rpms/policycoreutils/devel .cvsignore, 1.208, 1.209 policycoreutils-gui.patch, 1.101, 1.102 policycoreutils-po.patch, 1.59, 1.60 policycoreutils-rhat.patch, 1.474, 1.475 policycoreutils-sepolgen.patch, 1.33, 1.34 policycoreutils.spec, 1.684, 1.685 selinux-polgengui.desktop, 1.2, 1.3 sources, 1.220, 1.221 system-config-selinux.desktop, 1.4, 1.5 sandbox.init, 1.1, NONE
Daniel J Walsh
dwalsh at fedoraproject.org
Thu May 27 21:23:46 UTC 2010
Author: dwalsh
Update of /cvs/pkgs/rpms/policycoreutils/devel
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv22238
Modified Files:
.cvsignore policycoreutils-gui.patch policycoreutils-po.patch
policycoreutils-rhat.patch policycoreutils-sepolgen.patch
policycoreutils.spec selinux-polgengui.desktop sources
system-config-selinux.desktop
Removed Files:
sandbox.init
Log Message:
* Thu May 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-24
- Man page fixes
- sandbox fixes
Resolves: #595796
- Move seunshare to base package
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/.cvsignore,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -p -r1.208 -r1.209
--- .cvsignore 16 Feb 2010 19:49:37 -0000 1.208
+++ .cvsignore 27 May 2010 21:23:08 -0000 1.209
@@ -214,3 +214,9 @@ policycoreutils-2.0.77.tgz
policycoreutils-2.0.78.tgz
sepolgen-1.0.19.tgz
policycoreutils-2.0.79.tgz
+policycoreutils-2.0.80.tgz
+policycoreutils-2.0.81.tgz
+sepolgen-1.0.20.tgz
+sepolgen-1.0.22.tgz
+policycoreutils-2.0.82.tgz
+sepolgen-1.0.23.tgz
policycoreutils-gui.patch:
Makefile | 40
booleansPage.py | 247 +++
domainsPage.py | 154 ++
fcontextPage.py | 223 ++
html_util.py | 164 ++
lockdown.glade | 771 ++++++++++
lockdown.gladep | 7
lockdown.py | 382 ++++
loginsPage.py | 185 ++
mappingsPage.py | 56
modulesPage.py | 190 ++
polgen.glade | 3305 +++++++++++++++++++++++++++++++++++++++++++
polgen.gladep | 7
polgen.py | 1261 ++++++++++++++++
polgengui.py | 627 ++++++++
portsPage.py | 259 +++
selinux.tbl | 234 +++
semanagePage.py | 168 ++
statusPage.py | 190 ++
system-config-selinux.glade | 3024 +++++++++++++++++++++++++++++++++++++++
system-config-selinux.gladep | 7
system-config-selinux.py | 187 ++
templates/__init__.py | 18
templates/boolean.py | 40
templates/etc_rw.py | 113 +
templates/executable.py | 365 ++++
templates/network.py | 80 +
templates/rw.py | 131 +
templates/script.py | 126 +
templates/semodule.py | 41
templates/tmp.py | 102 +
templates/user.py | 179 ++
templates/var_lib.py | 162 ++
templates/var_log.py | 115 +
templates/var_run.py | 101 +
templates/var_spool.py | 133 +
usersPage.py | 150 +
37 files changed, 13544 insertions(+)
Index: policycoreutils-gui.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-gui.patch,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -p -r1.101 -r1.102
--- policycoreutils-gui.patch 3 Feb 2010 16:47:44 -0000 1.101
+++ policycoreutils-gui.patch 27 May 2010 21:23:12 -0000 1.102
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.78/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.82/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/booleansPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/booleansPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,247 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -249,9 +249,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.78/gui/domainsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.82/gui/domainsPage.py
--- nsapolicycoreutils/gui/domainsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/domainsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/domainsPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,154 @@
+## domainsPage.py - show selinux domains
+## Copyright (C) 2009 Red Hat, Inc.
@@ -407,9 +407,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ except ValueError, e:
+ self.error(e.args[0])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.78/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.82/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/fcontextPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/fcontextPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,223 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -634,9 +634,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.78/gui/html_util.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.82/gui/html_util.py
--- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/html_util.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/html_util.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,164 @@
+# Authors: John Dennis <jdennis at redhat.com>
+#
@@ -802,9 +802,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ doc += tail
+ return doc
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.78/gui/lockdown.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.82/gui/lockdown.glade
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/lockdown.glade 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/lockdown.glade 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,771 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -1577,9 +1577,9 @@ diff --exclude-from=exclude -N -u -r nsa
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.78/gui/lockdown.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.82/gui/lockdown.gladep
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/lockdown.gladep 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/lockdown.gladep 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -1588,9 +1588,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.78/gui/lockdown.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.82/gui/lockdown.py
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/lockdown.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/lockdown.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,382 @@
+#!/usr/bin/python
+#
@@ -1974,9 +1974,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ app = booleanWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.78/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.82/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/loginsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/loginsPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2163,9 +2163,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.78/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.82/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/Makefile 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/Makefile 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,40 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
@@ -2207,9 +2207,9 @@ diff --exclude-from=exclude -N -u -r nsa
+indent:
+
+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.78/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.82/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/mappingsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/mappingsPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2267,9 +2267,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.78/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.82/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/modulesPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/modulesPage.py 2010-04-21 09:09:20.000000000 -0400
@@ -0,0 +1,190 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -2365,7 +2365,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ l = fd.readlines()
+ fd.close()
+ for i in l:
-+ module, ver = i.split('\t')
++ module, ver, newline = i.split('\t')
+ if not (self.match(module, filter) or self.match(ver, filter)):
+ continue
+ iter = self.store.append()
@@ -2461,9 +2461,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ except ValueError, e:
+ self.error(e.args[0])
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.78/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.82/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.glade 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/polgen.glade 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,3305 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -5770,9 +5770,9 @@ diff --exclude-from=exclude -N -u -r nsa
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.78/gui/polgen.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.82/gui/polgen.gladep
--- nsapolicycoreutils/gui/polgen.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.gladep 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/polgen.gladep 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -5781,9 +5781,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.78/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.82/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgengui.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/polgengui.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,627 @@
+#!/usr/bin/python -E
+#
@@ -6412,10 +6412,10 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.82/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/polgen.py 2010-02-03 11:46:45.000000000 -0500
-@@ -0,0 +1,1213 @@
++++ policycoreutils-2.0.82/gui/polgen.py 2010-03-30 11:52:00.000000000 -0400
+@@ -0,0 +1,1261 @@
+#!/usr/bin/python
+#
+# Copyright (C) 2007, 2008, 2009 Red Hat
@@ -6692,13 +6692,15 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.symbols["setfcap"] = "add_capability('setfcap')"
+
+ self.DEFAULT_DIRS = {}
-+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
-+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
+ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw];
-+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
++ self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp];
++ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
++ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
++
++ self.DEFAULT_KEYS=["/etc", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool"]
+
+ self.DEFAULT_TYPES = (\
+( self.generate_daemon_types, self.generate_daemon_rules), \
@@ -6738,6 +6740,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.use_pam = False
+ self.use_dbus = False
+ self.use_audit = False
++ self.use_etc = True
++ self.use_localization = True
++ self.use_fd = True
+ self.use_terminal = False
+ self.use_mail = False
+ self.booleans = {}
@@ -6852,6 +6857,15 @@ diff --exclude-from=exclude -N -u -r nsa
+ def set_use_audit(self, val):
+ self.use_audit = val == True
+
++ def set_use_etc(self, val):
++ self.use_etc = val == True
++
++ def set_use_localization(self, val):
++ self.use_localization = val == True
++
++ def set_use_fd(self, val):
++ self.use_fd = val == True
++
+ def set_use_terminal(self, val):
+ self.use_terminal = val == True
+
@@ -6863,9 +6877,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ raise ValueError(_("USER Types automatically get a tmp type"))
+
+ if val:
-+ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
++ self.DEFAULT_DIRS["/tmp"][1].append("/tmp");
+ else:
-+ self.DEFAULT_DIRS["tmp"][1]=[]
++ self.DEFAULT_DIRS["/tmp"][1]=[]
+
+ def set_use_uid(self, val):
+ self.use_uid = val == True
@@ -6912,9 +6926,27 @@ diff --exclude-from=exclude -N -u -r nsa
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules)
+ return newte
+
++ def generate_etc_rules(self):
++ newte =""
++ if self.use_etc:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_etc_rules)
++ return newte
++
++ def generate_fd_rules(self):
++ newte =""
++ if self.use_fd:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_fd_rules)
++ return newte
++
++ def generate_localization_rules(self):
++ newte =""
++ if self.use_localization:
++ newte = re.sub("TEMPLATETYPE", self.name, executable.te_localization_rules)
++ return newte
++
+ def generate_dbus_rules(self):
+ newte =""
-+ if self.use_dbus:
++ if self.type != DBUS and self.use_dbus:
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules)
+ return newte
+
@@ -6985,10 +7017,12 @@ diff --exclude-from=exclude -N -u -r nsa
+ return self.DEFAULT_DIRS["rw"]
+
+ def add_capability(self, capability):
-+ self.capabilities.append(capability)
++ if capability not in self.capabilities:
++ self.capabilities.append(capability)
+
+ def add_process(self, process):
-+ self.processes.append(process)
++ if process not in self.processes:
++ self.processes.append(process)
+
+ def add_boolean(self, name, description):
+ self.booleans[name] = description
@@ -7109,14 +7143,20 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ def generate_admin_if(self):
+ newif = ""
++ newtypes = ""
+ if self.initscript != "":
++ newtypes += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin_types)
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
++ newtypes += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_types)
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
+
+ if newif != "":
+ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
++ ret += newtypes
++
++ ret += re.sub("TEMPLATETYPE", self.name, executable.if_middle_admin)
+ ret += newif
+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
+ return ret
@@ -7233,7 +7273,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ if self.initscript != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
+
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
+ for i in self.DEFAULT_DIRS[d][1]:
@@ -7265,7 +7305,7 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ def generate_te(self):
+ newte = self.generate_default_types()
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ # CGI scripts already have a rw_t
+ if self.type != CGI or d != "rw":
@@ -7275,9 +7315,7 @@ diff --exclude-from=exclude -N -u -r nsa
+########################################
+#
+# %s local policy
-+#
-+
-+""" % self.name
++#""" % self.name
+ newte += self.generate_capabilities()
+ newte += self.generate_process()
+ newte += self.generate_network_types()
@@ -7286,7 +7324,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ newte += self.generate_default_rules()
+ newte += self.generate_boolean_rules()
+
-+ for d in self.DEFAULT_DIRS:
++ for d in self.DEFAULT_KEYS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
+ for i in self.DEFAULT_DIRS[d][1]:
@@ -7294,33 +7332,38 @@ diff --exclude-from=exclude -N -u -r nsa
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
+ break
+
-+ newte += self.generate_network_rules()
+ newte += self.generate_tmp_rules()
++ newte += self.generate_network_rules()
++ newte += self.generate_fd_rules()
++ newte += self.generate_etc_rules()
++ newte += self.generate_pam_rules()
+ newte += self.generate_uid_rules()
++ newte += self.generate_audit_rules()
+ newte += self.generate_syslog_rules()
++ newte += self.generate_localization_rules()
+ newte += self.generate_resolve_rules()
-+ newte += self.generate_pam_rules()
-+ newte += self.generate_dbus_rules()
-+ newte += self.generate_audit_rules()
-+ newte += self.generate_mail_rules()
-+ newte += self.generate_roles_rules()
-+ newte += self.generate_transition_rules()
-+ newte += self.generate_admin_rules()
-+ newte += self.generate_kerberos_rules()
++ newte += self.generate_roles_rules()
++ newte += self.generate_mail_rules()
++ newte += self.generate_transition_rules()
++ newte += self.generate_admin_rules()
++ newte += self.generate_dbus_rules()
++ newte += self.generate_kerberos_rules()
+ newte += self.generate_manage_krb5_rcache_rules()
++
+ return newte
+
+ def generate_fc(self):
+ newfc = ""
++ fclist = []
+ if self.program == "":
+ raise ValueError(_("You must enter the executable path for your confined process"))
+
+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
+
+ if self.initscript != "":
+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
-+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
++ fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
+
+ for i in self.files.keys():
+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
@@ -7328,13 +7371,15 @@ diff --exclude-from=exclude -N -u -r nsa
+ else:
+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.files[i][0], t2)
++ fclist.append(re.sub("FILETYPE", self.files[i][0], t2))
+
+ for i in self.dirs.keys():
+ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
+ t2 = re.sub("FILENAME", i, t1)
-+ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
++ fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2))
+
++ fclist.sort()
++ newfc="\n".join(fclist)
+ return newfc
+
+ def generate_user_sh(self):
@@ -7601,37 +7646,40 @@ diff --exclude-from=exclude -N -u -r nsa
+ if len(cmds) == 0:
+ usage(_("Executable required"))
+
-+ name = os.path.basename(cmds[0]).replace("-","_")
-+ cmd = cmds[0]
-+ mypolicy = policy(name, setype)
-+ mypolicy.set_program(cmd)
-+ for f in gen_writeable(cmd):
-+ for b in mypolicy.DEFAULT_DIRS:
-+ if b == "/etc":
-+ continue
-+ if f.startswith(b):
-+ if os.path.isfile(f):
-+ mypolicy.add_file(f)
-+ else:
-+ mypolicy.add_dir(f)
-+
-+ if os.path.isfile("/var/run/%s.pid" % name):
-+ mypolicy.add_file("/var/run/%s.pid" % name)
-+
-+ if os.path.isfile("/etc/rc.d/init.d/%s" % name):
-+ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
-+
-+ symbols = gen_symbols(cmd)
-+ for s in symbols:
-+ for b in mypolicy.symbols:
-+ if s.startswith(b):
-+ exec "mypolicy.%s" % mypolicy.symbols[b]
-+
-+ print mypolicy.generate()
-+ sys.exit(0)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.78/gui/portsPage.py
++ try:
++ name = os.path.basename(cmds[0]).replace("-","_")
++ cmd = cmds[0]
++ mypolicy = policy(name, setype)
++ mypolicy.set_program(cmd)
++ for f in gen_writeable(cmd):
++ for b in mypolicy.DEFAULT_DIRS:
++ if b == "/etc":
++ continue
++ if f.startswith(b):
++ if os.path.isfile(f):
++ mypolicy.add_file(f)
++ else:
++ mypolicy.add_dir(f)
++
++ if os.path.isfile("/var/run/%s.pid" % name):
++ mypolicy.add_file("/var/run/%s.pid" % name)
++
++ if os.path.isfile("/etc/rc.d/init.d/%s" % name):
++ mypolicy.set_init_script("/etc/rc\.d/init\.d/%s" % name)
++
++ symbols = gen_symbols(cmd)
++ for s in symbols:
++ for b in mypolicy.symbols:
++ if s.startswith(b):
++ exec "mypolicy.%s" % mypolicy.symbols[b]
++
++ print mypolicy.generate()
++ sys.exit(0)
++ except ValueError, e:
++ usage(e)
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.82/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/portsPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/portsPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,259 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -7892,9 +7940,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.78/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.82/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/selinux.tbl 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/selinux.tbl 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
@@ -8130,9 +8178,9 @@ diff --exclude-from=exclude -N -u -r nsa
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.78/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.82/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/semanagePage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/semanagePage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,168 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -8302,9 +8350,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.78/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.82/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/statusPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/statusPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,190 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006-2009 Red Hat, Inc.
@@ -8496,9 +8544,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.78/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.82/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/system-config-selinux.glade 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/system-config-selinux.glade 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,3024 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
@@ -11524,9 +11572,9 @@ diff --exclude-from=exclude -N -u -r nsa
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.gladep policycoreutils-2.0.78/gui/system-config-selinux.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.gladep policycoreutils-2.0.82/gui/system-config-selinux.gladep
--- nsapolicycoreutils/gui/system-config-selinux.gladep 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/system-config-selinux.gladep 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/system-config-selinux.gladep 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
@@ -11535,9 +11583,9 @@ diff --exclude-from=exclude -N -u -r nsa
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.78/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.82/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/system-config-selinux.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/system-config-selinux.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,187 @@
+#!/usr/bin/python
+#
@@ -11726,9 +11774,9 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.78/gui/templates/boolean.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.82/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/boolean.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/templates/boolean.py 2010-03-30 11:52:34.000000000 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11770,10 +11818,10 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.78/gui/templates/etc_rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.82/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/etc_rw.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,129 @@
++++ policycoreutils-2.0.82/gui/templates/etc_rw.py 2010-03-30 11:52:34.000000000 -0400
+@@ -0,0 +1,113 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -11805,7 +11853,7 @@ diff --exclude-from=exclude -N -u -r nsa
+te_rules="""
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { file dir })
++files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file })
+"""
+
+########################### Interface File #############################
@@ -11869,30 +11917,14 @@ diff --exclude-from=exclude -N -u -r nsa
+ files_search_etc($1)
+')
+
-+########################################
-+## <summary>
-+## Manage TEMPLATETYPE etc_rw files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`TEMPLATETYPE_manage_conf',`
-+ gen_require(`
-+ type TEMPLATETYPE_etc_rw_t;
-+ ')
-+
-+ manage_dirs_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
-+')
-+
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_etc_rw_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_conf($1)
++ files_search_etc($1)
++ admin_pattern($1, TEMPLATETYPE_etc_rw_t)
+"""
+
+########################### File Context ##################################
@@ -11901,12 +11933,12 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.82/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-28 12:17:43.000000000 -0500
-@@ -0,0 +1,363 @@
++++ policycoreutils-2.0.82/gui/templates/executable.py 2010-03-30 11:52:34.000000000 -0400
+@@ -0,0 +1,365 @@
+# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12009,16 +12041,8 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+te_daemon_rules="""
-+# Init script handling
-+domain_use_interactive_fds(TEMPLATETYPE_t)
-+
-+# internal communication is often done using fifo and unix sockets.
+allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms;
+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
-+
-+files_read_etc_files(TEMPLATETYPE_t)
-+
-+miscfiles_read_localization(TEMPLATETYPE_t)
+"""
+
+te_inetd_rules="""
@@ -12083,6 +12107,18 @@ diff --exclude-from=exclude -N -u -r nsa
+logging_send_audit_msgs(TEMPLATETYPE_t)
+"""
+
++te_fd_rules="""
++domain_use_interactive_fds(TEMPLATETYPE_t)
++"""
++
++te_etc_rules="""
++files_read_etc_files(TEMPLATETYPE_t)
++"""
++
++te_localization_rules="""
++miscfiles_read_localization(TEMPLATETYPE_t)
++"""
++
+te_userapp_trans_rules="""
+optional_policy(`
+ gen_require(`
@@ -12236,20 +12272,19 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+interface(`TEMPLATETYPE_admin',`
+ gen_require(`
-+ type TEMPLATETYPE_t;
++ type TEMPLATETYPE_t;"""
++
++if_middle_admin="""
+ ')
+
-+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
-+ read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t)
-+
++ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms };
++ ps_process_pattern($1, TEMPLATETYPE_t)
+"""
++
++if_initscript_admin_types="""
++ type TEMPLATETYPE_initrc_exec_t;"""
+
+if_initscript_admin="""
-+ gen_require(`
-+ type TEMPLATETYPE_initrc_exec_t;
-+ ')
-+
-+ # Allow TEMPLATETYPE_t to restart the apache service
+ TEMPLATETYPE_initrc_domtrans($1)
+ domain_system_change_exemption($1)
+ role_transition $2 TEMPLATETYPE_initrc_exec_t system_r;
@@ -12263,16 +12298,15 @@ diff --exclude-from=exclude -N -u -r nsa
+########################### File Context ##################################
+fc_program="""\
+
-+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
++EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
+"""
+fc_initscript="""\
+
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
+"""
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.78/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.82/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/__init__.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/templates/__init__.py 2010-03-30 11:52:34.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -12292,9 +12326,9 @@ diff --exclude-from=exclude -N -u -r nsa
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.78/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.82/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/network.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/templates/network.py 2010-03-30 11:52:34.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -12376,10 +12410,10 @@ diff --exclude-from=exclude -N -u -r nsa
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.78/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.82/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/rw.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,127 @@
++++ policycoreutils-2.0.82/gui/templates/rw.py 2010-03-30 11:52:34.000000000 -0400
+@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12475,7 +12509,8 @@ diff --exclude-from=exclude -N -u -r nsa
+
+########################################
+## <summary>
-+## Manage TEMPLATETYPE rw files.
++## Create, read, write, and delete
++## TEMPLATETYPE rw dirs.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -12483,33 +12518,36 @@ diff --exclude-from=exclude -N -u -r nsa
+## </summary>
+## </param>
+#
-+interface(`TEMPLATETYPE_manage_rw',`
++interface(`TEMPLATETYPE_manage_rw_dirs',`
+ gen_require(`
+ type TEMPLATETYPE_rw_t;
+ ')
+
+ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+')
+
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_rw_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_rw($1)
++ files_search_etc($1)
++ admin_pattern($1, TEMPLATETYPE_rw_t)
+"""
+
++
+########################### File Context ##################################
+fc_file="""
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
+
+fc_dir="""
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.78/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.82/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/script.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/templates/script.py 2010-03-30 11:52:34.000000000 -0400
@@ -0,0 +1,126 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12637,9 +12675,9 @@ diff --exclude-from=exclude -N -u -r nsa
+_EOF
+fi
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.78/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.82/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/semodule.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/templates/semodule.py 2010-03-30 11:52:34.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12682,10 +12720,10 @@ diff --exclude-from=exclude -N -u -r nsa
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.78/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.82/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/tmp.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,97 @@
++++ policycoreutils-2.0.82/gui/templates/tmp.py 2010-03-30 11:52:34.000000000 -0400
+@@ -0,0 +1,102 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12717,7 +12755,7 @@ diff --exclude-from=exclude -N -u -r nsa
+te_rules="""
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { file dir })
++files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file })
+"""
+
+if_rules="""
@@ -12755,6 +12793,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ type TEMPLATETYPE_tmp_t;
+ ')
+
++ files_search_tmp($1)
+ allow $1 TEMPLATETYPE_tmp_t:file read_file_perms;
+')
+
@@ -12773,20 +12812,24 @@ diff --exclude-from=exclude -N -u -r nsa
+ type TEMPLATETYPE_tmp_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ files_search_tmp($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_tmp_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_tmp($1)
++ files_search_tmp($1)
++ admin_pattern($1, TEMPLATETYPE_tmp_t)
+"""
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.78/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.82/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/user.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,182 @@
++++ policycoreutils-2.0.82/gui/templates/user.py 2010-03-30 11:52:34.000000000 -0400
+@@ -0,0 +1,179 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -12882,7 +12925,6 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+# TEMPLATETYPE local policy
+#
-+
+"""
+
+te_existing_user_rules="""\
@@ -12900,7 +12942,6 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+# TEMPLATETYPE local policy
+#
-+
+"""
+
+te_root_user_rules="""\
@@ -12909,7 +12950,6 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+# TEMPLATETYPE local policy
+#
-+
+"""
+
+te_transition_rules="""
@@ -12969,10 +13009,10 @@ diff --exclude-from=exclude -N -u -r nsa
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.78/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.82/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_lib.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,158 @@
++++ policycoreutils-2.0.82/gui/templates/var_lib.py 2010-04-06 09:49:03.000000000 -0400
+@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -13002,9 +13042,9 @@ diff --exclude-from=exclude -N -u -r nsa
+files_type(TEMPLATETYPE_var_lib_t)
+"""
+te_rules="""
-+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { file dir } )
++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file } )
+"""
+
+te_stream_rules="""\
@@ -13070,12 +13110,12 @@ diff --exclude-from=exclude -N -u -r nsa
+ ')
+
+ files_search_var_lib($1)
-+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+
+########################################
+## <summary>
-+## Manage TEMPLATETYPE var_lib files.
++## Manage TEMPLATETYPE lib dirs files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -13083,14 +13123,13 @@ diff --exclude-from=exclude -N -u -r nsa
+## </summary>
+## </param>
+#
-+interface(`TEMPLATETYPE_manage_var_lib',`
++interface(`TEMPLATETYPE_manage_lib_dirs',`
+ gen_require(`
+ type TEMPLATETYPE_var_lib_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ files_search_var_lib($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+
+"""
@@ -13115,8 +13154,12 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_var_lib_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_var_lib($1)
++ files_search_var_lib($1)
++ admin_pattern($1, TEMPLATETYPE_var_lib_t)
+"""
+
+########################### File Context ##################################
@@ -13129,13 +13172,14 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.78/gui/templates/var_log.py
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.82/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_log.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,110 @@
-+# Copyright (C) 2007 Red Hat
++++ policycoreutils-2.0.82/gui/templates/var_log.py 2010-04-06 09:49:07.000000000 -0400
+@@ -0,0 +1,115 @@
++# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13165,9 +13209,9 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+te_rules="""
-+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { file dir } )
++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file } )
+"""
+
+########################### Interface File #############################
@@ -13205,7 +13249,7 @@ diff --exclude-from=exclude -N -u -r nsa
+#
+interface(`TEMPLATETYPE_append_log',`
+ gen_require(`
-+ type var_log_t, TEMPLATETYPE_log_t;
++ type TEMPLATETYPE_log_t;
+ ')
+
+ logging_search_logs($1)
@@ -13227,14 +13271,19 @@ diff --exclude-from=exclude -N -u -r nsa
+ type TEMPLATETYPE_log_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ logging_search_logs($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_log_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_log($1)
++ logging_search_logs($1)
++ admin_pattern($1, TEMPLATETYPE_log_t)
+"""
+
+########################### File Context ##################################
@@ -13243,13 +13292,13 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.78/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.82/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_run.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,118 @@
-+# Copyright (C) 2007 Red Hat
++++ policycoreutils-2.0.82/gui/templates/var_run.py 2010-04-06 09:48:40.000000000 -0400
+@@ -0,0 +1,101 @@
++# Copyright (C) 2007,2010 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13278,9 +13327,9 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+te_rules="""
-+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { file dir })
++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file })
+"""
+
+te_stream_rules="""
@@ -13308,26 +13357,6 @@ diff --exclude-from=exclude -N -u -r nsa
+ allow $1 TEMPLATETYPE_var_run_t:file read_file_perms;
+')
+
-+########################################
-+## <summary>
-+## Manage TEMPLATETYPE var_run files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`TEMPLATETYPE_manage_var_run',`
-+ gen_require(`
-+ type TEMPLATETYPE_var_run_t;
-+ ')
-+
-+ manage_dirs_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+ manage_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
-+')
-+
+"""
+
+if_stream_rules="""\
@@ -13351,8 +13380,12 @@ diff --exclude-from=exclude -N -u -r nsa
+')
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_var_run_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_var_run($1)
++ files_search_pids($1)
++ admin_pattern($1, TEMPLATETYPE_var_run_t)
+"""
+
+fc_file="""\
@@ -13364,13 +13397,12 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
-+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.78/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.82/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/templates/var_spool.py 2009-12-08 17:05:49.000000000 -0500
-@@ -0,0 +1,129 @@
++++ policycoreutils-2.0.82/gui/templates/var_spool.py 2010-03-30 11:52:34.000000000 -0400
+@@ -0,0 +1,133 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -13403,7 +13435,7 @@ diff --exclude-from=exclude -N -u -r nsa
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-+files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { file dir sock_file })
++files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file sock_file })
+"""
+
+########################### Interface File #############################
@@ -13468,28 +13500,32 @@ diff --exclude-from=exclude -N -u -r nsa
+
+########################################
+## <summary>
-+## Allow domain to manage TEMPLATETYPE spool files
++## Create, read, write, and delete
++## TEMPLATETYPE spool dirs.
+## </summary>
+## <param name="domain">
+## <summary>
-+## Domain to not audit.
++## Domain allowed access.
+## </summary>
+## </param>
+#
-+interface(`TEMPLATETYPE_manage_spool',`
++interface(`TEMPLATETYPE_manage_spool_dirs',`
+ gen_require(`
+ type TEMPLATETYPE_spool_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-+ manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
++ files_search_spool($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+')
+
+"""
+
++if_admin_types="""
++ type TEMPLATETYPE_spool_t;"""
++
+if_admin_rules="""
-+ TEMPLATETYPE_manage_spool($1)
++ files_search_spool($1)
++ admin_pattern($1, TEMPLATETYPE_spool_t)
+"""
+
+########################### File Context ##################################
@@ -13498,11 +13534,11 @@ diff --exclude-from=exclude -N -u -r nsa
+"""
+
+fc_dir="""\
-+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
++FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.78/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.82/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.78/gui/usersPage.py 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/gui/usersPage.py 2010-03-24 16:12:21.000000000 -0400
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
policycoreutils-po.patch:
Makefile | 27
POTFILES | 27
POTFILES.in | 2
af.po | 2449 +++++++++++++++++++++++--
am.po | 2449 +++++++++++++++++++++++--
ar.po | 2449 +++++++++++++++++++++++--
as.po | 3499 ++++++++++++++++++++++--------------
be.po | 2449 +++++++++++++++++++++++--
bg.po | 3605 ++++++++++++++++++++++---------------
bn.po | 2449 +++++++++++++++++++++++--
bn_IN.po | 4090 ++++++++++++++++++++++++------------------
bs.po | 2505 +++++++++++++++++++++++---
ca.po | 2906 +++++++++++++++++++++++++-----
cs.po | 2841 ++++++++++++++++++++++++-----
cy.po | 2449 +++++++++++++++++++++++--
da.po | 3124 +++++++++++++++++++++++++++-----
de.po | 3928 +++++++++++++++++++++++------------------
el.po | 2850 ++++++++++++++++++++++++++---
en_GB.po | 2505 +++++++++++++++++++++++---
es.po | 4479 ++++++++++++++++++++++++++--------------------
et.po | 2447 +++++++++++++++++++++++--
eu_ES.po | 2449 +++++++++++++++++++++++--
fa.po | 2449 +++++++++++++++++++++++--
fi.po | 3140 ++++++++++++++++++++++++++++----
fr.po | 3843 +++++++++++++++++++++++-----------------
gl.po | 2447 +++++++++++++++++++++++--
gu.po | 4114 ++++++++++++++++++++++++------------------
he.po | 2449 +++++++++++++++++++++++--
hi.po | 4117 ++++++++++++++++++++++++------------------
hr.po | 2997 ++++++++++++++++++++-----------
hu.po | 3024 +++++++++++++++++++++++++++----
hy.po | 2449 +++++++++++++++++++++++--
id.po | 2447 +++++++++++++++++++++++--
is.po | 2449 +++++++++++++++++++++++--
it.po | 4531 ++++++++++++++++++++++++++---------------------
ja.po | 4174 ++++++++++++++++++++++++-------------------
ka.po | 2449 +++++++++++++++++++++++--
kn.po | 4159 ++++++++++++++++++++++++-------------------
ko.po | 2946 +++++++++++++++++++++++++-----
ku.po | 2449 +++++++++++++++++++++++--
lo.po | 2449 +++++++++++++++++++++++--
lt.po | 2449 +++++++++++++++++++++++--
lv.po | 2449 +++++++++++++++++++++++--
mai.po | 3462 ++++++++++++++++++++++++++++++++++++
mk.po | 2505 +++++++++++++++++++++++---
ml.po | 4258 ++++++++++++++++++++++++--------------------
mr.po | 4244 ++++++++++++++++++++++++--------------------
ms.po | 2498 +++++++++++++++++++++++---
my.po | 2449 +++++++++++++++++++++++--
nb.po | 2485 +++++++++++++++++++++++--
nl.po | 2906 ++++++++++++++++++++++++------
nn.po | 2449 +++++++++++++++++++++++--
no.po | 1272 -------------
nso.po | 2449 +++++++++++++++++++++++--
or.po | 3969 ++++++++++++++++++++++++-----------------
pa.po | 4044 +++++++++++++++++++++++-------------------
pl.po | 4024 +++++++++++++++++++++++-------------------
policycoreutils.pot | 2431 +++++++++++++++++++++++--
pt.po | 4076 ++++++++++++++++++++++++------------------
pt_BR.po | 4979 ++++++++++++++++++++++++++++------------------------
ro.po | 2449 +++++++++++++++++++++++--
ru.po | 3510 ++++++++++++++++++++++++------------
si.po | 2449 +++++++++++++++++++++++--
sk.po | 2505 +++++++++++++++++++++++---
sl.po | 2449 +++++++++++++++++++++++--
sq.po | 2449 +++++++++++++++++++++++--
sr.po | 4125 ++++++++++++++++++++++++-------------------
sr at latin.po | 4135 ++++++++++++++++++++++++-------------------
sv.po | 3152 ++++++++++++++++++++++----------
ta.po | 3935 ++++++++++++++++++++++++++---------------
te.po | 4056 +++++++++++++++++++++++-------------------
th.po | 2449 +++++++++++++++++++++++--
tr.po | 2449 +++++++++++++++++++++++--
uk.po | 2938 ++++++++++++++++++++++++++----
ur.po | 2449 +++++++++++++++++++++++--
vi.po | 2449 +++++++++++++++++++++++--
zh_CN.po | 3887 +++++++++++++++++++++++-----------------
zh_TW.po | 4162 ++++++++++++++++++++++++-------------------
zu.po | 2449 +++++++++++++++++++++++--
79 files changed, 174804 insertions(+), 58100 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.59 -r 1.60 policycoreutils-po.patchIndex: policycoreutils-po.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-po.patch,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -p -r1.59 -r1.60
--- policycoreutils-po.patch 16 Dec 2009 13:21:49 -0000 1.59
+++ policycoreutils-po.patch 27 May 2010 21:23:13 -0000 1.60
@@ -1,132 +1,71 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.78/po/af.po
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/po/af.po policycoreutils-2.0.82/po/af.po
--- nsapolicycoreutils/po/af.po 2009-06-30 07:56:04.000000000 -0400
-+++ policycoreutils-2.0.78/po/af.po 2009-12-08 17:05:49.000000000 -0500
++++ policycoreutils-2.0.82/po/af.po 2010-05-03 09:35:37.000000000 -0400
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2009-06-24 10:53-0400\n"
-+"POT-Creation-Date: 2009-10-15 10:54-0400\n"
++"POT-Creation-Date: 2009-01-21 17:13-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL at ADDRESS>\n"
"Language-Team: LANGUAGE <LL at li.org>\n"
-@@ -77,11 +77,11 @@
- msgid "Could not set exec context to %s.\n"
- msgstr ""
-
--#: ../audit2allow/audit2allow:217
-+#: ../audit2allow/audit2allow:225
- msgid "******************** IMPORTANT ***********************\n"
- msgstr ""
-
--#: ../audit2allow/audit2allow:218
-+#: ../audit2allow/audit2allow:226
- msgid "To make this policy package active, execute:"
- msgstr ""
-
-@@ -109,797 +109,818 @@
- msgid "global"
- msgstr ""
-
--#: ../semanage/seobject.py:206
--#, python-format
--msgid "Unable to open %s: translations not supported on non-MLS machines: %s"
-+#: ../semanage/seobject.py:209
-+msgid "Not yet implemented"
- msgstr ""
-
--#: ../semanage/seobject.py:239
--msgid "Level"
-+#: ../semanage/seobject.py:213
-+msgid "Semanage transaction already in progress"
+@@ -118,7 +118,9 @@
+ msgid "Level"
msgstr ""
-#: ../semanage/seobject.py:239
--msgid "Translation"
-+#: ../semanage/seobject.py:222
-+msgid "Could not start semanage transaction"
- msgstr ""
-
--#: ../semanage/seobject.py:247 ../semanage/seobject.py:261
--#, python-format
--msgid "Translations can not contain spaces '%s' "
-+#: ../semanage/seobject.py:228
-+msgid "Could not commit semanage transaction"
- msgstr ""
-
--#: ../semanage/seobject.py:250
--#, python-format
--msgid "Invalid Level '%s' "
-+#: ../semanage/seobject.py:232
-+msgid "Semanage transaction not in progress"
- msgstr ""
-
--#: ../semanage/seobject.py:253
--#, python-format
--msgid "%s already defined in translations"
-+#: ../semanage/seobject.py:244 ../semanage/seobject.py:326
-+msgid "Could not list SELinux modules"
++#: ../semanage/seobject.py:239 ../gui/system-config-selinux.glade:651
++#: ../gui/system-config-selinux.glade:2683 ../gui/translationsPage.py:43
++#: ../gui/translationsPage.py:59
+ msgid "Translation"
msgstr ""
--#: ../semanage/seobject.py:265
--#, python-format
--msgid "%s not defined in translations"
-+#: ../semanage/seobject.py:253
-+msgid "Modules Name"
+@@ -142,764 +144,763 @@
+ msgid "%s not defined in translations"
msgstr ""
-#: ../semanage/seobject.py:290
--msgid "Not yet implemented"
-+#: ../semanage/seobject.py:253 ../gui/modulesPage.py:62
-+msgid "Version"
++#: ../semanage/seobject.py:291
+ msgid "Not yet implemented"
msgstr ""
-#: ../semanage/seobject.py:294
-msgid "Semanage transaction already in progress"
-+#: ../semanage/seobject.py:256 ../gui/statusPage.py:75
-+msgid "Disabled"
- msgstr ""
-
+-msgstr ""
+-
-#: ../semanage/seobject.py:303
--msgid "Could not start semanage transaction"
-+#: ../semanage/seobject.py:271
-+#, python-format
-+msgid "Could not disable module %s (remove failed)"
++#: ../semanage/seobject.py:298
+ msgid "Could not start semanage transaction"
msgstr ""
-#: ../semanage/seobject.py:309
--msgid "Could not commit semanage transaction"
-+#: ../semanage/seobject.py:282
-+#, python-format
-+msgid "Could not enable module %s (remove failed)"
++#: ../semanage/seobject.py:304
+ msgid "Could not commit semanage transaction"
msgstr ""
-#: ../semanage/seobject.py:313
-msgid "Semanage transaction not in progress"
-+#: ../semanage/seobject.py:297
-+#, python-format
-+msgid "Could not remove module %s (remove failed)"
- msgstr ""
-
+-msgstr ""
+-
-#: ../semanage/seobject.py:325
--msgid "Could not list SELinux modules"
-+#: ../semanage/seobject.py:313
-+msgid "dontaudit requires either 'on' or 'off'"
++#: ../semanage/seobject.py:314
+ msgid "Could not list SELinux modules"
msgstr ""
-#: ../semanage/seobject.py:336
-+#: ../semanage/seobject.py:338
++#: ../semanage/seobject.py:325
msgid "Permissive Types"
msgstr ""
-#: ../semanage/seobject.py:378
-+#: ../semanage/seobject.py:380
++#: ../semanage/seobject.py:355
#, python-format
msgid "Could not set permissive domain %s (module installation failed)"
msgstr ""
-#: ../semanage/seobject.py:384
-+#: ../semanage/seobject.py:386
++#: ../semanage/seobject.py:369
#, python-format
msgid "Could not remove permissive domain %s (remove failed)"
msgstr ""
@@ -137,458 +76,458 @@ diff --exclude-from=exclude -N -u -r nsa
-#: ../semanage/seobject.py:933 ../semanage/seobject.py:1506
-#: ../semanage/seobject.py:1570 ../semanage/seobject.py:1582
-#: ../semanage/seobject.py:1663 ../semanage/seobject.py:1714
-+#: ../semanage/seobject.py:412 ../semanage/seobject.py:472
-+#: ../semanage/seobject.py:518 ../semanage/seobject.py:600
-+#: ../semanage/seobject.py:667 ../semanage/seobject.py:725
-+#: ../semanage/seobject.py:935 ../semanage/seobject.py:1550
-+#: ../semanage/seobject.py:1614 ../semanage/seobject.py:1633
-+#: ../semanage/seobject.py:1720 ../semanage/seobject.py:1771
++#: ../semanage/seobject.py:395 ../semanage/seobject.py:455
++#: ../semanage/seobject.py:501 ../semanage/seobject.py:583
++#: ../semanage/seobject.py:650 ../semanage/seobject.py:708
++#: ../semanage/seobject.py:918 ../semanage/seobject.py:1491
++#: ../semanage/seobject.py:1555 ../semanage/seobject.py:1567
++#: ../semanage/seobject.py:1648 ../semanage/seobject.py:1699
#, python-format
msgid "Could not create a key for %s"
msgstr ""
-#: ../semanage/seobject.py:414 ../semanage/seobject.py:474
-#: ../semanage/seobject.py:520 ../semanage/seobject.py:526
-+#: ../semanage/seobject.py:416 ../semanage/seobject.py:476
-+#: ../semanage/seobject.py:522 ../semanage/seobject.py:528
++#: ../semanage/seobject.py:399 ../semanage/seobject.py:459
++#: ../semanage/seobject.py:505 ../semanage/seobject.py:511
#, python-format
msgid "Could not check if login mapping for %s is defined"
msgstr ""
-#: ../semanage/seobject.py:416
-+#: ../semanage/seobject.py:418
++#: ../semanage/seobject.py:401
[...280882 lines suppressed...]
-+#: ../gui/system-config-selinux.glade:1616
++#: ../gui/system-config-selinux.glade:1807
+msgid "Toggle between Customized and All Booleans"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1634
++#: ../gui/system-config-selinux.glade:1825
+msgid "Run booleans lockdown wizard"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1635
++#: ../gui/system-config-selinux.glade:1826
+msgid "Lockdown..."
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1665
-+#: ../gui/system-config-selinux.glade:1870
-+#: ../gui/system-config-selinux.glade:2057
-+#: ../gui/system-config-selinux.glade:2244
-+#: ../gui/system-config-selinux.glade:2487
-+#: ../gui/system-config-selinux.glade:2712
-+#: ../gui/system-config-selinux.glade:2887
++#: ../gui/system-config-selinux.glade:1856
++#: ../gui/system-config-selinux.glade:2061
++#: ../gui/system-config-selinux.glade:2248
++#: ../gui/system-config-selinux.glade:2435
++#: ../gui/system-config-selinux.glade:2622
++#: ../gui/system-config-selinux.glade:2865
++#: ../gui/system-config-selinux.glade:3090
++#: ../gui/system-config-selinux.glade:3265
+msgid "Filter"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1754
++#: ../gui/system-config-selinux.glade:1945
+msgid "label50"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1791
++#: ../gui/system-config-selinux.glade:1982
+msgid "Add File Context"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1807
++#: ../gui/system-config-selinux.glade:1998
+msgid "Modify File Context"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1823
++#: ../gui/system-config-selinux.glade:2014
+msgid "Delete File Context"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1839
++#: ../gui/system-config-selinux.glade:2030
+msgid "Toggle between all and customized file context"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1959
++#: ../gui/system-config-selinux.glade:2150
+msgid "label38"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:1996
++#: ../gui/system-config-selinux.glade:2187
+msgid "Add SELinux User Mapping"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2012
++#: ../gui/system-config-selinux.glade:2203
+msgid "Modify SELinux User Mapping"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2028
++#: ../gui/system-config-selinux.glade:2219
+msgid "Delete SELinux User Mapping"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2146
++#: ../gui/system-config-selinux.glade:2337
+msgid "label39"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2183
++#: ../gui/system-config-selinux.glade:2374
+msgid "Add User"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2199
++#: ../gui/system-config-selinux.glade:2390
+msgid "Modify User"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2215
++#: ../gui/system-config-selinux.glade:2406
+msgid "Delete User"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2333
++#: ../gui/system-config-selinux.glade:2524
+msgid "label41"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2370
++#: ../gui/system-config-selinux.glade:2561
++msgid "Add Translation"
++msgstr ""
++
++#: ../gui/system-config-selinux.glade:2577
++msgid "Modify Translation"
++msgstr ""
++
++#: ../gui/system-config-selinux.glade:2593
++msgid "Delete Translation"
++msgstr ""
++
++#: ../gui/system-config-selinux.glade:2711
++msgid "label40"
++msgstr ""
++
++#: ../gui/system-config-selinux.glade:2748
+msgid "Add Network Port"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2386
++#: ../gui/system-config-selinux.glade:2764
+msgid "Edit Network Port"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2402
++#: ../gui/system-config-selinux.glade:2780
+msgid "Delete Network Port"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2438
-+#: ../gui/system-config-selinux.glade:2456
++#: ../gui/system-config-selinux.glade:2816
++#: ../gui/system-config-selinux.glade:2834
+msgid "Toggle between Customized and All Ports"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2576
++#: ../gui/system-config-selinux.glade:2954
+msgid "label42"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2613
++#: ../gui/system-config-selinux.glade:2991
+msgid "Generate new policy module"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2629
++#: ../gui/system-config-selinux.glade:3007
+msgid "Load policy module"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2645
++#: ../gui/system-config-selinux.glade:3023
+msgid "Remove loadable policy module"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2681
++#: ../gui/system-config-selinux.glade:3059
+msgid ""
+"Enable/Disable additional audit rules, that are normally not reported in the "
+"log files."
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2801
++#: ../gui/system-config-selinux.glade:3179
+msgid "label44"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2838
++#: ../gui/system-config-selinux.glade:3216
+msgid "Change process mode to permissive."
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2856
++#: ../gui/system-config-selinux.glade:3234
+msgid "Change process mode to enforcing"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2948
++#: ../gui/system-config-selinux.glade:3326
+msgid "Process Domain"
+msgstr ""
+
-+#: ../gui/system-config-selinux.glade:2976
++#: ../gui/system-config-selinux.glade:3354
+msgid "label59"
+msgstr ""
+
++#: ../gui/translationsPage.py:53
++msgid "Sensitvity Level"
++msgstr ""
++
+#: ../gui/usersPage.py:138
+#, python-format
+msgid "SELinux user '%s' is required"
policycoreutils-rhat.patch:
Makefile | 2
audit2allow/Makefile | 1
audit2allow/audit2allow | 53 --
audit2allow/audit2allow.1 | 3
audit2allow/sepolgen-ifgen | 89 ---
newrole/newrole.c | 3
restorecond/Makefile | 24
restorecond/org.selinux.Restorecond.service | 3
restorecond/restorecond.8 | 15
restorecond/restorecond.c | 429 +++-------------
restorecond/restorecond.conf | 5
restorecond/restorecond.desktop | 7
restorecond/restorecond.h | 19
restorecond/restorecond.init | 7
restorecond/restorecond_user.conf | 2
restorecond/user.c | 239 +++++++++
restorecond/watch.c | 260 ++++++++++
sandbox/Makefile | 42 +
sandbox/deliverables/README | 32 +
sandbox/deliverables/basicwrapper | 4
sandbox/deliverables/run-in-sandbox.py | 49 +
sandbox/sandbox | 426 ++++++++++++++++
sandbox/sandbox.8 | 64 ++
sandbox/sandbox.config | 2
sandbox/sandbox.init | 74 ++
sandbox/sandboxX.sh | 15
sandbox/seunshare.8 | 29 +
sandbox/seunshare.c | 313 ++++++++++++
sandbox/test.txt | 1
sandbox/test_sandbox.py | 98 +++
scripts/Makefile | 1
scripts/fixfiles | 46 -
scripts/genhomedircon.8 | 38 +
semanage/default_encoding/Makefile | 8
semanage/default_encoding/default_encoding.c | 59 ++
semanage/default_encoding/policycoreutils/__init__.py | 17
semanage/default_encoding/setup.py | 38 +
semanage/semanage | 162 +++++-
semanage/semanage.8 | 128 +++--
semanage/seobject.py | 458 ++++++++++++++----
sepolgen-ifgen/Makefile | 26 +
sepolgen-ifgen/sepolgen-ifgen | 131 +++++
sepolgen-ifgen/sepolgen-ifgen-attr-helper.c | 230 +++++++++
setfiles/restore.c | 109 +++-
setfiles/restore.h | 4
setfiles/restorecon.8 | 7
setfiles/setfiles.8 | 3
setfiles/setfiles.c | 78 ---
48 files changed, 3097 insertions(+), 756 deletions(-)
View full diff with command:
/usr/bin/cvs -n -f diff -kk -u -p -N -r 1.474 -r 1.475 policycoreutils-rhat.patchIndex: policycoreutils-rhat.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-rhat.patch,v
retrieving revision 1.474
retrieving revision 1.475
diff -u -p -r1.474 -r1.475
--- policycoreutils-rhat.patch 16 Feb 2010 21:35:16 -0000 1.474
+++ policycoreutils-rhat.patch 27 May 2010 21:23:28 -0000 1.475
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.79/audit2allow/audit2allow
---- nsapolicycoreutils/audit2allow/audit2allow 2009-01-13 08:45:35.000000000 -0500
-+++ policycoreutils-2.0.79/audit2allow/audit2allow 2010-02-16 13:46:01.000000000 -0500
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.82/audit2allow/audit2allow
+--- nsapolicycoreutils/audit2allow/audit2allow 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/audit2allow/audit2allow 2010-05-04 13:10:14.000000000 -0400
@@ -28,6 +28,7 @@
import sepolgen.defaults as defaults
import sepolgen.module as module
@@ -9,54 +9,15 @@ diff --exclude-from=exclude --exclude=se
class AuditToPolicy:
VERSION = "%prog .1"
-@@ -42,6 +43,8 @@
- from optparse import OptionParser
-
- parser = OptionParser(version=self.VERSION)
-+ parser.add_option("-b", "--boot", action="store_true", dest="boot", default=False,
-+ help="audit messages since last boot conflicts with -i")
+@@ -46,6 +47,7 @@
+ help="audit messages since last boot conflicts with -i")
parser.add_option("-a", "--all", action="store_true", dest="audit", default=False,
help="read input from audit log - conflicts with -i")
++ parser.add_option("-p", "--policy", dest="policy", default=None, help="Policy file to use for analysis")
parser.add_option("-d", "--dmesg", action="store_true", dest="dmesg", default=False,
-@@ -58,6 +61,9 @@
- help="generate a module package - conflicts with -o and -m")
- parser.add_option("-o", "--output", dest="output",
- help="append output to <filename>, conflicts with -M")
-+ parser.add_option("-D", "--dontaudit", action="store_true",
-+ dest="dontaudit", default=False,
-+ help="generate policy with dontaudit rules")
- parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
- default=True, help="generate refpolicy style output")
-
-@@ -80,11 +86,11 @@
- options, args = parser.parse_args()
-
- # Make -d, -a, and -i conflict
-- if options.audit is True:
-+ if options.audit is True or options.boot:
- if options.input is not None:
-- sys.stderr.write("error: --all conflicts with --input\n")
-+ sys.stderr.write("error: --all/--boot conflicts with --input\n")
- if options.dmesg is True:
-- sys.stderr.write("error: --all conflicts with --dmesg\n")
-+ sys.stderr.write("error: --all/--boot conflicts with --dmesg\n")
- if options.input is not None and options.dmesg is True:
- sys.stderr.write("error: --input conflicts with --dmesg\n")
-
-@@ -129,6 +135,12 @@
- except OSError, e:
- sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
- sys.exit(1)
-+ elif self.__options.boot:
-+ try:
-+ messages = audit.get_audit_boot_msgs()
-+ except OSError, e:
-+ sys.stderr.write('could not run ausearch - "%s"\n' % str(e))
-+ sys.exit(1)
- else:
- # This is the default if no input is specified
- f = sys.stdin
-@@ -220,63 +232,44 @@
+ help="read input from dmesg - conflicts with --all and --input")
+ parser.add_option("-i", "--input", dest="input",
+@@ -231,63 +233,44 @@
def __output_audit2why(self):
import selinux
@@ -132,59 +93,168 @@ diff --exclude-from=exclude --exclude=se
print "\t\tMissing role allow rule.\n"
print "\t\tAdd an allow rule for the role pair.\n"
continue
-@@ -314,7 +307,7 @@
- g.set_gen_requires(True)
-
- # Generate the policy
-- g.add_access(self.__avs)
-+ g.add_access(self.__avs, self.__options.dontaudit)
- g.add_role_types(self.__role_types)
-
- # Output
-@@ -344,5 +337,6 @@
+@@ -350,11 +333,19 @@
+ def main(self):
+ try:
+ self.__parse_options()
++ if self.__options.policy:
++ audit2why.init(self.__options.policy)
++ else:
++ audit2why.init()
++
+ self.__read_input()
+ self.__process_input()
+ self.__output()
+ except KeyboardInterrupt:
sys.exit(0)
++ except ValueError, e:
++ print e
++ sys.exit(1)
if __name__ == "__main__":
-+ audit2why.init()
app = AuditToPolicy()
- app.main()
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.79/audit2allow/audit2allow.1
---- nsapolicycoreutils/audit2allow/audit2allow.1 2009-02-18 16:44:47.000000000 -0500
-+++ policycoreutils-2.0.79/audit2allow/audit2allow.1 2010-02-16 13:46:01.000000000 -0500
-@@ -44,6 +44,9 @@
- Note that all audit messages are not available via dmesg when
- auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead.
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.82/audit2allow/audit2allow.1
+--- nsapolicycoreutils/audit2allow/audit2allow.1 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/audit2allow/audit2allow.1 2010-05-11 15:16:45.000000000 -0400
+@@ -66,6 +66,9 @@
+ .B "\-M <modulename>"
+ Generate loadable module package, conflicts with -o
.TP
-+.B "\-D" | "\-\-dontaudit"
-+Generate dontaudit rules rather then allow rules
++.B "\-p <policyfile>" | "\-\-policy <policyfile>"
++Policy file to use for analysis
+.TP
- .B "\-h" | "\-\-help"
- Print a short usage message
- .TP
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.79/Makefile
---- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.79/Makefile 2010-02-16 14:03:54.000000000 -0500
+ .B "\-o <outputfile>" | "\-\-output <outputfile>"
+ append output to
+ .I <outputfile>
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/Makefile policycoreutils-2.0.82/audit2allow/Makefile
+--- nsapolicycoreutils/audit2allow/Makefile 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/audit2allow/Makefile 2010-04-28 17:12:19.000000000 -0400
+@@ -10,7 +10,6 @@
+ install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 audit2allow $(BINDIR)
+- install -m 755 sepolgen-ifgen $(BINDIR)
+ -mkdir -p $(MANDIR)/man1
+ install -m 644 audit2allow.1 $(MANDIR)/man1/
+
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/sepolgen-ifgen policycoreutils-2.0.82/audit2allow/sepolgen-ifgen
+--- nsapolicycoreutils/audit2allow/sepolgen-ifgen 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/audit2allow/sepolgen-ifgen 1969-12-31 19:00:00.000000000 -0500
+@@ -1,89 +0,0 @@
+-#! /usr/bin/python -E
+-#
+-# Authors: Karl MacMillan <kmacmillan at mentalrootkit.com>
+-#
+-# Copyright (C) 2006 Red Hat
+-# see file 'COPYING' for use and warranty information
+-#
+-# This program is free software; you can redistribute it and/or
+-# modify it under the terms of the GNU General Public License as
+-# published by the Free Software Foundation; version 2 only
+-#
+-# This program is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-# GNU General Public License for more details.
+-#
+-# You should have received a copy of the GNU General Public License
+-# along with this program; if not, write to the Free Software
+-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+-#
+-
+-# Parse interfaces and output extracted information about them
+-# suitable for policy generation. By default writes the output
+-# to the default location (obtained from sepolgen.defaults), but
+-# will output to another file provided as an argument:
+-# sepolgen-ifgen [headers] [output-filename]
+-
+-
+-import sys
+-import os
+-
+-import sepolgen.refparser as refparser
+-import sepolgen.defaults as defaults
+-import sepolgen.interfaces as interfaces
+-
+-
+-VERSION = "%prog .1"
+-
+-def parse_options():
+- from optparse import OptionParser
+-
+- parser = OptionParser(version=VERSION)
+- parser.add_option("-o", "--output", dest="output", default=defaults.interface_info(),
[...3702 lines suppressed...]
++
++static policydb_t *load_policy(const char *filename)
++{
++ policydb_t *policydb;
++ struct policy_file pf;
++ FILE *fp;
++ int ret;
++
++ fp = fopen(filename, "r");
++ if (fp == NULL) {
++ fprintf(stderr, "Can't open '%s': %s\n",
++ filename, strerror(errno));
++ return NULL;
++ }
++
++ policy_file_init(&pf);
++ pf.type = PF_USE_STDIO;
++ pf.fp = fp;
++
++ policydb = malloc(sizeof(policydb_t));
++ if (policydb == NULL) {
++ fprintf(stderr, "Out of memory!\n");
++ return NULL;
++ }
++
++ if (policydb_init(policydb)) {
++ fprintf(stderr, "Out of memory!\n");
++ return NULL;
++ }
++
++ ret = policydb_read(policydb, &pf, 1);
++ if (ret) {
++ fprintf(stderr,
++ "error(s) encountered while parsing configuration\n");
++ return NULL;
++ }
++
++ fclose(fp);
++
++ return policydb;
++
++}
++
++void usage(char *progname)
++{
++ printf("usage: %s policy_file out_file\n", progname);
++}
++
++int main(int argc, char **argv)
++{
++ policydb_t *p;
++ struct callback_data cb_data;
++ FILE *fp;
++
++ if (argc != 3) {
++ usage(argv[0]);
++ exit(1);
++ }
++
++ /* Open the policy. */
++ p = load_policy(argv[1]);
++ if (p == NULL) {
++ exit(1);
++ }
++
++ /* Open the output policy. */
++ fp = fopen(argv[2], "w");
++ if (fp == NULL) {
++ fprintf(stderr, "error opening output file\n");
++ policydb_destroy(p);
++ free(p);
++ }
++
++ /* Find all of the attributes and output their access. */
++ cb_data.policy = p;
++ cb_data.fp = fp;
++
++ if (hashtab_map(p->p_types.table, attribute_callback, &cb_data)) {
++ printf("error finding attributes\n");
++ }
++
++ policydb_destroy(p);
++ free(p);
++ fclose(fp);
++
++ return 0;
++}
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.c policycoreutils-2.0.82/setfiles/restore.c
+--- nsapolicycoreutils/setfiles/restore.c 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/setfiles/restore.c 2010-04-28 17:12:19.000000000 -0400
@@ -1,4 +1,5 @@
#include "restore.h"
+#include <glob.h>
@@ -4223,7 +4700,7 @@ diff --exclude-from=exclude --exclude=se
fts_handle = fts_open((char **)namelist, r_opts->fts_flags, NULL);
if (fts_handle == NULL) {
-@@ -357,6 +362,29 @@
+@@ -357,11 +362,34 @@
goto out;
}
@@ -4253,9 +4730,18 @@ diff --exclude-from=exclude --exclude=se
int process_one_realpath(char *name, int recurse)
{
int rc = 0;
-@@ -374,6 +402,7 @@
+ char *p;
+- struct stat sb;
++ struct stat64 sb;
+
+ if (r_opts == NULL){
+ fprintf(stderr,
+@@ -372,8 +400,9 @@
+ if (!r_opts->expand_realpath) {
+ return process_one(name, recurse);
} else {
- rc = lstat(name, &sb);
+- rc = lstat(name, &sb);
++ rc = lstat64(name, &sb);
if (rc < 0) {
+ if (r_opts->ignore_enoent && errno == ENOENT) return 0;
fprintf(stderr, "%s: lstat(%s) failed: %s\n",
@@ -4270,6 +4756,24 @@ diff --exclude-from=exclude --exclude=se
{
int i = 0;
for (i = 0; i < excludeCtr; i++) {
+@@ -537,7 +566,7 @@
+ {
+ file_spec_t *prevfl, *fl;
+ int h, ret;
+- struct stat sb;
++ struct stat64 sb;
+
+ if (!fl_head) {
+ fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
+@@ -550,7 +579,7 @@
+ for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
+ prevfl = fl, fl = fl->next) {
+ if (ino == fl->ino) {
+- ret = lstat(fl->file, &sb);
++ ret = lstat64(fl->file, &sb);
+ if (ret < 0 || sb.st_ino != ino) {
+ freecon(fl->con);
+ free(fl->file);
@@ -602,5 +631,67 @@
return -1;
}
@@ -4338,9 +4842,9 @@ diff --exclude-from=exclude --exclude=se
+ free(buf);
+}
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.79/setfiles/restorecon.8
---- nsapolicycoreutils/setfiles/restorecon.8 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.79/setfiles/restorecon.8 2010-02-16 13:46:01.000000000 -0500
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restorecon.8 policycoreutils-2.0.82/setfiles/restorecon.8
+--- nsapolicycoreutils/setfiles/restorecon.8 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/setfiles/restorecon.8 2010-04-28 17:12:19.000000000 -0400
@@ -4,10 +4,10 @@
.SH "SYNOPSIS"
@@ -4364,9 +4868,9 @@ diff --exclude-from=exclude --exclude=se
.TP
.B \-v
show changes in file labels.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.79/setfiles/restore.h
---- nsapolicycoreutils/setfiles/restore.h 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.79/setfiles/restore.h 2010-02-16 13:46:01.000000000 -0500
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/restore.h policycoreutils-2.0.82/setfiles/restore.h
+--- nsapolicycoreutils/setfiles/restore.h 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/setfiles/restore.h 2010-04-28 17:12:19.000000000 -0400
@@ -27,6 +27,7 @@
int hard_links;
int verbose;
@@ -4386,9 +4890,9 @@ diff --exclude-from=exclude --exclude=se
+void exclude_non_seclabel_mounts();
#endif
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.79/setfiles/setfiles.8
---- nsapolicycoreutils/setfiles/setfiles.8 2008-08-28 09:34:24.000000000 -0400
-+++ policycoreutils-2.0.79/setfiles/setfiles.8 2010-02-16 13:46:01.000000000 -0500
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.8 policycoreutils-2.0.82/setfiles/setfiles.8
+--- nsapolicycoreutils/setfiles/setfiles.8 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/setfiles/setfiles.8 2010-04-28 17:12:19.000000000 -0400
@@ -31,6 +31,9 @@
.TP
.B \-n
@@ -4399,9 +4903,9 @@ diff --exclude-from=exclude --exclude=se
.TP
.B \-q
suppress non-error output.
-diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.79/setfiles/setfiles.c
---- nsapolicycoreutils/setfiles/setfiles.c 2009-11-03 09:21:40.000000000 -0500
-+++ policycoreutils-2.0.79/setfiles/setfiles.c 2010-02-16 13:46:01.000000000 -0500
+diff --exclude-from=exclude --exclude=sepolgen-1.0.23 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/setfiles/setfiles.c policycoreutils-2.0.82/setfiles/setfiles.c
+--- nsapolicycoreutils/setfiles/setfiles.c 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/setfiles/setfiles.c 2010-04-28 17:12:19.000000000 -0400
@@ -5,7 +5,6 @@
#include <ctype.h>
#include <regex.h>
policycoreutils-sepolgen.patch:
sepolgen/access.py | 13 ++++++--
sepolgen/audit.py | 46 ++++++++++++++++++++++++++++--
sepolgen/defaults.py | 3 ++
sepolgen/interfaces.py | 73 +++++++++++++++++++++++++++++++++++++++++++------
sepolgen/matching.py | 9 +++---
sepolgen/policygen.py | 37 ++++++++++++++++++++++++
sepolgen/refparser.py | 2 -
share/perm_map | 51 +++++++++++++++++++---------------
8 files changed, 191 insertions(+), 43 deletions(-)
Index: policycoreutils-sepolgen.patch
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils-sepolgen.patch,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- policycoreutils-sepolgen.patch 8 Jan 2010 14:37:35 -0000 1.33
+++ policycoreutils-sepolgen.patch 27 May 2010 21:23:31 -0000 1.34
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/access.py
---- nsasepolgen/src/sepolgen/access.py 2009-05-18 13:53:14.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/access.py 2009-12-08 17:05:49.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/access.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py
+--- nsasepolgen/src/sepolgen/access.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/access.py 2010-04-28 17:12:20.000000000 -0400
@@ -32,6 +32,7 @@
"""
@@ -18,15 +18,6 @@ diff --exclude-from=exclude -N -u -r nsa
# The direction of the information flow represented by this
# access vector - used for matching
-@@ -127,7 +130,7 @@
- return self.to_string()
-
- def to_string(self):
-- return "allow %s %s : %s %s;" % (self.src_type, self.tgt_type,
-+ return "allow %s %s:%s %s;" % (self.src_type, self.tgt_type,
- self.obj_class, self.perms.to_space_str())
-
- def __cmp__(self, other):
@@ -253,20 +256,22 @@
for av in l:
self.add_av(AccessVector(av))
@@ -54,38 +45,10 @@ diff --exclude-from=exclude -N -u -r nsa
access.perms.update(perms)
if audit_msg:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py
---- nsasepolgen/src/sepolgen/audit.py 2009-12-01 15:46:50.000000000 -0500
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/audit.py 2010-01-06 09:52:35.000000000 -0500
-@@ -23,6 +23,27 @@
-
- # Convenience functions
-
-+def get_audit_boot_msgs():
-+ """Obtain all of the avc and policy load messages from the audit
-+ log. This function uses ausearch and requires that the current
-+ process have sufficient rights to run ausearch.
-+
-+ Returns:
-+ string contain all of the audit messages returned by ausearch.
-+ """
-+ import subprocess
-+ import time
-+ fd=open("/proc/uptime", "r")
-+ off=float(fd.read().split()[0])
-+ fd.close
-+ s = time.localtime(time.time() - off)
-+ date = time.strftime("%D/%Y", s).split("/")
-+ bootdate="%s/%s/%s" % (date[0], date[1], date[3])
-+ boottime = time.strftime("%X", s)
-+ output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
-+ stdout=subprocess.PIPE).communicate()[0]
-+ return output
-+
- def get_audit_msgs():
- """Obtain all of the avc and policy load messages from the audit
- log. This function uses ausearch and requires that the current
-@@ -47,6 +68,17 @@
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/audit.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py
+--- nsasepolgen/src/sepolgen/audit.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/audit.py 2010-04-28 17:12:20.000000000 -0400
+@@ -68,6 +68,17 @@
stdout=subprocess.PIPE).communicate()[0]
return output
@@ -103,7 +66,7 @@ diff --exclude-from=exclude -N -u -r nsa
# Classes representing audit messages
class AuditMessage:
-@@ -106,6 +138,9 @@
+@@ -127,6 +138,9 @@
if fields[0] == "path":
self.path = fields[1][1:-1]
return
@@ -113,7 +76,7 @@ diff --exclude-from=exclude -N -u -r nsa
class AVCMessage(AuditMessage):
"""AVC message representing an access denial or granted message.
-@@ -146,6 +181,8 @@
+@@ -167,6 +181,8 @@
self.path = ""
self.accesses = []
self.denial = True
@@ -122,7 +85,7 @@ diff --exclude-from=exclude -N -u -r nsa
def __parse_access(self, recs, start):
# This is kind of sucky - the access that is in a space separated
-@@ -205,7 +242,31 @@
+@@ -226,7 +242,31 @@
if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -138,7 +101,7 @@ diff --exclude-from=exclude -N -u -r nsa
+ else:
+ self.type, self.bools = audit2why.analyze(scontext, tcontext, self.tclass, self.accesses);
+ if self.type == audit2why.NOPOLICY:
-+ raise ValueError("Must call policy_init first")
++ self.type = audit2why.TERULE
+ if self.type == audit2why.BADTCON:
+ raise ValueError("Invalid Target Context %s\n" % tcontext)
+ if self.type == audit2why.BADSCON:
@@ -149,39 +112,13 @@ diff --exclude-from=exclude -N -u -r nsa
+ raise ValueError("Invalid permission %s\n" % " ".join(self.accesses))
+ if self.type == audit2why.BADCOMPUTE:
+ raise ValueError("Error during access vector computation")
-+
++
+ avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.bools)
+
class PolicyLoadMessage(AuditMessage):
"""Audit message indicating that the policy was reloaded."""
def __init__(self, message):
-@@ -285,6 +346,9 @@
-
- def __initialize(self):
- self.avc_msgs = []
-+ self.constraint_msgs = []
-+ self.dontaudit_msgs = []
-+ self.rbac_msgs = []
- self.compute_sid_msgs = []
- self.invalid_msgs = []
- self.policy_load_msgs = []
-@@ -314,7 +378,7 @@
- elif i == "security_compute_sid:":
- msg = ComputeSidMessage(line)
- found = True
-- elif i == "type=MAC_POLICY_LOAD" or i == "type=1403":
-+ elif i == "type=MAC_POLICY_LOAD":
- msg = PolicyLoadMessage(line)
- found = True
- elif i == "type=AVC_PATH":
-@@ -442,16 +506,17 @@
- audit logs parsed by this object.
- """
- av_set = access.AccessVectorSet()
-+
- for avc in self.avc_msgs:
- if avc.denial != True and only_denials:
- continue
+@@ -469,10 +509,10 @@
if avc_filter:
if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
@@ -194,15 +131,171 @@ diff --exclude-from=exclude -N -u -r nsa
return av_set
class AVCTypeFilter:
-@@ -477,5 +542,3 @@
- if self.regex.match(avc.tcontext.type):
- return True
- return False
--
--
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/policygen.py
---- nsasepolgen/src/sepolgen/policygen.py 2008-09-12 11:48:15.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/policygen.py 2010-01-08 09:33:54.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/defaults.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/defaults.py
+--- nsasepolgen/src/sepolgen/defaults.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/defaults.py 2010-04-28 17:12:20.000000000 -0400
+@@ -30,6 +30,9 @@
+ def interface_info():
+ return data_dir() + "/interface_info"
+
++def attribute_info():
++ return data_dir() + "/attribute_info"
++
+ def refpolicy_devel():
+ return "/usr/share/selinux/devel"
+
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/interfaces.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/interfaces.py
+--- nsasepolgen/src/sepolgen/interfaces.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/interfaces.py 2010-05-03 09:33:11.000000000 -0400
+@@ -29,6 +29,8 @@
+
+ from sepolgeni18n import _
+
++import copy
++
+ class Param:
+ """
+ Object representing a paramater for an interface.
+@@ -197,10 +199,48 @@
+ ret = 1
+
+ return ret
+-
++
++class AttributeVector:
++ def __init__(self):
++ self.name = ""
++ self.access = access.AccessVectorSet()
++
++ def add_av(self, av):
++ self.access.add_av(av)
++
++class AttributeSet:
++ def __init__(self):
++ self.attributes = { }
++
++ def add_attr(self, attr):
++ self.attributes[attr.name] = attr
++
++ def from_file(self, fd):
++ def parse_attr(line):
++ fields = line[1:-1].split()
++ if len(fields) != 2 or fields[0] != "Attribute":
++ raise SyntaxError("Syntax error Attribute statement %s" % line)
++ a = AttributeVector()
++ a.name = fields[1]
++
++ return a
++
++ a = None
++ for line in fd:
++ line = line[:-1]
++ if line[0] == "[":
++ if a:
++ self.add_attr(a)
++ a = parse_attr(line)
++ elif a:
++ l = line.split(",")
++ av = access.AccessVector(l)
++ a.add_av(av)
++ if a:
++ self.add_attr(a)
+
+ class InterfaceVector:
+- def __init__(self, interface=None):
++ def __init__(self, interface=None, attributes={}):
+ # Enabled is a loose concept currently - we are essentially
+ # not enabling interfaces that we can't handle currently.
+ # See InterfaceVector.add_ifv for more information.
+@@ -214,10 +254,10 @@
+ # value: Param object).
+ self.params = { }
+ if interface:
+- self.from_interface(interface)
++ self.from_interface(interface, attributes)
+ self.expanded = False
+
+- def from_interface(self, interface):
++ def from_interface(self, interface, attributes={}):
+ self.name = interface.name
+
+ # Add allow rules
+@@ -232,6 +272,23 @@
+ for av in avs:
+ self.add_av(av)
+
++ # Add typeattribute access
++ if attributes != None:
++ for typeattribute in interface.typeattributes():
++ for attr in typeattribute.attributes:
++ if not attributes.attributes.has_key(attr):
++ # print "missing attribute " + attr
++ continue
++ attr_vec = attributes.attributes[attr]
++ for a in attr_vec.access:
++ av = copy.copy(a)
++ if av.src_type == attr_vec.name:
++ av.src_type = typeattribute.type
++ if av.tgt_type == attr_vec.name:
++ av.tgt_type = typeattribute.type
++ self.add_av(av)
++
++
+ # Extract paramaters from roles
+ for role in interface.roles():
+ if role_extract_params(role, self.params):
+@@ -346,13 +403,13 @@
+ l = self.tgt_type_map.setdefault(type, [])
+ l.append(ifv)
+
+- def add(self, interface):
+- ifv = InterfaceVector(interface)
++ def add(self, interface, attributes={}):
++ ifv = InterfaceVector(interface, attributes)
+ self.add_ifv(ifv)
+
+- def add_headers(self, headers, output=None):
++ def add_headers(self, headers, output=None, attributes={}):
+ for i in itertools.chain(headers.interfaces(), headers.templates()):
+- self.add(i)
++ self.add(i, attributes)
+
+ self.expand_ifcalls(headers)
+ self.index()
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/matching.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/matching.py
+--- nsasepolgen/src/sepolgen/matching.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/matching.py 2010-04-28 17:12:20.000000000 -0400
+@@ -50,7 +50,7 @@
+ return 1
+
+ class MatchList:
+- DEFAULT_THRESHOLD = 120
++ DEFAULT_THRESHOLD = 150
+ def __init__(self):
+ # Match objects that pass the threshold
+ self.children = []
+@@ -63,14 +63,15 @@
+ def best(self):
+ if len(self.children):
+ return self.children[0]
+- else:
+- return None
++ if len(self.bastards):
++ return self.bastards[0]
++ return None
+
+ def __len__(self):
+ # Only return the length of the matches so
+ # that this can be used to test if there is
+ # a match.
+- return len(self.children)
++ return len(self.children) + len(self.bastards)
+
+ def __iter__(self):
+ return iter(self.children)
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/policygen.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py
+--- nsasepolgen/src/sepolgen/policygen.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/policygen.py 2010-05-21 10:36:31.000000000 -0400
@@ -29,6 +29,8 @@
import access
import interfaces
@@ -212,27 +305,22 @@ diff --exclude-from=exclude -N -u -r nsa
# Constants for the level of explanation from the generation
# routines
-@@ -74,7 +76,7 @@
- self.moduel = module
- else:
- self.module = refpolicy.Module()
--
+@@ -77,6 +79,7 @@
+
+ self.dontaudit = False
+
+ self.domains = None
def set_gen_refpol(self, if_set=None, perm_maps=None):
"""Set whether reference policy interfaces are generated.
-@@ -141,15 +143,42 @@
- """Return the generated module"""
- return self.module
-
-- def __add_allow_rules(self, avs):
-+ def __add_allow_rules(self, avs, dontaudit):
- for av in avs:
-- rule = refpolicy.AVRule(av)
-+ rule = refpolicy.AVRule(av, dontaudit=dontaudit)
+@@ -151,9 +154,41 @@
+ rule = refpolicy.AVRule(av)
+ if self.dontaudit:
+ rule.rule_type = rule.DONTAUDIT
+ rule.comment = ""
if self.explain:
rule.comment = refpolicy.Comment(explain_access(av, verbosity=self.explain))
+- self.module.children.append(rule)
+ if av.type == audit2why.ALLOW:
+ rule.comment += "#!!!! This avc is allowed in the current policy\n"
+ if av.type == audit2why.DONTAUDIT:
@@ -245,88 +333,170 @@ diff --exclude-from=exclude -N -u -r nsa
+
+ if av.type == audit2why.CONSTRAINT:
+ rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
++ rule.comment += "#Contraint rule: "
++
+ if av.type == audit2why.TERULE:
+ if "write" in av.perms:
+ if "dir" in av.obj_class or "open" in av.perms:
+ if not self.domains:
+ self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
+ types=[]
-+ for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
-+ if i not in self.domains:
-+ types.append(i)
-+ if len(types) == 1:
-+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-+ elif len(types) >= 1:
-+ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-+
- self.module.children.append(rule)
-
-
-- def add_access(self, av_set):
-+ def add_access(self, av_set, dontaudit=False):
- """Add the access from the access vector set to this
- module.
- """
-@@ -165,7 +194,7 @@
- raw_allow = av_set
-
- # Generate the raw allow rules from the filtered list
-- self.__add_allow_rules(raw_allow)
-+ self.__add_allow_rules(raw_allow, dontaudit)
-
- def add_role_types(self, role_type_set):
- for role_type in role_type_set:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refparser.py
---- nsasepolgen/src/sepolgen/refparser.py 2009-10-29 15:21:39.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refparser.py 2009-12-08 17:05:49.000000000 -0500
-@@ -973,7 +973,7 @@
- def list_headers(root):
- modules = []
- support_macros = None
-- blacklist = ["init.if", "inetd.if", "uml.if", "thunderbird.if"]
-+ blacklist = ["uml.if", "thunderbird.if", "unconfined.if"]
-
- for dirpath, dirnames, filenames in os.walk(root):
- for name in filenames:
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refpolicy.py policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refpolicy.py
---- nsasepolgen/src/sepolgen/refpolicy.py 2009-10-29 15:21:39.000000000 -0400
-+++ policycoreutils-2.0.78/sepolgen-1.0.19/src/sepolgen/refpolicy.py 2010-01-08 09:33:37.000000000 -0500
-@@ -398,6 +398,7 @@
- return "attribute %s;" % self.name
-
- # Classes representing rules
-+import selinux.audit2why as audit2why
-
- class AVRule(Leaf):
- """SELinux access vector (AV) rule.
-@@ -420,21 +421,26 @@
- AUDITALLOW = 2
- NEVERALLOW = 3
-
-- def __init__(self, av=None, parent=None):
-+ def __init__(self, av=None, parent=None, dontaudit=False):
- Leaf.__init__(self, parent)
- self.src_types = IdSet()
- self.tgt_types = IdSet()
- self.obj_classes = IdSet()
- self.perms = IdSet()
-- self.rule_type = self.ALLOW
-+ if dontaudit:
-+ self.rule_type = audit2why.DONTAUDIT
-+ else:
-+ self.rule_type = audit2why.TERULE
- if av:
- self.from_av(av)
-
- def __rule_type_str(self):
-- if self.rule_type == self.ALLOW:
-+ if self.rule_type == audit2why.TERULE:
- return "allow"
-- elif self.rule_type == self.DONTAUDIT:
-+ elif self.rule_type == audit2why.DONTAUDIT:
- return "dontaudit"
-+ elif self.rule_type == audit2why.CONSTRAINT:
-+ return "#constraint allow"
- else:
- return "auditallow"
++
++ try:
++ for i in map(lambda x: x[TCONTEXT], sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})):
++ if i not in self.domains:
++ types.append(i)
++ if len(types) == 1:
++ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
++ elif len(types) >= 1:
++ rule.comment += "#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
++ except:
++ pass
++ self.module.children.append(rule)
+
+
+ def add_access(self, av_set):
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py
+--- nsasepolgen/src/sepolgen/refparser.py 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/sepolgen/refparser.py 2010-05-21 10:26:43.000000000 -0400
+@@ -1044,7 +1044,7 @@
+ # of misc_macros. We are just going to pretend that this is an interface
+ # to make the expansion work correctly.
+ can_exec = refpolicy.Interface("can_exec")
+- av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
++ av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read",
+ "getattr","lock","execute","ioctl"])
+
+ can_exec.children.append(refpolicy.AVRule(av))
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/share/perm_map policycoreutils-2.0.82/sepolgen-1.0.23/src/share/perm_map
+--- nsasepolgen/src/share/perm_map 2010-05-19 14:45:51.000000000 -0400
++++ policycoreutils-2.0.82/sepolgen-1.0.23/src/share/perm_map 2010-04-28 17:12:20.000000000 -0400
+@@ -124,7 +124,7 @@
+ quotamod w 1
+ quotaget r 1
+
+-class file 20
++class file 21
+ execute_no_trans r 1
+ entrypoint r 1
+ execmod n 1
+@@ -141,48 +141,50 @@
+ unlink w 1
+ link w 1
+ rename w 5
+- execute r 100
++ execute r 10
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+
+-class dir 22
+- add_name w 5
++class dir 23
++ add_name w 1
+ remove_name w 1
+ reparent w 1
+ search r 1
+ rmdir b 1
+ ioctl n 1
+- read r 10
+- write w 10
++ read r 1
++ write w 1
+ create w 1
+- getattr r 7
+- setattr w 7
++ getattr r 1
++ setattr w 1
+ lock n 1
+- relabelfrom r 10
+- relabelto w 10
++ relabelfrom r 1
++ relabelto w 1
+ append w 1
+ unlink w 1
+ link w 1
+- rename w 5
++ rename w 1
+ execute r 1
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+
+ class fd 1
+ use b 1
+
+-class lnk_file 17
++class lnk_file 18
+ ioctl n 1
+- read r 10
+- write w 10
++ read r 1
++ write w 1
+ create w 1
+- getattr r 7
+- setattr w 7
++ getattr r 1
++ setattr w 1
+ lock n 1
+- relabelfrom r 10
+- relabelto w 10
++ relabelfrom r 1
++ relabelto w 1
+ append w 1
+ unlink w 1
+ link w 1
+@@ -191,8 +193,9 @@
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+
+-class chr_file 20
++class chr_file 21
+ execute_no_trans r 1
+ entrypoint r 1
+ execmod n 1
+@@ -213,8 +216,9 @@
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+
+-class blk_file 17
++class blk_file 18
+ ioctl n 1
+ read r 10
+ write w 10
+@@ -232,8 +236,9 @@
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+
+-class sock_file 17
++class sock_file 18
+ ioctl n 1
+ read r 10
+ write w 10
+@@ -251,8 +256,9 @@
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+
+-class fifo_file 17
++class fifo_file 18
+ ioctl n 1
+ read r 10
+ write w 10
+@@ -270,6 +276,7 @@
+ swapon b 1
+ quotaon b 1
+ mounton b 1
++ open r 1
+ class socket 22
+ ioctl n 1
Index: policycoreutils.spec
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/policycoreutils.spec,v
retrieving revision 1.684
retrieving revision 1.685
diff -u -p -r1.684 -r1.685
--- policycoreutils.spec 16 Feb 2010 21:35:20 -0000 1.684
+++ policycoreutils.spec 27 May 2010 21:23:31 -0000 1.685
@@ -1,13 +1,13 @@
%define libauditver 1.4.2-1
-%define libsepolver 2.0.41-1
-%define libsemanagever 2.0.43-3
-%define libselinuxver 2.0.90-1
-%define sepolgenver 1.0.19
+%define libsepolver 2.0.41-3
+%define libsemanagever 2.0.43-4
+%define libselinuxver 2.0.90-3
+%define sepolgenver 1.0.23
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.0.79
-Release: 1%{?dist}
+Version: 2.0.82
+Release: 24%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -20,7 +20,6 @@ Source5: system-config-selinux.console
Source6: selinux-polgengui.desktop
Source7: selinux-polgengui.console
Source8: policycoreutils_man_ru2.tar.bz2
-Source9: sandbox.init
Patch: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch
Patch3: policycoreutils-gui.patch
@@ -80,12 +79,14 @@ mkdir -p %{buildroot}%{_mandir}/man8
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
mkdir -p %{buildroot}%{_sysconfdir}/security/console.apps
%{__mkdir} -p %{buildroot}/%{_sysconfdir}/rc.d/init.d
-install -m0755 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rc.d/init.d/sandbox
+%{__mkdir} -p %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
+%{__mkdir} -p %{buildroot}%{_datadir}/pixmaps
make LSPP_PRIV=y DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
make -C sepolgen-%{sepolgenver} DESTDIR="%{buildroot}" LIBDIR="%{buildroot}%{_libdir}" install
-install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/system-config-selinux/
+install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/pixmaps
+install -m 644 %{SOURCE2} %{buildroot}%{_datadir}/icons/hicolor/24x24/apps
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/system-config-selinux
install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/selinux-polgengui
install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/security/console.apps/system-config-selinux
@@ -127,11 +128,11 @@ The policycoreutils-python package conta
%{_bindir}/chcat
%{_bindir}/sandbox
%{_bindir}/sepolgen-ifgen
+%{_bindir}/sepolgen-ifgen-attr-helper
%{python_sitelib}/seobject.py*
%{python_sitelib}/sepolgen
-%{python_sitelib}/%{name}
%{python_sitelib}/%{name}*.egg-info
-%{pkgpythondir}/default_encoding_utf8.so
+%{pkgpythondir}
%dir /var/lib/sepolgen
%dir /var/lib/selinux
/var/lib/sepolgen/perm_map
@@ -140,12 +141,13 @@ The policycoreutils-python package conta
%{_mandir}/man1/audit2why.1*
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
+%{_mandir}/man8/genhomedircon.8*
%{_mandir}/man8/sandbox.8*
%{_mandir}/man8/semanage.8*
%{_mandir}/ru/man8/semanage.8*
%post python
-[ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen
+selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
exit 0
%package sandbox
@@ -162,12 +164,10 @@ The policycoreutils-python package conta
%files sandbox
%defattr(-,root,root,-)
-%{_sysconfdir}/rc.d/init.d/sandbox
-%{_sbindir}/seunshare
%{_datadir}/sandbox/sandboxX.sh
%triggerin python -- selinux-policy
-[ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen
+selinuxenabled && [ -f /usr/share/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen 2>/dev/null
exit 0
%post sandbox
@@ -214,11 +214,12 @@ system-config-selinux is a utility for m
%{_bindir}/sepolgen
%{_datadir}/applications/fedora-system-config-selinux.desktop
%{_datadir}/applications/fedora-selinux-polgengui.desktop
+%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
+%{_datadir}/pixmaps/system-config-selinux.png
%dir %{_datadir}/system-config-selinux
%dir %{_datadir}/system-config-selinux/templates
%{_datadir}/system-config-selinux/*.py*
%{_datadir}/system-config-selinux/selinux.tbl
-%{_datadir}/system-config-selinux/*png
%{_datadir}/system-config-selinux/*.glade
%{_datadir}/system-config-selinux/templates/*.py*
%config(noreplace) %{_sysconfdir}/pam.d/system-config-selinux
@@ -235,6 +236,7 @@ rm -rf %{buildroot}
/sbin/fixfiles
/sbin/setfiles
/sbin/load_policy
+%{_sbindir}/seunshare
%{_sbindir}/genhomedircon
%{_sbindir}/load_policy
%{_sbindir}/restorecond
@@ -248,6 +250,8 @@ rm -rf %{buildroot}
%{_bindir}/semodule_expand
%{_bindir}/semodule_link
%{_bindir}/semodule_package
+%{_sysconfdir}/rc.d/init.d/sandbox
+%config(noreplace) %{_sysconfdir}/sysconfig/sandbox
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%config(noreplace) %{_sysconfdir}/pam.d/run_init
%config(noreplace) %{_sysconfdir}/sestatus.conf
@@ -287,6 +291,7 @@ rm -rf %{buildroot}
%{_mandir}/ru/man8/setsebool.8*
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
+%{_mandir}/man8/seunshare.8*
%preun
if [ $1 -eq 0 ]; then
@@ -306,7 +311,132 @@ fi
exit 0
%changelog
-* Thu Feb 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-1
+* Thu May 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-24
+- Man page fixes
+- sandbox fixes
+Resolves: #595796
+- Move seunshare to base package
+
+* Fri May 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-23
+- Fix seunshare translations
+- Fix seunshare to work on all arches
+- Fix icon for system-config-selinux
+Resolves: #595276
+
+* Fri May 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-22
+- Fix can_exec definition in sepolgen
+
+* Fri May 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-21
+- Add man page for seunshare and genhomedircon
+Resolves: #594303
+- Fix node management via semanage
+Resolves: #591135
+
+* Wed May 19 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-20
+- Fixes from upstream for sandbox command
+Resolves: #580938
+
+* Thu May 13 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-18
+- Fix sandbox error handling on copyfile
+- Fix desktop files
+
+* Tue May 11 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-17
+- Fix policy tool to have correct name in menus
+- Fix seunshare to handle /tmp being in ~/home
+- Fix saving of altered files
+- Update translations
+
+* Tue May 4 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-15
+- Allow audit2allow to specify alternative policy file for analysis
+
+* Mon May 3 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-14
+- Update po
+- Fix sepolgen --no_attrs
+Resolves: #588280
+
+* Thu Apr 29 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-13
+- Make semanage boolean work on disabled machines and during livecd xguest
+- Fix homedir and tmpdir handling in sandbox
+Resolves: #587263
+
+* Wed Apr 28 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-11
+- Make semanage boolean work on disabled machines
+
+* Tue Apr 27 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-10
+- Make sepolgen-ifgen be quiet
+
+* Wed Apr 21 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-8
+- Make sepolgen report on more interfaces
+- Fix system-config-selinux display of modules
+
+* Thu Apr 15 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-7
+- Fix crash when args are empty
+Resolves: #582542
+- Fix semange to exit on bad options
+- Fix semanage dontaudit man page section
+Resolves: #582533
+
+* Wed Apr 14 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-6
+- Remove debug line from semanage
+- Update po
+
+* Tue Apr 13 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-5
+- Fix sandbox comment on HOMEDIRS
+- Fix sandbox to throw error on bad executable
+
+* Tue Apr 6 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-4
+- Fix spacing in templates
+
+* Wed Mar 31 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-3
+- Fix semanage return codes
+
+* Tue Mar 30 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-2
+- Fix sepolgen to confirm to the "Reference Policy Style Guide"
+
+* Tue Mar 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.82-1
+- Update to upstream
+ * Add avc's since boot from Dan Walsh.
+ * Fix unit tests from Dan Walsh.
+
+* Tue Mar 23 2010 Dan Walsh <dwalsh at redhat.com> 2.0.81-4
+- Update to upstream - sepolgen
+ * Add since-last-boot option to audit2allow from Dan Walsh.
+ * Fix sepolgen output to match what Chris expects for upstream
+ refpolicy from Dan Walsh.
+
+* Mon Mar 22 2010 Dan Walsh <dwalsh at redhat.com> 2.0.81-3
+- Allow restorecon on > 2 Gig files
+
+* Tue Mar 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.81-2
+- Fix semanage handling of boolean options
+- Update translations
+
+* Fri Mar 12 2010 Dan Walsh <dwalsh at redhat.com> 2.0.81-1
+- Update to upstream
+ * Add dontaudit flag to audit2allow from Dan Walsh.
+
+* Thu Mar 11 2010 Dan Walsh <dwalsh at redhat.com> 2.0.80-2
+- Use --rbind in sandbox init scripts
+
+* Mon Mar 8 2010 Dan Walsh <dwalsh at redhat.com> 2.0.80-1
+- Update to upstream
+ * Module enable/disable support from Dan Walsh.
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-5
+- Rewrite of sandbox script, add unit test for sandbox
+- Update translations
+
+* Mon Mar 1 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-4
+- Fix patch for dontaudit rules from audit2allow for upstream acceptance
+
+* Fri Feb 26 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-3
+- Fixes for fixfiles
+
+* Wed Feb 17 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-2
+- Fix sandbox to complain if mount-shared has not been run
+- Fix to use /etc/sysconfig/sandbox
+
+* Tue Feb 16 2010 Dan Walsh <dwalsh at redhat.com> 2.0.79-1
- Update to upstream
* Fix double-free in newrole
- Fix python language handling
Index: selinux-polgengui.desktop
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/selinux-polgengui.desktop,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- selinux-polgengui.desktop 15 Oct 2007 20:59:29 -0000 1.2
+++ selinux-polgengui.desktop 27 May 2010 21:23:33 -0000 1.3
@@ -1,9 +1,8 @@
[Desktop Entry]
Name=SELinux Policy Generation Tool
-GenericName=SELinux
Comment=Generate SELinux policy modules
StartupNotify=true
-Icon=/usr/share/system-config-selinux/system-config-selinux.png
+Icon=system-config-selinux
Exec=/usr/bin/selinux-polgengui
Type=Application
Terminal=false
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/sources,v
retrieving revision 1.220
retrieving revision 1.221
diff -u -p -r1.220 -r1.221
--- sources 16 Feb 2010 19:56:34 -0000 1.220
+++ sources 27 May 2010 21:23:33 -0000 1.221
@@ -1,3 +1,3 @@
-2ae1a9f7242e33413aae036d2edeb1d8 sepolgen-1.0.19.tgz
-e09466b2b02ca5672ce3b43e02c5498f policycoreutils-2.0.79.tgz
+e4deacb4df1e2ec081a91fd59da1dcc5 policycoreutils-2.0.82.tgz
+49faa2e5f343317bcfcf34d7286f6037 sepolgen-1.0.23.tgz
59d33101d57378ce69889cc078addf90 policycoreutils_man_ru2.tar.bz2
Index: system-config-selinux.desktop
===================================================================
RCS file: /cvs/pkgs/rpms/policycoreutils/devel/system-config-selinux.desktop,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- system-config-selinux.desktop 23 Aug 2007 14:24:19 -0000 1.4
+++ system-config-selinux.desktop 27 May 2010 21:23:33 -0000 1.5
@@ -1,9 +1,8 @@
[Desktop Entry]
Name=SELinux Management
-GenericName=SELinux
Comment=Configure SELinux in a graphical setting
StartupNotify=true
-Icon=/usr/share/system-config-selinux/system-config-selinux.png
+Icon=system-config-selinux
Exec=/usr/bin/system-config-selinux
Type=Application
Terminal=false
--- sandbox.init DELETED ---
More information about the scm-commits
mailing list