rpms/policycoreutils/F-13 .cvsignore, 1.211, 1.212 policycoreutils-gui.patch, 1.101, 1.102 policycoreutils-po.patch, 1.61, 1.62 policycoreutils-rhat.patch, 1.483, 1.484 policycoreutils-sepolgen.patch, 1.36, 1.37 policycoreutils.spec, 1.693, 1.694 sources, 1.225, 1.226
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Mar 24 20:14:38 UTC 2010
Author: dwalsh
Update of /cvs/extras/rpms/policycoreutils/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv1336
Modified Files:
.cvsignore policycoreutils-gui.patch policycoreutils-po.patch
policycoreutils-rhat.patch policycoreutils-sepolgen.patch
policycoreutils.spec sources
Log Message:
* Tue Mar 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-1
- Update to upstream
* Add avc's since boot from Dan Walsh.
* Fix unit tests from Dan Walsh.
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/.cvsignore,v
retrieving revision 1.211
retrieving revision 1.212
diff -u -p -r1.211 -r1.212
--- .cvsignore 16 Mar 2010 18:59:50 -0000 1.211
+++ .cvsignore 24 Mar 2010 20:14:14 -0000 1.212
@@ -217,3 +217,6 @@ policycoreutils-2.0.79.tgz
policycoreutils-2.0.80.tgz
policycoreutils-2.0.81.tgz
sepolgen-1.0.20.tgz
+sepolgen-1.0.22.tgz
+policycoreutils-2.0.82.tgz
+sepolgen-1.0.23.tgz
policycoreutils-gui.patch:
Makefile | 40
booleansPage.py | 247 +++
domainsPage.py | 154 ++
fcontextPage.py | 223 ++
html_util.py | 164 ++
lockdown.glade | 771 ++++++++++
lockdown.gladep | 7
lockdown.py | 382 ++++
loginsPage.py | 185 ++
mappingsPage.py | 56
modulesPage.py | 190 ++
polgen.glade | 3305 +++++++++++++++++++++++++++++++++++++++++++
polgen.gladep | 7
polgen.py | 1226 +++++++++++++++
polgengui.py | 627 ++++++++
portsPage.py | 259 +++
selinux.tbl | 234 +++
semanagePage.py | 168 ++
statusPage.py | 190 ++
system-config-selinux.glade | 3024 +++++++++++++++++++++++++++++++++++++++
system-config-selinux.gladep | 7
system-config-selinux.py | 187 ++
templates/__init__.py | 18
templates/boolean.py | 40
templates/etc_rw.py | 113 +
templates/executable.py | 360 ++++
templates/network.py | 80 +
templates/rw.py | 131 +
templates/script.py | 126 +
templates/semodule.py | 41
templates/tmp.py | 102 +
templates/user.py | 182 ++
templates/var_lib.py | 162 ++
templates/var_log.py | 115 +
templates/var_run.py | 101 +
templates/var_spool.py | 133 +
usersPage.py | 150 +
37 files changed, 13507 insertions(+)
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-gui.patch,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -p -r1.101 -r1.102
--- policycoreutils-gui.patch 3 Feb 2010 16:47:44 -0000 1.101
+++ policycoreutils-gui.patch 24 Mar 2010 20:14:14 -0000 1.102
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.78/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.81/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/booleansPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/booleansPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,247 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -249,9 +249,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.78/gui/domainsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.81/gui/domainsPage.py
--- nsapolicycoreutils/gui/domainsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/domainsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/domainsPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,154 @@
+## domainsPage.py - show selinux domains
+## Copyright (C) 2009 Red Hat, Inc.
@@ -407,9 +407,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ except ValueError, e:
+ self.error(e.args[0])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.78/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.81/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/fcontextPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/fcontextPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,223 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -634,9 +634,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.78/gui/html_util.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.81/gui/html_util.py
--- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/html_util.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/html_util.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,164 @@
+# Authors: John Dennis <jdennis at redhat.com>
+#
@@ -802,9 +802,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ doc += tail
+ return doc
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.78/gui/lockdown.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.81/gui/lockdown.glade
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/lockdown.glade 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/lockdown.glade 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,771 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1577,9 +1577,9 @@ diff --exclude-from=exclude -N -u -r nsa
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.78/gui/lockdown.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.81/gui/lockdown.gladep
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/lockdown.gladep 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/lockdown.gladep 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -1588,9 +1588,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.78/gui/lockdown.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.81/gui/lockdown.py
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/lockdown.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/lockdown.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,382 @@
+#!/usr/bin/python
+#
@@ -1974,9 +1974,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ app = booleanWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.78/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.81/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/loginsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/loginsPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2163,9 +2163,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.78/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.81/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/Makefile 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/Makefile 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,40 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -2207,9 +2207,9 @@ diff --exclude-from=exclude -N -u -r nsa
+indent:
+
+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.78/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.81/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/mappingsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/mappingsPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2267,9 +2267,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.78/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.81/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/modulesPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/modulesPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,190 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -2461,9 +2461,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ except ValueError, e:
+ self.error(e.args[0])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.78/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.81/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.glade 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/polgen.glade 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,3305 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -5770,9 +5770,9 @@ diff --exclude-from=exclude -N -u -r nsa
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.78/gui/polgen.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.81/gui/polgen.gladep
--- nsapolicycoreutils/gui/polgen.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.gladep 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/polgen.gladep 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -5781,9 +5781,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.78/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.81/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgengui.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/polgengui.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,627 @@
+#!/usr/bin/python -E
+#
@@ -6412,10 +6412,10 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.81/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.py 2010-02-03 11:46:45.000000000 -0500
-@@ -0,0 +1,1213 @@
++++ policycoreutils-2.0.81/gui/polgen.py 2010-03-24 08:01:12.000000000 -0400
+@@ -0,0 +1,1226 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2007, 2008, 2009 Red Hat
@@ -6692,13 +6692,15 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.symbols["setfcap"] = "add_capability('setfcap')"
+
+ self.DEFAULT_DIRS = {}
-+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
-+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
+ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
-+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
++ self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp];
++ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
++ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
++
++ self.DEFAULT_KEYS=["/etc", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool"]
+
+ self.DEFAULT_TYPES = (\
+( self.generate_daemon_types, self.generate_daemon_rules), \
@@ -6863,9 +6865,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ raise ValueError(_("USER Types automatically get a tmp type"))
+
+ if val:
-+ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
++ self.DEFAULT_DIRS["/tmp"][1].append("/tmp");
+ else:
-+ self.DEFAULT_DIRS["tmp"][1]=[]
++ self.DEFAULT_DIRS["/tmp"][1]=[]
+
+ def set_use_uid(self, val):
+ self.use_uid = val == True
@@ -6985,10 +6987,12 @@ diff --exclude-from=exclude -N -u -r nsa
+ return self.DEFAULT_DIRS["rw"]
+
+ def add_capability(self, capability):
-+ self.capabilities.append(capability)
++ if capability not in self.capabilities:
++ self.capabilities.append(capability)
+
+ def add_process(self, process):
-+ self.processes.append(process)
++ if process not in self.processes:
++ self.processes.append(process)
+
+ def add_boolean(self, name, description):
+ self.booleans[name] = description
@@ -7109,14 +7113,20 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ def generate_admin_if(self):
+ newif = ""
++ newtypes = ""
+ if self.initscript != "":
++ newtypes += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin_types)
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newtypes += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_types)
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
+
+ if newif != "":
+ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
++ ret += newtypes
++
++ ret += re.sub("TEMPLATETYPE", self.name, executable.if_middle_admin)
+ ret += newif
+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
+ return ret
@@ -7182,7 +7192,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
+
+ def generate_daemon_rules(self):
-+ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
++ newif = re.sub("TEMPLATETYPE", self.name, executable.te_begin_daemon_rules)
+
+ return newif
+
@@ -7233,7 +7243,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ if self.initscript != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
+
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
+ for i in self.DEFAULT_DIRS[d][1]:
@@ -7265,7 +7275,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ def generate_te(self):
+ newte = self.generate_default_types()
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ # CGI scripts already have a rw_t
+ if self.type != CGI or d != "rw":
@@ -7286,7 +7296,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ newte += self.generate_default_rules()
+ newte += self.generate_boolean_rules()
+
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
+ for i in self.DEFAULT_DIRS[d][1]:
@@ -7312,15 +7322,16 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ def generate_fc(self):
+ newfc = ""
++ fclist = []
+ if self.program == "":
+ raise ValueError(_("You must enter the executable path for your confined process"))
+
+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
+
+ if self.initscript != "":
+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
+
+ for i in self.files.keys():
+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
@@ -7328,13 +7339,15 @@ diff --exclude-from=exclude -N -u -r nsa
+ else:
+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.files[i][0], t2)
++ fclist.append(re.sub("FILETYPE", self.files[i][0], t2))
+
+ for i in self.dirs.keys():
+ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
++ fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2))
+
++ fclist.sort()
++ newfc="\n".join(fclist)
+ return newfc
+
+ def generate_user_sh(self):
@@ -7629,9 +7642,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ print mypolicy.generate()
+ sys.exit(0)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.78/gui/portsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.81/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/portsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/portsPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,259 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -7892,9 +7905,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.78/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.81/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/selinux.tbl 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/selinux.tbl 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -8130,9 +8143,9 @@ diff --exclude-from=exclude -N -u -r nsa
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.78/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.81/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/semanagePage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/semanagePage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,168 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8302,9 +8315,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.78/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.81/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/statusPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/statusPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,190 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -8496,9 +8509,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.78/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.81/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/system-config-selinux.glade 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/system-config-selinux.glade 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,3024 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -11524,9 +11537,9 @@ diff --exclude-from=exclude -N -u -r nsa
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.gladep policycoreutils-2.0.78/gui/system-config-selinux.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.gladep policycoreutils-2.0.81/gui/system-config-selinux.gladep
--- nsapolicycoreutils/gui/system-config-selinux.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/system-config-selinux.gladep 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/system-config-selinux.gladep 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -11535,9 +11548,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.78/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.81/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/system-config-selinux.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/system-config-selinux.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,187 @@
+#!/usr/bin/python
+#
@@ -11726,9 +11739,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.78/gui/templates/boolean.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.81/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/boolean.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/templates/boolean.py 2010-03-24 08:01:45.000000000 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11770,10 +11783,10 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.78/gui/templates/etc_rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.81/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/etc_rw.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,129 @@
++++ policycoreutils-2.0.81/gui/templates/etc_rw.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,113 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -11869,30 +11882,14 @@ diff --exclude-from=exclude -N -u -r nsa
+ files_search_etc($1)
+')
+
-+########################################
-+## <summary>
-+## Manage TEMPLATETYPE etc_rw files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`TEMPLATETYPE_manage_conf',`
-+ gen_require(`
-+ type TEMPLATETYPE_etc_rw_t;
-+ ')
-+
-+ manage_dirs_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+')
-+
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_etc_rw_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_conf($1)
++ files_search_etc($1)
++ admin_pattern($1, TEMPLATETYPE_etc_rw_t)
+"""
+
+########################### File Context ##################################
@@ -11901,12 +11898,12 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.81/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-28 12:17:43.000000000 -0500
-@@ -0,0 +1,363 @@
++++ policycoreutils-2.0.81/gui/templates/executable.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,360 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12009,13 +12006,11 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+te_daemon_rules="""
-+# Init script handling
-+domain_use_interactive_fds(TEMPLATETYPE_t)
-+
-+# internal communication is often done using fifo and unix sockets.
+allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms;
+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
+
++domain_use_interactive_fds(TEMPLATETYPE_t)
++
+files_read_etc_files(TEMPLATETYPE_t)
+
+miscfiles_read_localization(TEMPLATETYPE_t)
@@ -12236,20 +12231,19 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+interface(`TEMPLATETYPE_admin',`
+ gen_require(`
-+ type TEMPLATETYPE_t;
++ type TEMPLATETYPE_t;"""
++
++if_middle_admin="""
+ ')
+
-+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
-+ read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t)
-+
++ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms };
++ ps_process_pattern($1, TEMPLATETYPE_t)
+"""
++
++if_initscript_admin_types="""
++ type TEMPLATETYPE_initrc_exec_t;"""
+
+if_initscript_admin="""
-+ gen_require(`
-+ type TEMPLATETYPE_initrc_exec_t;
-+ ')
-+
-+ # Allow TEMPLATETYPE_t to restart the apache service
+ TEMPLATETYPE_initrc_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 TEMPLATETYPE_initrc_exec_t system_r;
@@ -12263,16 +12257,16 @@ diff --exclude-from=exclude -N -u -r nsa
+########################### File Context ##################################
+fc_program="""\
+
-+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
++EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
+"""
+fc_initscript="""\
+
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.78/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.81/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/__init__.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/templates/__init__.py 2010-03-24 08:01:45.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -12292,9 +12286,9 @@ diff --exclude-from=exclude -N -u -r nsa
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.78/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.81/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/network.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/templates/network.py 2010-03-24 08:01:45.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -12376,10 +12370,10 @@ diff --exclude-from=exclude -N -u -r nsa
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.78/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.81/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/rw.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,127 @@
++++ policycoreutils-2.0.81/gui/templates/rw.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12475,7 +12469,8 @@ diff --exclude-from=exclude -N -u -r nsa
+
+########################################
+## <summary>
-+## Manage TEMPLATETYPE rw files.
++## Create, read, write, and delete
++## TEMPLATETYPE rw dirs.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -12483,33 +12478,36 @@ diff --exclude-from=exclude -N -u -r nsa
+## </summary>
+## </param>
+#
-+interface(`TEMPLATETYPE_manage_rw',`
++interface(`TEMPLATETYPE_manage_rw_dirs',`
+ gen_require(`
+ type TEMPLATETYPE_rw_t;
+ ')
+
+ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+')
+
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_rw_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_rw($1)
++ files_search_etc($1)
++ admin_pattern($1, TEMPLATETYPE_rw_t)
+"""
+
++
+########################### File Context ##################################
+fc_file="""
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
+
+fc_dir="""
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.78/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.81/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/script.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/templates/script.py 2010-03-24 08:01:45.000000000 -0400
@@ -0,0 +1,126 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12637,9 +12635,9 @@ diff --exclude-from=exclude -N -u -r nsa
+_EOF
+fi
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.78/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.81/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/semodule.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/templates/semodule.py 2010-03-24 08:01:45.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12682,10 +12680,10 @@ diff --exclude-from=exclude -N -u -r nsa
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.78/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.81/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/tmp.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,97 @@
++++ policycoreutils-2.0.81/gui/templates/tmp.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,102 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12755,6 +12753,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ type TEMPLATETYPE_tmp_t;
+ ')
+
++ files_search_tmp($1)
+ allow $1 TEMPLATETYPE_tmp_t:file read_file_perms;
+')
+
@@ -12773,19 +12772,23 @@ diff --exclude-from=exclude -N -u -r nsa
+ type TEMPLATETYPE_tmp_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ files_search_tmp($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_tmp_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_tmp($1)
++ files_search_tmp($1)
++ admin_pattern($1, TEMPLATETYPE_tmp_t)
+"""
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.78/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.81/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/user.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/templates/user.py 2010-03-24 08:01:45.000000000 -0400
@@ -0,0 +1,182 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12969,10 +12972,10 @@ diff --exclude-from=exclude -N -u -r nsa
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.78/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.81/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_lib.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,158 @@
++++ policycoreutils-2.0.81/gui/templates/var_lib.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -13075,7 +13078,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
+########################################
+## <summary>
-+## Manage TEMPLATETYPE var_lib files.
++## Manage TEMPLATETYPE lib dirs files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -13083,14 +13086,13 @@ diff --exclude-from=exclude -N -u -r nsa
+## </summary>
+## </param>
+#
-+interface(`TEMPLATETYPE_manage_var_lib',`
++interface(`TEMPLATETYPE_manage_lib_dirs',`
+ gen_require(`
+ type TEMPLATETYPE_var_lib_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ files_search_var_lib($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+
+"""
@@ -13115,8 +13117,12 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_var_lib_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_var_lib($1)
++ files_search_var_lib($1)
++ admin_pattern($1, TEMPLATETYPE_var_lib_t)
+"""
+
+########################### File Context ##################################
@@ -13129,13 +13135,14 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.78/gui/templates/var_log.py
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.81/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_log.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,110 @@
-+# Copyright (C) 2007 Red Hat
++++ policycoreutils-2.0.81/gui/templates/var_log.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,115 @@
++# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13205,7 +13212,7 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+interface(`TEMPLATETYPE_append_log',`
+ gen_require(`
-+ type var_log_t, TEMPLATETYPE_log_t;
++ type TEMPLATETYPE_log_t;
+ ')
+
+ logging_search_logs($1)
@@ -13227,14 +13234,19 @@ diff --exclude-from=exclude -N -u -r nsa
+ type TEMPLATETYPE_log_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ logging_search_logs($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_log_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_log($1)
++ logging_search_logs($1)
++ admin_pattern($1, TEMPLATETYPE_log_t)
+"""
+
+########################### File Context ##################################
@@ -13243,13 +13255,13 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.78/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.81/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_run.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,118 @@
-+# Copyright (C) 2007 Red Hat
++++ policycoreutils-2.0.81/gui/templates/var_run.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,101 @@
++# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13308,26 +13320,6 @@ diff --exclude-from=exclude -N -u -r nsa
+ allow $1 TEMPLATETYPE_var_run_t:file read_file_perms;
+')
+
-+########################################
-+## <summary>
-+## Manage TEMPLATETYPE var_run files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`TEMPLATETYPE_manage_var_run',`
-+ gen_require(`
-+ type TEMPLATETYPE_var_run_t;
-+ ')
-+
-+ manage_dirs_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+ manage_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+')
-+
+"""
+
+if_stream_rules="""\
@@ -13351,8 +13343,12 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_var_run_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_var_run($1)
++ files_search_pids($1)
++ admin_pattern($1, TEMPLATETYPE_var_run_t)
+"""
+
+fc_file="""\
@@ -13364,13 +13360,12 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.78/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.81/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_spool.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,129 @@
++++ policycoreutils-2.0.81/gui/templates/var_spool.py 2010-03-24 08:01:45.000000000 -0400
+@@ -0,0 +1,133 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -13468,28 +13463,32 @@ diff --exclude-from=exclude -N -u -r nsa
+
+########################################
+## <summary>
-+## Allow domain to manage TEMPLATETYPE spool files
++## Create, read, write, and delete
++## TEMPLATETYPE spool dirs.
+## </summary>
+## <param name="domain">
+## <summary>
-+## Domain to not audit.
++## Domain allowed access.
+## </summary>
+## </param>
+#
-+interface(`TEMPLATETYPE_manage_spool',`
++interface(`TEMPLATETYPE_manage_spool_dirs',`
+ gen_require(`
+ type TEMPLATETYPE_spool_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-+ manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
++ files_search_spool($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+')
+
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_spool_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_spool($1)
++ files_search_spool($1)
++ admin_pattern($1, TEMPLATETYPE_spool_t)
+"""
+
+########################### File Context ##################################
@@ -13498,11 +13497,11 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.78/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.81/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/usersPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.81/gui/usersPage.py 2010-03-12 10:04:14.000000000 -0500
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
policycoreutils-po.patch:
Makefile | 28
POTFILES | 28
POTFILES.in | 1
af.po | 2449 +++++++++++++++++++++++--
am.po | 2449 +++++++++++++++++++++++--
ar.po | 2449 +++++++++++++++++++++++--
as.po | 3499 ++++++++++++++++++++++--------------
be.po | 2449 +++++++++++++++++++++++--
bg.po | 3605 ++++++++++++++++++++++---------------
bn.po | 2449 +++++++++++++++++++++++--
bn_IN.po | 4066 ++++++++++++++++++++++++------------------
bs.po | 2505 +++++++++++++++++++++++---
ca.po | 2906 +++++++++++++++++++++++++-----
cs.po | 2841 ++++++++++++++++++++++++-----
cy.po | 2449 +++++++++++++++++++++++--
da.po | 3124 +++++++++++++++++++++++++++-----
de.po | 3928 +++++++++++++++++++++++------------------
el.po | 2850 ++++++++++++++++++++++++++---
en_GB.po | 2505 +++++++++++++++++++++++---
es.po | 4575 +++++++++++++++++++++++++++--------------------
et.po | 2447 +++++++++++++++++++++++--
eu_ES.po | 2449 +++++++++++++++++++++++--
fa.po | 2449 +++++++++++++++++++++++--
fi.po | 3140 ++++++++++++++++++++++++++++----
fr.po | 3843 +++++++++++++++++++++++-----------------
gl.po | 2447 +++++++++++++++++++++++--
gu.po | 4130 ++++++++++++++++++++++++-------------------
he.po | 2449 +++++++++++++++++++++++--
hi.po | 4117 ++++++++++++++++++++++++------------------
hr.po | 2997 ++++++++++++++++++++-----------
hu.po | 3024 +++++++++++++++++++++++++++----
hy.po | 2449 +++++++++++++++++++++++--
id.po | 2447 +++++++++++++++++++++++--
is.po | 2449 +++++++++++++++++++++++--
it.po | 4531 ++++++++++++++++++++++++++---------------------
ja.po | 4174 ++++++++++++++++++++++++-------------------
ka.po | 2449 +++++++++++++++++++++++--
kn.po | 3841 ++++++++++------------------------------
ko.po | 2793 ++++++++++++++++++++++++-----
ku.po | 2449 +++++++++++++++++++++++--
lo.po | 2449 +++++++++++++++++++++++--
lt.po | 2449 +++++++++++++++++++++++--
lv.po | 2449 +++++++++++++++++++++++--
mai.po | 3462 ++++++++++++++++++++++++++++++++++++
mk.po | 2505 +++++++++++++++++++++++---
ml.po | 4274 ++++++++++++++++++++++++--------------------
mr.po | 4156 ++++++++++++++++++++++++-------------------
ms.po | 2498 +++++++++++++++++++++++---
my.po | 2449 +++++++++++++++++++++++--
nb.po | 2485 +++++++++++++++++++++++--
nl.po | 2906 ++++++++++++++++++++++++------
nn.po | 2449 +++++++++++++++++++++++--
no.po | 1272 -------------
nso.po | 2449 +++++++++++++++++++++++--
or.po | 3984 ++++++++++++++++++++++++-----------------
pa.po | 4075 ++++++++++++++++++++++++------------------
pl.po | 4024 +++++++++++++++++++++++-------------------
policycoreutils.pot | 2431 +++++++++++++++++++++++--
pt.po | 4076 ++++++++++++++++++++++++------------------
pt_BR.po | 4979 ++++++++++++++++++++++++++++------------------------
ro.po | 2449 +++++++++++++++++++++++--
ru.po | 3510 ++++++++++++++++++++++++------------
si.po | 2449 +++++++++++++++++++++++--
sk.po | 2505 +++++++++++++++++++++++---
sl.po | 2449 +++++++++++++++++++++++--
sq.po | 2449 +++++++++++++++++++++++--
sr.po | 4125 ++++++++++++++++++++++++-------------------
sr at latin.po | 4135 ++++++++++++++++++++++++-------------------
sv.po | 3152 ++++++++++++++++++++++----------
ta.po | 3935 ++++++++++++++++++++++++++---------------
te.po | 4069 +++++++++++++++++++++++-------------------
th.po | 2449 +++++++++++++++++++++++--
tr.po | 2449 +++++++++++++++++++++++--
uk.po | 2505 +++++++++++++++++++++++---
ur.po | 2449 +++++++++++++++++++++++--
vi.po | 2449 +++++++++++++++++++++++--
zh_CN.po | 3887 +++++++++++++++++++++++-----------------
zh_TW.po | 4174 ++++++++++++++++++++++++-------------------
zu.po | 2449 +++++++++++++++++++++++--
79 files changed, 173018 insertions(+), 59070 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.61 -r 1.62 policycoreutils-po.patchIndex: policycoreutils-po.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-po.patch,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -p -r1.61 -r1.62
--- policycoreutils-po.patch 16 Mar 2010 18:18:01 -0000 1.61
+++ policycoreutils-po.patch 24 Mar 2010 20:14:15 -0000 1.62
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.81/po/af.po
--- nsapolicycoreutils/po/af.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/af.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/af.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -3047,7 +3047,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/am.po policycoreutils-2.0.81/po/am.po
--- nsapolicycoreutils/po/am.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/am.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/am.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -6094,7 +6094,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ar.po policycoreutils-2.0.81/po/ar.po
--- nsapolicycoreutils/po/ar.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/ar.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/ar.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -9141,7 +9141,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/as.po policycoreutils-2.0.81/po/as.po
--- nsapolicycoreutils/po/as.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/as.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/as.po 2010-03-24 16:03:05.000000000 -0400
@@ -1,23 +1,23 @@
-# translation of as.po to Assamese
+# translation of policycoreutils.HEAD.po to Assamese
@@ -13728,7 +13728,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "সà§à¦¤à§°"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/be.po policycoreutils-2.0.81/po/be.po
--- nsapolicycoreutils/po/be.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/be.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/be.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -16775,7 +16775,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bg.po policycoreutils-2.0.81/po/bg.po
--- nsapolicycoreutils/po/bg.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/bg.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/bg.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -21344,7 +21344,7 @@ diff --exclude-from=exclude -N -u -r nsa
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn_IN.po policycoreutils-2.0.81/po/bn_IN.po
--- nsapolicycoreutils/po/bn_IN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/bn_IN.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/bn_IN.po 2010-03-24 16:03:05.000000000 -0400
@@ -9,10 +9,10 @@
msgstr ""
"Project-Id-Version: policycoreutils.HEAD\n"
@@ -26105,7 +26105,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "Disabled\n"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bn.po policycoreutils-2.0.81/po/bn.po
--- nsapolicycoreutils/po/bn.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/bn.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/bn.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -29152,7 +29152,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/bs.po policycoreutils-2.0.81/po/bs.po
--- nsapolicycoreutils/po/bs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/bs.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/bs.po 2010-03-24 16:03:05.000000000 -0400
@@ -4,7 +4,7 @@
msgstr ""
"Project-Id-Version: bs\n"
@@ -32289,7 +32289,7 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgstr "Zahtijeva vrijednost"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ca.po policycoreutils-2.0.81/po/ca.po
--- nsapolicycoreutils/po/ca.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/ca.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/ca.po 2010-03-24 16:03:05.000000000 -0400
@@ -5,6 +5,8 @@
#
# Josep Puigdemont Casamajó <josep.puigdemont at gmail.com>, 2006.
@@ -35813,7 +35813,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "Error en les opcions: %s "
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cs.po policycoreutils-2.0.81/po/cs.po
--- nsapolicycoreutils/po/cs.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/cs.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/cs.po 2010-03-24 16:03:05.000000000 -0400
@@ -9,7 +9,7 @@
msgstr ""
"Project-Id-Version: cs\n"
@@ -39435,7 +39435,7 @@ diff --exclude-from=exclude -N -u -r nsa
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/cy.po policycoreutils-2.0.81/po/cy.po
--- nsapolicycoreutils/po/cy.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/cy.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/cy.po 2010-03-24 16:03:05.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -42482,7 +42482,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/da.po policycoreutils-2.0.81/po/da.po
--- nsapolicycoreutils/po/da.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/da.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/da.po 2010-03-24 16:03:05.000000000 -0400
@@ -1,24 +1,25 @@
-# translation of da.po to
-# Danish messages for policycoreutils.
@@ -46385,13 +46385,14 @@ diff --exclude-from=exclude -N -u -r nsa
#~ "semodule -i %s.pp\n"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/de.po policycoreutils-2.0.81/po/de.po
--- nsapolicycoreutils/po/de.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/de.po 2010-03-16 14:13:50.000000000 -0400
-@@ -1,28 +1,30 @@
++++ policycoreutils-2.0.81/po/de.po 2010-03-24 16:03:05.000000000 -0400
+@@ -1,28 +1,32 @@
-# translation of policycoreutils.HEAD.de.po to German
++# translation of policycoreutils.HEAD.po to
+# translation of policycoreutils.HEAD.de.po to
# German translation of policycoreutils.
-# Copyright (C) 2006, 2007, 2008 Free Software Foundation, Inc.
-+# Copyright (C) 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
++# Copyright (C) 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
#
#
# Holger Wansing <linux at wansing-online.de>, 2006.
@@ -46403,18 +46404,20 @@ diff --exclude-from=exclude -N -u -r nsa
# Daniela Kugelmann <dkugelma at redhat.com >, 2008.
+# Michael Münch <micm at fedoraproject.org.org>, 2009.
+# Hedda Peters <hpeters at redhat.com>, 2009.
++# sknirT omiT <moc.tahder at sknirtt>, 2010.
msgid ""
msgstr ""
- "Project-Id-Version: policycoreutils.HEAD.de\n"
+-"Project-Id-Version: policycoreutils.HEAD.de\n"
++"Project-Id-Version: policycoreutils.HEAD\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2009-06-24 10:53-0400\n"
-"PO-Revision-Date: 2008-09-11 10:30+1000\n"
-"Last-Translator: Daniela Kugelmann <dkugelma at redhat.com >\n"
-"Language-Team: German <i18 at redhat.com>\n"
-+"POT-Creation-Date: 2008-09-09 13:24-0400\n"
-+"PO-Revision-Date: 2009-09-15 12:02+1000\n"
-+"Last-Translator: Hedda Peters <hpeters at redhat.com>\n"
-+"Language-Team: \n"
++"POT-Creation-Date: 2009-03-23 09:30-0400\n"
++"PO-Revision-Date: 2010-03-17 15:17+1000\n"
++"Last-Translator: sknirT omiT <moc.tahder at sknirtt>\n"
++"Language-Team: <de at li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -46425,45 +46428,7 @@ diff --exclude-from=exclude -N -u -r nsa
#: ../run_init/run_init.c:67
msgid ""
-@@ -31,11 +33,11 @@
- " <args ...> are the arguments to that script."
- msgstr ""
- "VERWENDUNG: run_init <script> <args ...>\n"
--" dabei ist <script> der Name des Init-Skripts, das Sie ausführen möchten "
--"und\n"
-+" dabei ist <script> der Name des Init-Skripts, das Sie ausführen möchten und\n"
- " <args ...> sind die Argumente für dieses Skript."
-
--#: ../run_init/run_init.c:126 ../newrole/newrole.c:1187
-+#: ../run_init/run_init.c:126
-+#: ../newrole/newrole.c:1187
- #, c-format
- msgid "failed to initialize PAM\n"
- msgstr "Initialisieren von PAM fehlgeschlagen\n"
-@@ -45,16 +47,19 @@
- msgid "failed to get account information\n"
- msgstr "Konnte keine Account-Informationen abrufen\n"
-
--#: ../run_init/run_init.c:162 ../newrole/newrole.c:338
-+#: ../run_init/run_init.c:162
-+#: ../newrole/newrole.c:338
- msgid "Password:"
- msgstr "Passwort:"
-
--#: ../run_init/run_init.c:197 ../newrole/newrole.c:363
-+#: ../run_init/run_init.c:197
-+#: ../newrole/newrole.c:363
[...18617 lines suppressed...]
restorecond/utmpwatcher.c
@@ -202305,17 +201694,9 @@ diff --exclude-from=exclude -N -u -r nsa
gui/fcontextPage.py
gui/loginsPage.py
gui/mappingsPage.py
-@@ -34,7 +35,6 @@
- gui/statusPage.py
- gui/system-config-selinux.glade
- gui/system-config-selinux.py
--gui/translationsPage.py
- gui/usersPage.py
- gui/templates/executable.py
- gui/templates/__init__.py
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pt_BR.po policycoreutils-2.0.81/po/pt_BR.po
--- nsapolicycoreutils/po/pt_BR.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/pt_BR.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/pt_BR.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,16 +1,20 @@
-# Brazilian Portuguese translation of policycoreutils
+# Brazilian Portuguese translation of policycoreutils.
@@ -208456,7 +207837,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/pt.po policycoreutils-2.0.81/po/pt.po
--- nsapolicycoreutils/po/pt.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/pt.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/pt.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,22 +1,20 @@
+# Rui Gouveia <rui.gouveia at gmail.com>, 2010.
msgid ""
@@ -213810,7 +213191,7 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgstr "Permitir ao HTTPD aceder a sistemas de ficheiros Samba/CIFS"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ro.po policycoreutils-2.0.81/po/ro.po
--- nsapolicycoreutils/po/ro.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/ro.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/ro.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -216857,7 +216238,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ru.po policycoreutils-2.0.81/po/ru.po
--- nsapolicycoreutils/po/ru.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/ru.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/ru.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,21 +1,23 @@
+# translation of ru.po to Russian
+# translation of ru.po to
@@ -221179,7 +220560,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "ÎÅÏÂÈÏÄÉÍ SELinux ÐÏÌØÚÏ×ÁÔÅÌØ '%s' "
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/si.po policycoreutils-2.0.81/po/si.po
--- nsapolicycoreutils/po/si.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/si.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/si.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -224226,7 +223607,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sk.po policycoreutils-2.0.81/po/sk.po
--- nsapolicycoreutils/po/sk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/sk.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/sk.po 2010-03-24 16:03:06.000000000 -0400
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -227363,7 +226744,7 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgstr "Požaduje hodnotu"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sl.po policycoreutils-2.0.81/po/sl.po
--- nsapolicycoreutils/po/sl.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/sl.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/sl.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -230410,7 +229791,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sq.po policycoreutils-2.0.81/po/sq.po
--- nsapolicycoreutils/po/sq.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/sq.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/sq.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -233457,7 +232838,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr at latin.po policycoreutils-2.0.81/po/sr at latin.po
--- nsapolicycoreutils/po/sr at latin.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/sr at latin.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/sr at latin.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,26 +1,24 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian(Latin) translations for policycoreutils
@@ -238330,7 +237711,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr "SELinux korisnik â%sâ je neophodan"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sr.po policycoreutils-2.0.81/po/sr.po
--- nsapolicycoreutils/po/sr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/sr.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/sr.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,26 +1,24 @@
-# translation of policycoreutils.HEAD.sr.po to Serbian
# Serbian translations for policycoreutils
@@ -243195,7 +242576,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr "SELinux коÑиÑник â%sâ Ñе неопÑ
одан"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/sv.po policycoreutils-2.0.81/po/sv.po
--- nsapolicycoreutils/po/sv.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/sv.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/sv.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,16 +1,19 @@
# Swedish messages for policycoreutils.
-# Copyright © 2001-2008 Free Software Foundation, Inc.
@@ -247279,7 +246660,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr "SELinux-användare \"%s\" krävs"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ta.po policycoreutils-2.0.81/po/ta.po
--- nsapolicycoreutils/po/ta.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/ta.po 2010-03-16 14:13:50.000000000 -0400
++++ policycoreutils-2.0.81/po/ta.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,28 +1,23 @@
-# translation of ta.po to Tamil
+# translation of policycoreutils.HEAD.ta.po to Tamil
@@ -251970,7 +251351,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "MCS நிலà¯"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/te.po policycoreutils-2.0.81/po/te.po
--- nsapolicycoreutils/po/te.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/te.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/te.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,21 +1,23 @@
-# translation of new_policycoreutils.HEAD.te.po to Telugu
+# translation of policycoreutils.HEAD.te.po to Telugu
@@ -256751,7 +256132,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "à°
à°à±à°¤à°¨à°®à±à°¨\n"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/th.po policycoreutils-2.0.81/po/th.po
--- nsapolicycoreutils/po/th.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/th.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/th.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -259798,7 +259179,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/tr.po policycoreutils-2.0.81/po/tr.po
--- nsapolicycoreutils/po/tr.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/tr.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/tr.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -262845,7 +262226,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/uk.po policycoreutils-2.0.81/po/uk.po
--- nsapolicycoreutils/po/uk.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/uk.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/uk.po 2010-03-24 16:03:06.000000000 -0400
@@ -7,7 +7,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
@@ -265982,7 +265363,7 @@ diff --exclude-from=exclude -N -u -r nsa
#~ msgstr "ÐоÑÑÑбно вказаÑи знаÑеннÑ"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/ur.po policycoreutils-2.0.81/po/ur.po
--- nsapolicycoreutils/po/ur.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/ur.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/ur.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -269029,7 +268410,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/vi.po policycoreutils-2.0.81/po/vi.po
--- nsapolicycoreutils/po/vi.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/vi.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/vi.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
@@ -272076,7 +271457,7 @@ diff --exclude-from=exclude -N -u -r nsa
+msgstr ""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_CN.po policycoreutils-2.0.81/po/zh_CN.po
--- nsapolicycoreutils/po/zh_CN.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/zh_CN.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/zh_CN.po 2010-03-24 16:03:06.000000000 -0400
@@ -3,13 +3,13 @@
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER, 2006.
#
@@ -276697,7 +276078,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ msgstr "SELinux ç¨æ· '%s' æ¯å¿
éç"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zh_TW.po policycoreutils-2.0.81/po/zh_TW.po
--- nsapolicycoreutils/po/zh_TW.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/zh_TW.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/zh_TW.po 2010-03-24 16:03:06.000000000 -0400
@@ -1,19 +1,19 @@
-# translation of policycoreutils.HEAD.po to Traditional Chinese
+# translation of policycoreutils.HEAD.po to
@@ -281615,7 +280996,7 @@ diff --exclude-from=exclude -N -u -r nsa
-#~ "udp"
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/zu.po policycoreutils-2.0.81/po/zu.po
--- nsapolicycoreutils/po/zu.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.81/po/zu.po 2010-03-16 14:13:51.000000000 -0400
++++ policycoreutils-2.0.81/po/zu.po 2010-03-24 16:03:06.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/audit2allow | 45 -
newrole/newrole.c | 3
restorecond/Makefile | 24 -
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +++---------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 7
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 ++++++++++
restorecond/watch.c | 260 ++++++++++
sandbox/Makefile | 41 +
sandbox/deliverables/README | 32 +
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 ++
sandbox/deliverables/sandbox | 216 +++++++++
sandbox/sandbox | 420 +++++++++++++++++
sandbox/sandbox.8 | 56 ++
sandbox/sandbox.config | 2
sandbox/sandbox.init | 67 ++
sandbox/sandboxX.sh | 15
sandbox/seunshare.c | 265 +++++++++++
sandbox/test_sandbox.py | 98 ++++
scripts/fixfiles | 44 -
semanage/default_encoding/Makefile | 8
semanage/default_encoding/default_encoding.c | 59 ++
semanage/default_encoding/policycoreutils/__init__.py | 17
semanage/default_encoding/setup.py | 38 +
semanage/semanage | 135 ++++-
semanage/semanage.8 | 128 ++++-
semanage/seobject.py | 422 ++++++++++++++---
setfiles/restore.c | 109 ++++
setfiles/restore.h | 4
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 78 ---
39 files changed, 2726 insertions(+), 651 deletions(-)
Index: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-rhat.patch,v
retrieving revision 1.483
retrieving revision 1.484
diff -u -p -r1.483 -r1.484
--- policycoreutils-rhat.patch 22 Mar 2010 18:13:05 -0000 1.483
+++ policycoreutils-rhat.patch 24 Mar 2010 20:14:34 -0000 1.484
@@ -1,5 +1,5 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.81/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2010-03-12 09:34:56.000000000 -0500
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.81/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow 2010-03-22 14:08:29.000000000 -0400
+++ policycoreutils-2.0.81/audit2allow/audit2allow 2010-03-12 10:04:13.000000000 -0500
@@ -28,6 +28,7 @@
import sepolgen.defaults as defaults
@@ -9,44 +9,7 @@ diff --exclude-from=exclude --exclude=se
class AuditToPolicy:
VERSION = "%prog .1"
-@@ -42,6 +43,8 @@
- from optparse import OptionParser
-
- parser = OptionParser(version=self.VERSION)
-+ parser.add_option("-b", "--boot", action="store_true", dest="boot", default=False,
-+ help="audit messages since last boot conflicts with -i")
- parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
- help="read input from audit log - conflicts with -i")
- parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
-@@ -83,11 +86,11 @@
- options, args = parser.parse_args()
-
- # Make -d, -a, and -i conflict
-- if options.audit is True:
-+ if options.audit is True or options.boot:
- if options.input is not None:
-- sys.stderr.write("error: --all conflicts with --input\n")
-+ sys.stderr.write("error: --all/--boot conflicts with --input\n")
- if options.dmesg is True:
-- sys.stderr.write("error: --all conflicts with --dmesg\n")
-+ sys.stderr.write("error: --all/--boot conflicts with --dmesg\n")
- if options.input is not None and options.dmesg is True:
- sys.stderr.write("error: --input conflicts with --dmesg\n")
-
-@@ -132,6 +135,12 @@
- except OSError, e:
- sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
- sys.exit(1)
-+ elif self.__options.boot:
-+ try:
-+ messages = audit.get_audit_boot_msgs()
-+ except OSError, e:
-+ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
-+ sys.exit(1)
- else:
- # This is the default if no input is specified
- f = sys.stdin
-@@ -223,63 +232,44 @@
+@@ -231,63 +232,44 @@
def __output_audit2why(self):
import selinux
@@ -122,14 +85,14 @@ diff --exclude-from=exclude --exclude=se
print "\t\tMissing role allow rule.\n"
print "\t\tAdd an allow rule for the role pair.\n"
continue
-@@ -349,5 +339,6 @@
+@@ -357,5 +339,6 @@
sys.exit(0)
if __name__ == "__main__":
+ audit2why.init()
app = AuditToPolicy()
app.main()
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.81/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.81/Makefile
--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.81/Makefile 2010-03-12 10:04:13.000000000 -0500
@@ -1,4 +1,4 @@
@@ -138,7 +101,7 @@ diff --exclude-from=exclude --exclude=se
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.81/newrole/newrole.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/newrole/newrole.c policycoreutils-2.0.81/newrole/newrole.c
--- nsapolicycoreutils/newrole/newrole.c 2010-02-16 12:33:05.000000000 -0500
+++ policycoreutils-2.0.81/newrole/newrole.c 2010-03-12 10:04:13.000000000 -0500
@@ -1334,6 +1334,9 @@
@@ -151,7 +114,7 @@ diff --exclude-from=exclude --exclude=se
#ifdef NAMESPACE_PRIV
if (transition_to_caller_uid())
goto err_close_pam_session;
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.81/restorecond/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/Makefile policycoreutils-2.0.81/restorecond/Makefile
--- nsapolicycoreutils/restorecond/Makefile 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.81/restorecond/Makefile 2010-03-12 10:04:13.000000000 -0500
@@ -1,17 +1,28 @@
@@ -200,14 +163,14 @@ diff --exclude-from=exclude --exclude=se
relabel: install
/sbin/restorecon $(SBINDIR)/restorecond
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.81/restorecond/org.selinux.Restorecond.service
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/org.selinux.Restorecond.service policycoreutils-2.0.81/restorecond/org.selinux.Restorecond.service
--- nsapolicycoreutils/restorecond/org.selinux.Restorecond.service 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/restorecond/org.selinux.Restorecond.service 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,3 @@
+[D-BUS Service]
+Name=org.selinux.Restorecond
+Exec=/usr/sbin/restorecond -u
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.81/restorecond/restorecond.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.8 policycoreutils-2.0.81/restorecond/restorecond.8
--- nsapolicycoreutils/restorecond/restorecond.8 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.81/restorecond/restorecond.8 2010-03-12 10:04:13.000000000 -0500
@@ -3,7 +3,7 @@
@@ -244,7 +207,7 @@ diff --exclude-from=exclude --exclude=se
.SH "SEE ALSO"
.BR restorecon (8),
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.81/restorecond/restorecond.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.81/restorecond/restorecond.c
--- nsapolicycoreutils/restorecond/restorecond.c 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.81/restorecond/restorecond.c 2010-03-12 10:04:13.000000000 -0500
@@ -30,9 +30,11 @@
@@ -753,7 +716,7 @@ diff --exclude-from=exclude --exclude=se
}
+
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.81/restorecond/restorecond.conf
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.conf policycoreutils-2.0.81/restorecond/restorecond.conf
--- nsapolicycoreutils/restorecond/restorecond.conf 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.81/restorecond/restorecond.conf 2010-03-12 10:04:13.000000000 -0500
@@ -4,8 +4,5 @@
@@ -766,7 +729,7 @@ diff --exclude-from=exclude --exclude=se
/root/.ssh/*
-
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.81/restorecond/restorecond.desktop
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.desktop policycoreutils-2.0.81/restorecond/restorecond.desktop
--- nsapolicycoreutils/restorecond/restorecond.desktop 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/restorecond/restorecond.desktop 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,7 @@
@@ -777,7 +740,7 @@ diff --exclude-from=exclude --exclude=se
+Encoding=UTF-8
+Type=Application
+StartupNotify=false
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.81/restorecond/restorecond.h
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.h policycoreutils-2.0.81/restorecond/restorecond.h
--- nsapolicycoreutils/restorecond/restorecond.h 2009-08-20 15:49:21.000000000 -0400
+++ policycoreutils-2.0.81/restorecond/restorecond.h 2010-03-12 10:04:13.000000000 -0500
@@ -24,7 +24,22 @@
@@ -805,9 +768,18 @@ diff --exclude-from=exclude --exclude=se
+extern int watch_list_isempty();
#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.81/restorecond/restorecond.init
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.init policycoreutils-2.0.81/restorecond/restorecond.init
--- nsapolicycoreutils/restorecond/restorecond.init 2009-08-20 15:49:21.000000000 -0400
-+++ policycoreutils-2.0.81/restorecond/restorecond.init 2010-03-12 10:04:13.000000000 -0500
++++ policycoreutils-2.0.81/restorecond/restorecond.init 2010-03-24 08:37:19.000000000 -0400
+@@ -26,7 +26,7 @@
+ # Source function library.
+ . /etc/rc.d/init.d/functions
+
+-[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 0
++[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 7
+
+ # Check that we are root ... so non-root users stop here
+ test $EUID = 0 || exit 4
@@ -75,16 +75,15 @@
status restorecond
RETVAL=$?
@@ -827,13 +799,13 @@ diff --exclude-from=exclude --exclude=se
exit $RETVAL
-
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.81/restorecond/restorecond_user.conf
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond_user.conf policycoreutils-2.0.81/restorecond/restorecond_user.conf
--- nsapolicycoreutils/restorecond/restorecond_user.conf 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/restorecond/restorecond_user.conf 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,2 @@
+~/*
+~/public_html/*
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.81/restorecond/user.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/user.c policycoreutils-2.0.81/restorecond/user.c
--- nsapolicycoreutils/restorecond/user.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/restorecond/user.c 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,239 @@
@@ -1076,7 +1048,7 @@ diff --exclude-from=exclude --exclude=se
+ return 0;
+}
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.81/restorecond/watch.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/watch.c policycoreutils-2.0.81/restorecond/watch.c
--- nsapolicycoreutils/restorecond/watch.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/restorecond/watch.c 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,260 @@
@@ -1340,7 +1312,7 @@ diff --exclude-from=exclude --exclude=se
+ if (master_wd == -1)
+ exitApp("Error watching config file.");
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.81/sandbox/deliverables/basicwrapper
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/basicwrapper policycoreutils-2.0.81/sandbox/deliverables/basicwrapper
--- nsapolicycoreutils/sandbox/deliverables/basicwrapper 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/deliverables/basicwrapper 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,4 @@
@@ -1348,7 +1320,7 @@ diff --exclude-from=exclude --exclude=se
+SANDBOX_ARGS = ['-f%s' % os.environ['_CONDOR_SCRATCH_DIR']]
+SANDBOX_ARGS.extend(sys.argv[1::])
+os.execv('/usr/bin/sandbox',SANDBOX_ARGS)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.81/sandbox/deliverables/README
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/README policycoreutils-2.0.81/sandbox/deliverables/README
--- nsapolicycoreutils/sandbox/deliverables/README 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/deliverables/README 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,32 @@
@@ -1384,7 +1356,7 @@ diff --exclude-from=exclude --exclude=se
+
+Thanks for a great summer.
+Chris Pardy
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.81/sandbox/deliverables/run-in-sandbox.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py policycoreutils-2.0.81/sandbox/deliverables/run-in-sandbox.py
--- nsapolicycoreutils/sandbox/deliverables/run-in-sandbox.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/deliverables/run-in-sandbox.py 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,49 @@
@@ -1437,7 +1409,7 @@ diff --exclude-from=exclude --exclude=se
+ def get_background_items(self, window, file):
+ return
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.81/sandbox/deliverables/sandbox
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/deliverables/sandbox policycoreutils-2.0.81/sandbox/deliverables/sandbox
--- nsapolicycoreutils/sandbox/deliverables/sandbox 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/deliverables/sandbox 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,216 @@
@@ -1657,7 +1629,7 @@ diff --exclude-from=exclude --exclude=se
+
+ sys.exit(rc)
+
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.81/sandbox/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/Makefile policycoreutils-2.0.81/sandbox/Makefile
--- nsapolicycoreutils/sandbox/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/Makefile 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,41 @@
@@ -1702,10 +1674,10 @@ diff --exclude-from=exclude --exclude=se
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.81/sandbox/sandbox
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.81/sandbox/sandbox
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.81/sandbox/sandbox 2010-03-12 10:04:13.000000000 -0500
-@@ -0,0 +1,415 @@
++++ policycoreutils-2.0.81/sandbox/sandbox 2010-03-23 15:02:30.000000000 -0400
+@@ -0,0 +1,420 @@
+#! /usr/bin/python -E
+# Authors: Dan Walsh <dwalsh at redhat.com>
+# Authors: Josh Cogliati
@@ -1918,7 +1890,7 @@ diff --exclude-from=exclude --exclude=se
+ copyfile(f, homedir, self.__homedir)
+ copyfile(f, "/tmp", self.__tmpdir)
+
-+ def __setup_sandboxrc(self):
++ def __setup_sandboxrc(self, wm = "/usr/bin/matchbox-window-manager -use_titlebar no"):
+ execfile =self.__homedir + "/.sandboxrc"
+ fd = open(execfile, "w+")
+ if self.__options.session:
@@ -1931,11 +1903,11 @@ diff --exclude-from=exclude --exclude=se
+ fd.write("""#! /bin/sh
+#TITLE: %s
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
-+/usr/bin/matchbox-window-manager -use_titlebar no &
++%s &
+WM_PID=$!
+%s
+kill -TERM $WM_PID 2> /dev/null
-+""" % (command, command))
++""" % (command, wm, command))
+ fd.close()
+ os.chmod(execfile, 0700)
+
@@ -1945,9 +1917,9 @@ diff --exclude-from=exclude --exclude=se
+ def __parse_options(self):
+ from optparse import OptionParser
+ usage = _("""
-+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
++sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
+
-+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] -S
++sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
+""")
+
+ parser = OptionParser(version=self.VERSION, usage=usage)
@@ -1982,6 +1954,11 @@ diff --exclude-from=exclude --exclude=se
+ action="callback", callback=self.__validdir,
+ help="Alternate tempdir to use for mounting")
+
++ parser.add_option("-W", "--windowmanager", dest="wm",
++ type="string",
++ default="/usr/bin/matchbox-window-manager -use_titlebar no",
++ help="Alternate window maanger")
++
+ parser.add_option("-l", "--level", dest="level",
+ help="MCS/MLS Level for the sandbox")
+
@@ -2063,7 +2040,7 @@ diff --exclude-from=exclude --exclude=se
+ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
+ xd.close()
+
-+ self.__setup_sandboxrc()
++ self.__setup_sandboxrc(self.__options.wm)
+
+ cmds = ("/usr/sbin/seunshare -t %s -h %s -- %s /usr/share/sandbox/sandboxX.sh" % (self.__tmpdir, self.__homedir, self.__execcon)).split()
+ rc = os.spawnvp(os.P_WAIT, cmds[0], cmds)
@@ -2121,16 +2098,16 @@ diff --exclude-from=exclude --exclude=se
+ rc = 0
+
+ sys.exit(rc)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.81/sandbox/sandbox.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.8 policycoreutils-2.0.81/sandbox/sandbox.8
--- nsapolicycoreutils/sandbox/sandbox.8 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.81/sandbox/sandbox.8 2010-03-12 10:04:13.000000000 -0500
-@@ -0,0 +1,50 @@
++++ policycoreutils-2.0.81/sandbox/sandbox.8 2010-03-23 15:09:03.000000000 -0400
+@@ -0,0 +1,56 @@
+.TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+.SH NAME
+sandbox \- Run cmd under an SELinux sandbox
+.SH SYNOPSIS
+.B sandbox
-+[-l level ] [[-M | -X] -H homedir -T tmpdir ] [-I includefile ] [[-i file ]...] [ -t type ] cmd
++[-l level ] [[-M | -X] -H homedir -T tmpdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+.br
+.SH DESCRIPTION
+.PP
@@ -2147,41 +2124,47 @@ diff --exclude-from=exclude --exclude=se
+If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the directories need to have a matching label.
+.PP
+.TP
-+\fB\-t type\fR
-+Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
++\fB\-H\ homedir
++Use alternate homedir to mount. Defaults to temporary. Requires -X or -M.
+.TP
+\fB\-i file\fR
+Copy this file into the temporary sandbox appriate. Command can be repeated.
+.TP
-+\fB\-I inputfile\fR
-+Copy all files listed in inputfile into the appropriate temporary sandbox direcories.
++\fB\-I inputfile\fR Copy all files listed in inputfile into the
++appropriate temporary sandbox direcories.
+.TP
+\fB\-l\fR
+Specify the MLS/MCS Security Level to run the sandbox in. Defaults to random.
+.TP
-+\fB\-X\fR
-+Create an X based Sandbox for gui apps, temporary files for $HOME and /tmp, seconday Xserver, defaults to sandbox_x_t
-+.TP
+\fB\-M\fR
+Create a Sandbox with temporary files for $HOME and /tmp, defaults to sandbox_t
+.TP
-+\fB\-H\ homedir
-+Use alternate homedir to mount. Defaults to temporary. Requires -X or -M.
++\fB\-t type\fR
++Use alternate sandbox type, defaults to sandbox_t or sandbox_x_t for -X.
+.TP
+\fB\-T\ tmpdir
+Use alternate tempdir to mount. Defaults to temporary. Requires -X or -M.
++.TP
++\fB\-W windowmanager\fR
++Select alternative window manager to run within
++.B sandbox -X.
++Default to /usr/bin/matchbox-window-manager.
++.TP
++\fB\-X\fR
++Create an X based Sandbox for gui apps, temporary files for
++$HOME and /tmp, seconday Xserver, defaults to sandbox_x_t
+.PP
+.SH "SEE ALSO"
+.TP
+runcon(1)
+.PP
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.81/sandbox/sandbox.config
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.config policycoreutils-2.0.81/sandbox/sandbox.config
--- nsapolicycoreutils/sandbox/sandbox.config 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/sandbox.config 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,2 @@
+# Space separate list of homedirs
+HOMEDIRS="/home"
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.81/sandbox/sandbox.init
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox.init policycoreutils-2.0.81/sandbox/sandbox.init
--- nsapolicycoreutils/sandbox/sandbox.init 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/sandbox.init 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,67 @@
@@ -2252,7 +2235,7 @@ diff --exclude-from=exclude --exclude=se
+ exit 3
+ ;;
+esac
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.81/sandbox/sandboxX.sh
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandboxX.sh policycoreutils-2.0.81/sandbox/sandboxX.sh
--- nsapolicycoreutils/sandbox/sandboxX.sh 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/sandboxX.sh 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,15 @@
@@ -2271,7 +2254,7 @@ diff --exclude-from=exclude --exclude=se
+ break
+done
+exit 0
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.81/sandbox/seunshare.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/seunshare.c policycoreutils-2.0.81/sandbox/seunshare.c
--- nsapolicycoreutils/sandbox/seunshare.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/seunshare.c 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,265 @@
@@ -2540,7 +2523,7 @@ diff --exclude-from=exclude --exclude=se
+
+ return status;
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.81/sandbox/test_sandbox.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/test_sandbox.py policycoreutils-2.0.81/sandbox/test_sandbox.py
--- nsapolicycoreutils/sandbox/test_sandbox.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/sandbox/test_sandbox.py 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,98 @@
@@ -2642,7 +2625,7 @@ diff --exclude-from=exclude --exclude=se
+ unittest.main()
+ else:
+ print "SELinux must be in enforcing mode for this test"
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.81/scripts/fixfiles
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-2.0.81/scripts/fixfiles
--- nsapolicycoreutils/scripts/fixfiles 2009-12-01 15:46:50.000000000 -0500
+++ policycoreutils-2.0.81/scripts/fixfiles 2010-03-12 10:04:13.000000000 -0500
@@ -21,6 +21,17 @@
@@ -2730,7 +2713,7 @@ diff --exclude-from=exclude --exclude=se
restore
}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.81/semanage/default_encoding/default_encoding.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/default_encoding.c policycoreutils-2.0.81/semanage/default_encoding/default_encoding.c
--- nsapolicycoreutils/semanage/default_encoding/default_encoding.c 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/semanage/default_encoding/default_encoding.c 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,59 @@
@@ -2793,7 +2776,7 @@ diff --exclude-from=exclude --exclude=se
+ PyUnicode_SetDefaultEncoding("utf-8");
+ m = Py_InitModule3("default_encoding_utf8", methods, "Forces the default encoding to utf-8");
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.81/semanage/default_encoding/Makefile
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/Makefile policycoreutils-2.0.81/semanage/default_encoding/Makefile
--- nsapolicycoreutils/semanage/default_encoding/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/semanage/default_encoding/Makefile 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,8 @@
@@ -2805,7 +2788,7 @@ diff --exclude-from=exclude --exclude=se
+
+clean:
+ rm -rf build *~
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.81/semanage/default_encoding/policycoreutils/__init__.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py policycoreutils-2.0.81/semanage/default_encoding/policycoreutils/__init__.py
--- nsapolicycoreutils/semanage/default_encoding/policycoreutils/__init__.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/semanage/default_encoding/policycoreutils/__init__.py 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,17 @@
@@ -2826,7 +2809,7 @@ diff --exclude-from=exclude --exclude=se
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.81/semanage/default_encoding/setup.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/default_encoding/setup.py policycoreutils-2.0.81/semanage/default_encoding/setup.py
--- nsapolicycoreutils/semanage/default_encoding/setup.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.81/semanage/default_encoding/setup.py 2010-03-12 10:04:13.000000000 -0500
@@ -0,0 +1,38 @@
@@ -2868,7 +2851,7 @@ diff --exclude-from=exclude --exclude=se
+ ext_modules = [default_encoding_utf8],
+ packages=["policycoreutils"],
+)
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.81/semanage/semanage
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.81/semanage/semanage
--- nsapolicycoreutils/semanage/semanage 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.81/semanage/semanage 2010-03-16 14:03:19.000000000 -0400
@@ -20,6 +20,7 @@
@@ -3229,7 +3212,7 @@ diff --exclude-from=exclude --exclude=se
errorExit(error.args[1])
+ except OSError, error:
+ errorExit(error.args[1])
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.81/semanage/semanage.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage.8 policycoreutils-2.0.81/semanage/semanage.8
--- nsapolicycoreutils/semanage/semanage.8 2009-11-18 17:06:03.000000000 -0500
+++ policycoreutils-2.0.81/semanage/semanage.8 2010-03-12 10:04:13.000000000 -0500
@@ -1,27 +1,58 @@
@@ -3392,9 +3375,9 @@ diff --exclude-from=exclude --exclude=se
+and Russell Coker <rcoker at redhat.com>.
+.br
Examples by Thomas Bleher <ThomasBleher at gmx.de>.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.81/semanage/seobject.py
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.81/semanage/seobject.py
--- nsapolicycoreutils/semanage/seobject.py 2009-11-20 10:51:25.000000000 -0500
-+++ policycoreutils-2.0.81/semanage/seobject.py 2010-03-12 10:04:13.000000000 -0500
++++ policycoreutils-2.0.81/semanage/seobject.py 2010-03-23 13:43:01.000000000 -0400
@@ -29,47 +29,12 @@
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
@@ -3406,7 +3389,7 @@ diff --exclude-from=exclude --exclude=se
- __builtin__.__dict__['_'] = unicode
-
-import syslog
-
+-
-handle = None
-
-def get_handle(store):
@@ -3419,7 +3402,7 @@ diff --exclude-from=exclude --exclude=se
-
- if store != "":
- semanage_select_store(handle, store, SEMANAGE_CON_DIRECT);
--
+
- if not semanage_is_managed(handle):
- semanage_handle_destroy(handle)
- raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
@@ -3614,7 +3597,7 @@ diff --exclude-from=exclude --exclude=se
class dontauditClass(semanageRecords):
def __init__(self, store):
semanageRecords.__init__(self, store)
-@@ -259,6 +331,7 @@
+@@ -259,14 +331,23 @@
name = semanage_module_get_name(mod)
if name and name.startswith("permissive_"):
l.append(name.split("permissive_")[1])
@@ -3622,7 +3605,27 @@ diff --exclude-from=exclude --exclude=se
return l
def list(self, heading = 1, locallist = 0):
-@@ -343,7 +416,9 @@
+- if heading:
+- print "\n%-25s\n" % (_("Permissive Types"))
+- for t in self.get_all():
+- print t
++ import setools
++ all = map(lambda y: y["name"], filter(lambda x: x["permissive"], setools.seinfo(setools.TYPE)))
+
++ if heading:
++ print "\n%-25s\n" % (_("Builtin Permissive Types"))
++ customized = self.get_all()
++ for t in all:
++ if t not in customized:
++ print t
++ if heading:
++ print "\n%-25s\n" % (_("Customized Permissive Types"))
++ for t in customized:
++ print t
+
+ def add(self, type):
+ import glob
+@@ -343,7 +424,9 @@
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -3633,7 +3636,7 @@ diff --exclude-from=exclude --exclude=se
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -475,6 +550,16 @@
+@@ -475,6 +558,16 @@
mylog.log(1, "delete SELinux user mapping", name);
@@ -3650,7 +3653,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -489,6 +574,15 @@
+@@ -489,6 +582,15 @@
ddict[name] = (semanage_seuser_get_sename(u), semanage_seuser_get_mlsrange(u))
return ddict
@@ -3666,7 +3669,7 @@ diff --exclude-from=exclude --exclude=se
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -531,7 +625,8 @@
+@@ -531,7 +633,8 @@
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -3676,7 +3679,7 @@ diff --exclude-from=exclude --exclude=se
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -682,6 +777,16 @@
+@@ -682,6 +785,16 @@
mylog.log(1,"delete SELinux user record", name)
@@ -3693,7 +3696,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -702,6 +807,15 @@
+@@ -702,6 +815,15 @@
return ddict
@@ -3709,7 +3712,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
ddict = self.get_all(locallist)
keys = ddict.keys()
-@@ -740,12 +854,16 @@
+@@ -740,12 +862,16 @@
low = int(ports[0])
high = int(ports[1])
@@ -3726,7 +3729,7 @@ diff --exclude-from=exclude --exclude=se
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -808,6 +926,7 @@
+@@ -808,6 +934,7 @@
self.commit()
def __modify(self, port, proto, serange, setype):
@@ -3734,7 +3737,7 @@ diff --exclude-from=exclude --exclude=se
if serange == "" and setype == "":
if is_mls_enabled == 1:
raise ValueError(_("Requires setype or serange"))
-@@ -942,6 +1061,18 @@
+@@ -942,6 +1069,18 @@
ddict[(ctype,proto_str)].append("%d-%d" % (low, high))
return ddict
@@ -3753,7 +3756,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %-8s %s\n" % (_("SELinux Port Type"), _("Proto"), _("Port Number"))
-@@ -958,7 +1089,8 @@
+@@ -958,7 +1097,8 @@
class nodeRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
@@ -3763,7 +3766,7 @@ diff --exclude-from=exclude --exclude=se
def __add(self, addr, mask, proto, serange, ctype):
if addr == "":
raise ValueError(_("Node Address is required"))
-@@ -966,14 +1098,11 @@
+@@ -966,14 +1106,11 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -3781,7 +3784,7 @@ diff --exclude-from=exclude --exclude=se
if is_mls_enabled == 1:
if serange == "":
serange = "s0"
-@@ -991,7 +1120,8 @@
+@@ -991,7 +1128,8 @@
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -3791,7 +3794,7 @@ diff --exclude-from=exclude --exclude=se
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1047,13 +1177,10 @@
+@@ -1047,13 +1185,10 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -3809,7 +3812,7 @@ diff --exclude-from=exclude --exclude=se
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
-@@ -1098,11 +1225,9 @@
+@@ -1098,11 +1233,9 @@
if mask == "":
raise ValueError(_("Node Netmask is required"))
@@ -3824,7 +3827,7 @@ diff --exclude-from=exclude --exclude=se
raise ValueError(_("Unknown or missing protocol"))
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
-@@ -1132,6 +1257,16 @@
+@@ -1132,6 +1265,16 @@
self.__delete(addr, mask, proto)
self.commit()
@@ -3841,7 +3844,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist :
-@@ -1145,15 +1280,20 @@
+@@ -1145,15 +1288,20 @@
con = semanage_node_get_con(node)
addr = semanage_node_get_addr(self.sh, node)
mask = semanage_node_get_mask(self.sh, node)
@@ -3867,7 +3870,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
if heading:
print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context")
-@@ -1193,7 +1333,8 @@
+@@ -1193,7 +1341,8 @@
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -3877,7 +3880,7 @@ diff --exclude-from=exclude --exclude=se
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1307,6 +1448,16 @@
+@@ -1307,6 +1456,16 @@
self.__delete(interface)
self.commit()
@@ -3894,7 +3897,7 @@ diff --exclude-from=exclude --exclude=se
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -1322,6 +1473,15 @@
+@@ -1322,6 +1481,15 @@
return ddict
@@ -3910,7 +3913,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = 1, locallist = 0):
if heading:
print "%-30s %s\n" % (_("SELinux Interface"), _("Context"))
-@@ -1338,6 +1498,48 @@
+@@ -1338,6 +1506,48 @@
class fcontextRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -3959,7 +3962,7 @@ diff --exclude-from=exclude --exclude=se
def createcon(self, target, seuser = "system_u"):
(rc, con) = semanage_context_create(self.sh)
-@@ -1364,6 +1566,8 @@
+@@ -1364,6 +1574,8 @@
def validate(self, target):
if target == "" or target.find("\n") >= 0:
raise ValueError(_("Invalid file specification"))
@@ -3968,7 +3971,7 @@ diff --exclude-from=exclude --exclude=se
def __add(self, target, type, ftype = "", serange = "", seuser = "system_u"):
self.validate(target)
-@@ -1388,7 +1592,8 @@
+@@ -1388,7 +1600,8 @@
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -3978,7 +3981,7 @@ diff --exclude-from=exclude --exclude=se
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1504,9 +1709,16 @@
+@@ -1504,9 +1717,16 @@
raise ValueError(_("Could not delete the file context %s") % target)
semanage_fcontext_key_free(k)
@@ -3995,7 +3998,7 @@ diff --exclude-from=exclude --exclude=se
(rc,k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create a key for %s") % target)
-@@ -1561,12 +1773,22 @@
+@@ -1561,12 +1781,22 @@
return ddict
@@ -4020,7 +4023,7 @@ diff --exclude-from=exclude --exclude=se
for k in keys:
if fcon_dict[k]:
if is_mls_enabled:
-@@ -1575,6 +1797,12 @@
+@@ -1575,6 +1805,12 @@
print "%-50s %-18s %s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1],fcon_dict[k][2])
else:
print "%-50s %-18s <<None>>" % (k[0], k[1])
@@ -4033,7 +4036,7 @@ diff --exclude-from=exclude --exclude=se
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
-@@ -1706,6 +1934,16 @@
+@@ -1706,6 +1942,16 @@
else:
return _("unknown")
@@ -4050,7 +4053,7 @@ diff --exclude-from=exclude --exclude=se
def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"), _("on"))
if use_file:
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.81/setfiles/restore.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.81/setfiles/restore.c
--- nsapolicycoreutils/setfiles/restore.c 2009-11-03 09:21:40.000000000 -0500
+++ policycoreutils-2.0.81/setfiles/restore.c 2010-03-22 14:05:56.000000000 -0400
@@ -1,4 +1,5 @@
@@ -4234,7 +4237,7 @@ diff --exclude-from=exclude --exclude=se
+ free(buf);
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.81/setfiles/restorecon.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.81/setfiles/restorecon.8
--- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.81/setfiles/restorecon.8 2010-03-12 10:04:13.000000000 -0500
@@ -4,10 +4,10 @@
@@ -4260,7 +4263,7 @@ diff --exclude-from=exclude --exclude=se
.TP
.B \-v
show changes in file labels.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.81/setfiles/restore.h
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.81/setfiles/restore.h
--- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
+++ policycoreutils-2.0.81/setfiles/restore.h 2010-03-12 10:04:13.000000000 -0500
@@ -27,6 +27,7 @@
@@ -4282,7 +4285,7 @@ diff --exclude-from=exclude --exclude=se
+void exclude_non_seclabel_mounts();
#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.81/setfiles/setfiles.8
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.81/setfiles/setfiles.8
--- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
+++ policycoreutils-2.0.81/setfiles/setfiles.8 2010-03-12 10:04:13.000000000 -0500
@@ -31,6 +31,9 @@
@@ -4295,7 +4298,7 @@ diff --exclude-from=exclude --exclude=se
.TP
.B \-q
suppress non-error output.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.20 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.81/setfiles/setfiles.c
+diff --exclude-from=exclude --exclude=sepolgen-1.0.22 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.81/setfiles/setfiles.c
--- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
+++ policycoreutils-2.0.81/setfiles/setfiles.c 2010-03-12 10:04:13.000000000 -0500
@@ -5,7 +5,6 @@
policycoreutils-sepolgen.patch:
access.py | 13 +++++++++----
audit.py | 46 +++++++++++++++++++++++++++++++++++++++++++---
policygen.py | 32 ++++++++++++++++++++++++++++++++
3 files changed, 84 insertions(+), 7 deletions(-)
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils-sepolgen.patch,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- policycoreutils-sepolgen.patch 16 Mar 2010 18:18:23 -0000 1.36
+++ policycoreutils-sepolgen.patch 24 Mar 2010 20:14:36 -0000 1.37
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/access.py
---- nsasepolgen/src/sepolgen/access.py 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/access.py 2010-03-12 09:57:04.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py
+--- nsasepolgen/src/sepolgen/access.py 2010-03-22 14:08:29.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py 2010-03-24 16:11:37.000000000 -0400
@@ -32,6 +32,7 @@
"""
@@ -18,15 +18,6 @@ diff --exclude-from=exclude -N -u -r nsa
# The direction of the information flow represented by this
# access vector - used for matching
-@@ -127,7 +130,7 @@
- return self.to_string()
-
- def to_string(self):
-- return "allow %s %s : %s %s;" % (self.src_type, self.tgt_type,
-+ return "allow %s %s:%s %s;" % (self.src_type, self.tgt_type,
- self.obj_class, self.perms.to_space_str())
-
- def __cmp__(self, other):
@@ -253,20 +256,22 @@
for av in l:
self.add_av(AccessVector(av))
@@ -54,38 +45,10 @@ diff --exclude-from=exclude -N -u -r nsa
access.perms.update(perms)
if audit_msg:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/audit.py
---- nsasepolgen/src/sepolgen/audit.py 2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/audit.py 2010-03-12 09:59:05.000000000 -0500
-@@ -23,6 +23,27 @@
-
- # Convenience functions
-
-+def get_audit_boot_msgs():
-+ """Obtain all of the avc and policy load messages from the audit
-+ log. This function uses ausearch and requires that the current
-+ process have sufficient rights to run ausearch.
-+
-+ Returns:
-+ string contain all of the audit messages returned by ausearch.
-+ """
-+ import subprocess
-+ import time
-+ fd=open("/proc/uptime", "r")
-+ off=float(fd.read().split()[0])
-+ fd.close
-+ s = time.localtime(time.time() - off)
-+ date = time.strftime("%D/%Y", s).split("/")
-+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
-+ boottime = time.strftime("%X", s)
-+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
-+ stdout=subprocess.PIPE).communicate()[0]
-+ return output
-+
- def get_audit_msgs():
- """Obtain all of the avc and policy load messages from the audit
- log. This function uses ausearch and requires that the current
-@@ -47,6 +68,17 @@
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py 2010-03-22 14:08:29.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py 2010-03-24 16:11:37.000000000 -0400
+@@ -68,6 +68,17 @@
stdout=subprocess.PIPE).communicate()[0]
return output
@@ -103,7 +66,7 @@ diff --exclude-from=exclude -N -u -r nsa
# Classes representing audit messages
class AuditMessage:
-@@ -106,6 +138,9 @@
+@@ -127,6 +138,9 @@
if fields[0] == "path":
self.path = fields[1][1:-1]
return
@@ -113,7 +76,7 @@ diff --exclude-from=exclude -N -u -r nsa
class AVCMessage(AuditMessage):
"""AVC message representing an access denial or granted message.
-@@ -146,6 +181,8 @@
+@@ -167,6 +181,8 @@
self.path = ""
self.accesses = []
self.denial = True
@@ -122,7 +85,7 @@ diff --exclude-from=exclude -N -u -r nsa
def __parse_access(self, recs, start):
# This is kind of sucky - the access that is in a space separated
-@@ -205,7 +242,31 @@
+@@ -226,7 +242,31 @@
if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -138,7 +101,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ else:
+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
+ if self.type == audit2why.NOPOLICY:
-+ raise ValueError("Must call policy_init first")
++ self.type = audit2why.TERULE
+ if self.type == audit2why.BADTCON:
+ raise ValueError("Invalid Target Context %s\n" % tcontext)
+ if self.type == audit2why.BADSCON:
@@ -149,13 +112,13 @@ diff --exclude-from=exclude -N -u -r nsa
+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
+ if self.type == audit2why.BADCOMPUTE:
+ raise ValueError("Error during access vector computation")
-+
++
+ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
+
class PolicyLoadMessage(AuditMessage):
"""Audit message indicating that the policy was reloaded."""
def __init__(self, message):
-@@ -448,10 +509,10 @@
+@@ -469,10 +509,10 @@
if avc_filter:
if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
@@ -168,9 +131,9 @@ diff --exclude-from=exclude -N -u -r nsa
return av_set
class AVCTypeFilter:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/policygen.py
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
--- nsasepolgen/src/sepolgen/policygen.py 2010-03-12 09:34:56.000000000 -0500
-+++ policycoreutils-2.0.81/sepolgen-1.0.20/src/sepolgen/policygen.py 2010-03-12 09:53:30.000000000 -0500
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-03-24 16:11:37.000000000 -0400
@@ -29,6 +29,8 @@
import access
import interfaces
@@ -188,7 +151,7 @@ diff --exclude-from=exclude -N -u -r nsa
def set_gen_refpol(self, if_set=None, perm_maps=None):
"""Set whether reference policy interfaces are generated.
-@@ -151,8 +154,35 @@
+@@ -151,8 +154,37 @@
rule = refpolicy.AVRule(av)
if self.dontaudit:
rule.rule_type = rule.DONTAUDIT
@@ -207,6 +170,8 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ if av.type == audit2why.CONSTRAINT:
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
++ rule.comment += "#Contraint rule: "
++
+ if av.type == audit2why.TERULE:
+ if "write" in av.perms:
+ if "dir" in av.obj_class or "open" in av.perms:
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/policycoreutils.spec,v
retrieving revision 1.693
retrieving revision 1.694
diff -u -p -r1.693 -r1.694
--- policycoreutils.spec 22 Mar 2010 18:33:08 -0000 1.693
+++ policycoreutils.spec 24 Mar 2010 20:14:36 -0000 1.694
@@ -2,12 +2,12 @@
%define libsepolver 2.0.41-3
%define libsemanagever 2.0.43-4
%define libselinuxver 2.0.90-3
-%define sepolgenver 1.0.20
+%define sepolgenver 1.0.23
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.81
-Release: 3%{?dist}
+Version: 2.0.82
+Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -305,6 +305,17 @@ fi
exit 0
%changelog
+* Tue Mar 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-1
+- Update to upstream
+ * Add avc's since boot from Dan Walsh.
+ * Fix unit tests from Dan Walsh.
+
+* Tue Mar 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.81-4
+- Update to upstream - sepolgen
+ * Add since-last-boot option to audit2allow from Dan Walsh.
+ * Fix sepolgen output to match what Chris expects for upstream
+ refpolicy from Dan Walsh.
+
* Mon Mar 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.81-3
- Allow restorecon on > 2 Gig files
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/policycoreutils/F-13/sources,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -p -r1.225 -r1.226
--- sources 22 Mar 2010 18:15:11 -0000 1.225
+++ sources 24 Mar 2010 20:14:36 -0000 1.226
@@ -1,3 +1,3 @@
-64e37bf9a411c7c3993839155a30301c policycoreutils-2.0.81.tgz
+e4deacb4df1e2ec081a91fd59da1dcc5 policycoreutils-2.0.82.tgz
+49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
-962e1a1348276188bdff673ab3b711e0 sepolgen-1.0.20.tgz
More information about the scm-commits
mailing list