[policycoreutils] Allow user to specify DPI when running sandbox
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Nov 7 20:57:51 UTC 2011
commit e71cb0d5d014599e3671aa7ca457a2947fdcfee3
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Nov 7 15:56:15 2011 -0500
Allow user to specify DPI when running sandbox
policycoreutils-rhat.patch | 187 +++++++++++++++++++++++++++++++++++++++++++-
policycoreutils.spec | 5 +-
2 files changed, 189 insertions(+), 3 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index 0e418a1..9909014 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -42,6 +42,19 @@ index 99d0ed7..19e20a8 100644
if (set_signal_handles())
return -1;
+diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
+index 554262a..a52e4b0 100644
+--- a/policycoreutils/po/Makefile
++++ b/policycoreutils/po/Makefile
+@@ -7,7 +7,7 @@ TOP = ../..
+ # What is this package?
+ NLSPACKAGE = policycoreutils
+ POTFILE = $(NLSPACKAGE).pot
+-INSTALL = /usr/bin/install -c
++INSTALL = /usr/bin/install -c -p
+ INSTALL_DATA = $(INSTALL) -m 644
+ INSTALL_DIR = /usr/bin/install -d
+
diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c
index 89f5d97..dfd9629 100644
--- a/policycoreutils/restorecond/restorecond.c
@@ -85,7 +98,7 @@ index 9db766c..068e24c 100644
} /* main() */
diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile
-index 1c458f1..36042a2 100644
+index 1c458f1..96c6795 100644
--- a/policycoreutils/sandbox/Makefile
+++ b/policycoreutils/sandbox/Makefile
@@ -23,7 +23,7 @@ install: all
@@ -93,10 +106,180 @@ index 1c458f1..36042a2 100644
install -m 644 seunshare.8 $(MANDIR)/man8/
-mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.conf.5 $(MANDIR)/man5/
-+ install -m 644 sandbox.conf.5 $(MANDIR)/man5/sandbox.5
++ install -m 644 sandbox.5 $(MANDIR)/man5/sandbox.5
-mkdir -p $(SBINDIR)
install -m 4755 seunshare $(SBINDIR)/
-mkdir -p $(SHAREDIR)
+diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox
+index 486cd4e..cdd4293 100644
+--- a/policycoreutils/sandbox/sandbox
++++ b/policycoreutils/sandbox/sandbox
+@@ -160,6 +160,17 @@ class Sandbox:
+ self.__level = None
+ self.__homedir = None
+ self.__tmpdir = None
++ self.__set_dpi()
++
++ def __set_dpi(self):
++ rc, out = commands.getstatusoutput("/usr/bin/xrdb -query")
++ if rc != 0:
++ self.dpi = 96
++ else:
++ for i in out.split("\n"):
++ if i.startswith("Xft.dpi:"):
++ self.dpi = i.split()[1]
++ break;
+
+ def __validate_mount(self):
+ if self.__options.level:
+@@ -278,6 +289,9 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+ action="callback", callback=self.__mount_callback,
+ help=_("mount new home and/or tmp directory"))
+
++ parser.add_option("-d", "--dpi",
++ dest="dpi", action="store",default=self.dpi,
++ help=_("dots per inch for X display: (%s)" % self.dpi))
+ parser.add_option("-S", "--session", action="store_true", dest="session",
+ default=False, help=_("run complete desktop session within sandbox"))
+
+@@ -322,7 +336,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+
+ if self.__options.X_ind:
+ self.setype = DEFAULT_X_TYPE
+- self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2")
++
+ if self.__options.setype:
+ self.setype = self.__options.setype
+
+@@ -408,7 +422,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile
+
+ self.__setup_sandboxrc(self.__options.wm)
+
+- cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
++ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.__options.dpi ]
+ else:
+ cmds += [ "--" ] + self.__paths
+ return subprocess.Popen(cmds).wait()
+diff --git a/policycoreutils/sandbox/sandbox.5 b/policycoreutils/sandbox/sandbox.5
+new file mode 100644
+index 0000000..b3ee67d
+--- /dev/null
++++ b/policycoreutils/sandbox/sandbox.5
+@@ -0,0 +1,40 @@
++.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
++.SH NAME
++sandbox.conf \- user config file for the SELinux sandbox
++.SH DESCRIPTION
++.PP
++When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.
++
++.PP
++Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("=").
++
++.PP
++These keywords are allowed.
++
++.RS
++.TP
++.B NAME
++The name of the sandbox control group. Default is "sandbox".
++
++.TP
++.B CPUAFFINITY
++Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5
++
++.TP
++.B MEMUSAGE
++How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M
++
++.TP
++.B CPUUSAGE
++Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50%
++
++
++
++.SH "SEE ALSO"
++.TP
++sandbox(8)
++.PP
++
++.SH AUTHOR
++This manual page was written by
++.I Thomas Liu <tliu at fedoraproject.org>
+diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
+index 2b37e63..3f05c79 100644
+--- a/policycoreutils/sandbox/sandbox.8
++++ b/policycoreutils/sandbox/sandbox.8
+@@ -3,11 +3,11 @@
+ sandbox \- Run cmd under an SELinux sandbox
+ .SH SYNOPSIS
+ .B sandbox
+-[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
++[-C] [-c] [ -d DPI ] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd
+
+ .br
+ .B sandbox
+-[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
++[-C] [-c] [ -d DPI ] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S
+ .br
+ .SH DESCRIPTION
+ .PP
+@@ -60,6 +60,9 @@ Default to /usr/bin/matchbox-window-manager.
+ Create an X based Sandbox for gui apps, temporary files for
+ $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
+ .TP
++\fB\-d\fR
++Set the DPI value for the sanbox X Server. Defaults to the current X Sever DPI.
++.TP
+ \fB\-c\fR
+ Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
+ .TP
+diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5
+deleted file mode 100644
+index b3ee67d..0000000
+--- a/policycoreutils/sandbox/sandbox.conf.5
++++ /dev/null
+@@ -1,40 +0,0 @@
+-.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration"
+-.SH NAME
+-sandbox.conf \- user config file for the SELinux sandbox
+-.SH DESCRIPTION
+-.PP
+-When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined.
+-
+-.PP
+-Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("=").
+-
+-.PP
+-These keywords are allowed.
+-
+-.RS
+-.TP
+-.B NAME
+-The name of the sandbox control group. Default is "sandbox".
+-
+-.TP
+-.B CPUAFFINITY
+-Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5
+-
+-.TP
+-.B MEMUSAGE
+-How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M
+-
+-.TP
+-.B CPUUSAGE
+-Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50%
+-
+-
+-
+-.SH "SEE ALSO"
+-.TP
+-sandbox(8)
+-.PP
+-
+-.SH AUTHOR
+-This manual page was written by
+-.I Thomas Liu <tliu at fedoraproject.org>
diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init
index d1ccdc2..11c391c 100644
--- a/policycoreutils/sandbox/sandbox.init
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 7764288..4da08e0 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.8
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Mon Nov 7 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-3
+- Allow user to specify DPI when running sandbox
+
* Mon Nov 7 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-2
- Add Miroslav patch to return all attributes
More information about the scm-commits
mailing list