[policycoreutils] Additional changes for bash completsion and generate man page to match the w
Daniel J Walsh
dwalsh at fedoraproject.org
Mon Jan 21 19:37:55 UTC 2013
commit eef44bd00608c917223ffde9c1a0c7b67a08b408
Author: Dan Walsh <dwalsh at redhat.com>
Date: Mon Jan 21 13:37:48 2013 -0600
Additional changes for bash completsion and generate man page to match the w
- Add newtype as a new qualifier to sepolicy generate. This new mechanism wil
- a policy write to generate types after the initial policy has been written a
- will autogenerate all of the interfaces.
- I also added a -w options to allow policy writers from the command line to s
- the writable directories of files.
-
- Modify network.py to include interface definitions for newly created port type
- Standardize of te_types just like all of the other templates.
policycoreutils-rhat.patch | 725 ++++++++++++++++++++++++++++++++++++----
policycoreutils-sepolgen.patch | 11 +-
policycoreutils.spec | 18 +-
3 files changed, 679 insertions(+), 75 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index e68b20f..9166633 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -337422,7 +337422,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
-index f4602a9..a2e27f0 100644
+index f4602a9..49e4709 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -20,6 +20,7 @@
@@ -337442,18 +337442,17 @@ index f4602a9..a2e27f0 100644
codeset = 'utf-8')
except IOError:
import __builtin__
-@@ -375,7 +376,10 @@ Object-specific Options (see above):
+@@ -375,8 +376,8 @@ Object-specific Options (see above):
OBJECT = seobject.moduleRecords(store)
if object == "permissive":
- OBJECT = seobject.permissiveRecords(store)
-+ try:
-+ OBJECT = seobject.permissiveRecords(store)
-+ except ImportError:
-+ raise ValueError(_("Additional packages are required to setup permissive domains.\nYou must execute the following:\n# yum install policycoreutils-devel"))
-
+-
++ OBJECT = seobject.permissiveRecords(store)
++
if object == "dontaudit":
OBJECT = seobject.dontauditClass(store)
+
diff --git a/policycoreutils/semanage/semanage.8 b/policycoreutils/semanage/semanage.8
index 63b11dd..28a9022 100644
--- a/policycoreutils/semanage/semanage.8
@@ -337468,7 +337467,7 @@ index 63b11dd..28a9022 100644
.TP
.I \-P, \-\-prefix
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index ad7dc8c..81e0613 100644
+index ad7dc8c..64ab96d 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -24,17 +24,18 @@
@@ -337560,15 +337559,19 @@ index ad7dc8c..81e0613 100644
if len(all) == 0:
return
-@@ -411,6 +373,7 @@ class permissiveRecords(semanageRecords):
+@@ -411,6 +373,11 @@ class permissiveRecords(semanageRecords):
def add(self, type):
import glob
-+ import sepolgen.module as module
++ try:
++ import sepolgen.module as module
++ except ImportError:
++ raise ValueError(_("Additional packages are required to setup permissive domains.\nYou must execute the following:\n# yum install policycoreutils-devel"))
++
name = "permissive_%s" % type
dirname = "/var/lib/selinux"
os.chdir(dirname)
-@@ -493,7 +456,9 @@ class loginRecords(semanageRecords):
+@@ -493,7 +460,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -337579,7 +337582,7 @@ index ad7dc8c..81e0613 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -654,6 +619,21 @@ class loginRecords(semanageRecords):
+@@ -654,6 +623,21 @@ class loginRecords(semanageRecords):
self.mylog.commit(0)
raise error
@@ -337601,7 +337604,7 @@ index ad7dc8c..81e0613 100644
def get_all(self, locallist = 0):
ddict = {}
if locallist:
-@@ -665,7 +645,7 @@ class loginRecords(semanageRecords):
+@@ -665,7 +649,7 @@ class loginRecords(semanageRecords):
for u in self.ulist:
name = semanage_seuser_get_name(u)
@@ -337610,7 +337613,7 @@ index ad7dc8c..81e0613 100644
return ddict
def customized(self):
-@@ -679,16 +659,26 @@ class loginRecords(semanageRecords):
+@@ -679,16 +663,26 @@ class loginRecords(semanageRecords):
def list(self,heading = 1, locallist = 0):
ddict = self.get_all(locallist)
@@ -337640,7 +337643,7 @@ index ad7dc8c..81e0613 100644
else:
if heading:
print "\n%-25s %-25s\n" % (_("Login Name"), _("SELinux User"))
-@@ -738,7 +728,8 @@ class seluserRecords(semanageRecords):
+@@ -738,7 +732,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -337650,7 +337653,7 @@ index ad7dc8c..81e0613 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -958,6 +949,8 @@ class seluserRecords(semanageRecords):
+@@ -958,6 +953,8 @@ class seluserRecords(semanageRecords):
print "%-15s %s" % (k, ddict[k][3])
class portRecords(semanageRecords):
@@ -337659,7 +337662,7 @@ index ad7dc8c..81e0613 100644
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
-@@ -997,6 +990,9 @@ class portRecords(semanageRecords):
+@@ -997,6 +994,9 @@ class portRecords(semanageRecords):
if type == "":
raise ValueError(_("Type is required"))
@@ -337669,7 +337672,7 @@ index ad7dc8c..81e0613 100644
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k)
-@@ -1056,6 +1052,9 @@ class portRecords(semanageRecords):
+@@ -1056,6 +1056,9 @@ class portRecords(semanageRecords):
else:
raise ValueError(_("Requires setype"))
@@ -337679,7 +337682,7 @@ index ad7dc8c..81e0613 100644
( k, proto_d, low, high ) = self.__genkey(port, proto)
(rc, exists) = semanage_port_exists(self.sh, k)
-@@ -1213,6 +1212,8 @@ class portRecords(semanageRecords):
+@@ -1213,6 +1216,8 @@ class portRecords(semanageRecords):
print rec
class nodeRecords(semanageRecords):
@@ -337688,7 +337691,7 @@ index ad7dc8c..81e0613 100644
def __init__(self, store = ""):
semanageRecords.__init__(self,store)
self.protocol = ["ipv4", "ipv6"]
-@@ -1252,7 +1253,10 @@ class nodeRecords(semanageRecords):
+@@ -1252,7 +1257,10 @@ class nodeRecords(semanageRecords):
serange = untranslate(serange)
if ctype == "":
@@ -337700,7 +337703,7 @@ index ad7dc8c..81e0613 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
-@@ -1262,7 +1266,8 @@ class nodeRecords(semanageRecords):
+@@ -1262,7 +1270,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -337710,7 +337713,7 @@ index ad7dc8c..81e0613 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1318,6 +1323,9 @@ class nodeRecords(semanageRecords):
+@@ -1318,6 +1327,9 @@ class nodeRecords(semanageRecords):
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
@@ -337720,7 +337723,7 @@ index ad7dc8c..81e0613 100644
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
if rc < 0:
raise ValueError(_("Could not create key for %s") % addr)
-@@ -1460,7 +1468,8 @@ class interfaceRecords(semanageRecords):
+@@ -1460,7 +1472,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -337730,7 +337733,7 @@ index ad7dc8c..81e0613 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1625,6 +1634,9 @@ class interfaceRecords(semanageRecords):
+@@ -1625,6 +1638,9 @@ class interfaceRecords(semanageRecords):
print "%-30s %s:%s:%s " % (k,ddict[k][0], ddict[k][1],ddict[k][2])
class fcontextRecords(semanageRecords):
@@ -337740,7 +337743,7 @@ index ad7dc8c..81e0613 100644
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
self.equiv = {}
-@@ -1739,6 +1751,9 @@ class fcontextRecords(semanageRecords):
+@@ -1739,6 +1755,9 @@ class fcontextRecords(semanageRecords):
if type == "":
raise ValueError(_("SELinux Type is required"))
@@ -337750,7 +337753,7 @@ index ad7dc8c..81e0613 100644
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
if rc < 0:
raise ValueError(_("Could not create key for %s") % target)
-@@ -1753,7 +1768,8 @@ class fcontextRecords(semanageRecords):
+@@ -1753,7 +1772,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -337760,7 +337763,7 @@ index ad7dc8c..81e0613 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1794,6 +1810,9 @@ class fcontextRecords(semanageRecords):
+@@ -1794,6 +1814,9 @@ class fcontextRecords(semanageRecords):
def __modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser"))
@@ -337770,7 +337773,7 @@ index ad7dc8c..81e0613 100644
self.validate(target)
(rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
-@@ -1999,6 +2018,8 @@ class booleanRecords(semanageRecords):
+@@ -1999,6 +2022,8 @@ class booleanRecords(semanageRecords):
self.modify_local = False
def __mod(self, name, value):
@@ -337779,7 +337782,7 @@ index ad7dc8c..81e0613 100644
(rc, k) = semanage_bool_key_create(self.sh, name)
if rc < 0:
raise ValueError(_("Could not create a key for %s") % name)
-@@ -2028,8 +2049,6 @@ class booleanRecords(semanageRecords):
+@@ -2028,8 +2053,6 @@ class booleanRecords(semanageRecords):
semanage_bool_free(b)
def modify(self, name, value = None, use_file = False):
@@ -337788,7 +337791,7 @@ index ad7dc8c..81e0613 100644
self.begin()
if use_file:
fd = open(name)
-@@ -2120,10 +2139,7 @@ class booleanRecords(semanageRecords):
+@@ -2120,10 +2143,7 @@ class booleanRecords(semanageRecords):
def get_category(self, name):
name = selinux.selinux_boolean_sub(name)
@@ -340092,10 +340095,10 @@ index 0000000..4693bb4
+}
diff --git a/policycoreutils/sepolicy/sepolicy-bash-completion.sh b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
new file mode 100644
-index 0000000..01ac68a
+index 0000000..28b6767
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-bash-completion.sh
-@@ -0,0 +1,186 @@
+@@ -0,0 +1,190 @@
+# This file is part of systemd.
+#
+# Copyright 2012 Dan Walsh
@@ -340177,7 +340180,7 @@ index 0000000..01ac68a
+ local -A OPTS=(
+ [booleans]='-h --help -p --path -a -all -b --boolean'
+ [communicate]='-h --help -s --source -t --target -c --class -S --sourceaccess -T --targetaccess'
-+ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name -p --path --sandbox -T --test --term_user -u --user --x_user'
++ [generate]='-a --admin --admin_user --application --cgi --confined_admin --customize -d --domain --dbus --desktop_user -h --help --inetd --init -n --name --newuser -p --path --sandbox -T --test --term_user -u --user -w --writepath --x_user'
+ [interface]='-h --help -a --list_admin" -u --list_user -l --list'
+ [manpage]='-h --help -p --path -a -all -o --os -d --domain -w --web'
+ [network]='-h --help -d --domain -l --list -p --port -t --type '
@@ -340224,6 +340227,10 @@ index 0000000..01ac68a
+ COMPREPLY=( $( compgen -d -- "$cur") )
+ compopt -o filenames
+ return 0
++ elif test "$prev" = "-w" || test "$prev" = "--writepath" ; then
++ COMPREPLY=( $( compgen -d -- "$cur") )
++ compopt -o filenames
++ return 0
+ elif [ "$prev" = "--type" -o "$prev" = "-t" ]; then
+ COMPREPLY=( $(compgen -W '0 1 2 3 4 5 6 7 8 9 10 11' -- "$cur") )
+ return 0
@@ -340364,10 +340371,10 @@ index 0000000..764fd35
+
diff --git a/policycoreutils/sepolicy/sepolicy-generate.8 b/policycoreutils/sepolicy/sepolicy-generate.8
new file mode 100644
-index 0000000..7d9c86b
+index 0000000..fb84af6
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy-generate.8
-@@ -0,0 +1,108 @@
+@@ -0,0 +1,120 @@
+.TH "sepolicy-generate" "8" "20121005" "" ""
+.SH "NAME"
+sepolicy-generate \- Generate an initial SELinux policy module template.
@@ -340375,7 +340382,7 @@ index 0000000..7d9c86b
+.SH "SYNOPSIS"
+
+.br
-+.B sepolicy generate [\-h] [\-d DOMAIN] [\-u USER] [\-a ADMIN_DOMAIN] [\-n NAME] [\-p PATH] [\-\-admin_user | \-\-application | \-\-cgi | \-\-confined_admin | \-\-customize | \-\-dbus | \-\-desktop_user | \-\-inetd | \-\-init | \-\-sandbox | \-\-term_user | \-\-x_user]
++.B sepolicy generate [\-h] [\-d DOMAIN] [\-u USER] [\-w WRITE_PATH ] [\-a ADMIN_DOMAIN] [\-n NAME] [\-p PATH] [\-\-admin_user | \-\-application | \-\-cgi | \-\-confined_admin | \-\-customize | \-\-dbus | \-\-desktop_user | \-\-inetd | \-\-newtype | \-\-init | \-\-sandbox | \-\-term_user | \-\-x_user]
+
+.SH "DESCRIPTION"
+Use sepolicy generate to generate an SELinux policy Module. sepolicy generate will generate 4 files.
@@ -340416,6 +340423,15 @@ index 0000000..7d9c86b
+Specify the directory to store the created policy files. (Default to current working directory )
+optional arguments:
+.TP
++.I \-u, \-\-user
++SELinux user(s) which will transition to this domain
++.TP
++.I \-w, \-\-writepath
++Path(s) which the confined processes need to write
++.TP
++.I \-a, \-\-admin
++Domain(s) that this confined admin will administrate
++.TP
+.I \-\-admin_user
+Generate Policy for Administrator Login User Role
+.TP
@@ -340443,6 +340459,9 @@ index 0000000..7d9c86b
+.I \-\-init
+Generate Policy for Standard Init Daemon (Default)
+.TP
++.I \-\-newtype
++Generate new policy for new types to add to an existing policy.
++.TP
+.I \-\-sandbox
+Generate Policy for Sandbox
+.TP
@@ -340713,10 +340732,10 @@ index 0000000..0748ca9
+selinux(8), sepolicy-booleans(8), sepolicy-communicate(8), sepolicy-generate(8), sepolicy-interface(8), sepolicy-network(8), sepolicy-manpage(8), sepolicy-transition(8)
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
new file mode 100755
-index 0000000..ca86f5f
+index 0000000..154369d
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy.py
-@@ -0,0 +1,438 @@
+@@ -0,0 +1,470 @@
+#! /usr/bin/python -Es
+# Copyright (C) 2012 Red Hat
+# AUTHOR: Dan Walsh <dwalsh at redhat.com>
@@ -340762,6 +340781,21 @@ index 0000000..ca86f5f
+ raise ValueError("%s does not exist" % values)
+ setattr(namespace, self.dest, values)
+
++class CheckType(argparse.Action):
++ def __call__(self, parser, namespace, values, option_string=None):
++ from sepolicy.network import domains
++
++ if isinstance(values,str):
++ setattr(namespace, self.dest, values)
++ else:
++ newval = getattr(namespace, self.dest)
++ if not newval:
++ newval = []
++
++ for v in values:
++ newval.append(v)
++ setattr(namespace, self.dest, newval)
++
+class CheckDomain(argparse.Action):
+ def __call__(self, parser, namespace, values, option_string=None):
+ from sepolicy.network import domains
@@ -341035,24 +341069,33 @@ index 0000000..ca86f5f
+ print m
+
+def generate(args):
-+ from sepolicy.generate import policy, USERS, SANDBOX, APPLICATIONS
++ from sepolicy.generate import policy, USERS, SANDBOX, APPLICATIONS, NEWTYPE
+ cmd = None
-+ if args.type not in USERS + [ SANDBOX ]:
++ if args.policytype not in USERS + [ SANDBOX, NEWTYPE]:
+ if not args.command:
+ raise ValueError(_("Command required for this type of policy"))
+ cmd = os.path.realpath(args.command)
+ if not args.name:
+ args.name = os.path.basename(cmd).replace("-","_")
+
-+ mypolicy = policy(args.name, args.type)
++ mypolicy = policy(args.name, args.policytype)
+ if cmd:
+ mypolicy.set_program(cmd)
+
++ if args.types:
++ mypolicy.set_types(args.types)
++
++ for p in args.writepaths:
++ if os.path.isdir(p):
++ mypolicy.add_dir(p)
++ else:
++ mypolicy.add_file(p)
++
+ mypolicy.set_transition_users(args.user)
+ mypolicy.set_admin_domains(args.admin_domain)
+ mypolicy.set_existing_domains(args.domain)
+
-+ if args.type in APPLICATIONS:
++ if args.policytype in APPLICATIONS:
+ mypolicy.gen_writeable()
+ mypolicy.gen_symbols()
+ print mypolicy.generate(args.path)
@@ -341072,7 +341115,7 @@ index 0000000..ca86f5f
+ itf.set_defaults(func=interface)
+
+def gen_generate_args(parser):
-+ from sepolicy.generate import DAEMON, get_poltype_desc, poltype, DAEMON, DBUS, INETD, CGI, SANDBOX, USER, EUSER, TUSER, XUSER, LUSER, AUSER, RUSER
++ from sepolicy.generate import DAEMON, get_poltype_desc, poltype, DAEMON, DBUS, INETD, CGI, SANDBOX, USER, EUSER, TUSER, XUSER, LUSER, AUSER, RUSER, NEWTYPE
+ pol = parser.add_parser("generate",
+ help=_('Generate SELinux Policy module template'))
+ pol.add_argument("-d", "--domain", dest="domain",
@@ -341089,45 +341132,53 @@ index 0000000..ca86f5f
+ help=_("name of policy to generate"))
+ pol.add_argument("-T", "--test", dest="test", default=False, action="store_true",
+ help=argparse.SUPPRESS)
++ pol.add_argument("-t", "--type", dest="types", default=[], nargs="*",
++ action=CheckType,
++ help=argparse.SUPPRESS)
+ pol.add_argument("-p", "--path", dest="path", default=os.getcwd(),
+ help=_("path in which the generated policy files will be stored"))
++ pol.add_argument("-w", "--writepath", dest="writepaths", nargs="*", default = [],
++ help=_("path to which the confined processes will need to write"))
+ pol.add_argument("command",nargs="?", default=None,
+ help=_("executable to confine"))
+ group = pol.add_mutually_exclusive_group(required=False)
-+ group.add_argument("--admin_user", dest="type", const=AUSER,
++ group.add_argument("--newtype", dest="policytype", const=NEWTYPE,
++ action="store_const",
++ help=_("Generate Policy for %s") % poltype[NEWTYPE])
++ group.add_argument("--admin_user", dest="policytype", const=AUSER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[AUSER])
-+ group.add_argument("--application", dest="type", const=USER,
++ group.add_argument("--application", dest="policytype", const=USER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[USER])
-+ group.add_argument("--cgi", dest="type", const=CGI,
++ group.add_argument("--cgi", dest="policytype", const=CGI,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[CGI])
-+ group.add_argument("--confined_admin", dest="type", const=RUSER,
++ group.add_argument("--confined_admin", dest="policytype", const=RUSER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[RUSER])
-+ group.add_argument("--customize", dest="type", const=EUSER,
++ group.add_argument("--customize", dest="policytype", const=EUSER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[EUSER])
-+ group.add_argument("--dbus", dest="type", const=DBUS,
++ group.add_argument("--dbus", dest="policytype", const=DBUS,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[DBUS])
-+ group.add_argument("--desktop_user", dest="type", const=LUSER,
++ group.add_argument("--desktop_user", dest="policytype", const=LUSER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[LUSER])
-+ group.add_argument("--inetd", dest="type", const=INETD,
++ group.add_argument("--inetd", dest="policytype", const=INETD,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[INETD])
-+ group.add_argument("--init", dest="type", const=DAEMON,
++ group.add_argument("--init", dest="policytype", const=DAEMON,
+ action="store_const", default=DAEMON,
+ help=_("Generate Policy for %s") % poltype[DAEMON])
-+ group.add_argument("--sandbox", dest="type", const=SANDBOX,
++ group.add_argument("--sandbox", dest="policytype", const=SANDBOX,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[SANDBOX])
-+ group.add_argument("--term_user", dest="type", const=TUSER,
++ group.add_argument("--term_user", dest="policytype", const=TUSER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[TUSER])
-+ group.add_argument("--x_user", dest="type", const=XUSER,
++ group.add_argument("--x_user", dest="policytype", const=XUSER,
+ action="store_const",
+ help=_("Generate Policy for %s") % poltype[XUSER])
+ pol.set_defaults(func=generate)
@@ -341424,10 +341475,10 @@ index 0000000..a179d95
+
diff --git a/policycoreutils/sepolicy/sepolicy/generate.py b/policycoreutils/sepolicy/sepolicy/generate.py
new file mode 100644
-index 0000000..e0b1893
+index 0000000..6c5e482
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/generate.py
-@@ -0,0 +1,1329 @@
+@@ -0,0 +1,1378 @@
+#!/usr/bin/python -Es
+#
+# Copyright (C) 2007-2012 Red Hat
@@ -341596,6 +341647,7 @@ index 0000000..e0b1893
+LUSER = 9
+AUSER = 10
+RUSER = 11
++NEWTYPE = 12
+
+poltype={}
+poltype[DAEMON] = _("Standard Init Daemon")
@@ -341610,6 +341662,7 @@ index 0000000..e0b1893
+poltype[LUSER] = _("Desktop Login User Role")
+poltype[AUSER] = _("Administrator Login User Role")
+poltype[RUSER] = _("Confined Root Administrator Role")
++poltype[NEWTYPE] = _("Module information for a new type")
+
+def get_poltype_desc():
+ keys = poltype.keys()
@@ -341766,6 +341819,16 @@ index 0000000..e0b1893
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
+
++ self.DEFAULT_EXT = {}
++ self.DEFAULT_EXT["_tmp_t"] = tmp;
++ self.DEFAULT_EXT["_unit_file_t"] = unit_file;
++ self.DEFAULT_EXT["_var_cache_t"] = var_cache;
++ self.DEFAULT_EXT["_var_lib_t"] = var_lib;
++ self.DEFAULT_EXT["_var_log_t"] = var_log;
++ self.DEFAULT_EXT["_var_run_t"] = var_run;
++ self.DEFAULT_EXT["_var_spool_t"] = var_spool;
++ self.DEFAULT_EXT["port_t"] = network;
++
+ self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/usr/lib/systemd/system", "/lib/systemd/system" ]
+
+ self.DEFAULT_TYPES = (\
@@ -341780,7 +341843,8 @@ index 0000000..e0b1893
+( self.generate_x_login_user_types, self.generate_x_login_user_rules), \
+( self.generate_login_user_types, self.generate_login_user_rules), \
+( self.generate_admin_user_types, self.generate_login_user_rules), \
-+( self.generate_root_user_types, self.generate_root_user_rules))
++( self.generate_root_user_types, self.generate_root_user_rules), \
++( self.generate_new_types, self.generate_new_rules))
+ if not re.match(r"^[a-zA-Z0-9-_]+$", name):
+ raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
+
@@ -341795,7 +341859,7 @@ index 0000000..e0b1893
+ self.processes = []
+ self.type = type
+ self.initscript = ""
-+ self.program = ""
++ self.program = None
+ self.in_tcp = [False, False, False, []]
+ self.in_udp = [False, False, False, []]
+ self.out_tcp = [False, False, False, []]
@@ -341809,9 +341873,9 @@ index 0000000..e0b1893
+ self.use_pam = False
+ self.use_dbus = False
+ self.use_audit = False
-+ self.use_etc = self.type != EUSER
-+ self.use_localization = self.type != EUSER
-+ self.use_fd = self.type != EUSER
++ self.use_etc = self.type not in [ EUSER, NEWTYPE ]
++ self.use_localization = self.type not in [ EUSER, NEWTYPE ]
++ self.use_fd = self.type not in [ EUSER, NEWTYPE ]
+ self.use_terminal = False
+ self.use_mail = False
+ self.booleans = {}
@@ -342077,7 +342141,7 @@ index 0000000..e0b1893
+ self.found_udp_ports.append(line)
+
+ if self.need_udp_type == True or self.need_tcp_type == True:
-+ return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
++ return re.sub("TEMPLATETYPE", self.name, network.te_types)
+ return ""
+
+ def __find_path(self, file):
@@ -342092,6 +342156,9 @@ index 0000000..e0b1893
+ if capability not in self.capabilities:
+ self.capabilities.append(capability)
+
++ def set_types(self, types):
++ self.types = types
++
+ def add_process(self, process):
+ if process not in self.processes:
+ self.processes.append(process)
@@ -342306,6 +342373,24 @@ index 0000000..e0b1893
+ def generate_root_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
+
++ def generate_new_types(self):
++ newte = ""
++ for t in self.types:
++ for i in self.DEFAULT_EXT:
++ if t.endswith(i):
++ newte += re.sub("TEMPLATETYPE", t[:len(i)], self.DEFAULT_EXT[i].te_types)
++ break
++ return newte
++
++ def generate_new_rules(self):
++ newte = ""
++ for t in self.types:
++ for i in self.DEFAULT_EXT:
++ if t.endswith(i):
++ newte += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].te_rules)
++ break
++ return newte
++
+ def generate_daemon_types(self):
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
+ if self.initscript != "":
@@ -342342,6 +342427,16 @@ index 0000000..e0b1893
+
+ return newif
+
++ def generate_new_type_if(self):
++ newif = ""
++ for t in self.types:
++ for i in self.DEFAULT_EXT:
++ if t.endswith(i):
++ reqtype = t[:-len(i)] + "_t"
++ newif += re.sub("TEMPLATETYPE", t[:-len(i)], self.DEFAULT_EXT[i].if_rules)
++ break
++ return newif
++
+ def generate_login_user_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
+
@@ -342393,7 +342488,7 @@ index 0000000..e0b1893
+ def generate_if(self):
+ newif = ""
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules)
-+ if self.program != "":
++ if self.program:
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
+ if self.initscript != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
@@ -342409,6 +342504,8 @@ index 0000000..e0b1893
+ newif += self.generate_dbus_if()
+ newif += self.generate_admin_if()
+ newif += self.generate_sandbox_if()
++ newif += self.generate_new_type_if()
++ newif += self.generate_new_rules()
+
+ return newif
+
@@ -342416,7 +342513,9 @@ index 0000000..e0b1893
+ return self.DEFAULT_TYPES[self.type][0]()
+
+ def generate_default_rules(self):
-+ return self.DEFAULT_TYPES[self.type][1]()
++ if self.DEFAULT_TYPES[self.type][1]:
++ return self.DEFAULT_TYPES[self.type][1]()
++ return ""
+
+ def generate_roles_rules(self):
+ newte = ""
@@ -342485,11 +342584,12 @@ index 0000000..e0b1893
+ fclist = []
+ if self.type in USERS + [ SANDBOX ]:
+ return re.sub("EXECUTABLE", self.program, executable.fc_user)
-+ if self.program == "":
++ if self.type != NEWTYPE and self.program:
+ raise ValueError(_("You must enter the executable path for your confined process"))
+
-+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
-+ fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
++ if self.program:
++ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
++ fclist.append(re.sub("TEMPLATETYPE", self.name, t1))
+
+ if self.initscript != "":
+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
@@ -342548,7 +342648,7 @@ index 0000000..e0b1893
+ newsh = re.sub("TEMPLATEFILE", "%s" % self.file_name, temp)
+ else:
+ newsh = re.sub("TEMPLATEFILE", self.file_name, temp)
-+ if self.program != "":
++ if self.program:
+ newsh += re.sub("FILENAME", self.program, script.restorecon)
+ if self.initscript != "":
+ newsh += re.sub("FILENAME", self.initscript, script.restorecon)
@@ -342582,7 +342682,7 @@ index 0000000..e0b1893
+ newspec += spec.header_comment_section
+ if self.type in APPLICATIONS:
+ newspec += spec.define_relabel_files_begin
-+ if self.program != "":
++ if self.program:
+ newspec += re.sub("FILENAME", self.program, spec.define_relabel_files_end)
+ if self.initscript != "":
+ newspec += re.sub("FILENAME", self.initscript, spec.define_relabel_files_end)
@@ -345055,10 +345155,10 @@ index 0000000..092a53e
+"""
diff --git a/policycoreutils/sepolicy/sepolicy/templates/network.py b/policycoreutils/sepolicy/sepolicy/templates/network.py
new file mode 100644
-index 0000000..679d0a5
+index 0000000..4499440
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/templates/network.py
-@@ -0,0 +1,101 @@
+@@ -0,0 +1,580 @@
+# Copyright (C) 2007-2012 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -345081,7 +345181,7 @@ index 0000000..679d0a5
+#
+#
+########################### Type Enforcement File #############################
-+te_port_types="""
++te_types="""
+type TEMPLATETYPE_port_t;
+corenet_port(TEMPLATETYPE_port_t)
+"""
@@ -345160,6 +345260,485 @@ index 0000000..679d0a5
+te_in_unreserved_ports_udp="""\
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
++
++if_rules="""\
++########################################
++## <summary>
++## Send and receive TCP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ allow $1 TEMPLATETYPE_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++## Send UDP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ allow $1 TEMPLATETYPE_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to send UDP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++## Receive UDP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ allow $1 TEMPLATETYPE_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to receive UDP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++## Send and receive UDP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_TEMPLATETYPE_port',`
++ corenet_udp_send_TEMPLATETYPE_port($1)
++ corenet_udp_receive_TEMPLATETYPE_port($1)
++')
++
++########################################
++## <summary>
++## Do not audit attempts to send and receive
++## UDP traffic on the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_TEMPLATETYPE_port',`
++ corenet_dontaudit_udp_send_TEMPLATETYPE_port($1)
++ corenet_dontaudit_udp_receive_TEMPLATETYPE_port($1)
++')
++
++########################################
++## <summary>
++## Bind TCP sockets to the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ allow $1 TEMPLATETYPE_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++## <summary>
++## Bind UDP sockets to the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ allow $1 TEMPLATETYPE_port_t:udp_socket name_bind;
++
++')
++
++########################################
++## <summary>
++## Do not audit attempts to sbind to TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_bind_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_port_t:udp_socket name_bind;
++
++')
++
++########################################
++## <summary>
++## Make a TCP connection to the TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`corenet_tcp_connect_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ allow $1 TEMPLATETYPE_port_t:tcp_socket name_connect;
++')
++########################################
++## <summary>
++## Do not audit attempts to make a TCP connection to TEMPLATETYPE port.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_connect_TEMPLATETYPE_port',`
++ gen_require(`
++ type TEMPLATETYPE_port_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++## Send TEMPLATETYPE_client packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_TEMPLATETYPE_client_packets',`
++ gen_require(`
++ type TEMPLATETYPE_client_packet_t;
++ ')
++
++ allow $1 TEMPLATETYPE_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to send TEMPLATETYPE_client packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_TEMPLATETYPE_client_packets',`
++ gen_require(`
++ type TEMPLATETYPE_client_packet_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++## Receive TEMPLATETYPE_client packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_TEMPLATETYPE_client_packets',`
++ gen_require(`
++ type TEMPLATETYPE_client_packet_t;
++ ')
++
++ allow $1 TEMPLATETYPE_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to receive TEMPLATETYPE_client packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_TEMPLATETYPE_client_packets',`
++ gen_require(`
++ type TEMPLATETYPE_client_packet_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++## Send and receive TEMPLATETYPE_client packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_TEMPLATETYPE_client_packets',`
++ corenet_send_TEMPLATETYPE_client_packets($1)
++ corenet_receive_TEMPLATETYPE_client_packets($1)
++')
++
++########################################
++## <summary>
++## Do not audit attempts to send and receive TEMPLATETYPE_client packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_TEMPLATETYPE_client_packets',`
++ corenet_dontaudit_send_TEMPLATETYPE_client_packets($1)
++ corenet_dontaudit_receive_TEMPLATETYPE_client_packets($1)
++')
++
++########################################
++## <summary>
++## Relabel packets to TEMPLATETYPE_client the packet type.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`corenet_relabelto_TEMPLATETYPE_client_packets',`
++ gen_require(`
++ type TEMPLATETYPE_client_packet_t;
++ ')
++
++ allow $1 TEMPLATETYPE_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++## Send TEMPLATETYPE_server packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_TEMPLATETYPE_server_packets',`
++ gen_require(`
++ type TEMPLATETYPE_server_packet_t;
++ ')
++
++ allow $1 TEMPLATETYPE_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to send TEMPLATETYPE_server packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_TEMPLATETYPE_server_packets',`
++ gen_require(`
++ type TEMPLATETYPE_server_packet_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++## Receive TEMPLATETYPE_server packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_TEMPLATETYPE_server_packets',`
++ gen_require(`
++ type TEMPLATETYPE_server_packet_t;
++ ')
++
++ allow $1 TEMPLATETYPE_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++## Do not audit attempts to receive TEMPLATETYPE_server packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_TEMPLATETYPE_server_packets',`
++ gen_require(`
++ type TEMPLATETYPE_server_packet_t;
++ ')
++
++ dontaudit $1 TEMPLATETYPE_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++## Send and receive TEMPLATETYPE_server packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_TEMPLATETYPE_server_packets',`
++ corenet_send_TEMPLATETYPE_server_packets($1)
++ corenet_receive_TEMPLATETYPE_server_packets($1)
++')
++
++########################################
++## <summary>
++## Do not audit attempts to send and receive TEMPLATETYPE_server packets.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_TEMPLATETYPE_server_packets',`
++ corenet_dontaudit_send_TEMPLATETYPE_server_packets($1)
++ corenet_dontaudit_receive_TEMPLATETYPE_server_packets($1)
++')
++
++########################################
++## <summary>
++## Relabel packets to TEMPLATETYPE_server the packet type.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`corenet_relabelto_TEMPLATETYPE_server_packets',`
++ gen_require(`
++ type TEMPLATETYPE_server_packet_t;
++ ')
++
++ allow $1 TEMPLATETYPE_server_packet_t:packet relabelto;
++')
++"""
diff --git a/policycoreutils/sepolicy/sepolicy/templates/rw.py b/policycoreutils/sepolicy/sepolicy/templates/rw.py
new file mode 100644
index 0000000..46dd367
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index 0204d5d..c3be167 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -1,5 +1,5 @@
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
-index 73c60f6..d636091 100644
+index 73c60f6..9ca35a7 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -38,8 +38,7 @@ def get_audit_boot_msgs():
@@ -12,6 +12,15 @@ index 73c60f6..d636091 100644
boottime = time.strftime("%X", s)
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
stdout=subprocess.PIPE).communicate()[0]
+@@ -260,7 +259,7 @@ class AVCMessage(AuditMessage):
+ raise ValueError("Error during access vector computation")
+
+ if self.type == audit2why.CONSTRAINT:
+- self.data = []
++ self.data = [ self.data ]
+ if self.scontext.user != self.tcontext.user:
+ self.data.append("user")
+ if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
index a4adbd8..7b76261 100644
--- a/sepolgen/src/sepolgen/refparser.py
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 3e020c5..ab7c76d 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.13
-Release: 55%{?dist}
+Release: 56%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -338,6 +338,22 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Mon Jan 15 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-56
+- Additional changes for bash completsion and generate man page to match the w
+- Add newtype as a new qualifier to sepolicy generate. This new mechanism wil
+- a policy write to generate types after the initial policy has been written a
+- will autogenerate all of the interfaces.
+- I also added a -w options to allow policy writers from the command line to s
+- the writable directories of files.
+-
+- Modify network.py to include interface definitions for newly created port type
+- Standardize of te_types just like all of the other templates.
+
+- Change permissive domains creation to raise exception if sepolgen is not ins
+- get_te_results no longer needs or uses the opts parameter.
+- The compliler was complaining so I just removed the option.
+- Start returning analysis data for audit2allow
+
* Tue Jan 15 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-55
- Update Translations
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
More information about the scm-commits
mailing list