
-+keycode 76 = F10 XF86_Switch_VT_10 F10 XF86_Switch_VT_10
-+keycode 77 = Num_Lock Pointer_EnableKeys Num_Lock Pointer_EnableKeys
-+keycode 78 = Scroll_Lock NoSymbol Scroll_Lock
-+keycode 79 = KP_Home KP_7 KP_Home KP_7
-+keycode 80 = KP_Up KP_8 KP_Up KP_8
-+keycode 81 = KP_Prior KP_9 KP_Prior KP_9
-+keycode 82 = KP_Subtract XF86_Prev_VMode KP_Subtract XF86_Prev_VMode
-+keycode 83 = KP_Left KP_4 KP_Left KP_4
-+keycode 84 = KP_Begin KP_5 KP_Begin KP_5
-+keycode 85 = KP_Right KP_6 KP_Right KP_6
-+keycode 86 = KP_Add XF86_Next_VMode KP_Add XF86_Next_VMode
-+keycode 87 = KP_End KP_1 KP_End KP_1
-+keycode 88 = KP_Down KP_2 KP_Down KP_2
-+keycode 89 = KP_Next KP_3 KP_Next KP_3
-+keycode 90 = KP_Insert KP_0 KP_Insert KP_0
-+keycode 91 = KP_Delete KP_Decimal KP_Delete KP_Decimal
-+keycode 92 = ISO_Level3_Shift NoSymbol ISO_Level3_Shift
-+keycode 93 =
-+keycode 94 = less greater less greater bar brokenbar
-+keycode 95 = F11 XF86_Switch_VT_11 F11 XF86_Switch_VT_11
-+keycode 96 = F12 XF86_Switch_VT_12 F12 XF86_Switch_VT_12
-+keycode 97 =
-+keycode 98 = Katakana NoSymbol Katakana
-+keycode 99 = Hiragana NoSymbol Hiragana
-+keycode 100 = Henkan_Mode NoSymbol Henkan_Mode
-+keycode 101 = Hiragana_Katakana NoSymbol Hiragana_Katakana
-+keycode 102 = Muhenkan NoSymbol Muhenkan
-+keycode 103 =
-+keycode 104 = KP_Enter NoSymbol KP_Enter
-+keycode 105 = Control_R NoSymbol Control_R
-+keycode 106 = KP_Divide XF86_Ungrab KP_Divide XF86_Ungrab
-+keycode 107 = Print Sys_Req Print Sys_Req
-+keycode 108 = Alt_R Meta_R Alt_R Meta_R
-+keycode 109 = Linefeed NoSymbol Linefeed
-+keycode 110 = Home NoSymbol Home
-+keycode 111 = Up NoSymbol Up
-+keycode 112 = Prior NoSymbol Prior
-+keycode 113 = Left NoSymbol Left
-+keycode 114 = Right NoSymbol Right
-+keycode 115 = End NoSymbol End
-+keycode 116 = Down NoSymbol Down
-+keycode 117 = Next NoSymbol Next
-+keycode 118 = Insert NoSymbol Insert
-+keycode 119 = Delete NoSymbol Delete
-+keycode 120 =
-+keycode 121 = XF86AudioMute NoSymbol XF86AudioMute
-+keycode 122 = XF86AudioLowerVolume NoSymbol XF86AudioLowerVolume
-+keycode 123 = XF86AudioRaiseVolume NoSymbol XF86AudioRaiseVolume
-+keycode 124 = XF86PowerOff NoSymbol XF86PowerOff
-+keycode 125 = KP_Equal NoSymbol KP_Equal
-+keycode 126 = plusminus NoSymbol plusminus
-+keycode 127 = Pause Break Pause Break
-+keycode 128 =
-+keycode 129 = KP_Decimal NoSymbol KP_Decimal
-+keycode 130 = Hangul NoSymbol Hangul
-+keycode 131 = Hangul_Hanja NoSymbol Hangul_Hanja
-+keycode 132 =
-+keycode 133 = Super_L NoSymbol Super_L
-+keycode 134 = Super_R NoSymbol Super_R
-+keycode 135 = Menu NoSymbol Menu
-+keycode 136 = Cancel NoSymbol Cancel
-+keycode 137 = Redo NoSymbol Redo
-+keycode 138 = SunProps NoSymbol SunProps
-+keycode 139 = Undo NoSymbol Undo
-+keycode 140 = SunFront NoSymbol SunFront
-+keycode 141 = XF86Copy NoSymbol XF86Copy
-+keycode 142 = SunOpen NoSymbol SunOpen
-+keycode 143 = XF86Paste NoSymbol XF86Paste
-+keycode 144 = Find NoSymbol Find
-+keycode 145 = XF86Cut NoSymbol XF86Cut
-+keycode 146 = Help NoSymbol Help
-+keycode 147 = XF86MenuKB NoSymbol XF86MenuKB
-+keycode 148 = XF86Calculator NoSymbol XF86Calculator
-+keycode 149 =
-+keycode 150 = XF86Sleep NoSymbol XF86Sleep
-+keycode 151 = XF86WakeUp NoSymbol XF86WakeUp
-+keycode 152 = XF86Explorer NoSymbol XF86Explorer
-+keycode 153 = XF86Send NoSymbol XF86Send
-+keycode 154 =
-+keycode 155 = XF86Xfer NoSymbol XF86Xfer
-+keycode 156 = XF86Launch1 NoSymbol XF86Launch1
-+keycode 157 = XF86Launch2 NoSymbol XF86Launch2
-+keycode 158 = XF86WWW NoSymbol XF86WWW
-+keycode 159 = XF86DOS NoSymbol XF86DOS
-+keycode 160 = XF86ScreenSaver NoSymbol XF86ScreenSaver
-+keycode 161 =
-+keycode 162 = XF86RotateWindows NoSymbol XF86RotateWindows
-+keycode 163 = XF86Mail NoSymbol XF86Mail
-+keycode 164 = XF86Favorites NoSymbol XF86Favorites
-+keycode 165 = XF86MyComputer NoSymbol XF86MyComputer
-+keycode 166 = XF86Back NoSymbol XF86Back
-+keycode 167 = XF86Forward NoSymbol XF86Forward
-+keycode 168 =
-+keycode 169 = XF86Eject NoSymbol XF86Eject
-+keycode 170 = XF86Eject XF86Eject XF86Eject XF86Eject
-+keycode 171 = XF86AudioNext NoSymbol XF86AudioNext
-+keycode 172 = XF86AudioPlay XF86AudioPause XF86AudioPlay XF86AudioPause
-+keycode 173 = XF86AudioPrev NoSymbol XF86AudioPrev
-+keycode 174 = XF86AudioStop XF86Eject XF86AudioStop XF86Eject
-+keycode 175 = XF86AudioRecord NoSymbol XF86AudioRecord
-+keycode 176 = XF86AudioRewind NoSymbol XF86AudioRewind
-+keycode 177 = XF86Phone NoSymbol XF86Phone
-+keycode 178 =
-+keycode 179 = XF86Tools NoSymbol XF86Tools
-+keycode 180 = XF86HomePage NoSymbol XF86HomePage
-+keycode 181 = XF86Reload NoSymbol XF86Reload
-+keycode 182 = XF86Close NoSymbol XF86Close
-+keycode 183 =
-+keycode 184 =
-+keycode 185 = XF86ScrollUp NoSymbol XF86ScrollUp
-+keycode 186 = XF86ScrollDown NoSymbol XF86ScrollDown
-+keycode 187 = parenleft NoSymbol parenleft
-+keycode 188 = parenright NoSymbol parenright
-+keycode 189 = XF86New NoSymbol XF86New
-+keycode 190 = Redo NoSymbol Redo
-+keycode 191 =
-+keycode 192 =
-+keycode 193 =
-+keycode 194 =
-+keycode 195 =
-+keycode 196 =
-+keycode 197 =
-+keycode 198 =
-+keycode 199 =
-+keycode 200 = XF86TouchpadToggle NoSymbol XF86TouchpadToggle
-+keycode 201 =
-+keycode 202 =
-+keycode 203 = Mode_switch NoSymbol Mode_switch
-+keycode 204 = NoSymbol Alt_L NoSymbol Alt_L
-+keycode 205 = NoSymbol Meta_L NoSymbol Meta_L
-+keycode 206 = NoSymbol Super_L NoSymbol Super_L
-+keycode 207 = NoSymbol Hyper_L NoSymbol Hyper_L
-+keycode 208 = XF86AudioPlay NoSymbol XF86AudioPlay
-+keycode 209 = XF86AudioPause NoSymbol XF86AudioPause
-+keycode 210 = XF86Launch3 NoSymbol XF86Launch3
-+keycode 211 = XF86Launch4 NoSymbol XF86Launch4
-+keycode 212 =
-+keycode 213 = XF86Suspend NoSymbol XF86Suspend
-+keycode 214 = XF86Close NoSymbol XF86Close
-+keycode 215 = XF86AudioPlay NoSymbol XF86AudioPlay
-+keycode 216 = XF86AudioForward NoSymbol XF86AudioForward
-+keycode 217 =
-+keycode 218 = Print NoSymbol Print
-+keycode 219 =
-+keycode 220 = XF86WebCam NoSymbol XF86WebCam
-+keycode 221 =
-+keycode 222 =
-+keycode 223 = XF86Mail NoSymbol XF86Mail
-+keycode 224 =
-+keycode 225 = XF86Search NoSymbol XF86Search
-+keycode 226 =
-+keycode 227 = XF86Finance NoSymbol XF86Finance
-+keycode 228 =
-+keycode 229 = XF86Shop NoSymbol XF86Shop
-+keycode 230 =
-+keycode 231 = Cancel NoSymbol Cancel
-+keycode 232 = XF86MonBrightnessDown NoSymbol XF86MonBrightnessDown
-+keycode 233 = XF86MonBrightnessUp NoSymbol XF86MonBrightnessUp
-+keycode 234 = XF86AudioMedia NoSymbol XF86AudioMedia
-+keycode 235 = XF86Display NoSymbol XF86Display
-+keycode 236 = XF86KbdLightOnOff NoSymbol XF86KbdLightOnOff
-+keycode 237 = XF86KbdBrightnessDown NoSymbol XF86KbdBrightnessDown
-+keycode 238 = XF86KbdBrightnessUp NoSymbol XF86KbdBrightnessUp
-+keycode 239 = XF86Send NoSymbol XF86Send
-+keycode 240 = XF86Reply NoSymbol XF86Reply
-+keycode 241 = XF86MailForward NoSymbol XF86MailForward
-+keycode 242 = XF86Save NoSymbol XF86Save
-+keycode 243 = XF86Documents NoSymbol XF86Documents
-+keycode 244 = XF86Battery NoSymbol XF86Battery
-+keycode 245 = XF86Bluetooth NoSymbol XF86Bluetooth
-+keycode 246 = XF86WLAN NoSymbol XF86WLAN
-+keycode 247 =
-+keycode 248 =
-+keycode 249 =
-+keycode 250 =
-+keycode 251 =
-+keycode 252 =
-+keycode 253 =
-+keycode 254 =
-+keycode 255 =
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.79/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/sandboxX.sh 2010-02-16 13:46:01.000000000 -0500
-@@ -0,0 +1,14 @@
++++ policycoreutils-2.0.79/sandbox/sandboxX.sh 2010-03-04 16:44:32.000000000 -0500
+@@ -0,0 +1,15 @@
+#!/bin/bash
-+export TITLE="Sandbox: `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` Running as `secon -t -l -P`"
++context=`id -Z | secon -t -l -P`
++export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
+export SCREENSIZE="1000x700"
+#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+trap "exit 0" HUP
@@ -2627,7 +2323,7 @@ diff --exclude-from=exclude --exclude=se
+exit 0
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.79/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/sandbox/seunshare.c 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/seunshare.c 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,265 @@
+#include <signal.h>
+#include <sys/types.h>
@@ -2894,21 +2590,141 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
+diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.79/sandbox/test_sandbox.py
+--- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.79/sandbox/test_sandbox.py 2010-03-04 16:22:56.000000000 -0500
+@@ -0,0 +1,98 @@
++import unittest, os, shutil
++from tempfile import mkdtemp
++from subprocess import Popen, PIPE
++
++class SandboxTests(unittest.TestCase):
++ def assertDenied(self, err):
++ self.assert_('Permission denied' in err,
++ '"Permission denied" not found in %r' % err)
++ def assertNotFound(self, err):
++ self.assert_('not found' in err,
++ '"not found" not found in %r' % err)
++
++ def assertFailure(self, status):
++ self.assert_(status != 0,
++ '"Succeeded when it should have failed')
++
++ def assertSuccess(self, status, err):
++ self.assert_(status == 0,
++ '"Sandbox should have succeeded for this test %r' % err)
++
++ def test_simple_success(self):
++ "Verify that we can read file descriptors handed to sandbox"
++ p1 = Popen(['cat', '/etc/passwd'], stdout = PIPE)
++ p2 = Popen(['sandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE)
++ out, err = p2.communicate()
++ self.assert_('root' in out)
++
++ def test_cant_kill(self):
++ "Verify that we cannot send kill signal in the sandbox"
++ pid = os.getpid()
++ p = Popen(['sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertDenied(err)
++
++ def test_cant_ping(self):
++ "Verify that we can't ping within the sandbox"
++ p = Popen(['sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertDenied(err)
++
++ def test_cant_mkdir(self):
++ "Verify that we can't mkdir within the sandbox"
++ p = Popen(['sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertFailure(p.returncode)
++
++ def test_cant_list_homedir(self):
++ "Verify that we can't list homedir within the sandbox"
++ p = Popen(['sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertFailure(p.returncode)
++
++ def test_cant_send_mail(self):
++ "Verify that we can't send mail within the sandbox"
++ p = Popen(['sandbox', 'mail'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertDenied(err)
++
++ def test_cant_sudo(self):
++ "Verify that we can't run sudo within the sandbox"
++ p = Popen(['sandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertFailure(p.returncode)
++
++ def test_mount(self):
++ "Verify that we mount a file system"
++ p = Popen(['sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertSuccess(p.returncode, err)
++
++ def test_set_level(self):
++ "Verify that we set level a file system"
++ p = Popen(['sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ self.assertSuccess(p.returncode, err)
++
++ def test_homedir(self):
++ "Verify that we set homedir a file system"
++ homedir = mkdtemp(dir=".", prefix=".sandbox_test")
++ p = Popen(['sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ shutil.rmtree(homedir)
++ self.assertSuccess(p.returncode, err)
++
++ def test_tmpdir(self):
++ "Verify that we set tmpdir a file system"
++ tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_test")
++ p = Popen(['sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ out, err = p.communicate()
++ shutil.rmtree(tmpdir)
++ self.assertSuccess(p.returncode, err)
++
++if __name__ == "__main__":
++ import selinux
++ if selinux.security_getenforce() == 1:
++ unittest.main()
++ else:
++ print "SELinux must be in enforcing mode for this test"
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.79/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.79/scripts/fixfiles 2010-02-16 13:46:01.000000000 -0500
-@@ -35,8 +35,8 @@
++++ policycoreutils-2.0.79/scripts/fixfiles 2010-02-26 16:12:15.000000000 -0500
+@@ -21,6 +21,17 @@
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+ #
++# Get all mounted rw file systems that support seclabel
++#
++get_labeled_mounts() {
++# /dev is not listed in the mountab
++FS="`mount | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/\(rw/{print $3}';` /dev"
++for i in $FS; do
++ grep --silent "$i ".*seclabel /proc/self/mounts && echo $i
++done
++}
++
++#
+ # Set global Variables
+ #
+ fullFlag=0
+@@ -35,9 +46,7 @@
LOGGER=/usr/sbin/logger
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
-FILESYSTEMSRW=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(rw/{print $3}';`
-FILESYSTEMSRO=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[234]| ext4dev | gfs2 | xfs | jfs | btrfs ).*\(ro/{print $3}';`
-+FILESYSTEMSRW=`grep rw,seclabel /proc/self/mounts | awk '{ print $2 }'`
-+FILESYSTEMSRO=`grep -v 'rw\|seclabel' /proc/self/mounts | awk '{ print $2 }'`
- FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
+-FILESYSTEMS="$FILESYSTEMSRW $FILESYSTEMSRO"
++FILESYSTEMS=`get_labeled_mounts`
SELINUXTYPE="targeted"
if [ -e /etc/selinux/config ]; then
-@@ -87,11 +87,7 @@
+ . /etc/selinux/config
+@@ -87,23 +96,10 @@
esac; \
fi; \
done | \
@@ -2921,7 +2737,19 @@ diff --exclude-from=exclude --exclude=se
rm -f ${TEMPFILE} ${PREFCTEMPFILE}
fi
}
-@@ -126,13 +122,7 @@
+-#
+-# Log all Read Only file systems
+-#
+-LogReadOnly() {
+-if [ ! -z "$FILESYSTEMSRO" ]; then
+- logit "Warning: Skipping the following R/O filesystems:"
+- logit "$FILESYSTEMSRO"
+-fi
+-}
+
+ rpmlist() {
+ rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' '
+@@ -126,18 +122,11 @@
exit $?
fi
if [ ! -z "$FILEPATH" ]; then
@@ -2936,41 +2764,25 @@ diff --exclude-from=exclude --exclude=se
return
fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
-@@ -146,7 +136,7 @@
+-LogReadOnly
+-${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
++${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 >> $LOGFILE
+ rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+ find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
+ find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \;
+@@ -146,8 +135,7 @@
fullrelabel() {
logit "Cleaning out /tmp"
- find /tmp/ -mindepth 1 -print0 | xargs -0 /bin/rm -f
+- LogReadOnly
+ find /tmp/ -mindepth 1 -delete
- LogReadOnly
restore
}
-Binary files nsapolicycoreutils/semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/default_encoding_utf8.so and policycoreutils-2.0.79/semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/default_encoding_utf8.so differ
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/__init__.py policycoreutils-2.0.79/semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/__init__.py
---- nsapolicycoreutils/semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/default_encoding/build/lib.linux-x86_64-2.6/policycoreutils/__init__.py 2010-02-16 13:53:02.000000000 -0500
-@@ -0,0 +1,17 @@
-+#
-+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
-+#
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+#
-Binary files nsapolicycoreutils/semanage/default_encoding/build/temp.linux-x86_64-2.6/default_encoding.o and policycoreutils-2.0.79/semanage/default_encoding/build/temp.linux-x86_64-2.6/default_encoding.o differ
+
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.79/semanage/default_encoding/default_encoding.c
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/default_encoding/default_encoding.c 2010-02-16 13:49:52.000000000 -0500
++++ policycoreutils-2.0.79/semanage/default_encoding/default_encoding.c 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,59 @@
+/*
+ * Authors:
@@ -3033,7 +2845,7 @@ diff --exclude-from=exclude --exclude=se
+}
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.79/semanage/default_encoding/Makefile
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/default_encoding/Makefile 2010-02-16 14:34:01.000000000 -0500
++++ policycoreutils-2.0.79/semanage/default_encoding/Makefile 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,8 @@
+all:
+ LDFLAGS="" python setup.py build
@@ -3045,7 +2857,7 @@ diff --exclude-from=exclude --exclude=se
+ rm -rf build *~
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.79/semanage/default_encoding/policycoreutils/__init__.py
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/default_encoding/policycoreutils/__init__.py 2010-02-16 13:53:02.000000000 -0500
++++ policycoreutils-2.0.79/semanage/default_encoding/policycoreutils/__init__.py 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2006,2007,2008, 2009 Red Hat, Inc.
@@ -3066,7 +2878,7 @@ diff --exclude-from=exclude --exclude=se
+#
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.79/semanage/default_encoding/setup.py
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/default_encoding/setup.py 2010-02-16 13:50:22.000000000 -0500
++++ policycoreutils-2.0.79/semanage/default_encoding/setup.py 2010-02-26 14:14:26.000000000 -0500
@@ -0,0 +1,38 @@
+# Authors:
+# John Dennis <jdennis at redhat.com>
@@ -3108,7 +2920,7 @@ diff --exclude-from=exclude --exclude=se
+)
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.79/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/semanage 2010-02-16 14:05:43.000000000 -0500
++++ policycoreutils-2.0.79/semanage/semanage 2010-02-26 14:14:26.000000000 -0500
@@ -20,6 +20,7 @@
# 02111-1307 USA
#
@@ -3456,22 +3268,83 @@ diff --exclude-from=exclude --exclude=se
+ errorExit(error.args[1])
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.79/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/semanage.8 2010-02-22 12:53:17.000000000 -0500
-@@ -19,6 +19,8 @@
- .br
- .B semanage fcontext \-{a|d|m} [\-frst] file_spec
++++ policycoreutils-2.0.79/semanage/semanage.8 2010-02-26 14:14:26.000000000 -0500
+@@ -1,27 +1,58 @@
+-.TH "semanage" "8" "2005111103" "" ""
++.TH "semanage" "8" "20100223" "" ""
+ .SH "NAME"
+ semanage \- SELinux Policy Management tool
+
+ .SH "SYNOPSIS"
+-.B semanage {boolean|login|user|port|interface|node|fcontext} \-{l|D} [\-n] [\-S store]
++Output local customizations
.br
-+.B semanage fcontext \-{a|d|m} \-e replacement target
+-.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
++.B semanage [ -S store ] -o [ output_file | - ]
++
++Input local customizations
++.br
++.B semanage [ -S store ] -i [ input_file | - ]
++
++Manage booleans. Booleans allow the administrator to modify the confinement of
++processes based on his configuration.
++.br
++.B semanage boolean [\-S store] \-{d|m|l|n|D} \-[\-on|\-off|\1|0] -F boolean | boolean_file
++
++Manage SELinux confined users (Roles and levels for an SELinux user)
++.br
++.B semanage user [\-S store] \-{a|d|m|l|n|D} [\-LrRP] selinux_name
++
++Manage login mappings between linux users and SELinux confined users.
+.br
- .B semanage permissive \-{a|d} type
++.B semanage login [\-S store] \-{a|d|m|l|n|D} [\-sr] login_name | %groupname
++
++Manage network port type definitions
++.br
++.B semanage port [\-S store] \-{a|d|m|l|n|D} [\-tr] [\-p proto] port | port_range
++.br
++
++Manage network interface type definitions
++.br
++.B semanage interface [\-S store] \-{a|d|m|l|n|D} [\-tr] interface_spec
++
++Manage network node type definitions
.br
- .B semanage dontaudit [ on | off ]
-@@ -52,6 +54,12 @@
+-.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
++.B semanage node [\-S store] -{a|d|m|l|n|D} [-tr] [ -p protocol ] [-M netmask] address
+ .br
+-.B semanage user \-{a|d|m} [\-LrRP] selinux_name
++
++Manage file context mapping definitions
+ .br
+-.B semanage port \-{a|d|m} [\-tr] [\-p proto] port | port_range
++.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} [\-frst] file_spec
+ .br
+-.B semanage interface \-{a|d|m} [\-tr] interface_spec
++.B semanage fcontext [\-S store] \-{a|d|m|l|n|D} \-e replacement target
+ .br
+-.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
++
++Manage processes type enforcement mode
+ .br
+-.B semanage fcontext \-{a|d|m} [\-frst] file_spec
++.B semanage permissive [\-S store] \-{a|d|l|n|D} type
+ .br
+-.B semanage permissive \-{a|d} type
++
++Disable/Enable dontaudit rules in policy
+ .br
+-.B semanage dontaudit [ on | off ]
++.B semanage dontaudit [\-S store] \-{l|n|D} [ on | off ]
+ .P
+
+ .SH "DESCRIPTION"
+@@ -52,6 +83,12 @@
.I \-D, \-\-deleteall
Remove all OBJECTS local customizations
.TP
+.I \-e, \-\-equal
-+Substiture target path with sourcepath when generating default label. This is used with
++Substitute target path with sourcepath when generating default label. This is used with
+fcontext. Requires source and target path arguments. The context
+labeling for the target subtree is made equivalent to that
+defined for the source.
@@ -3479,18 +3352,86 @@ diff --exclude-from=exclude --exclude=se
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
-@@ -110,6 +118,8 @@
- $ semanage login -a -s user_u %clerks
- # Add file-context for everything under /web (used by restorecon)
- $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
-+# Substitute /home1 with /home when setting file context (used by restorecon)
-+$ semanage fcontext -a -e /home /home1
- # Allow Apache to listen on port 81
- $ semanage port -a -t http_port_t -p tcp 81
- # Change apache to a permissive domain
+@@ -102,23 +139,60 @@
+
+ .SH EXAMPLE
+ .nf
+-# View SELinux user mappings
+-$ semanage user -l
+-# Allow joe to login as staff_u
+-$ semanage login -a -s staff_u joe
+-# Allow the group clerks to login as user_u
+-$ semanage login -a -s user_u %clerks
+-# Add file-context for everything under /web (used by restorecon)
+-$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
+-# Allow Apache to listen on port 81
+-$ semanage port -a -t http_port_t -p tcp 81
+-# Change apache to a permissive domain
+-$ semanage permissive -a httpd_t
+-# Turn off dontaudit rules
+-$ semanage dontaudit off
++.B SELinux user
++List SELinux users
++# semanage user -l
++
++.B SELinux login
++Change joe to login as staff_u
++# semanage login -a -s staff_u joe
++Change the group clerks to login as user_u
++# semanage login -a -s user_u %clerks
++
++.B File contexts
++.i remember to run restorecon after you set the file context
++Add file-context for everything under /web
++# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
++# restorecon -R -v /web
++
++Substitute /home1 with /home when setting file context
++# semanage fcontext -a -e /home /home1
++# restorecon -R -v /home1
++
++For home directories under top level directory, for example /disk6/home,
++execute the following commands.
++# semanage fcontext -a -t home_root_t "/disk6"
++# semanage fcontext -a -e /home /disk6/home
++# restorecon -R -v /disk6
++
++.B Port contexts
++Allow Apache to listen on tcp port 81
++# semanage port -a -t http_port_t -p tcp 81
++
++.B Change apache to a permissive domain
++# semanage permissive -a httpd_t
++
++.B Turn off dontaudit rules
++# semanage dontaudit off
++
++.B Managing multiple machines
++Multiple machines that need the same customizations.
++Extract customizations off first machine, copy them
++to second and import them.
++
++# semanage -o /tmp/local.selinux
++# scp /tmp/local.selinux secondmachine:/tmp
++# ssh secondmachine
++# semanage -i /tmp/local.selinux
++
++If these customizations include file context, you need to apply the
++context using restorecon.
++
+ .fi
+
+ .SH "AUTHOR"
+-This man page was written by Daniel Walsh <dwalsh at redhat.com> and
+-Russell Coker <rcoker at redhat.com>.
++This man page was written by Daniel Walsh <dwalsh at redhat.com>
++.br
++and Russell Coker <rcoker at redhat.com>.
++.br
+ Examples by Thomas Bleher <ThomasBleher at gmx.de>.
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.79/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500
-+++ policycoreutils-2.0.79/semanage/seobject.py 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/semanage/seobject.py 2010-02-26 14:14:26.000000000 -0500
@@ -29,47 +29,12 @@
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -4125,7 +4066,7 @@ diff --exclude-from=exclude --exclude=se
+ print _("\nSELinux fcontext Equivalence \n")
+
+ for src in self.equiv.keys():
-+ print "%s == %s" % (src, self.equiv[src])
++ print "%s = %s" % (src, self.equiv[src])
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
@@ -4146,145 +4087,9 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"), _("on"))
if use_file:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.8 policycoreutils-2.0.79/semodule/semodule.8
---- nsapolicycoreutils/semodule/semodule.8 2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.79/semodule/semodule.8 2010-02-16 13:46:01.000000000 -0500
-@@ -35,6 +35,12 @@
- .B \-b,\-\-base=MODULE_PKG
- install/replace base module package
- .TP
-+.B \-d,\-\-disable=MODULE_NAME
-+disable existing module
-+.TP
-+.B \-e,\-\-enable=MODULE_NAME
-+enable existing module
-+.TP
- .B \-r,\-\-remove=MODULE_NAME
- remove existing module
- .TP
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.79/semodule/semodule.c
---- nsapolicycoreutils/semodule/semodule.c 2009-09-17 08:59:43.000000000 -0400
-+++ policycoreutils-2.0.79/semodule/semodule.c 2010-02-16 13:46:01.000000000 -0500
-@@ -22,12 +22,12 @@
-
- #include <semanage/modules.h>
-
--enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, REMOVE_M,
-+enum client_modes { NO_MODE, INSTALL_M, UPGRADE_M, BASE_M, ENABLE_M, DISABLE_M, REMOVE_M,
- LIST_M, RELOAD
- };
- /* list of modes in which one ought to commit afterwards */
- static const int do_commit[] = {
-- 0, 1, 1, 1, 1,
-+ 0, 1, 1, 1, 1, 1, 1,
- 0, 0
- };
-
-@@ -104,9 +104,11 @@
- printf(" -R, --reload reload policy\n");
- printf(" -B, --build build and reload policy\n");
- printf(" -i,--install=MODULE_PKG install a new module\n");
-- printf(" -u,--upgrade=MODULE_PKG upgrades or install module to a newer version\n");
-+ printf(" -u,--upgrade=MODULE_PKG upgrade existing module\n");
- printf(" -b,--base=MODULE_PKG install new base module\n");
-- printf(" -r,--remove=MODULE_NAME remove existing module\n");
-+ printf(" -e,--enable=MODULE_PKG enable existing module\n");
-+ printf(" -d,--disable=MODULE_PKG disable existing module\n");
-+ printf(" -r,--remove=MODULE_NAME remove existing module\n");
- printf
- (" -l,--list-modules display list of installed modules\n");
- printf("Other options:\n");
-@@ -152,6 +154,8 @@
- {"install", required_argument, NULL, 'i'},
- {"list-modules", 0, NULL, 'l'},
- {"verbose", 0, NULL, 'v'},
-+ {"enable", required_argument, NULL, 'e'},
-+ {"disable", required_argument, NULL, 'd'},
- {"remove", required_argument, NULL, 'r'},
- {"upgrade", required_argument, NULL, 'u'},
- {"reload", 0, NULL, 'R'},
-@@ -166,7 +170,7 @@
- no_reload = 0;
- create_store = 0;
- while ((i =
-- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
-+ getopt_long(argc, argv, "s:b:hi:lvqe:d:r:u:RnBD", opts,
- NULL)) != -1) {
- switch (i) {
- case 'b':
-@@ -185,6 +189,12 @@
- case 'v':
- verbose = 1;
- break;
-+ case 'e':
-+ set_mode(ENABLE_M, optarg);
-+ break;
-+ case 'd':
-+ set_mode(DISABLE_M, optarg);
-+ break;
- case 'r':
- set_mode(REMOVE_M, optarg);
- break;
-@@ -238,6 +248,10 @@
- mode = UPGRADE_M;
- } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
- mode = REMOVE_M;
-+ } else if (commands && commands[num_commands - 1].mode == ENABLE_M) {
-+ mode = ENABLE_M;
-+ } else if (commands && commands[num_commands - 1].mode == DISABLE_M) {
-+ mode = DISABLE_M;
- } else {
- fprintf(stderr, "unknown additional arguments:\n");
- while (optind < argc)
-@@ -352,6 +366,30 @@
- semanage_module_install_base_file(sh, mode_arg);
- break;
- }
-+ case ENABLE_M:{
-+ if (verbose) {
-+ printf
-+ ("Attempting to enable module '%s':\n",
-+ mode_arg);
-+ }
-+ result = semanage_module_enable(sh, mode_arg);
-+ if ( result == -2 ) {
-+ continue;
-+ }
-+ break;
-+ }
-+ case DISABLE_M:{
-+ if (verbose) {
-+ printf
-+ ("Attempting to disable module '%s':\n",
-+ mode_arg);
-+ }
-+ result = semanage_module_disable(sh, mode_arg);
-+ if ( result == -2 ) {
-+ continue;
-+ }
-+ break;
-+ }
- case REMOVE_M:{
- if (verbose) {
- printf
-@@ -382,11 +420,12 @@
- semanage_module_info_t *m =
- semanage_module_list_nth
- (modinfo, j);
-- printf("%s\t%s\n",
-+ printf("%s\t%s\t%s\n",
- semanage_module_get_name
- (m),
- semanage_module_get_version
-- (m));
-+ (m),
-+ (semanage_module_get_enabled(m) ? "" : "Disabled"));
- semanage_module_info_datum_destroy
- (m);
- }
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.79/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.79/setfiles/restore.c 2010-02-16 16:32:12.000000000 -0500
++++ policycoreutils-2.0.79/setfiles/restore.c 2010-02-26 16:15:51.000000000 -0500
@@ -1,4 +1,5 @@
#include "restore.h"
+#include <glob.h>
@@ -4441,7 +4246,7 @@ diff --exclude-from=exclude --exclude=se
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.79/setfiles/restorecon.8
--- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.79/setfiles/restorecon.8 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/setfiles/restorecon.8 2010-02-26 14:14:26.000000000 -0500
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
@@ -4467,7 +4272,7 @@ diff --exclude-from=exclude --exclude=se
show changes in file labels.
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.79/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.79/setfiles/restore.h 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/setfiles/restore.h 2010-02-26 14:14:26.000000000 -0500
@@ -27,6 +27,7 @@
int hard_links;
int verbose;
@@ -4489,7 +4294,7 @@ diff --exclude-from=exclude --exclude=se
#endif
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.79/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.79/setfiles/setfiles.8 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/setfiles/setfiles.8 2010-02-26 14:14:26.000000000 -0500
@@ -31,6 +31,9 @@
.TP
.B \-n
@@ -4502,7 +4307,7 @@ diff --exclude-from=exclude --exclude=se
suppress non-error output.
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.79/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.79/setfiles/setfiles.c 2010-02-16 13:46:01.000000000 -0500
++++ policycoreutils-2.0.79/setfiles/setfiles.c 2010-02-26 14:14:26.000000000 -0500
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>
policycoreutils-sepolgen.patch:
access.py | 18 ++++++++++----
audit.py | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-----
policygen.py | 31 +++++++++++++++++++++++-
refpolicy.py | 11 ++++++--
4 files changed, 120 insertions(+), 15 deletions(-)
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils-sepolgen.patch,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -p -r1.31 -r1.32
--- policycoreutils-sepolgen.patch 8 Jan 2010 14:38:33 -0000 1.31
+++ policycoreutils-sepolgen.patch 11 Mar 2010 16:19:58 -0000 1.32
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/access.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/access.py
--- nsasepolgen/src/sepolgen/access.py 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/access.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/access.py 2010-03-01 16:43:01.000000000 -0500
@@ -32,6 +32,7 @@
"""
@@ -9,16 +9,18 @@ diff --exclude-from=exclude -N -u -r nsa
def is_idparam(id):
"""Determine if an id is a paramater in the form $N, where N is
-@@ -85,6 +86,8 @@
+@@ -85,6 +86,10 @@
self.obj_class = None
self.perms = refpolicy.IdSet()
self.audit_msgs = []
+ self.type = audit2why.TERULE
+ self.bools = []
++
++ self.dontaudit = False
# The direction of the information flow represented by this
# access vector - used for matching
-@@ -127,7 +130,7 @@
+@@ -127,7 +132,7 @@
return self.to_string()
def to_string(self):
@@ -27,12 +29,12 @@ diff --exclude-from=exclude -N -u -r nsa
self.obj_class, self.perms.to_space_str())
def __cmp__(self, other):
-@@ -253,20 +256,22 @@
+@@ -253,20 +258,23 @@
for av in l:
self.add_av(AccessVector(av))
- def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None):
-+ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[]):
++ def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, bools=[], dontaudit=False):
"""Add an access vector to the set.
"""
tgt = self.src.setdefault(src_type, { })
@@ -50,13 +52,14 @@ diff --exclude-from=exclude -N -u -r nsa
- cls[obj_class] = access
+ access.bools = bools
+ access.type = avc_type
++ access.dontaudit = dontaudit
+ cls[obj_class, avc_type] = access
access.perms.update(perms)
if audit_msg:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/audit.py
--- nsasepolgen/src/sepolgen/audit.py 2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py 2010-01-06 09:52:35.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/audit.py 2010-03-01 15:25:21.000000000 -0500
@@ -23,6 +23,27 @@
# Convenience functions
@@ -165,15 +168,15 @@ diff --exclude-from=exclude -N -u -r nsa
self.compute_sid_msgs = []
self.invalid_msgs = []
self.policy_load_msgs = []
-@@ -314,7 +378,7 @@
- elif i == "security_compute_sid:":
- msg = ComputeSidMessage(line)
- found = True
-- elif i == "type=MAC_POLICY_LOAD" or i == "type=1403":
-+ elif i == "type=MAC_POLICY_LOAD":
- msg = PolicyLoadMessage(line)
- found = True
- elif i == "type=AVC_PATH":
+@@ -424,7 +488,7 @@
+
+ return role_types
+
+- def to_access(self, avc_filter=None, only_denials=True):
++ def to_access(self, avc_filter=None, only_denials=True, dontaudit=False):
+ """Convert the audit logs access into a an access vector set.
+
+ Convert the audit logs into an access vector set, optionally
@@ -442,16 +506,17 @@
audit logs parsed by this object.
"""
@@ -186,11 +189,11 @@ diff --exclude-from=exclude -N -u -r nsa
if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
- avc.accesses, avc)
-+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
++ avc.accesses, avc, avc_type=avc.type, bools=avc.bools, dontaudit=dontaudit)
else:
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
- avc.accesses, avc)
-+ avc.accesses, avc, avc_type=avc.type, bools=avc.bools)
++ avc.accesses, avc, avc_type=avc.type, bools=avc.bools, dontaudit=dontaudit)
return av_set
class AVCTypeFilter:
@@ -200,9 +203,9 @@ diff --exclude-from=exclude -N -u -r nsa
return False
-
-
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/policygen.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/policygen.py
--- nsasepolgen/src/sepolgen/policygen.py 2008-09-12 11:48:15.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/policygen.py 2010-01-08 09:33:54.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/policygen.py 2010-03-01 14:49:37.000000000 -0500
@@ -29,6 +29,8 @@
import access
import interfaces
@@ -221,15 +224,10 @@ diff --exclude-from=exclude -N -u -r nsa
def set_gen_refpol(self, if_set=None, perm_maps=None):
"""Set whether reference policy interfaces are generated.
-@@ -141,15 +143,42 @@
- """Return the generated module"""
- return self.module
-
-- def __add_allow_rules(self, avs):
-+ def __add_allow_rules(self, avs, dontaudit):
+@@ -144,8 +146,35 @@
+ def __add_allow_rules(self, avs):
for av in avs:
-- rule = refpolicy.AVRule(av)
-+ rule = refpolicy.AVRule(av, dontaudit=dontaudit)
+ rule = refpolicy.AVRule(av)
+ rule.comment = ""
if self.explain:
rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
@@ -262,35 +260,9 @@ diff --exclude-from=exclude -N -u -r nsa
self.module.children.append(rule)
-- def add_access(self, av_set):
-+ def add_access(self, av_set, dontaudit=False):
- """Add the access from the access vector set to this
- module.
- """
-@@ -165,7 +194,7 @@
- raw_allow = av_set
-
- # Generate the raw allow rules from the filtered list
-- self.__add_allow_rules(raw_allow)
-+ self.__add_allow_rules(raw_allow, dontaudit)
-
- def add_role_types(self, role_type_set):
- for role_type in role_type_set:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refparser.py
---- nsasepolgen/src/sepolgen/refparser.py 2009-10-29 15:21:39.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refparser.py 2009-12-08 17:05:49.000000000 -0500
-@@ -973,7 +973,7 @@
- def list_headers(root):
- modules = []
- support_macros = None
-- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
-+ blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
-
- for dirpath, dirnames, filenames in os.walk(root):
- for name in filenames:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refpolicy.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refpolicy.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refpolicy.py policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/refpolicy.py
--- nsasepolgen/src/sepolgen/refpolicy.py 2009-10-29 15:21:39.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refpolicy.py 2010-01-08 09:33:37.000000000 -0500
++++ policycoreutils-2.0.79/sepolgen-1.0.19/src/sepolgen/refpolicy.py 2010-03-01 14:50:42.000000000 -0500
@@ -398,6 +398,7 @@
return "attribute %s;" % self.name
@@ -299,22 +271,12 @@ diff --exclude-from=exclude -N -u -r nsa
class AVRule(Leaf):
"""SELinux access vector (AV) rule.
-@@ -420,21 +421,26 @@
- AUDITALLOW = 2
- NEVERALLOW = 3
-
-- def __init__(self, av=None, parent=None):
-+ def __init__(self, av=None, parent=None, dontaudit=False):
- Leaf.__init__(self, parent)
- self.src_types = IdSet()
+@@ -426,15 +427,17 @@
self.tgt_types = IdSet()
self.obj_classes = IdSet()
self.perms = IdSet()
- self.rule_type = self.ALLOW
-+ if dontaudit:
-+ self.rule_type = audit2why.DONTAUDIT
-+ else:
-+ self.rule_type = audit2why.TERULE
++ self.rule_type = audit2why.TERULE
if av:
self.from_av(av)
@@ -330,3 +292,12 @@ diff --exclude-from=exclude -N -u -r nsa
else:
return "auditallow"
+@@ -449,6 +452,8 @@
+ self.tgt_types.add(av.tgt_type)
+ self.obj_classes.add(av.obj_class)
+ self.perms.update(av.perms)
++ if av.dontaudit:
++ self.rule_type = audit2why.DONTAUDIT
+
+ def to_string(self):
+ """Return a string representation of the rule
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/policycoreutils.spec,v
retrieving revision 1.676
retrieving revision 1.677
diff -u -p -r1.676 -r1.677
--- policycoreutils.spec 22 Feb 2010 18:31:33 -0000 1.676
+++ policycoreutils.spec 11 Mar 2010 16:19:58 -0000 1.677
@@ -1,13 +1,13 @@
%define libauditver 1.4.2-1
-%define libsepolver 2.0.38-1
-%define libsemanagever 2.0.39-1
-%define libselinuxver 2.0.90-1
+%define libsepolver 2.0.41-3
+%define libsemanagever 2.0.43-4
+%define libselinuxver 2.0.90-3
%define sepolgenver 1.0.19
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.79
-Release: 3%{?dist}
+Version: 2.0.80
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -30,7 +30,7 @@ Obsoletes: policycoreutils < 2.0.61-2
%global pkgpythondir %{python_sitelib}/%{name}
-BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
+BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
BuildRequires: python-devel
Requires: /bin/mount /bin/egrep /bin/awk /usr/bin/diff rpm /bin/sed
@@ -305,8 +305,19 @@ fi
exit 0
%changelog
-* Mon Feb 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-3
-- Fix semanage man page
+* Mon Mar 8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.80-1
+- Update to upstream
+ * Module enable/disable support from Dan Walsh.
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-5
+- Rewrite of sandbox script, add unit test for sandbox
+- Update translations
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-4
+- Fix patch for dontaudit rules from audit2allow for upstream acceptance
+
+* Fri Feb 26 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-3
+- Fixes for fixfiles
* Wed Feb 17 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-2
- Fix sandbox to complain if mount-shared has not been run
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-12/sources,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -p -r1.214 -r1.215
--- sources 16 Feb 2010 21:48:02 -0000 1.214
+++ sources 11 Mar 2010 16:19:59 -0000 1.215
@@ -1,3 +1,3 @@
2ae1a9f7242e33413aae036d2edeb1d8 sepolgen-1.0.19.tgz
-e09466b2b02ca5672ce3b43e02c5498f policycoreutils-2.0.79.tgz
+f0ba121158e826b5263c2cf808aa1ed2 policycoreutils-2.0.80.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
More information about the scm-commits
mailing list