[policycoreutils/f20] Random fixes for sepolicy gui
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 3 23:06:06 UTC 2013
commit e3137d55a1e4c7128d3a366ec52a6d3f7fd2f20b
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Sep 3 19:05:51 2013 -0400
Random fixes for sepolicy gui
- Update Translations
policycoreutils-rhat.patch | 240 +++++++++++++++++++++++++++++---------------
policycoreutils.spec | 4 +-
2 files changed, 163 insertions(+), 81 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index b8990aa..8c3d7ec 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -510101,7 +510101,7 @@ index 0000000..e2befdb
+ packages=["policycoreutils"],
+)
diff --git a/policycoreutils/semanage/semanage b/policycoreutils/semanage/semanage
-index 6e33c85..c9a0060 100644
+index 6e33c85..e4ecada 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -1,5 +1,7 @@
@@ -510113,7 +510113,7 @@ index 6e33c85..c9a0060 100644
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
-@@ -19,564 +21,813 @@
+@@ -19,564 +21,821 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
# 02111-1307 USA
#
@@ -510607,23 +510607,31 @@ index 6e33c85..c9a0060 100644
+ OBJECT.enable(args.module_name)
+ if args.action == "disable":
+ OBJECT.disable(args.module_name)
-+ if args.action == "delete":
++ if args.action == "remove":
+ OBJECT.delete(args.module_name)
++ if args.action is "deleteall":
++ OBJECT.deleteall()
+ if args.action == "list":
-+ OBJECT.list(args.noheading)
++ OBJECT.list(args.noheading, args.locallist)
++ if args.action is "extract":
++ for i in OBJECT.customized():
++ print "module %s" % str(i)
+
+def setupModuleParser(subparsers):
+ moduleParser = subparsers.add_parser('module', help=_('Manage SELinux policy modules'))
+ parser_add_noheading(moduleParser, "module")
+ parser_add_noreload(moduleParser, "module")
+ parser_add_store(moduleParser, "module")
++ parser_add_locallist(moduleParser, "module")
+
+ mgroup = moduleParser.add_mutually_exclusive_group(required=True)
+ parser_add_add(mgroup, "module")
-+ parser_add_delete(mgroup, "module")
-+ parser_add_modify(mgroup, "module")
+ parser_add_list(mgroup, "module")
-+
++ parser_add_extract(mgroup, "module")
++ parser_add_deleteall(mgroup, "module")
++ mgroup.add_argument('-r', '--remove', dest='action', action='store_const', const='remove', help=_("Remove a module"))
++ mgroup.add_argument('-d', '--disable', dest='action', action='store_const', const='disable', help=_("Disable a module"))
++ mgroup.add_argument('-e', '--enable', dest='action', action='store_const', const='enable', help=_("Enable a module"))
+ moduleParser.add_argument('module_name', nargs='?', default=None, help=_('Name of the module to act on'))
+ moduleParser.set_defaults(func=handleModule)
+
@@ -510762,7 +510770,7 @@ index 6e33c85..c9a0060 100644
+ dontauditParser.set_defaults(func=handleDontaudit)
+
+def handleExport(args):
-+ manageditems=[ "boolean", "login", "interface", "user", "port", "node", "fcontext"]
++ manageditems=[ "boolean", "login", "interface", "user", "port", "node", "fcontext", "module"]
+ for i in manageditems:
+ OBJECT = object_dict[i]()
+ print "%s -D" % i
@@ -511575,7 +511583,7 @@ index edefd9a..ed31356 100644
return 0
diff --git a/policycoreutils/semanage/semanage-boolean.8 b/policycoreutils/semanage/semanage-boolean.8
new file mode 100644
-index 0000000..0a59e07
+index 0000000..361a8d3
--- /dev/null
+++ b/policycoreutils/semanage/semanage-boolean.8
@@ -0,0 +1,61 @@
@@ -511583,7 +511591,7 @@ index 0000000..0a59e07
+.SH "NAME"
+semanage boolean\- SELinux Policy Management boolean tool
+.SH "SYNOPSIS"
-+.B semanage boolean [\-h] [\-n] [\-N] [\-s STORE] [ \-\-extract | \-\-deleteall | \-\-list \-C | \-\-modify ( \-\-on | \-\-off ) boolean ]
++.B semanage boolean [\-h] [\-n] [\-N] [\-s STORE] [ \-\-extract | \-\-deleteall | \-\-list [\-C] | \-\-modify ( \-\-on | \-\-off ) boolean ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
@@ -511604,7 +511612,7 @@ index 0000000..0a59e07
+Select an alternate SELinux Policy Store to manage
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-m, \-\-modify
+Modify a record of the specified object type
@@ -511616,7 +511624,7 @@ index 0000000..0a59e07
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-1, \-\-on
+Enable the boolean
@@ -511725,7 +511733,7 @@ index 0000000..1b20c82
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-fcontext.8 b/policycoreutils/semanage/semanage-fcontext.8
new file mode 100644
-index 0000000..ba2355a
+index 0000000..3fdd937
--- /dev/null
+++ b/policycoreutils/semanage/semanage-fcontext.8
@@ -0,0 +1,87 @@
@@ -511734,7 +511742,7 @@ index 0000000..ba2355a
+semanage fcontext\- SELinux Policy Management file context tool
+
+.SH "SYNOPSIS"
-+.B semanage fcontext [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) | \-\-delete ( \-t TYPE \-f FTYPE | \-e EQUAL ) FILE_SPEC ) | \-\-deleteall | \-\-extract | \-\-list \-C | \-\-modify ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) ]
++.B semanage fcontext [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) | \-\-delete ( \-t TYPE \-f FTYPE | \-e EQUAL ) FILE_SPEC ) | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-t TYPE \-f FTYPE \-r RANGE \-s SEUSER | \-e EQUAL ) FILE_SPEC ) ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
@@ -511754,7 +511762,7 @@ index 0000000..ba2355a
+Do not reload policy after commit
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-S STORE, \-\-store STORE
+Select an alternate SELinux Policy Store to manage
@@ -511775,7 +511783,7 @@ index 0000000..ba2355a
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-e EQUAL, \-\-equal EQUAL
+Substitute target path with sourcepath when generating default label. This is used with fcontext. Requires source and target path arguments. The context labeling for the target subtree is made equivalent to that defined for the source.
@@ -511860,7 +511868,7 @@ index 0000000..fb95a04
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-interface.8 b/policycoreutils/semanage/semanage-interface.8
new file mode 100644
-index 0000000..7c67718
+index 0000000..c9dd59c
--- /dev/null
+++ b/policycoreutils/semanage/semanage-interface.8
@@ -0,0 +1,63 @@
@@ -511868,7 +511876,7 @@ index 0000000..7c67718
+.SH "NAME"
+.B semanage interface\- SELinux Policy Management network interface tool
+.SH "SYNOPSIS"
-+.B semanage interface [-h] [-n] [-N] [-s STORE] [ --add -t TYPE -r RANGE interface | --delete interface | --deleteall | --extract | --list -C | --modify -t TYPE -r RANGE interface ]
++.B semanage interface [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-t TYPE \-r RANGE interface | \-\-delete interface | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-r RANGE interface ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
@@ -511890,7 +511898,7 @@ index 0000000..7c67718
+Select an alternate SELinux Policy Store to manage
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-a, \-\-add
+Add a record of the specified object type
@@ -511908,7 +511916,7 @@ index 0000000..7c67718
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-t TYPE, \-\-type TYPE
+SELinux type for the object
@@ -511929,7 +511937,7 @@ index 0000000..7c67718
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-login.8 b/policycoreutils/semanage/semanage-login.8
new file mode 100644
-index 0000000..84f106d
+index 0000000..78a0ecb
--- /dev/null
+++ b/policycoreutils/semanage/semanage-login.8
@@ -0,0 +1,68 @@
@@ -511937,7 +511945,7 @@ index 0000000..84f106d
+.SH "NAME"
+.B semanage login\- SELinux Policy Management linux user to SELinux User mapping tool
+.SH "SYNOPSIS"
-+.B semanage login [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-s SEUSER \-r RANGE LOGIN | \-\-delete LOGIN | \-\-deleteall | \-\-extract | \-\-list \-C | \-\-modify \-s SEUSER \-r RANGE LOGIN ]
++.B semanage login [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-s SEUSER \-r RANGE LOGIN | \-\-delete LOGIN | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-s SEUSER \-r RANGE LOGIN ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
@@ -511956,7 +511964,7 @@ index 0000000..84f106d
+Do not reload policy after commit
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-S STORE, \-\-store STORE
+Select an alternate SELinux Policy Store to manage
@@ -511977,7 +511985,7 @@ index 0000000..84f106d
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-s SEUSER, \-\-seuser SEUSER
+SELinux user name
@@ -512003,17 +512011,15 @@ index 0000000..84f106d
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-module.8 b/policycoreutils/semanage/semanage-module.8
new file mode 100644
-index 0000000..12897dc
+index 0000000..3f82535
--- /dev/null
+++ b/policycoreutils/semanage/semanage-module.8
-@@ -0,0 +1,53 @@
+@@ -0,0 +1,60 @@
+.TH "semanage-module" "8" "20130617" "" ""
+.SH "NAME"
+.B semanage module\\- SELinux Policy Management module mapping tool
+.SH "SYNOPSIS"
-+.B semanage module [\-h] [\-n] [\-N] [\-S STORE]
-+ (\-a | \-d | \-m {enable,disable} | \-l)
-+ [module_name]
++.B semanage module [\-h] [\-n] [\-N] [\-S STORE] (\-a | \-r | \-e | \-d | \-\-extract | \-\-list [\-C] | \-\-deleteall) [module_name]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage module installs, removes, disables SELinux Policy modules.
@@ -512033,16 +512039,25 @@ index 0000000..12897dc
+Select an alternate SELinux Policy Store to manage
+.TP
+.I \-a, \-\-add
-+Add a record of the specified object type
++Install specified module
+.TP
-+.I \-d, \-\-delete
-+Delete a record of the specified object type
++.I \-r, \-\-remove
++Remove specified module
++.TP
++.I \-d \-\-disable
++Disable specified module
+.TP
-+.I \-m {enable,disable}, \-\-modify {enable,disable}
-+Enable or Disable specified module
++.I \-e \-\-enable
++Enable specified module
++.TP
++.I \-E, \-\-extract
++Extract customizable commands, for use within a transaction
+.TP
+.I \-l, \-\-list
+List records of the specified object type
++.TP
++.I \-C, \-\-locallist
++List local customizations
+
+.SH EXAMPLE
+.nf
@@ -512062,7 +512077,7 @@ index 0000000..12897dc
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-node.8 b/policycoreutils/semanage/semanage-node.8
new file mode 100644
-index 0000000..dd54a94
+index 0000000..75c2d30
--- /dev/null
+++ b/policycoreutils/semanage/semanage-node.8
@@ -0,0 +1,58 @@
@@ -512070,7 +512085,7 @@ index 0000000..dd54a94
+.SH "NAME"
+.B semanage node\- SELinux Policy Management node mapping tool
+.SH "SYNOPSIS"
-+.B semanage node [-h] [-n] [-N] [-s STORE] [ --add -M NETMASK -p PROTOCOL -t TYPE -r RANGE node | --delete -M NETMASK -p PROTOCOL node | --deleteall | --extract | --list -C | --modify -M NETMASK -p PROTOCOL -t TYPE -r RANGE node ]
++.B semanage node [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-M NETMASK \-p PROTOCOL \-t TYPE \-r RANGE node | \-\-delete \-M NETMASK \-p PROTOCOL node | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-M NETMASK \-p PROTOCOL \-t TYPE \-r RANGE node ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
@@ -512092,7 +512107,7 @@ index 0000000..dd54a94
+Select an alternate SELinux Policy Store to manage
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-a, \-\-add
+Add a record of the specified object type
@@ -512110,7 +512125,7 @@ index 0000000..dd54a94
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-M NETMASK, \-\-netmask NETMASK
+Network Mask
@@ -512177,7 +512192,7 @@ index 0000000..9a143df
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-port.8 b/policycoreutils/semanage/semanage-port.8
new file mode 100644
-index 0000000..d460cfc
+index 0000000..cd0a1b4
--- /dev/null
+++ b/policycoreutils/semanage/semanage-port.8
@@ -0,0 +1,68 @@
@@ -512185,7 +512200,7 @@ index 0000000..d460cfc
+.SH "NAME"
+.B semanage port\- SELinux Policy Management port mapping tool
+.SH "SYNOPSIS"
-+.B semanage port [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range | \-\-delete \-p PROTOCOL port_name | port_range | \-\-deleteall | \-\-extract | \-\-list \-C | \-\-modify \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range ]
++.B semanage port [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range | \-\-delete \-p PROTOCOL port_name | port_range | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage port controls the port number to port type defitions.
@@ -512205,7 +512220,7 @@ index 0000000..d460cfc
+Select an alternate SELinux Policy Store to manage
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-a, \-\-add
+Add a record of the specified object type
@@ -512223,7 +512238,7 @@ index 0000000..d460cfc
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-t TYPE, \-\-type TYPE
+SELinux type for the object
@@ -512251,7 +512266,7 @@ index 0000000..d460cfc
+This man page was written by Daniel Walsh <dwalsh at redhat.com>
diff --git a/policycoreutils/semanage/semanage-user.8 b/policycoreutils/semanage/semanage-user.8
new file mode 100644
-index 0000000..d811d24
+index 0000000..6d8c0cb
--- /dev/null
+++ b/policycoreutils/semanage/semanage-user.8
@@ -0,0 +1,71 @@
@@ -512259,7 +512274,7 @@ index 0000000..d811d24
+.SH "NAME"
+.B semanage user\- SELinux Policy Management SELinux User mapping tool
+.SH "SYNOPSIS"
-+.B semanage user [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list \-C | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ]
++.B semanage user [\-h] [\-n] [\-N] [\-s STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ]
+
+.SH "DESCRIPTION"
+semanage is used to configure certain elements of
@@ -512281,7 +512296,7 @@ index 0000000..d811d24
+Select an alternate SELinux Policy Store to manage
+.TP
+.I \-C, \-\-locallist
-+List OBJECTS local customizations
++List local customizations
+.TP
+.I \-a, \-\-add
+Add a record of the specified object type
@@ -512299,7 +512314,7 @@ index 0000000..d811d24
+Extract customizable commands, for use within a transaction
+.TP
+.I \-D, \-\-deleteall
-+Remove all OBJECTS local customizations
++Remove all local customizations
+.TP
+.I \-L LEVEL, \-\-level LEVEL
+Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)
@@ -512596,7 +512611,7 @@ index 28a9022..90b142e 100644
+usage: semanage [-h]
+
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
-index 85bc37f..8ef5558 100644
+index 85bc37f..f61bc46 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -32,32 +32,47 @@ from IPy import IP
@@ -512662,7 +512677,26 @@ index 85bc37f..8ef5558 100644
if sename != "":
message += " sename=" + sename
if oldsename != "":
-@@ -285,6 +300,8 @@ class moduleRecords(semanageRecords):
+@@ -270,6 +285,12 @@ class moduleRecords(semanageRecords):
+ l.append((semanage_module_get_name(mod), semanage_module_get_version(mod), semanage_module_get_enabled(mod)))
+ return l
+
++ def customized(self):
++ all = self.get_all()
++ if len(all) == 0:
++ return
++ return map(lambda x: "-d %s" % x[0], filter(lambda t: t[2] == 0, all))
++
+ def list(self, heading = 1, locallist = 0):
+ all = self.get_all()
+ if len(all) == 0:
+@@ -281,10 +302,14 @@ class moduleRecords(semanageRecords):
+ if t[2] == 0:
+ disabled = _("Disabled")
+ else:
++ if locallist:
++ continue
+ disabled = ""
print "%-25s%-10s%s" % (t[0], t[1], disabled)
def add(self, file):
@@ -512671,7 +512705,19 @@ index 85bc37f..8ef5558 100644
rc = semanage_module_install_file(self.sh, file);
if rc >= 0:
self.commit()
-@@ -461,7 +478,9 @@ class loginRecords(semanageRecords):
+@@ -324,6 +349,11 @@ class moduleRecords(semanageRecords):
+
+ self.commit()
+
++ def deleteall(self):
++ l = map(lambda x: x[0], filter(lambda t: t[2] == 0, self.get_all()))
++ for m in l:
++ self.enable(m)
++
+ class dontauditClass(semanageRecords):
+ def __init__(self, store):
+ semanageRecords.__init__(self, store)
+@@ -461,7 +491,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
@@ -512682,7 +512728,7 @@ index 85bc37f..8ef5558 100644
if name[0] == '%':
try:
grp.getgrnam(name[1:])
-@@ -731,7 +750,8 @@ class seluserRecords(semanageRecords):
+@@ -731,7 +763,8 @@ class seluserRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if SELinux user %s is defined") % name)
if exists:
@@ -512692,7 +512738,7 @@ index 85bc37f..8ef5558 100644
(rc, u) = semanage_user_create(self.sh)
if rc < 0:
-@@ -999,8 +1019,10 @@ class portRecords(semanageRecords):
+@@ -999,8 +1032,10 @@ class portRecords(semanageRecords):
raise ValueError(_("Type %s is invalid, must be a port type") % type)
( k, proto_d, low, high ) = self.__genkey(port, proto)
@@ -512705,7 +512751,7 @@ index 85bc37f..8ef5558 100644
if rc < 0:
raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
if exists:
-@@ -1274,7 +1296,8 @@ class nodeRecords(semanageRecords):
+@@ -1274,7 +1309,8 @@ class nodeRecords(semanageRecords):
(rc, exists) = semanage_node_exists(self.sh, k)
if exists:
@@ -512715,7 +512761,7 @@ index 85bc37f..8ef5558 100644
(rc, node) = semanage_node_create(self.sh)
if rc < 0:
-@@ -1475,7 +1498,8 @@ class interfaceRecords(semanageRecords):
+@@ -1475,7 +1511,8 @@ class interfaceRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if interface %s is defined") % interface)
if exists:
@@ -512725,7 +512771,7 @@ index 85bc37f..8ef5558 100644
(rc, iface) = semanage_iface_create(self.sh)
if rc < 0:
-@@ -1643,6 +1667,7 @@ class fcontextRecords(semanageRecords):
+@@ -1643,6 +1680,7 @@ class fcontextRecords(semanageRecords):
try:
valid_types = sepolicy.info(sepolicy.ATTRIBUTE,"file_type")[0]["types"]
valid_types += sepolicy.info(sepolicy.ATTRIBUTE,"device_node")[0]["types"]
@@ -512733,7 +512779,7 @@ index 85bc37f..8ef5558 100644
except RuntimeError:
valid_types = []
-@@ -1696,6 +1721,12 @@ class fcontextRecords(semanageRecords):
+@@ -1696,6 +1734,12 @@ class fcontextRecords(semanageRecords):
def add_equal(self, target, substitute):
self.begin()
@@ -512746,7 +512792,7 @@ index 85bc37f..8ef5558 100644
if target in self.equiv.keys():
raise ValueError(_("Equivalence class for %s already exists") % target)
self.validate(target)
-@@ -1751,9 +1782,15 @@ class fcontextRecords(semanageRecords):
+@@ -1751,9 +1795,15 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead") % (target, i, fdict[i], t))
@@ -512763,7 +512809,7 @@ index 85bc37f..8ef5558 100644
if is_mls_enabled == 1:
serange = untranslate(serange)
-@@ -1777,7 +1814,8 @@ class fcontextRecords(semanageRecords):
+@@ -1777,7 +1827,8 @@ class fcontextRecords(semanageRecords):
raise ValueError(_("Could not check if file context for %s is defined") % target)
if exists:
@@ -512773,7 +512819,7 @@ index 85bc37f..8ef5558 100644
(rc, fcontext) = semanage_fcontext_create(self.sh)
if rc < 0:
-@@ -1966,11 +2004,11 @@ class fcontextRecords(semanageRecords):
+@@ -1966,11 +2017,11 @@ class fcontextRecords(semanageRecords):
keys.sort()
for k in keys:
if fcon_dict[k]:
@@ -512787,7 +512833,7 @@ index 85bc37f..8ef5558 100644
return l
def list(self, heading = 1, locallist = 0 ):
-@@ -2156,7 +2194,7 @@ class booleanRecords(semanageRecords):
+@@ -2156,7 +2207,7 @@ class booleanRecords(semanageRecords):
keys.sort()
for k in keys:
if ddict[k]:
@@ -515855,10 +515901,10 @@ index 26f8390..ba959ae 100644
return out
diff --git a/policycoreutils/sepolicy/sepolicy/gui.py b/policycoreutils/sepolicy/sepolicy/gui.py
new file mode 100644
-index 0000000..6c24252
+index 0000000..5455378
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/gui.py
-@@ -0,0 +1,2765 @@
+@@ -0,0 +1,2797 @@
+#!/usr/bin/python -Es
+#
+# Copyright (C) 2013 Red Hat
@@ -515937,10 +515983,7 @@ index 0000000..6c24252
+ self.finish_init = False
+ self.dbus = SELinuxDBus()
+ try:
-+ if test:
-+ customized = ""
-+ else:
-+ customized = self.dbus.customized()
++ customized = self.dbus.customized()
+ except dbus.exceptions.DBusException, e:
+ print e
+ self.quit()
@@ -515970,7 +516013,6 @@ index 0000000..6c24252
+ self.current_popup = None
+ self.import_export = None
+ self.clear_entry = True
-+ self.update_buffer = ''
+ self.files_add = False
+ self.network_add = False
+
@@ -516023,6 +516065,10 @@ index 0000000..6c24252
+ self.disabled_button_default = builder.get_object("Disabled_button_default")
+ self.initialize_system_default_mode()
+
++ self.enable_unconfined_button = builder.get_object("enable_unconfined")
++ self.disable_unconfined_button = builder.get_object("disable_unconfined")
++ self.enable_permissive_button = builder.get_object("enable_permissive")
++ self.disable_permissive_button = builder.get_object("disable_permissive")
+ # Help Window *********************************
+ self.help_window = builder.get_object("help_window")
+ self.help_text = builder.get_object("help_text")
@@ -516386,6 +516432,8 @@ index 0000000..6c24252
+ "on_cancel_button_config_clicked" : self.close_config_window,
+ "on_Import_button_clicked" : self.import_config_show,
+ "on_Export_button_clicked" : self.export_config_show,
++ "on_enable_unconfined_toggled": self.unconfined_toggle,
++ "on_enable_permissive_toggled": self.permissive_toggle,
+ "on_system_policy_type_combobox_changed" : self.change_default_policy,
+ "on_Enforcing_button_default_toggled" : self.change_default_mode,
+ "on_Permissive_button_default_toggled" : self.change_default_mode,
@@ -516407,6 +516455,7 @@ index 0000000..6c24252
+ "gtk_main_quit": self.closewindow
+ }
+
++ self.previously_modified_initialize(customized)
+ builder.connect_signals(dic)
+ self.window.show() # Show the gui to the screen
+ if self.application:
@@ -518163,17 +518212,18 @@ index 0000000..6c24252
+ self.new_updates()
+
+ def update_the_system(self, *args):
-+ self.wait_mouse()
+ self.update_window.hide()
+ self.window.set_sensitive(True)
++ update_buffer = self.revert_to_previous_save(True)
++ self.wait_mouse()
+ try:
-+ self.update_buffer = ''
-+ self.revert_to_previous_save(True)
-+ print self.dbus.semanage(self.update_buffer)
++ print self.dbus.semanage(update_buffer)
+ except dbus.exceptions.DBusException, e:
+ print e
+ self.application_selected()
++ self.finish_init = False
+ self.previously_modified_initialize(self.dbus.customized())
++ self.finish_init = True
+ self.clear_filters()
+ self.application_selected()
+ self.ready_mouse()
@@ -518195,6 +518245,7 @@ index 0000000..6c24252
+
+ def revert_to_previous_save(self, update):
+ ctr = 0
++ update_buffer = ""
+ for items in self.update_treestore:
+ if self.update_treestore[ctr][0]:
+ ipage = self.ipage_value_lookup(self.update_treestore[ctr][2])
@@ -518210,7 +518261,7 @@ index 0000000..6c24252
+ if ipage == "Booleans":
+ for bools in self.booldict:
+ if bools == self.bool_revert:
-+ self.update_buffer += "boolean -m -%d %s\n" % (self.booldict[bools]['active'], bools)
++ update_buffer += "boolean -m -%d %s\n" % (self.booldict[bools]['active'], bools)
+ popbools.append(self.bool_revert)
+ for pop in popbools:
+ self.booldict.pop(pop)
@@ -518218,7 +518269,7 @@ index 0000000..6c24252
+ for ports in self.portdict:
+ if self.portdict[self.application, ipage, operation][path_or_port, fclass_or_protocol]["type"] == ftype:
+ porttype = self.portdict[self.application, ipage, operation][(path_or_port, fclass_or_protocol)]["type"]
-+ self.update_buffer += "port -%s -t %s -p %s %s\n" % (operation[0].tolower(), porttype, fclass_or_protocol, path_or_port)
++ update_buffer += "port -%s -t %s -p %s %s\n" % (operation[0].tolower(), porttype, fclass_or_protocol, path_or_port)
+ self.portdict[self.application, ipage, operation].pop((path_or_port, fclass_or_protocol))
+ break
+ else:
@@ -518226,7 +518277,7 @@ index 0000000..6c24252
+ if self.filedict[self.application, ipage, operation][path_or_port, fclass_or_protocol]["type"] == ftype:
+
+
-+ self.update_buffer += "fcontext -%s -f %s -t %s %s\n" % (operation[0].tolower(), reverse_file_type_str[fclass_or_protocol], ftype, path_or_port)
++ update_buffer += "fcontext -%s -f %s -t %s %s\n" % (operation[0].tolower(), reverse_file_type_str[fclass_or_protocol], ftype, path_or_port)
+ self.filedict[self.application, ipage, operation].pop((path_or_port, fclass_or_protocol))
+ break
+
@@ -518234,7 +518285,8 @@ index 0000000..6c24252
+ if update == False:
+ self.update_window.hide()
+ self.window.set_sensitive(True)
-+
++ else:
++ return update_buffer
+ def reveal_advanced_system(self, label, *args):
+ if label.get_text() == ADVANCED_LABEL[0]:
+ label.set_text(ADVANCED_LABEL[1])
@@ -518481,6 +518533,11 @@ index 0000000..6c24252
+ for ipage in range(0,3):
+ self.init_dictionary(self.filedict, self.application, ipage, 'Add', path, fclass, label, 0, False, True)
+ self.filedict[self.application, ipage, 'Add'][path, fclass] = {'type': label, 'mls': 1, 'changed': False, 'old': True}
++ if cmd == "module":
++ if argv[-1] == "unconfined":
++ self.disable_unconfined_button.set_active(True)
++ if argv[-1] == "permissivedomains":
++ self.disable_permissive_button.set_active(True)
+
+ def translate_bool(self, b):
+ b = b.split('-')[1]
@@ -518548,6 +518605,7 @@ index 0000000..6c24252
+ self.popup_window_files.hide()
+ self.window.set_sensitive(True)
+ self.recursive_path_toggle.set_active(False)
++
+ def close_update_popup(self,*args):
+ self.update_window.hide()
+ self.window.set_sensitive(True)
@@ -518608,6 +518666,26 @@ index 0000000..6c24252
+ self.show_modified_only_network.set_active(False)
+ self.transitions_filter.set_text('')
+
++ def unconfined_toggle(self, *args):
++ if not self.finish_init:
++ return
++ self.wait_mouse()
++ if self.enable_unconfined_button.get_active():
++ self.dbus.semanage("module -e unconfined")
++ else:
++ self.dbus.semanage("module -d unconfined")
++ self.ready_mouse()
++
++ def permissive_toggle(self, *args):
++ if not self.finish_init:
++ return
++ self.wait_mouse()
++ if self.enable_permissive_button.get_active():
++ self.dbus.semanage("module -e permissivedomains")
++ else:
++ self.dbus.semanage("module -d permissivedomains")
++ self.ready_mouse()
++
+ def confirmation_close(self, button, *args):
+ if len(self.update_treestore) > 0:
+ if self.verify(_("You are attempting to close the application without applying your changes.\n * To apply changes you have made during this session, click No and click Update.\n * To leave the application without applying your changes, click Yes. All changes that you have made during this session will be lost."), _("Loss of data Dialog")) == Gtk.ResponseType.NO:
@@ -519496,12 +519574,12 @@ index 0000000..7ad2af7
+ print e
diff --git a/policycoreutils/sepolicy/sepolicy/sepolicy.glade b/policycoreutils/sepolicy/sepolicy/sepolicy.glade
new file mode 100644
-index 0000000..6761ed2
+index 0000000..1b7a2f0
--- /dev/null
+++ b/policycoreutils/sepolicy/sepolicy/sepolicy.glade
-@@ -0,0 +1,4322 @@
+@@ -0,0 +1,4326 @@
+<?xml version="1.0" encoding="UTF-8"?>
-+<!-- Generated with glade 3.15.2 on Tue Sep 3 16:37:00 2013 -->
++<!-- Generated with glade 3.15.2 on Tue Sep 3 17:21:50 2013 -->
+<interface>
+ <!-- interface-requires gtk+ 3.8 -->
+ <object class="GtkListStore" id="Advanced_search_liststore">
@@ -520056,8 +520134,10 @@ index 0000000..6761ed2
+ <object class="GtkLabel" id="help_text">
+ <property name="visible">True</property>
+ <property name="can_focus">False</property>
-+ <property name="label" translatable="yes"></property>
-+ <property name="wrap_mode">word</property>
++ <property name="xalign">0</property>
++ <property name="xpad">10</property>
++ <property name="label" translatable="yes"><operation> File Labeling for <selected domain>. File labels will be created when update is applied.</property>
++ <property name="justify">fill</property>
+ <property name="wrap">True</property>
+ </object>
+ <packing>
@@ -522890,6 +522970,7 @@ index 0000000..6761ed2
+ <property name="xalign">0</property>
+ <property name="active">True</property>
+ <property name="draw_indicator">True</property>
++ <signal name="toggled" handler="on_enable_unconfined_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
@@ -522970,6 +523051,7 @@ index 0000000..6761ed2
+ <property name="xalign">0</property>
+ <property name="active">True</property>
+ <property name="draw_indicator">True</property>
++ <signal name="toggled" handler="on_enable_permissive_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="expand">False</property>
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 52b1be4..1511bd3 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -119,8 +119,8 @@ an SELinux environment.
%{python_sitearch}/sepolgen
%dir %{python_sitearch}/sepolicy
%{python_sitearch}/sepolicy/*so
-%dir %{python_sitearch}/sepolicy/templates
-%dir %{python_sitearch}/sepolicy/help
+%{python_sitearch}/sepolicy/templates
+%{python_sitearch}/sepolicy/help
%{python_sitearch}/sepolicy/help/*
%{python_sitearch}/sepolicy/__init__.py*
%{python_sitearch}/sepolicy/booleans.py*
More information about the scm-commits
mailing list