[policycoreutils/f15] Do not drop capability bounding set in seunshare, this allows sandbox to run setuid apps. Cleanup po
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Jun 13 17:54:11 UTC 2011
commit de46aea4690b4739fca14cc5fd0538fd4d0d5662
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Jun 13 13:46:07 2011 -0400
Do not drop capability bounding set in seunshare, this allows sandbox to
run setuid apps.
Cleanup policy generation template
Pass dpi settings to sandbox
policycoreutils-gui.patch | 309 ++++++++++++++++++++++++---------------------
policycoreutils.spec | 10 ++-
2 files changed, 175 insertions(+), 144 deletions(-)
---
diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index dcdeb56..06085d7 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -5910,7 +5910,7 @@ diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui
+</glade-project>
diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/polgengui.py
--- policycoreutils-2.0.86/gui/polgengui.py.gui 2011-04-12 10:52:07.513644322 -0400
-+++ policycoreutils-2.0.86/gui/polgengui.py 2011-04-12 10:52:07.514644337 -0400
++++ policycoreutils-2.0.86/gui/polgengui.py 2011-05-23 17:04:16.377786536 -0400
@@ -0,0 +1,750 @@
+#!/usr/bin/python -Es
+#
@@ -5918,7 +5918,7 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/
+#
+# Dan Walsh <dwalsh at redhat.com>
+#
-+# Copyright 2007, 2008, 2009 Red Hat, Inc.
++# Copyright (C) 2007-2011 Red Hat
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
@@ -6664,11 +6664,11 @@ diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/
+ app.stand_alone()
diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/polgen.py
--- policycoreutils-2.0.86/gui/polgen.py.gui 2011-04-12 10:52:07.516644368 -0400
-+++ policycoreutils-2.0.86/gui/polgen.py 2011-04-12 10:52:07.517644384 -0400
++++ policycoreutils-2.0.86/gui/polgen.py 2011-05-23 17:04:04.539689964 -0400
@@ -0,0 +1,1346 @@
+#!/usr/bin/python -Es
+#
-+# Copyright (C) 2007-2010 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -12111,9 +12111,9 @@ diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils
+ app.stand_alone()
diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0.86/gui/templates/boolean.py
--- policycoreutils-2.0.86/gui/templates/boolean.py.gui 2011-04-12 10:52:07.543644784 -0400
-+++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-04-29 11:47:41.684099468 -0400
++++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-05-23 16:59:42.369598714 -0400
@@ -0,0 +1,40 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -12130,34 +12130,34 @@ diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### boolean Template File ###########################
+
+te_boolean="""
+## <desc>
-+## <p>
-+## DESCRIPTION
-+## </p>
++## <p>
++## DESCRIPTION
++## </p>
+## </desc>
-+gen_tunable(BOOLEAN,false)
++gen_tunable(BOOLEAN, false)
+"""
+
+te_rules="""
+tunable_policy(`BOOLEAN',`
+#TRUE
-+',`
++',`
+#FALSE
+')
+"""
+
diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.86/gui/templates/etc_rw.py
--- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui 2011-04-12 10:52:07.546644829 -0400
-+++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-04-29 11:47:41.684099468 -0400
++++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-05-23 16:59:53.369684469 -0400
@@ -0,0 +1,112 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -12174,10 +12174,10 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### etc_rw Template File #############################
+
+########################### Type Enforcement File #############################
@@ -12227,14 +12227,14 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
+ type TEMPLATETYPE_etc_rw_t;
+ ')
+
-+ allow $1 TEMPLATETYPE_etc_rw_t:file r_file_perms;
++ allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms;
+ allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms;
+ files_search_etc($1)
+')
+
+########################################
+## <summary>
-+## Manage TEMPLATETYPE conf files.
++## Manage TEMPLATETYPE conf files.
+## </summary>
+## <param name="domain">
+## <summary>
@@ -12247,14 +12247,14 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
+ type TEMPLATETYPE_etc_rw_t;
+ ')
+
-+ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
++ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t)
+ files_search_etc($1)
+')
+
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_etc_rw_t;"""
++ type TEMPLATETYPE_etc_rw_t;"""
+
+if_admin_rules="""
+ files_search_etc($1)
@@ -12271,9 +12271,9 @@ diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.
+"""
diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-2.0.86/gui/templates/executable.py
--- policycoreutils-2.0.86/gui/templates/executable.py.gui 2011-04-12 10:52:07.548644859 -0400
-+++ policycoreutils-2.0.86/gui/templates/executable.py 2011-04-29 11:53:01.953579440 -0400
-@@ -0,0 +1,448 @@
-+# Copyright (C) 2007-2009 Red Hat
++++ policycoreutils-2.0.86/gui/templates/executable.py 2011-05-23 17:03:10.575251921 -0400
+@@ -0,0 +1,451 @@
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -12290,13 +12290,13 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### Type Enforcement File #############################
+te_daemon_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -12316,7 +12316,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+"""
+
+te_dbusd_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -12331,7 +12331,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+"""
+
+te_inetd_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -12346,7 +12346,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+"""
+
+te_userapp_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -12362,7 +12362,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+"""
+
+te_sandbox_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -12377,7 +12377,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+"""
+
+te_cgi_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -12446,8 +12446,8 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+
+te_manage_krb5_rcache_rules="""
+optional_policy(`
-+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
-+ kerberos_manage_host_rcache(TEMPLATETYPE_t)
++ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t)
++ kerberos_manage_host_rcache(TEMPLATETYPE_t)
+')
+"""
+
@@ -12492,7 +12492,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+## </summary>
+## <param name=\"domain\">
+## <summary>
-+## Domain allowed access.
++## Domain allowed to transition.
+## </summary>
+## </param>
+#
@@ -12501,7 +12501,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
+ ')
+
-+ corecmd_search_bin($1)
++ corecmd_search_bin($1)
+ domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
+')
+
@@ -12515,7 +12515,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+## </summary>
+## <param name="domain">
+## <summary>
-+## Domain allowed access
++## Domain allowed to transition
+## </summary>
+## </param>
+## <param name="role">
@@ -12550,7 +12550,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+#
+interface(`TEMPLATETYPE_role',`
+ gen_require(`
-+ type TEMPLATETYPE_t;
++ type TEMPLATETYPE_t;
+ ')
+
+ role $1 types TEMPLATETYPE_t;
@@ -12571,7 +12571,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+## </summary>
+## <param name="domain">
+## <summary>
-+## Domain allowed access
++## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="role">
@@ -12639,6 +12639,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+
+ init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t)
+')
++
+"""
+
+if_dbus_rules="""
@@ -12662,6 +12663,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+ allow $1 TEMPLATETYPE_t:dbus send_msg;
+ allow TEMPLATETYPE_t $1:dbus send_msg;
+')
++
+"""
+
+if_begin_admin="""
@@ -12692,9 +12694,9 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms };
+ ps_process_pattern($1, TEMPLATETYPE_t)
+"""
-+
++
+if_initscript_admin_types="""
-+ type TEMPLATETYPE_initrc_exec_t;"""
++ type TEMPLATETYPE_initrc_exec_t;"""
+
+if_initscript_admin="""
+ TEMPLATETYPE_initrc_domtrans($1)
@@ -12705,6 +12707,7 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+
+if_end_admin="""
+')
++
+"""
+
+########################### File Context ##################################
@@ -12723,10 +12726,10 @@ diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-
+"""
diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.0.86/gui/templates/__init__.py
--- policycoreutils-2.0.86/gui/templates/__init__.py.gui 2011-04-12 10:52:07.549644874 -0400
-+++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-04-29 11:47:41.685099475 -0400
++++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-05-23 17:02:40.424008790 -0400
@@ -0,0 +1,18 @@
+#
-+# Copyright (C) 2007 Red Hat, Inc.
++# Copyright (C) 2007-2011 Red Hat
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
@@ -12745,8 +12748,30 @@ diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.
+
diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0.86/gui/templates/network.py
--- policycoreutils-2.0.86/gui/templates/network.py.gui 2011-04-12 10:52:07.556644982 -0400
-+++ policycoreutils-2.0.86/gui/templates/network.py 2011-04-29 11:47:41.686099482 -0400
-@@ -0,0 +1,80 @@
++++ policycoreutils-2.0.86/gui/templates/network.py 2011-05-23 17:03:09.237241107 -0400
+@@ -0,0 +1,102 @@
++# Copyright (C) 2007-2011 Red Hat
++# see file 'COPYING' for use and warranty information
++#
++# policygentool is a tool for the initial generation of SELinux policy
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of
++# the License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# 02111-1307 USA
++#
++#
++########################### Type Enforcement File #############################
+te_port_types="""
+type TEMPLATETYPE_port_t;
+corenet_port(TEMPLATETYPE_port_t)
@@ -12829,9 +12854,9 @@ diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0
+
diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/gui/templates/rw.py
--- policycoreutils-2.0.86/gui/templates/rw.py.gui 2011-04-12 10:52:07.557644997 -0400
-+++ policycoreutils-2.0.86/gui/templates/rw.py 2011-04-29 11:47:41.686099482 -0400
-@@ -0,0 +1,130 @@
-+# Copyright (C) 2007 Red Hat
++++ policycoreutils-2.0.86/gui/templates/rw.py 2011-05-23 16:59:48.308644991 -0400
+@@ -0,0 +1,129 @@
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -12848,10 +12873,10 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+
+########################### tmp Template File #############################
+te_types="""
@@ -12900,7 +12925,7 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
+ type TEMPLATETYPE_rw_t;
+ ')
+
-+ allow $1 TEMPLATETYPE_rw_t:file r_file_perms;
++ allow $1 TEMPLATETYPE_rw_t:file read_file_perms;
+ allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms;
+ files_search_rw($1)
+')
@@ -12920,7 +12945,7 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
+ type TEMPLATETYPE_rw_t;
+ ')
+
-+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
++ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+')
+
+########################################
@@ -12939,20 +12964,19 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
+ type TEMPLATETYPE_rw_t;
+ ')
+
-+ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
++ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t)
+')
+
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_rw_t;"""
++ type TEMPLATETYPE_rw_t;"""
+
+if_admin_rules="""
+ files_search_etc($1)
+ admin_pattern($1, TEMPLATETYPE_rw_t)
+"""
+
-+
+########################### File Context ##################################
+fc_file="""
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
@@ -12963,9 +12987,9 @@ diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/g
+"""
diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.86/gui/templates/script.py
--- policycoreutils-2.0.86/gui/templates/script.py.gui 2011-04-12 10:52:07.558645012 -0400
-+++ policycoreutils-2.0.86/gui/templates/script.py 2011-04-29 11:47:41.686099482 -0400
++++ policycoreutils-2.0.86/gui/templates/script.py 2011-05-23 17:02:13.796795073 -0400
@@ -0,0 +1,126 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -12982,10 +13006,10 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+
+########################### tmp Template File #############################
+compile="""\
@@ -13071,9 +13095,9 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
+TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t
+system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t
+system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t
+_EOF
+fi
+"""
@@ -13084,18 +13108,18 @@ diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.
+TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t
+system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t
+system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t
-+system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t
++system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t
+_EOF
+fi
+"""
diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.0.86/gui/templates/semodule.py
--- policycoreutils-2.0.86/gui/templates/semodule.py.gui 2011-04-12 10:52:07.560645042 -0400
-+++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-04-29 11:47:41.687099489 -0400
++++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-05-23 17:02:07.466744404 -0400
@@ -0,0 +1,41 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13138,9 +13162,9 @@ diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.
+
diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/gui/templates/tmp.py
--- policycoreutils-2.0.86/gui/templates/tmp.py.gui 2011-04-12 10:52:07.561645058 -0400
-+++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-04-29 11:47:41.687099489 -0400
++++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-05-23 17:01:55.736650663 -0400
@@ -0,0 +1,102 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13157,10 +13181,10 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### tmp Template File #############################
+
+te_types="""
@@ -13177,7 +13201,7 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/
+if_rules="""
+########################################
+## <summary>
-+## Do not audit attempts to read,
++## Do not audit attempts to read,
+## TEMPLATETYPE tmp files
+## </summary>
+## <param name="domain">
@@ -13228,25 +13252,25 @@ diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/
+ type TEMPLATETYPE_tmp_t;
+ ')
+
-+ files_search_tmp($1)
-+ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ files_search_tmp($1)
++ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
++ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t)
+')
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_tmp_t;"""
++ type TEMPLATETYPE_tmp_t;"""
+
+if_admin_rules="""
-+ files_search_tmp($1)
++ files_search_tmp($1)
+ admin_pattern($1, TEMPLATETYPE_tmp_t)
+"""
diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86/gui/templates/user.py
--- policycoreutils-2.0.86/gui/templates/user.py.gui 2011-04-12 10:52:07.562645074 -0400
-+++ policycoreutils-2.0.86/gui/templates/user.py 2011-04-29 11:47:41.687099489 -0400
-@@ -0,0 +1,205 @@
-+# Copyright (C) 2007 Red Hat
++++ policycoreutils-2.0.86/gui/templates/user.py 2011-05-23 17:01:46.816579501 -0400
+@@ -0,0 +1,204 @@
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13263,14 +13287,14 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### Type Enforcement File #############################
+
+te_login_user_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -13281,7 +13305,7 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+"""
+
+te_admin_user_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -13292,7 +13316,7 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+"""
+
+te_min_login_user_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -13303,7 +13327,7 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+"""
+
+te_x_login_user_types="""\
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -13314,18 +13338,17 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+"""
+
+te_existing_user_types="""\
-+policy_module(myTEMPLATETYPE,1.0.0)
++policy_module(myTEMPLATETYPE, 1.0.0)
+
+gen_require(`
-+ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t;
-+ role TEMPLATETYPE_r;
++ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t;
++ role TEMPLATETYPE_r;
+')
+
+"""
+
+te_root_user_types="""\
-+
-+policy_module(TEMPLATETYPE,1.0.0)
++policy_module(TEMPLATETYPE, 1.0.0)
+
+########################################
+#
@@ -13407,20 +13430,20 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+bool TEMPLATETYPE_manage_user_files false;
+
+if (TEMPLATETYPE_read_user_files) {
-+ userdom_read_user_home_content_files(TEMPLATETYPE_t)
-+ userdom_read_user_tmp_files(TEMPLATETYPE_t)
++ userdom_read_user_home_content_files(TEMPLATETYPE_t)
++ userdom_read_user_tmp_files(TEMPLATETYPE_t)
+}
+
+if (TEMPLATETYPE_manage_user_files) {
-+ userdom_manage_user_home_content(TEMPLATETYPE_t)
-+ userdom_manage_user_tmp_files(TEMPLATETYPE_t)
++ userdom_manage_user_home_content(TEMPLATETYPE_t)
++ userdom_manage_user_tmp_files(TEMPLATETYPE_t)
+}
+
+"""
+
+te_admin_trans_rules="""
+gen_require(`
-+ role USER_r;
++ role USER_r;
+')
+
+allow USER_r TEMPLATETYPE_r;
@@ -13453,9 +13476,9 @@ diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2.0.86/gui/templates/var_cache.py
--- policycoreutils-2.0.86/gui/templates/var_cache.py.gui 2011-04-12 10:52:07.566645136 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-04-29 11:47:41.688099497 -0400
++++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-05-23 17:01:38.793515591 -0400
@@ -0,0 +1,132 @@
-+# Copyright (C) 2010 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13472,10 +13495,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### cache Template File #############################
+
+########################### Type Enforcement File #############################
@@ -13527,7 +13550,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
+ ')
+
+ files_search_var($1)
-+ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t)
++ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t)
+')
+
+########################################
@@ -13547,7 +13570,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
+ ')
+
+ files_search_var($1)
-+ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
++ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
+')
+
+########################################
@@ -13566,13 +13589,13 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
+ ')
+
+ files_search_var($1)
-+ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
++ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t)
+')
+
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_cache_t;"""
++ type TEMPLATETYPE_cache_t;"""
+
+if_admin_rules="""
+ files_search_var($1)
@@ -13589,9 +13612,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0.86/gui/templates/var_lib.py
--- policycoreutils-2.0.86/gui/templates/var_lib.py.gui 2011-04-12 10:52:07.567645151 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-04-29 11:47:41.688099497 -0400
++++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-05-23 17:01:31.516457701 -0400
@@ -0,0 +1,160 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13608,10 +13631,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### var_lib Template File #############################
+
+########################### Type Enforcement File #############################
@@ -13622,7 +13645,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+te_rules="""
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
-+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file } )
++files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file })
+"""
+
+te_stream_rules="""\
@@ -13668,7 +13691,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+ ')
+
+ files_search_var_lib($1)
-+ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+
+########################################
@@ -13687,7 +13710,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+ ')
+
+ files_search_var_lib($1)
-+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+
+########################################
@@ -13706,7 +13729,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+ ')
+
+ files_search_var_lib($1)
-+ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+
+"""
@@ -13727,12 +13750,12 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+ type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t;
+ ')
+
-+ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
++ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t)
+')
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_var_lib_t;"""
++ type TEMPLATETYPE_var_lib_t;"""
+
+if_admin_rules="""
+ files_search_var_lib($1)
@@ -13753,9 +13776,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0.86/gui/templates/var_log.py
--- policycoreutils-2.0.86/gui/templates/var_log.py.gui 2011-04-12 10:52:07.568645166 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-04-29 11:47:41.688099497 -0400
++++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-05-23 17:01:22.948389639 -0400
@@ -0,0 +1,114 @@
-+# Copyright (C) 2007,2010 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13772,10 +13795,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### var_log Template File #############################
+
+########################### Type Enforcement File #############################
@@ -13787,7 +13810,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+te_rules="""
+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file } )
++logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file })
+"""
+
+########################### Interface File #############################
@@ -13809,7 +13832,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+ ')
+
+ logging_search_logs($1)
-+ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+')
+
+########################################
@@ -13817,9 +13840,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+## Append to TEMPLATETYPE log files.
+## </summary>
+## <param name="domain">
-+## <summary>
-+## Domain allowed to transition.
-+## </summary>
++## <summary>
++## Domain allowed access.
++## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_append_log',`
@@ -13828,7 +13851,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+ ')
+
+ logging_search_logs($1)
-+ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+')
+
+########################################
@@ -13837,7 +13860,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+## </summary>
+## <param name="domain">
+## <summary>
-+## Domain to not audit.
++## Domain allowed access.
+## </summary>
+## </param>
+#
@@ -13847,14 +13870,14 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+ ')
+
+ logging_search_logs($1)
-+ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
-+ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
++ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t)
+')
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_log_t;"""
++ type TEMPLATETYPE_log_t;"""
+
+if_admin_rules="""
+ logging_search_logs($1)
@@ -13871,9 +13894,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0.86/gui/templates/var_run.py
--- policycoreutils-2.0.86/gui/templates/var_run.py.gui 2011-04-12 10:52:07.569645181 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-04-29 11:47:41.689099505 -0400
++++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-05-23 17:01:11.639299961 -0400
@@ -0,0 +1,101 @@
-+# Copyright (C) 2007,2010 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13890,10 +13913,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### var_run Template File #############################
+
+te_types="""
@@ -13951,12 +13974,12 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
+ ')
+
+ files_search_pids($1)
-+ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t)
++ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t)
+')
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_var_run_t;"""
++ type TEMPLATETYPE_var_run_t;"""
+
+if_admin_rules="""
+ files_search_pids($1)
@@ -13976,9 +13999,9 @@ diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0
+"""
diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py
--- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-04-12 10:52:07.573645242 -0400
-+++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-04-29 11:47:41.689099505 -0400
++++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-25 16:09:23.350352658 -0400
@@ -0,0 +1,131 @@
-+# Copyright (C) 2007 Red Hat
++# Copyright (C) 2007-2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
@@ -13995,10 +14018,10 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
-+#
++#
+########################### var_spool Template File #############################
+
+########################### Type Enforcement File #############################
@@ -14050,7 +14073,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
+ ')
+
+ files_search_spool($1)
-+ read_files_pattern($1, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t)
++ read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t)
+')
+
+########################################
@@ -14094,7 +14117,7 @@ diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2
+"""
+
+if_admin_types="""
-+ type TEMPLATETYPE_spool_t;"""
++ type TEMPLATETYPE_spool_t;"""
+
+if_admin_rules="""
+ files_search_spool($1)
diff --git a/policycoreutils.spec b/policycoreutils.spec
index e4c2645..02deed6 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.86
-Release: 7%{?dist}
+Release: 8%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -25,6 +25,7 @@ Patch: policycoreutils-rhat.patch
Patch1: policycoreutils-po.patch
Patch3: policycoreutils-gui.patch
Patch4: policycoreutils-sepolgen.patch
+Patch5: policycoreutils-sandbox.patch
Obsoletes: policycoreutils < 2.0.61-2
%global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")
@@ -63,6 +64,7 @@ context.
%patch1 -p1 -b .rhatpo
%patch3 -p1 -b .gui
%patch4 -p1 -b .sepolgen
+%patch5 -p1 -b .sandbox
%build
make LSPP_PRIV=y LIBDIR="%{_libdir}" CFLAGS="%{optflags} -fPIE " LDFLAGS="-pie -Wl,-z,relro" all
@@ -331,6 +333,12 @@ fi
exit 0
%changelog
+* Mon Jun 13 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-8
+- Do not drop capability bounding set in seunshare, this allows sandbox to
+- run setuid apps.
+- Cleanup policy generation template
+- Pass dpi settings to sandbox
+
* Fri Apr 29 2011 Dan Walsh <dwalsh at redhat.com> 2.0.86-7
- Clean up some of the templates for sepolgen
More information about the scm-commits
mailing list