rpms
/
policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import policycoreutils-2.9-3.el8

This commit is contained in:
CentOS Sources 2019-11-05 15:21:02 -05:00 committed by Andrew Lukoshko
parent a0c5bb32b0
commit 0176069af5
33 changed files with 6563 additions and 3329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.gitignore vendored
View File

@ -1,14 +1,13 @@
SOURCES/gui-po.tgz
SOURCES/policycoreutils-2.8.tar.gz
SOURCES/policycoreutils-2.9.tar.gz
SOURCES/policycoreutils-po.tgz
SOURCES/policycoreutils_man_ru2.tar.bz2
SOURCES/python-po.tgz
SOURCES/restorecond-2.8.tar.gz
SOURCES/restorecond-2.9.tar.gz
SOURCES/sandbox-po.tgz
SOURCES/selinux-dbus-2.8.tar.gz
SOURCES/selinux-gui-2.8.tar.gz
SOURCES/selinux-python-2.8.tar.gz
SOURCES/selinux-sandbox-2.8.tar.gz
SOURCES/semodule-utils-2.8.tar.gz
SOURCES/selinux-dbus-2.9.tar.gz
SOURCES/selinux-gui-2.9.tar.gz
SOURCES/selinux-python-2.9.tar.gz
SOURCES/selinux-sandbox-2.9.tar.gz
SOURCES/semodule-utils-2.9.tar.gz
SOURCES/sepolicy-icons.tgz
SOURCES/system-config-selinux.png

23
.policycoreutils.metadata
View File

@ -1,14 +1,13 @@
b65686d84acd60d522c8721d38f938a75e25a4cc SOURCES/gui-po.tgz
fed6a10a3205f8dbc12fd1ae40821e7f7b1d92b0 SOURCES/policycoreutils-2.8.tar.gz
7288a10d135a7b1d72e4fdb1a7d757b56ec33975 SOURCES/policycoreutils-po.tgz
be6e4cb77bb89b98ecb246f03780389b30646198 SOURCES/policycoreutils_man_ru2.tar.bz2
ea880063f39c78e6d1c8262392a16493b3f20a04 SOURCES/python-po.tgz
3b73350c485a5a9d2a1a133c8b6b180f6a792b37 SOURCES/restorecond-2.8.tar.gz
14c9fff2633cf4a73e37909a8c3be08e323b61a8 SOURCES/sandbox-po.tgz
20b0df570e1a83946068652eb6ebda07e9d58795 SOURCES/selinux-dbus-2.8.tar.gz
4ea6ec0827feafe752d8af30db256fe25eff757e SOURCES/selinux-gui-2.8.tar.gz
977e0f569970cb243851381b6fbe9efad60eeee4 SOURCES/selinux-python-2.8.tar.gz
f782ccff747552ea0baec1cd4e8f4a2ae12a7488 SOURCES/selinux-sandbox-2.8.tar.gz
62cc0f1d4a6f61260d5ec5015d31d12b44aa522b SOURCES/semodule-utils-2.8.tar.gz
1774f04937a737c415273ee118b0d295e01864f3 SOURCES/gui-po.tgz
6e64d9a38fb516738023eb429eef29af5383f443 SOURCES/policycoreutils-2.9.tar.gz
136d495d4ad657aab34727edad0de2fc6a3c6553 SOURCES/policycoreutils-po.tgz
2218891a934c10bea73fd017a8aa5ce9417a78c4 SOURCES/python-po.tgz
0a34ef54394972870203832c8ce52d4405bd5330 SOURCES/restorecond-2.9.tar.gz
36c396e7151f3f6d55cbf4983d3d73a79be41899 SOURCES/sandbox-po.tgz
8645509cdfc433278c2e4d29ee8f511625c7edcc SOURCES/selinux-dbus-2.9.tar.gz
5c155ae47692389d9fabaa154195e7f978f2a3f0 SOURCES/selinux-gui-2.9.tar.gz
660e1ab824ef80f7a69f0b70f61e231957fd398e SOURCES/selinux-python-2.9.tar.gz
0e208cad193021ad17a445b76b72af3fef8db999 SOURCES/selinux-sandbox-2.9.tar.gz
a4414223e60bb664ada4824e54f8d36ab208d599 SOURCES/semodule-utils-2.9.tar.gz
d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png

43
SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch Normal file
View File

@ -0,0 +1,43 @@
From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 5 Mar 2019 17:38:55 +0100
Subject: [PATCH 01/20] gui: Install polgengui.py to /usr/bin/selinux-polgengui
polgengui.py is a standalone gui tool which should be in /usr/bin with other
tools.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
gui/Makefile | 2 +-
gui/modulesPage.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/gui/Makefile b/gui/Makefile
index c2f982de..b2375fbf 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -31,7 +31,7 @@ install: all
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index 34c5d9e3..cb856b2d 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -118,7 +118,7 @@ class modulesPage(semanagePage):
def new_module(self, args):
try:
- Popen(["/usr/share/system-config-selinux/polgengui.py"])
+ Popen(["selinux-polgengui"])
except ValueError as e:
self.error(e.args[0])
--
2.21.0

49
SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch Normal file
View File

@ -0,0 +1,49 @@
From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 5 Mar 2019 17:25:00 +0100
Subject: [PATCH 02/20] gui: Install .desktop files to /usr/share/applications
by default
/usr/share/applications is a standard directory for .desktop files.
Installation path can be changed using DESKTOPDIR variable in installation
phase, e.g.
make DESKTOPDIR=/usr/local/share/applications install
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
gui/Makefile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/gui/Makefile b/gui/Makefile
index b2375fbf..ca965c94 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
+DESKTOPDIR ?= $(PREFIX)/share/applications
TARGETS= \
booleansPage.py \
@@ -29,6 +30,7 @@ install: all
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
-mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
-mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ -mkdir -p $(DESTDIR)$(DESKTOPDIR)
install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
@@ -44,7 +46,7 @@ install: all
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
+ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR)
-mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
--
2.21.0

26
SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch Normal file
View File

@ -0,0 +1,26 @@
From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 20 Aug 2015 12:58:41 +0200
Subject: [PATCH 03/20] sandbox: add -reset to Xephyr as it works better with
it in recent Fedoras
---
sandbox/sandboxX.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
index eaa500d0..47745280 100644
--- a/sandbox/sandboxX.sh
+++ b/sandbox/sandboxX.sh
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
</openbox_config>
EOF
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
cat > ~/seremote << __EOF
#!/bin/sh
--
2.21.0

46
SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch Normal file
View File

@ -0,0 +1,46 @@
From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 21 Apr 2014 13:54:40 -0400
Subject: [PATCH 04/20] Fix STANDARD_FILE_CONTEXT section in man pages
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
---
python/sepolicy/sepolicy/manpage.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 1d367962..24e311a3 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -735,10 +735,13 @@ Default Defined Ports:""")
def _file_context(self):
flist = []
+ flist_non_exec = []
mpaths = []
for f in self.all_file_types:
if f.startswith(self.domainname):
flist.append(f)
+ if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
+ flist_non_exec.append(f)
if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"]
if len(mpaths) == 0:
@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
SELinux defines the file context types for the %(domainname)s, if you wanted to
store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
.br
.B restorecon -R -v /srv/my%(domainname)s_content
Note: SELinux often uses regular expressions to specify labels that match multiple files.
-""" % {'domainname': self.domainname, "type": flist[0]})
+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
self.fd.write(r"""
.I The following file types are defined for %(domainname)s:
--
2.21.0

27
SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch Normal file
View File

@ -0,0 +1,27 @@
From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Mon, 12 May 2014 14:11:22 +0200
Subject: [PATCH 05/20] If there is no executable we don't want to print a part
of STANDARD FILE CONTEXT
---
python/sepolicy/sepolicy/manpage.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 24e311a3..46092be0 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
.PP
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
- self.fd.write(r"""
+ if flist_non_exec:
+ self.fd.write(r"""
.PP
.B STANDARD FILE CONTEXT
--
2.21.0

169
SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch Normal file
View File

@ -0,0 +1,169 @@
From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Thu, 19 Feb 2015 17:45:15 +0100
Subject: [PATCH 06/20] Simplication of sepolicy-manpage web functionality.
system_release is no longer hardcoded and it creates only index.html and html
man pages in the directory for the system release.
---
python/sepolicy/sepolicy/__init__.py | 25 +++--------
python/sepolicy/sepolicy/manpage.py | 65 +++-------------------------
2 files changed, 13 insertions(+), 77 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 6aed31bd..88a2b8f6 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1209,27 +1209,14 @@ def boolean_desc(boolean):
def get_os_version():
- os_version = ""
- pkg_name = "selinux-policy"
+ system_release = ""
try:
- try:
- from commands import getstatusoutput
- except ImportError:
- from subprocess import getstatusoutput
- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
- if rc == 0:
- os_version = output.split(".")[-2]
- except:
- os_version = ""
-
- if os_version[0:2] == "fc":
- os_version = "Fedora" + os_version[2:]
- elif os_version[0:2] == "el":
- os_version = "RHEL" + os_version[2:]
- else:
- os_version = ""
+ with open('/etc/system-release') as f:
+ system_release = f.readline()
+ except IOError:
+ system_release = "Misc"
- return os_version
+ return system_release
def reinit():
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 46092be0..d60acfaf 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -149,10 +149,6 @@ def prettyprint(f, trim):
manpage_domains = []
manpage_roles = []
-fedora_releases = ["Fedora17", "Fedora18"]
-rhel_releases = ["RHEL6", "RHEL7"]
-
-
def get_alphabet_manpages(manpage_list):
alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
for i in string.ascii_letters:
@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage):
class HTMLManPages:
"""
- Generate a HHTML Manpages on an given SELinux domains
+ Generate a HTML Manpages on an given SELinux domains
"""
def __init__(self, manpage_roles, manpage_domains, path, os_version):
@@ -190,9 +186,9 @@ class HTMLManPages:
self.manpage_domains = get_alphabet_manpages(manpage_domains)
self.os_version = os_version
self.old_path = path + "/"
- self.new_path = self.old_path + self.os_version + "/"
+ self.new_path = self.old_path
- if self.os_version in fedora_releases or self.os_version in rhel_releases:
+ if self.os_version:
self.__gen_html_manpages()
else:
print("SELinux HTML man pages can not be generated for this %s" % os_version)
@@ -201,7 +197,6 @@ class HTMLManPages:
def __gen_html_manpages(self):
self._write_html_manpage()
self._gen_index()
- self._gen_body()
self._gen_css()
def _write_html_manpage(self):
@@ -219,67 +214,21 @@ class HTMLManPages:
convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
def _gen_index(self):
- index = self.old_path + "index.html"
- fd = open(index, 'w')
- fd.write("""
-<html>
-<head>
- <link rel=stylesheet type="text/css" href="style.css" title="style">
- <title>SELinux man pages online</title>
-</head>
-<body>
-<h1>SELinux man pages</h1>
-<br></br>
-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
-<br></br>
-<hr>
-<h3>Fedora</h3>
-<table><tr>
-<td valign="middle">
-</td>
-</tr></table>
-<pre>
-""")
- for f in fedora_releases:
- fd.write("""
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
-
- fd.write("""
-</pre>
-<hr>
-<h3>RHEL</h3>
-<table><tr>
-<td valign="middle">
-</td>
-</tr></table>
-<pre>
-""")
- for r in rhel_releases:
- fd.write("""
-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
-
- fd.write("""
-</pre>
- """)
- fd.close()
- print("%s has been created" % index)
-
- def _gen_body(self):
html = self.new_path + self.os_version + ".html"
fd = open(html, 'w')
fd.write("""
<html>
<head>
- <link rel=stylesheet type="text/css" href="../style.css" title="style">
- <title>Linux man-pages online for Fedora18</title>
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
+ <title>SELinux man pages online</title>
</head>
<body>
-<h1>SELinux man pages for Fedora18</h1>
+<h1>SELinux man pages for %s</h1>
<hr>
<table><tr>
<td valign="middle">
<h3>SELinux roles</h3>
-""")
+""" % self.os_version)
for letter in self.manpage_roles:
if len(self.manpage_roles[letter]):
fd.write("""
--
2.21.0

26
SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch Normal file
View File

@ -0,0 +1,26 @@
From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:01 +0100
Subject: [PATCH 07/20] We want to remove the trailing newline for
/etc/system_release.
---
python/sepolicy/sepolicy/__init__.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 88a2b8f6..0c66f4d5 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -1212,7 +1212,7 @@ def get_os_version():
system_release = ""
try:
with open('/etc/system-release') as f:
- system_release = f.readline()
+ system_release = f.readline().rstrip()
except IOError:
system_release = "Misc"
--
2.21.0

25
SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch Normal file
View File

@ -0,0 +1,25 @@
From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@redhat.com>
Date: Fri, 20 Feb 2015 16:42:53 +0100
Subject: [PATCH 08/20] Fix title in manpage.py to not contain 'online'.
---
python/sepolicy/sepolicy/manpage.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index d60acfaf..de8184d8 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -220,7 +220,7 @@ class HTMLManPages:
<html>
<head>
<link rel=stylesheet type="text/css" href="style.css" title="style">
- <title>SELinux man pages online</title>
+ <title>SELinux man pages</title>
</head>
<body>
<h1>SELinux man pages for %s</h1>
--
2.21.0

24
SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch Normal file
View File

@ -0,0 +1,24 @@
From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Fri, 14 Feb 2014 12:32:12 -0500
Subject: [PATCH 09/20] Don't be verbose if you are not on a tty
---
policycoreutils/scripts/fixfiles | 1 +
1 file changed, 1 insertion(+)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index b2779581..53d28c7b 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
fullFlag=0
BOOTTIME=""
VERBOSE="-p"
+[ -t 1 ] || VERBOSE=""
FORCEFLAG=""
RPMFILES=""
PREFC=""
--
2.21.0

63
SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch Normal file
View File

@ -0,0 +1,63 @@
From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 27 Feb 2017 17:12:39 +0100
Subject: [PATCH 10/20] sepolicy: Drop old interface file_type_is_executable(f)
and file_type_is_entrypoint(f)
- use direct queries
- load exec_types and entry_types only once
---
python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index de8184d8..f8a94fc0 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -125,8 +125,24 @@ def gen_domains():
domains.sort()
return domains
-types = None
+exec_types = None
+
+def _gen_exec_types():
+ global exec_types
+ if exec_types is None:
+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
+ return exec_types
+
+entry_types = None
+
+def _gen_entry_types():
+ global entry_types
+ if entry_types is None:
+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
+ return entry_types
+
+types = None
def _gen_types():
global types
@@ -372,6 +388,8 @@ class ManPage:
self.all_file_types = sepolicy.get_all_file_types()
self.role_allows = sepolicy.get_all_role_allows()
self.types = _gen_types()
+ self.exec_types = _gen_exec_types()
+ self.entry_types = _gen_entry_types()
if self.source_files:
self.fcpath = self.root + "file_contexts"
@@ -689,7 +707,7 @@ Default Defined Ports:""")
for f in self.all_file_types:
if f.startswith(self.domainname):
flist.append(f)
- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
+ if not f in self.exec_types or not f in self.entry_types:
flist_non_exec.append(f)
if f in self.fcdict:
mpaths = mpaths + self.fcdict[f]["regex"]
--
2.21.0

53
SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch Normal file
View File

@ -0,0 +1,53 @@
From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 28 Feb 2017 21:29:46 +0100
Subject: [PATCH 11/20] sepolicy: Another small optimization for mcs types
---
python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index f8a94fc0..67d39301 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -142,6 +142,15 @@ def _gen_entry_types():
entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
return entry_types
+mcs_constrained_types = None
+
+def _gen_mcs_constrained_types():
+ global mcs_constrained_types
+ if mcs_constrained_types is None:
+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+ return mcs_constrained_types
+
+
types = None
def _gen_types():
@@ -390,6 +399,7 @@ class ManPage:
self.types = _gen_types()
self.exec_types = _gen_exec_types()
self.entry_types = _gen_entry_types()
+ self.mcs_constrained_types = _gen_mcs_constrained_types()
if self.source_files:
self.fcpath = self.root + "file_contexts"
@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
%s""" % ", ".join(paths))
def _mcs_types(self):
- try:
- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
- except StopIteration:
- return
- if self.type not in mcs_constrained_type['types']:
+ if self.type not in self.mcs_constrained_types['types']:
return
self.fd.write ("""
.SH "MCS Constrained"
--
2.21.0

516
SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch Normal file
View File

@ -0,0 +1,516 @@
From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:23:00 +0200
Subject: [PATCH 12/20] Move po/ translation files into the right
sub-directories
When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
sub-directories, po/ translation files stayed in policycoreutils/.
This commit split original policycoreutils/po directory into
policycoreutils/po
python/po
gui/po
sandbox/po
See https://github.com/fedora-selinux/selinux/issues/43
---
gui/Makefile | 3 ++
gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
gui/po/POTFILES | 17 ++++++++
policycoreutils/po/Makefile | 70 ++-----------------------------
policycoreutils/po/POTFILES | 9 ++++
python/Makefile | 2 +-
python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++
python/po/POTFILES | 10 +++++
sandbox/Makefile | 2 +
sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
sandbox/po/POTFILES | 1 +
11 files changed, 293 insertions(+), 68 deletions(-)
create mode 100644 gui/po/Makefile
create mode 100644 gui/po/POTFILES
create mode 100644 policycoreutils/po/POTFILES
create mode 100644 python/po/Makefile
create mode 100644 python/po/POTFILES
create mode 100644 sandbox/po/Makefile
create mode 100644 sandbox/po/POTFILES
diff --git a/gui/Makefile b/gui/Makefile
index ca965c94..5a5bf6dc 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -22,6 +22,7 @@ system-config-selinux.ui \
usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py
+ (cd po && $(MAKE) $@)
install: all
-mkdir -p $(DESTDIR)$(MANDIR)/man8
@@ -54,6 +55,8 @@ install: all
install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ (cd po && $(MAKE) $@)
+
clean:
indent:
diff --git a/gui/po/Makefile b/gui/po/Makefile
new file mode 100644
index 00000000..a0f5439f
--- /dev/null
+++ b/gui/po/Makefile
@@ -0,0 +1,82 @@
+#
+# Makefile for the PO files (translation) catalog
+#
+
+PREFIX ?= /usr
+
+# What is this package?
+NLSPACKAGE = gui
+POTFILE = $(NLSPACKAGE).pot
+INSTALL = /usr/bin/install -c -p
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_DIR = /usr/bin/install -d
+
+# destination directory
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
+
+# PO catalog handling
+MSGMERGE = msgmerge
+MSGMERGE_FLAGS = -q
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
+MSGFMT = msgfmt
+
+# All possible linguas
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
+
+# Only the files matching what the user has set in LINGUAS
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
+
+# if no valid LINGUAS, build all languages
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+POTFILES = $(shell cat POTFILES)
+
+#default:: clean
+
+all:: $(MOFILES)
+
+$(POTFILE): $(POTFILES)
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+ else \
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+
+refresh-po: Makefile
+ for cat in $(POFILES); do \
+ lang=`basename $$cat .po`; \
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
+ mv -f $$lang.pot $$lang.po ; \
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
+ else \
+ echo "$(MSGMERGE) of $$lang failed" ; \
+ rm -f $$lang.pot ; \
+ fi \
+ done
+
+clean:
+ @rm -fv *mo *~ .depend
+ @rm -rf tmp
+
+install: $(MOFILES)
+ @for n in $(MOFILES); do \
+ l=`basename $$n .mo`; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
+ done
+
+%.mo: %.po
+ $(MSGFMT) -o $@ $<
+report:
+ @for cat in $(wildcard *.po); do \
+ echo -n "$$cat: "; \
+ msgfmt -v --statistics -o /dev/null $$cat; \
+ done
+
+.PHONY: missing depend
+
+relabel:
diff --git a/gui/po/POTFILES b/gui/po/POTFILES
new file mode 100644
index 00000000..1795c5c1
--- /dev/null
+++ b/gui/po/POTFILES
@@ -0,0 +1,17 @@
+../booleansPage.py
+../domainsPage.py
+../fcontextPage.py
+../loginsPage.py
+../modulesPage.py
+../org.selinux.config.policy
+../polgengui.py
+../polgen.ui
+../portsPage.py
+../selinux-polgengui.desktop
+../semanagePage.py
+../sepolicy.desktop
+../statusPage.py
+../system-config-selinux.desktop
+../system-config-selinux.py
+../system-config-selinux.ui
+../usersPage.py
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
index 575e1431..18bc1dff 100644
--- a/policycoreutils/po/Makefile
+++ b/policycoreutils/po/Makefile
@@ -3,7 +3,6 @@
#
PREFIX ?= /usr
-TOP = ../..
# What is this package?
NLSPACKAGE = policycoreutils
@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
MOFILES = $(patsubst %.po,%.mo,$(POFILES))
-POTFILES = \
- ../run_init/open_init_pty.c \
- ../run_init/run_init.c \
- ../semodule_link/semodule_link.c \
- ../audit2allow/audit2allow \
- ../semanage/seobject.py \
- ../setsebool/setsebool.c \
- ../newrole/newrole.c \
- ../load_policy/load_policy.c \
- ../sestatus/sestatus.c \
- ../semodule/semodule.c \
- ../setfiles/setfiles.c \
- ../semodule_package/semodule_package.c \
- ../semodule_deps/semodule_deps.c \
- ../semodule_expand/semodule_expand.c \
- ../scripts/chcat \
- ../scripts/fixfiles \
- ../restorecond/stringslist.c \
- ../restorecond/restorecond.h \
- ../restorecond/utmpwatcher.h \
- ../restorecond/stringslist.h \
- ../restorecond/restorecond.c \
- ../restorecond/utmpwatcher.c \
- ../gui/booleansPage.py \
- ../gui/fcontextPage.py \
- ../gui/loginsPage.py \
- ../gui/mappingsPage.py \
- ../gui/modulesPage.py \
- ../gui/polgen.glade \
- ../gui/polgengui.py \
- ../gui/portsPage.py \
- ../gui/semanagePage.py \
- ../gui/statusPage.py \
- ../gui/system-config-selinux.glade \
- ../gui/system-config-selinux.py \
- ../gui/usersPage.py \
- ../secon/secon.c \
- booleans.py \
- ../sepolicy/sepolicy.py \
- ../sepolicy/sepolicy/communicate.py \
- ../sepolicy/sepolicy/__init__.py \
- ../sepolicy/sepolicy/network.py \
- ../sepolicy/sepolicy/generate.py \
- ../sepolicy/sepolicy/sepolicy.glade \
- ../sepolicy/sepolicy/gui.py \
- ../sepolicy/sepolicy/manpage.py \
- ../sepolicy/sepolicy/transition.py \
- ../sepolicy/sepolicy/templates/executable.py \
- ../sepolicy/sepolicy/templates/__init__.py \
- ../sepolicy/sepolicy/templates/network.py \
- ../sepolicy/sepolicy/templates/rw.py \
- ../sepolicy/sepolicy/templates/script.py \
- ../sepolicy/sepolicy/templates/semodule.py \
- ../sepolicy/sepolicy/templates/tmp.py \
- ../sepolicy/sepolicy/templates/user.py \
- ../sepolicy/sepolicy/templates/var_lib.py \
- ../sepolicy/sepolicy/templates/var_log.py \
- ../sepolicy/sepolicy/templates/var_run.py \
- ../sepolicy/sepolicy/templates/var_spool.py
+POTFILES = $(shell cat POTFILES)
#default:: clean
-all:: $(MOFILES)
+all:: $(POTFILE) $(MOFILES)
-booleans.py:
- sepolicy booleans -a > booleans.py
-
-$(POTFILE): $(POTFILES) booleans.py
+$(POTFILE): $(POTFILES)
$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
rm -f $(NLSPACKAGE).po; \
@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
mv -f $(NLSPACKAGE).po $(POTFILE); \
fi; \
-update-po: Makefile $(POTFILE) refresh-po
- @rm -f booleans.py
refresh-po: Makefile
for cat in $(POFILES); do \
diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
new file mode 100644
index 00000000..12237dc6
--- /dev/null
+++ b/policycoreutils/po/POTFILES
@@ -0,0 +1,9 @@
+../run_init/open_init_pty.c
+../run_init/run_init.c
+../setsebool/setsebool.c
+../newrole/newrole.c
+../load_policy/load_policy.c
+../sestatus/sestatus.c
+../semodule/semodule.c
+../setfiles/setfiles.c
+../secon/secon.c
diff --git a/python/Makefile b/python/Makefile
index 9b66d52f..00312dbd 100644
--- a/python/Makefile
+++ b/python/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
all install relabel clean indent test:
@for subdir in $(SUBDIRS); do \
diff --git a/python/po/Makefile b/python/po/Makefile
new file mode 100644
index 00000000..4e052d5a
--- /dev/null
+++ b/python/po/Makefile
@@ -0,0 +1,83 @@
+#
+# Makefile for the PO files (translation) catalog
+#
+
+PREFIX ?= /usr
+
+# What is this package?
+NLSPACKAGE = python
+POTFILE = $(NLSPACKAGE).pot
+INSTALL = /usr/bin/install -c -p
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_DIR = /usr/bin/install -d
+
+# destination directory
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
+
+# PO catalog handling
+MSGMERGE = msgmerge
+MSGMERGE_FLAGS = -q
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
+MSGFMT = msgfmt
+
+# All possible linguas
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
+
+# Only the files matching what the user has set in LINGUAS
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
+
+# if no valid LINGUAS, build all languages
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+POTFILES = $(shell cat POTFILES)
+
+#default:: clean
+
+all:: $(MOFILES)
+
+$(POTFILE): $(POTFILES)
+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+ else \
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+
+refresh-po: Makefile
+ for cat in $(POFILES); do \
+ lang=`basename $$cat .po`; \
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
+ mv -f $$lang.pot $$lang.po ; \
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
+ else \
+ echo "$(MSGMERGE) of $$lang failed" ; \
+ rm -f $$lang.pot ; \
+ fi \
+ done
+
+clean:
+ @rm -fv *mo *~ .depend
+ @rm -rf tmp
+
+install: $(MOFILES)
+ @for n in $(MOFILES); do \
+ l=`basename $$n .mo`; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
+ done
+
+%.mo: %.po
+ $(MSGFMT) -o $@ $<
+report:
+ @for cat in $(wildcard *.po); do \
+ echo -n "$$cat: "; \
+ msgfmt -v --statistics -o /dev/null $$cat; \
+ done
+
+.PHONY: missing depend
+
+relabel:
diff --git a/python/po/POTFILES b/python/po/POTFILES
new file mode 100644
index 00000000..128eb870
--- /dev/null
+++ b/python/po/POTFILES
@@ -0,0 +1,10 @@
+../audit2allow/audit2allow
+../chcat/chcat
+../semanage/semanage
+../semanage/seobject.py
+../sepolgen/src/sepolgen/interfaces.py
+../sepolicy/sepolicy/generate.py
+../sepolicy/sepolicy/gui.py
+../sepolicy/sepolicy/__init__.py
+../sepolicy/sepolicy/interface.py
+../sepolicy/sepolicy.py
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 9da5e58d..b817824e 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
SEUNSHARE_OBJS = seunshare.o
all: sandbox seunshare sandboxX.sh start
+ (cd po && $(MAKE) $@)
seunshare: $(SEUNSHARE_OBJS)
@@ -39,6 +40,7 @@ install: all
install -m 755 start $(DESTDIR)$(SHAREDIR)
-mkdir -p $(DESTDIR)$(SYSCONFDIR)
install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
+ (cd po && $(MAKE) $@)
test:
@$(PYTHON) test_sandbox.py -v
diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
new file mode 100644
index 00000000..0556bbe9
--- /dev/null
+++ b/sandbox/po/Makefile
@@ -0,0 +1,82 @@
+#
+# Makefile for the PO files (translation) catalog
+#
+
+PREFIX ?= /usr
+
+# What is this package?
+NLSPACKAGE = sandbox
+POTFILE = $(NLSPACKAGE).pot
+INSTALL = /usr/bin/install -c -p
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_DIR = /usr/bin/install -d
+
+# destination directory
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
+
+# PO catalog handling
+MSGMERGE = msgmerge
+MSGMERGE_FLAGS = -q
+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
+MSGFMT = msgfmt
+
+# All possible linguas
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
+
+# Only the files matching what the user has set in LINGUAS
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
+
+# if no valid LINGUAS, build all languages
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+POTFILES = $(shell cat POTFILES)
+
+#default:: clean
+
+all:: $(POTFILE) $(MOFILES)
+
+$(POTFILE): $(POTFILES)
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+ else \
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+
+refresh-po: Makefile
+ for cat in $(POFILES); do \
+ lang=`basename $$cat .po`; \
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
+ mv -f $$lang.pot $$lang.po ; \
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
+ else \
+ echo "$(MSGMERGE) of $$lang failed" ; \
+ rm -f $$lang.pot ; \
+ fi \
+ done
+
+clean:
+ @rm -fv *mo *~ .depend
+ @rm -rf tmp
+
+install: $(MOFILES)
+ @for n in $(MOFILES); do \
+ l=`basename $$n .mo`; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
+ done
+
+%.mo: %.po
+ $(MSGFMT) -o $@ $<
+report:
+ @for cat in $(wildcard *.po); do \
+ echo -n "$$cat: "; \
+ msgfmt -v --statistics -o /dev/null $$cat; \
+ done
+
+.PHONY: missing depend
+
+relabel:
diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
new file mode 100644
index 00000000..deff3f2f
--- /dev/null
+++ b/sandbox/po/POTFILES
@@ -0,0 +1 @@
+../sandbox
--
2.21.0

306
SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch Normal file
View File

@ -0,0 +1,306 @@
From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 6 Aug 2018 13:37:07 +0200
Subject: [PATCH 13/20] Use correct gettext domains in python/ gui/ sandbox/
https://github.com/fedora-selinux/selinux/issues/43
---
gui/booleansPage.py | 2 +-
gui/domainsPage.py | 2 +-
gui/fcontextPage.py | 2 +-
gui/loginsPage.py | 2 +-
gui/modulesPage.py | 2 +-
gui/polgengui.py | 2 +-
gui/portsPage.py | 2 +-
gui/semanagePage.py | 2 +-
gui/statusPage.py | 2 +-
gui/system-config-selinux.py | 2 +-
gui/usersPage.py | 2 +-
python/chcat/chcat | 2 +-
python/semanage/semanage | 2 +-
python/semanage/seobject.py | 2 +-
python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +-
python/sepolicy/sepolicy.py | 2 +-
python/sepolicy/sepolicy/__init__.py | 2 +-
python/sepolicy/sepolicy/generate.py | 2 +-
python/sepolicy/sepolicy/gui.py | 2 +-
python/sepolicy/sepolicy/interface.py | 2 +-
sandbox/sandbox | 2 +-
21 files changed, 21 insertions(+), 21 deletions(-)
diff --git a/gui/booleansPage.py b/gui/booleansPage.py
index 7849bea2..dd12b6d6 100644
--- a/gui/booleansPage.py
+++ b/gui/booleansPage.py
@@ -38,7 +38,7 @@ DISABLED = 2
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/domainsPage.py b/gui/domainsPage.py
index bad5140d..6bbe4de5 100644
--- a/gui/domainsPage.py
+++ b/gui/domainsPage.py
@@ -30,7 +30,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
index 370bbee4..e424366d 100644
--- a/gui/fcontextPage.py
+++ b/gui/fcontextPage.py
@@ -47,7 +47,7 @@ class context:
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/loginsPage.py b/gui/loginsPage.py
index b67eb8bc..cbfb0cc2 100644
--- a/gui/loginsPage.py
+++ b/gui/loginsPage.py
@@ -29,7 +29,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index cb856b2d..26ac5404 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -30,7 +30,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/polgengui.py b/gui/polgengui.py
index b1cc9937..46a1bd2c 100644
--- a/gui/polgengui.py
+++ b/gui/polgengui.py
@@ -63,7 +63,7 @@ def get_all_modules():
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/portsPage.py b/gui/portsPage.py
index 30f58383..a537ecc8 100644
--- a/gui/portsPage.py
+++ b/gui/portsPage.py
@@ -35,7 +35,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/semanagePage.py b/gui/semanagePage.py
index 4127804f..5361d69c 100644
--- a/gui/semanagePage.py
+++ b/gui/semanagePage.py
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/statusPage.py b/gui/statusPage.py
index 766854b1..a8f079b9 100644
--- a/gui/statusPage.py
+++ b/gui/statusPage.py
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
index c42301b6..1e0d5eb1 100644
--- a/gui/system-config-selinux.py
+++ b/gui/system-config-selinux.py
@@ -45,7 +45,7 @@ import selinux
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/gui/usersPage.py b/gui/usersPage.py
index 26794ed5..d15d4c5a 100644
--- a/gui/usersPage.py
+++ b/gui/usersPage.py
@@ -29,7 +29,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git a/python/chcat/chcat b/python/chcat/chcat
index ba398684..df2509f2 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -30,7 +30,7 @@ import getopt
import selinux
import seobject
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 144cc000..56db3e0d 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -27,7 +27,7 @@ import traceback
import argparse
import seobject
import sys
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 13fdf531..b90b1070 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -29,7 +29,7 @@ import sys
import stat
import socket
from semanage import *
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
import sepolicy
import setools
from IPy import IP
diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
index 998c4356..56ebd807 100644
--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
@@ -19,7 +19,7 @@
try:
import gettext
- t = gettext.translation( 'yumex' )
+ t = gettext.translation( 'selinux-python' )
_ = t.gettext
except:
def _(str):
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index 1934cd86..8bd6a579 100755
--- a/python/sepolicy/sepolicy.py
+++ b/python/sepolicy/sepolicy.py
@@ -27,7 +27,7 @@ import selinux
import sepolicy
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
import argparse
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 0c66f4d5..b6ca57c3 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -13,7 +13,7 @@ import os
import re
import gzip
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 019e7836..7175d36b 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 00fd7a11..805cee67 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -41,7 +41,7 @@ import os
import re
import unicodedata
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
index 583091ae..e2b8d23b 100644
--- a/python/sepolicy/sepolicy/interface.py
+++ b/python/sepolicy/sepolicy/interface.py
@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-python"
try:
import gettext
kwargs = {}
diff --git a/sandbox/sandbox b/sandbox/sandbox
index 1dec07ac..a12403b3 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -37,7 +37,7 @@ import sepolicy
SEUNSHARE = "/usr/sbin/seunshare"
SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-sandbox"
try:
import gettext
kwargs = {}
--
2.21.0

4532
SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch Normal file
View File

File diff suppressed because it is too large Load Diff

31
SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch Normal file
View File

@ -0,0 +1,31 @@
From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Mar 2018 08:51:31 +0100
Subject: [PATCH 16/20] policycoreutils/setfiles: Improve description of -d
switch
The "-q" switch is becoming obsolete (completely unused in fedora) and
debug output ("-d" switch) makes sense in any scenario. Therefore both
options can be specified at once.
Resolves: rhbz#1271327
---
policycoreutils/setfiles/setfiles.8 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index ccaaf4de..a8a76c86 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
.TP
.B \-d
show what specification matched each file (do not abort validation
-after ABORT_ON_ERRORS errors).
+after ABORT_ON_ERRORS errors). Not affected by "\-q"
.TP
.BI \-e \ directory
directory to exclude (repeat option for more than one directory).
--
2.21.0

71
SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch Normal file
View File

@ -0,0 +1,71 @@
From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001
From: Masatake YAMATO <yamato@redhat.com>
Date: Thu, 14 Dec 2017 15:57:58 +0900
Subject: [PATCH 17/20] sepolicy-generate: Handle more reserved port types
Currently only reserved_port_t, port_t and hi_reserved_port_t are
handled as special when making a ports-dictionary. However, as fas as
corenetwork.te.in of serefpolicy, unreserved_port_t and
ephemeral_port_t should be handled in the same way, too.
(Details) I found the need of this change when I was using
selinux-polgengui. Though tcp port 12345, which my application may
use, was given to the gui, selinux-polgengui generates expected te
file and sh file which didn't utilize the tcp port.
selinux-polgengui checks whether a port given via gui is already typed
or not.
If it is already typed, selinux-polgengui generates a te file having
rules to allow the application to use the port. (A)
If not, it seems for me that selinux-polgengui is designed to generate
a te file having rules to allow the application to own(?) the port;
and a sh file having a command line to assign the application own type
to the port. (B)
As we can see the output of `semanage port -l' some of ports for
specified purpose have types already. The important point is that the
rest of ports also have types already:
hi_reserved_port_t tcp 512-1023
hi_reserved_port_t udp 512-1023
unreserved_port_t tcp 1024-32767, 61001-65535
unreserved_port_t udp 1024-32767, 61001-65535
ephemeral_port_t tcp 32768-61000
ephemeral_port_t udp 32768-61000
As my patch shows, the original selinux-polgengui ignored
hi_reserved_port_t; though hi_reserved_port_t is assigned,
selinux-polgengui considered ports 512-1023 are not used. As the
result selinux-polgengui generates file sets of (B).
For the purpose of selinux-polgengui, I think unreserved_port_t and
ephemeral_port_t are treated as the same as hi_reserved_port_t.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Fedora only patch:
https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redhat.com/
---
python/sepolicy/sepolicy/generate.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 7175d36b..93caedee 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -100,7 +100,9 @@ def get_all_ports():
for p in sepolicy.info(sepolicy.PORT):
if p['type'] == "reserved_port_t" or \
p['type'] == "port_t" or \
- p['type'] == "hi_reserved_port_t":
+ p['type'] == "hi_reserved_port_t" or \
+ p['type'] == "ephemeral_port_t" or \
+ p['type'] == "unreserved_port_t":
continue
dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
return dict
--
2.21.0

24
SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch Normal file
View File

@ -0,0 +1,24 @@
From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 8 Nov 2018 09:20:58 +0100
Subject: [PATCH 18/20] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
---
semodule-utils/semodule_package/semodule_package.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
index 3515234e..7b75b3fd 100644
--- a/semodule-utils/semodule_package/semodule_package.c
+++ b/semodule-utils/semodule_package/semodule_package.c
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
}
if (!sb.st_size) {
*len = 0;
+ close(fd);
return 0;
}
--
2.21.0

74
SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Normal file
View File

@ -0,0 +1,74 @@
From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 18 Jul 2018 09:09:35 +0200
Subject: [PATCH 19/20] sandbox: Use matchbox-window-manager instead of openbox
---
sandbox/sandbox | 4 ++--
sandbox/sandbox.8 | 2 +-
sandbox/sandboxX.sh | 14 --------------
3 files changed, 3 insertions(+), 17 deletions(-)
diff --git a/sandbox/sandbox b/sandbox/sandbox
index a12403b3..707959a6 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -268,7 +268,7 @@ class Sandbox:
copyfile(f, "/tmp", self.__tmpdir)
copyfile(f, "/var/tmp", self.__tmpdir)
- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
+ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
execfile = self.__homedir + "/.sandboxrc"
fd = open(execfile, "w+")
if self.__options.session:
@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
- default="/usr/bin/openbox",
+ default="/usr/bin/matchbox-window-manager",
help=_("alternate window manager"))
parser.add_option("-l", "--level", dest="level",
diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
index d83fee76..90ef4951 100644
--- a/sandbox/sandbox.8
+++ b/sandbox/sandbox.8
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
\fB\-W\fR \fB\-\-windowmanager\fR
Select alternative window manager to run within
.B sandbox \-X.
-Default to /usr/bin/openbox.
+Default to /usr/bin/matchbox-window-manager.
.TP
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
index 47745280..c211ebc1 100644
--- a/sandbox/sandboxX.sh
+++ b/sandbox/sandboxX.sh
@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
[ -z $2 ] && export DPI="96" || export DPI="$2"
trap "exit 0" HUP
-mkdir -p ~/.config/openbox
-cat > ~/.config/openbox/rc.xml << EOF
-<openbox_config xmlns="http://openbox.org/3.4/rc"
- xmlns:xi="http://www.w3.org/2001/XInclude">
-<applications>
- <application class="*">
- <decor>no</decor>
- <desktop>all</desktop>
- <maximized>yes</maximized>
- </application>
-</applications>
-</openbox_config>
-EOF
-
(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
cat > ~/seremote << __EOF
--
2.21.0

45
SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch Normal file
View File

@ -0,0 +1,45 @@
From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 3 Dec 2018 14:40:09 +0100
Subject: [PATCH 20/20] python: Use ipaddress instead of IPy
ipaddress module was added in python 3.3 and this allows us to drop python3-IPy
---
python/semanage/seobject.py | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index b90b1070..58497e3b 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -32,7 +32,7 @@ from semanage import *
PROGNAME = "selinux-python"
import sepolicy
import setools
-from IPy import IP
+import ipaddress
try:
import gettext
@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords):
# verify valid comination
if len(mask) == 0 or mask[0] == "/":
- i = IP(addr + mask)
- newaddr = i.strNormal(0)
- newmask = str(i.netmask())
- if newmask == "0.0.0.0" and i.version() == 6:
+ i = ipaddress.ip_network(addr + mask)
+ newaddr = str(i.network_address)
+ newmask = str(i.netmask)
+ if newmask == "0.0.0.0" and i.version == 6:
newmask = "::"
- protocol = "ipv%d" % i.version()
+ protocol = "ipv%d" % i.version
try:
newprotocol = self.protocol.index(protocol)
--
2.21.0

93
SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch Normal file
View File

@ -0,0 +1,93 @@
From 6051f6a56d0ad63fc8aa7c806d43b0594652a0b9 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 4 Apr 2019 23:02:56 +0200
Subject: [PATCH] python/semanage: Do not traceback when the default policy is
not available
"import seobject" causes "import sepolicy" which crashes when the system policy
is not available. It's better to provide an error message instead.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
python/semanage/semanage | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 56db3e0d..4c766ae3 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -25,7 +25,6 @@
import traceback
import argparse
-import seobject
import sys
PROGNAME = "selinux-python"
try:
@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action):
sys.exit(1)
setattr(namespace, self.dest, values)
-# define dictonary for seobject OBEJCTS
-object_dict = {
- 'login': seobject.loginRecords,
- 'user': seobject.seluserRecords,
- 'port': seobject.portRecords,
- 'module': seobject.moduleRecords,
- 'interface': seobject.interfaceRecords,
- 'node': seobject.nodeRecords,
- 'fcontext': seobject.fcontextRecords,
- 'boolean': seobject.booleanRecords,
- 'permissive': seobject.permissiveRecords,
- 'dontaudit': seobject.dontauditClass,
- 'ibpkey': seobject.ibpkeyRecords,
- 'ibendport': seobject.ibendportRecords
-}
def generate_custom_usage(usage_text, usage_dict):
# generate custom usage from given text and dictonary
@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers):
def handleModule(args):
+ import seobject
OBJECT = seobject.moduleRecords(args)
if args.action_add:
OBJECT.add(args.action_add[0], args.priority)
@@ -846,6 +831,7 @@ def mkargv(line):
def handleImport(args):
+ import seobject
trans = seobject.semanageRecords(args)
trans.start()
@@ -887,6 +873,25 @@ def createCommandParser():
#To add a new subcommand define the parser for it in a function above and call it here.
subparsers = commandParser.add_subparsers(dest='subcommand')
subparsers.required = True
+
+ import seobject
+ # define dictonary for seobject OBEJCTS
+ global object_dict
+ object_dict = {
+ 'login': seobject.loginRecords,
+ 'user': seobject.seluserRecords,
+ 'port': seobject.portRecords,
+ 'module': seobject.moduleRecords,
+ 'interface': seobject.interfaceRecords,
+ 'node': seobject.nodeRecords,
+ 'fcontext': seobject.fcontextRecords,
+ 'boolean': seobject.booleanRecords,
+ 'permissive': seobject.permissiveRecords,
+ 'dontaudit': seobject.dontauditClass,
+ 'ibpkey': seobject.ibpkeyRecords,
+ 'ibendport': seobject.ibendportRecords
+ }
+
setupImportParser(subparsers)
setupExportParser(subparsers)
setupLoginParser(subparsers)
--
2.21.0

108
SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch Normal file
View File

@ -0,0 +1,108 @@
From 99582e3bf63475b7af5793bb9230e88d847dc7c8 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 2 Jul 2019 17:11:32 +0200
Subject: [PATCH 22/23] policycoreutils/fixfiles: Fix [-B] [-F] onboot
Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel"
command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
`fixfiles -B onboot` to show usage instead of updating /.autorelabel
The code is restructured to handle -B for different modes correctly.
Fixes:
# fixfiles -B onboot
Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel
...
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
policycoreutils/scripts/fixfiles | 29 +++++++++++++++--------------
1 file changed, 15 insertions(+), 14 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 53d28c7b..9dd44213 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -112,7 +112,7 @@ VERBOSE="-p"
FORCEFLAG=""
RPMFILES=""
PREFC=""
-RESTORE_MODE="DEFAULT"
+RESTORE_MODE=""
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
FILESYSTEMSRW=`get_rw_labeled_mounts`
@@ -214,16 +214,17 @@ restore () {
OPTION=$1
shift
-case "$RESTORE_MODE" in
- PREFC)
- diff_filecontext $*
- return
- ;;
- BOOTTIME)
+# [-B | -N time ]
+if [ -z "$BOOTTIME" ]; then
newer $BOOTTIME $*
return
- ;;
-esac
+fi
+
+# -C PREVIOUS_FILECONTEXT
+if [ "$RESTORE_MODE" == PREFC ]; then
+ diff_filecontext $*
+ return
+fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in
FILEPATH)
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
;;
- DEFAULT)
+ *)
if [ -n "${FILESYSTEMSRW}" ]; then
LogReadOnly
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
@@ -272,7 +273,7 @@ fullrelabel() {
relabel() {
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
usage
exit 1
fi
@@ -306,7 +307,7 @@ case "$1" in
verify) restore Verify -n;;
relabel) relabel;;
onboot)
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
usage
exit 1
fi
@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then
fi
set_restore_mode() {
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" ]; then
# can't specify two different modes
usage
exit 1
@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do
case "$i" in
B)
BOOTTIME=`/bin/who -b | awk '{print $3}'`
- set_restore_mode BOOTTIME
+ set_restore_mode DEFAULT
;;
N)
BOOTTIME=$OPTARG
--
2.22.0

33
SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch Normal file
View File

@ -0,0 +1,33 @@
From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 2 Jul 2019 17:12:07 +0200
Subject: [PATCH 23/23] policycoreutils/fixfiles: Force full relabel when
SELinux is disabled
The previous check used getfilecon to check whether / slash contains a label,
but getfilecon fails only when SELinux is disabled. Therefore it's better to
check this using selinuxenabled.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
policycoreutils/scripts/fixfiles | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index 9dd44213..a9d27d13 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -314,8 +314,8 @@ case "$1" in
> /.autorelabel || exit $?
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
- # Force full relabel if / does not have a label on it
- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
+ # Force full relabel if SELinux is not enabled
+ selinuxenabled || echo -F > /.autorelabel
echo "System will relabel on next boot"
;;
*)
--
2.22.0

32
SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch Normal file
View File

@ -0,0 +1,32 @@
From 7383f8fbab82826de21d3013a43680867642e49e Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Aug 2019 17:43:25 +0200
Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem
Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix
[-B] [-F] onboot"), which broke "fixfiles relabel":
#fixfiles relabel
/sbin/fixfiles: line 151: $1: unbound variable
Resolves: rhbz#1743213
---
policycoreutils/scripts/fixfiles | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index a9d27d13..df0042aa 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -215,7 +215,7 @@ OPTION=$1
shift
# [-B | -N time ]
-if [ -z "$BOOTTIME" ]; then
+if [ -n "$BOOTTIME" ]; then
newer $BOOTTIME $*
return
fi
--
2.17.2

152
SOURCES/policycoreutils-fedora.patch
View File

@ -1,152 +0,0 @@
diff --git policycoreutils-2.8/newrole/newrole.1 policycoreutils-2.8/newrole/newrole.1
index 0d9738a..893c42f 100644
--- policycoreutils-2.8/newrole/newrole.1
+++ policycoreutils-2.8/newrole/newrole.1
@@ -44,7 +44,7 @@ specified by that range. If the
or
.B --preserve-environment
option is specified, the shell with the new SELinux context will preserve environment variables,
-otherwise a new minimal enviroment is created.
+otherwise a new minimal environment is created.
.PP
Additional arguments
.I ARGS
diff --git policycoreutils-2.8/po/Makefile policycoreutils-2.8/po/Makefile
index 575e143..18bc1df 100644
--- policycoreutils-2.8/po/Makefile
+++ policycoreutils-2.8/po/Makefile
@@ -3,7 +3,6 @@
#
PREFIX ?= /usr
-TOP = ../..
# What is this package?
NLSPACKAGE = policycoreutils
@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
MOFILES = $(patsubst %.po,%.mo,$(POFILES))
-POTFILES = \
- ../run_init/open_init_pty.c \
- ../run_init/run_init.c \
- ../semodule_link/semodule_link.c \
- ../audit2allow/audit2allow \
- ../semanage/seobject.py \
- ../setsebool/setsebool.c \
- ../newrole/newrole.c \
- ../load_policy/load_policy.c \
- ../sestatus/sestatus.c \
- ../semodule/semodule.c \
- ../setfiles/setfiles.c \
- ../semodule_package/semodule_package.c \
- ../semodule_deps/semodule_deps.c \
- ../semodule_expand/semodule_expand.c \
- ../scripts/chcat \
- ../scripts/fixfiles \
- ../restorecond/stringslist.c \
- ../restorecond/restorecond.h \
- ../restorecond/utmpwatcher.h \
- ../restorecond/stringslist.h \
- ../restorecond/restorecond.c \
- ../restorecond/utmpwatcher.c \
- ../gui/booleansPage.py \
- ../gui/fcontextPage.py \
- ../gui/loginsPage.py \
- ../gui/mappingsPage.py \
- ../gui/modulesPage.py \
- ../gui/polgen.glade \
- ../gui/polgengui.py \
- ../gui/portsPage.py \
- ../gui/semanagePage.py \
- ../gui/statusPage.py \
- ../gui/system-config-selinux.glade \
- ../gui/system-config-selinux.py \
- ../gui/usersPage.py \
- ../secon/secon.c \
- booleans.py \
- ../sepolicy/sepolicy.py \
- ../sepolicy/sepolicy/communicate.py \
- ../sepolicy/sepolicy/__init__.py \
- ../sepolicy/sepolicy/network.py \
- ../sepolicy/sepolicy/generate.py \
- ../sepolicy/sepolicy/sepolicy.glade \
- ../sepolicy/sepolicy/gui.py \
- ../sepolicy/sepolicy/manpage.py \
- ../sepolicy/sepolicy/transition.py \
- ../sepolicy/sepolicy/templates/executable.py \
- ../sepolicy/sepolicy/templates/__init__.py \
- ../sepolicy/sepolicy/templates/network.py \
- ../sepolicy/sepolicy/templates/rw.py \
- ../sepolicy/sepolicy/templates/script.py \
- ../sepolicy/sepolicy/templates/semodule.py \
- ../sepolicy/sepolicy/templates/tmp.py \
- ../sepolicy/sepolicy/templates/user.py \
- ../sepolicy/sepolicy/templates/var_lib.py \
- ../sepolicy/sepolicy/templates/var_log.py \
- ../sepolicy/sepolicy/templates/var_run.py \
- ../sepolicy/sepolicy/templates/var_spool.py
+POTFILES = $(shell cat POTFILES)
#default:: clean
-all:: $(MOFILES)
+all:: $(POTFILE) $(MOFILES)
-booleans.py:
- sepolicy booleans -a > booleans.py
-
-$(POTFILE): $(POTFILES) booleans.py
+$(POTFILE): $(POTFILES)
$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
rm -f $(NLSPACKAGE).po; \
@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
mv -f $(NLSPACKAGE).po $(POTFILE); \
fi; \
-update-po: Makefile $(POTFILE) refresh-po
- @rm -f booleans.py
refresh-po: Makefile
for cat in $(POFILES); do \
diff --git policycoreutils-2.8/po/POTFILES policycoreutils-2.8/po/POTFILES
new file mode 100644
index 0000000..12237dc
--- /dev/null
+++ policycoreutils-2.8/po/POTFILES
@@ -0,0 +1,9 @@
+../run_init/open_init_pty.c
+../run_init/run_init.c
+../setsebool/setsebool.c
+../newrole/newrole.c
+../load_policy/load_policy.c
+../sestatus/sestatus.c
+../semodule/semodule.c
+../setfiles/setfiles.c
+../secon/secon.c
diff --git policycoreutils-2.8/scripts/fixfiles policycoreutils-2.8/scripts/fixfiles
index b277958..53d28c7 100755
--- policycoreutils-2.8/scripts/fixfiles
+++ policycoreutils-2.8/scripts/fixfiles
@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
fullFlag=0
BOOTTIME=""
VERBOSE="-p"
+[ -t 1 ] || VERBOSE=""
FORCEFLAG=""
RPMFILES=""
PREFC=""
diff --git policycoreutils-2.8/setfiles/setfiles.8 policycoreutils-2.8/setfiles/setfiles.8
index ccaaf4d..a8a76c8 100644
--- policycoreutils-2.8/setfiles/setfiles.8
+++ policycoreutils-2.8/setfiles/setfiles.8
@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
.TP
.B \-d
show what specification matched each file (do not abort validation
-after ABORT_ON_ERRORS errors).
+after ABORT_ON_ERRORS errors). Not affected by "\-q"
.TP
.BI \-e \ directory
directory to exclude (repeat option for more than one directory).

12
SOURCES/restorecond-fedora.patch
View File

@ -1,12 +0,0 @@
diff --git restorecond-2.8/restorecond.c restorecond-2.8/restorecond.c
index 6fbbd35..e1d26cb 100644
--- restorecond-2.8/restorecond.c
+++ restorecond-2.8/restorecond.c
@@ -105,6 +105,7 @@ static int write_pid_file(void)
}
if (write(pidfd, val, (unsigned int)len) != len) {
syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
+ close(pidfd);
return 1;
}
close(pidfd);

35
SOURCES/selinux-dbus-fedora.patch
View File

@ -1,35 +0,0 @@
diff --git selinux-dbus-2.8/org.selinux.conf selinux-dbus-2.8/org.selinux.conf
index a350978..1ae079d 100644
--- selinux-dbus-2.8/org.selinux.conf
+++ selinux-dbus-2.8/org.selinux.conf
@@ -12,12 +12,8 @@
<!-- Allow anyone to invoke methods on the interfaces,
authorization is performed by PolicyKit -->
- <policy at_console="true">
- <allow send_destination="org.selinux"/>
- </policy>
<policy context="default">
- <allow send_destination="org.selinux"
- send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="org.selinux"/>
</policy>
</busconfig>
diff --git selinux-dbus-2.8/org.selinux.policy selinux-dbus-2.8/org.selinux.policy
index 0126610..9772127 100644
--- selinux-dbus-2.8/org.selinux.policy
+++ selinux-dbus-2.8/org.selinux.policy
@@ -70,9 +70,9 @@
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
- <action id="org.selinux.change_policy_type">
- <description>SELinux write access</description>
- <message>System policy prevents change_policy_type access to SELinux</message>
+ <action id="org.selinux.change_default_mode">
+ <description>Change SELinux default enforcing mode</description>
+ <message>System policy prevents change_default_policy access to SELinux</message>
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>

306
SOURCES/selinux-gui-fedora.patch
View File

@ -1,306 +0,0 @@
diff --git selinux-gui-2.8/Makefile selinux-gui-2.8/Makefile
index a72e58c..ffe8b97 100644
--- selinux-gui-2.8/Makefile
+++ selinux-gui-2.8/Makefile
@@ -21,6 +21,7 @@ system-config-selinux.ui \
usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py
+ (cd po && $(MAKE) $@)
install: all
-mkdir -p $(DESTDIR)$(MANDIR)/man8
@@ -46,6 +47,8 @@ install: all
install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ (cd po && $(MAKE) $@)
+
clean:
indent:
diff --git selinux-gui-2.8/booleansPage.py selinux-gui-2.8/booleansPage.py
index 7849bea..dd12b6d 100644
--- selinux-gui-2.8/booleansPage.py
+++ selinux-gui-2.8/booleansPage.py
@@ -38,7 +38,7 @@ DISABLED = 2
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/domainsPage.py selinux-gui-2.8/domainsPage.py
index bad5140..6bbe4de 100644
--- selinux-gui-2.8/domainsPage.py
+++ selinux-gui-2.8/domainsPage.py
@@ -30,7 +30,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/fcontextPage.py selinux-gui-2.8/fcontextPage.py
index 370bbee..e424366 100644
--- selinux-gui-2.8/fcontextPage.py
+++ selinux-gui-2.8/fcontextPage.py
@@ -47,7 +47,7 @@ class context:
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/loginsPage.py selinux-gui-2.8/loginsPage.py
index b67eb8b..cbfb0cc 100644
--- selinux-gui-2.8/loginsPage.py
+++ selinux-gui-2.8/loginsPage.py
@@ -29,7 +29,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/modulesPage.py selinux-gui-2.8/modulesPage.py
index 34c5d9e..627ad95 100644
--- selinux-gui-2.8/modulesPage.py
+++ selinux-gui-2.8/modulesPage.py
@@ -30,7 +30,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/po/Makefile selinux-gui-2.8/po/Makefile
new file mode 100644
index 0000000..a0f5439
--- /dev/null
+++ selinux-gui-2.8/po/Makefile
@@ -0,0 +1,82 @@
+#
+# Makefile for the PO files (translation) catalog
+#
+
+PREFIX ?= /usr
+
+# What is this package?
+NLSPACKAGE = gui
+POTFILE = $(NLSPACKAGE).pot
+INSTALL = /usr/bin/install -c -p
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_DIR = /usr/bin/install -d
+
+# destination directory
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
+
+# PO catalog handling
+MSGMERGE = msgmerge
+MSGMERGE_FLAGS = -q
+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
+MSGFMT = msgfmt
+
+# All possible linguas
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
+
+# Only the files matching what the user has set in LINGUAS
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
+
+# if no valid LINGUAS, build all languages
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+POTFILES = $(shell cat POTFILES)
+
+#default:: clean
+
+all:: $(MOFILES)
+
+$(POTFILE): $(POTFILES)
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+ else \
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+
+refresh-po: Makefile
+ for cat in $(POFILES); do \
+ lang=`basename $$cat .po`; \
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
+ mv -f $$lang.pot $$lang.po ; \
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
+ else \
+ echo "$(MSGMERGE) of $$lang failed" ; \
+ rm -f $$lang.pot ; \
+ fi \
+ done
+
+clean:
+ @rm -fv *mo *~ .depend
+ @rm -rf tmp
+
+install: $(MOFILES)
+ @for n in $(MOFILES); do \
+ l=`basename $$n .mo`; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
+ done
+
+%.mo: %.po
+ $(MSGFMT) -o $@ $<
+report:
+ @for cat in $(wildcard *.po); do \
+ echo -n "$$cat: "; \
+ msgfmt -v --statistics -o /dev/null $$cat; \
+ done
+
+.PHONY: missing depend
+
+relabel:
diff --git selinux-gui-2.8/po/POTFILES selinux-gui-2.8/po/POTFILES
new file mode 100644
index 0000000..1795c5c
--- /dev/null
+++ selinux-gui-2.8/po/POTFILES
@@ -0,0 +1,17 @@
+../booleansPage.py
+../domainsPage.py
+../fcontextPage.py
+../loginsPage.py
+../modulesPage.py
+../org.selinux.config.policy
+../polgengui.py
+../polgen.ui
+../portsPage.py
+../selinux-polgengui.desktop
+../semanagePage.py
+../sepolicy.desktop
+../statusPage.py
+../system-config-selinux.desktop
+../system-config-selinux.py
+../system-config-selinux.ui
+../usersPage.py
diff --git selinux-gui-2.8/polgen.ui selinux-gui-2.8/polgen.ui
index aa4c70a..6a8c067 100644
--- selinux-gui-2.8/polgen.ui
+++ selinux-gui-2.8/polgen.ui
@@ -1975,7 +1975,7 @@ Tab</property>
<object class="GtkLabel" id="label17">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="label">Add File</property>
+ <property name="label" translatable="yes">Add File</property>
<property name="use_underline">True</property>
</object>
<packing>
@@ -2028,7 +2028,7 @@ Tab</property>
<object class="GtkLabel" id="label16">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="label">Add Directory</property>
+ <property name="label" translatable="yes">Add Directory</property>
<property name="use_underline">True</property>
</object>
<packing>
@@ -2176,7 +2176,7 @@ Tab</property>
<object class="GtkLabel" id="label3">
<property name="visible">True</property>
<property name="can_focus">False</property>
- <property name="label">Add Boolean</property>
+ <property name="label" translatable="yes">Add Boolean</property>
<property name="use_underline">True</property>
</object>
<packing>
diff --git selinux-gui-2.8/polgengui.py selinux-gui-2.8/polgengui.py
index 1601dbe..7e0d9d0 100644
--- selinux-gui-2.8/polgengui.py
+++ selinux-gui-2.8/polgengui.py
@@ -63,7 +63,7 @@ def get_all_modules():
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/portsPage.py selinux-gui-2.8/portsPage.py
index 30f5838..a537ecc 100644
--- selinux-gui-2.8/portsPage.py
+++ selinux-gui-2.8/portsPage.py
@@ -35,7 +35,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/semanagePage.py selinux-gui-2.8/semanagePage.py
index 4127804..5361d69 100644
--- selinux-gui-2.8/semanagePage.py
+++ selinux-gui-2.8/semanagePage.py
@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/statusPage.py selinux-gui-2.8/statusPage.py
index 766854b..a8f079b 100644
--- selinux-gui-2.8/statusPage.py
+++ selinux-gui-2.8/statusPage.py
@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/system-config-selinux.py selinux-gui-2.8/system-config-selinux.py
index ce7c74b..a81e9dd 100644
--- selinux-gui-2.8/system-config-selinux.py
+++ selinux-gui-2.8/system-config-selinux.py
@@ -45,7 +45,7 @@ import selinux
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}
diff --git selinux-gui-2.8/usersPage.py selinux-gui-2.8/usersPage.py
index 26794ed..d15d4c5 100644
--- selinux-gui-2.8/usersPage.py
+++ selinux-gui-2.8/usersPage.py
@@ -29,7 +29,7 @@ from semanagePage import *
##
## I18N
##
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-gui"
try:
import gettext
kwargs = {}

2515
SOURCES/selinux-python-fedora.patch
View File

File diff suppressed because it is too large Load Diff

186
SOURCES/selinux-sandbox-fedora.patch
View File

@ -1,186 +0,0 @@
diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile
index 49c1d3f..9e45329 100644
--- selinux-sandbox-2.8/Makefile
+++ selinux-sandbox-2.8/Makefile
@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng
SEUNSHARE_OBJS = seunshare.o
all: sandbox seunshare sandboxX.sh start
+ (cd po && $(MAKE) $@)
seunshare: $(SEUNSHARE_OBJS)
@@ -30,6 +31,7 @@ install: all
install -m 755 start $(DESTDIR)$(SHAREDIR)
-mkdir -p $(DESTDIR)$(SYSCONFDIR)
install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
+ (cd po && $(MAKE) $@)
test:
@$(PYTHON) test_sandbox.py -v
diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile
new file mode 100644
index 0000000..0556bbe
--- /dev/null
+++ selinux-sandbox-2.8/po/Makefile
@@ -0,0 +1,82 @@
+#
+# Makefile for the PO files (translation) catalog
+#
+
+PREFIX ?= /usr
+
+# What is this package?
+NLSPACKAGE = sandbox
+POTFILE = $(NLSPACKAGE).pot
+INSTALL = /usr/bin/install -c -p
+INSTALL_DATA = $(INSTALL) -m 644
+INSTALL_DIR = /usr/bin/install -d
+
+# destination directory
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
+
+# PO catalog handling
+MSGMERGE = msgmerge
+MSGMERGE_FLAGS = -q
+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
+MSGFMT = msgfmt
+
+# All possible linguas
+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
+
+# Only the files matching what the user has set in LINGUAS
+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
+
+# if no valid LINGUAS, build all languages
+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+
+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+POTFILES = $(shell cat POTFILES)
+
+#default:: clean
+
+all:: $(POTFILE) $(MOFILES)
+
+$(POTFILE): $(POTFILES)
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+ else \
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+
+refresh-po: Makefile
+ for cat in $(POFILES); do \
+ lang=`basename $$cat .po`; \
+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
+ mv -f $$lang.pot $$lang.po ; \
+ echo "$(MSGMERGE) of $$lang succeeded" ; \
+ else \
+ echo "$(MSGMERGE) of $$lang failed" ; \
+ rm -f $$lang.pot ; \
+ fi \
+ done
+
+clean:
+ @rm -fv *mo *~ .depend
+ @rm -rf tmp
+
+install: $(MOFILES)
+ @for n in $(MOFILES); do \
+ l=`basename $$n .mo`; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
+ done
+
+%.mo: %.po
+ $(MSGFMT) -o $@ $<
+report:
+ @for cat in $(wildcard *.po); do \
+ echo -n "$$cat: "; \
+ msgfmt -v --statistics -o /dev/null $$cat; \
+ done
+
+.PHONY: missing depend
+
+relabel:
diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES
new file mode 100644
index 0000000..deff3f2
--- /dev/null
+++ selinux-sandbox-2.8/po/POTFILES
@@ -0,0 +1 @@
+../sandbox
diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox
index c07a1d8..948496d 100644
--- selinux-sandbox-2.8/sandbox
+++ selinux-sandbox-2.8/sandbox
@@ -37,7 +37,7 @@ import sepolicy
SEUNSHARE = "/usr/sbin/seunshare"
SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
-PROGNAME = "policycoreutils"
+PROGNAME = "selinux-sandbox"
try:
import gettext
kwargs = {}
@@ -268,7 +268,7 @@ class Sandbox:
copyfile(f, "/tmp", self.__tmpdir)
copyfile(f, "/var/tmp", self.__tmpdir)
- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
+ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
execfile = self.__homedir + "/.sandboxrc"
fd = open(execfile, "w+")
if self.__options.session:
@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
parser.add_option("-W", "--windowmanager", dest="wm",
type="string",
- default="/usr/bin/openbox",
+ default="/usr/bin/matchbox-window-manager",
help=_("alternate window manager"))
parser.add_option("-l", "--level", dest="level",
diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8
index d83fee7..90ef495 100644
--- selinux-sandbox-2.8/sandbox.8
+++ selinux-sandbox-2.8/sandbox.8
@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
\fB\-W\fR \fB\-\-windowmanager\fR
Select alternative window manager to run within
.B sandbox \-X.
-Default to /usr/bin/openbox.
+Default to /usr/bin/matchbox-window-manager.
.TP
\fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for
diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh
index eaa500d..c211ebc 100644
--- selinux-sandbox-2.8/sandboxX.sh
+++ selinux-sandbox-2.8/sandboxX.sh
@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
[ -z $2 ] && export DPI="96" || export DPI="$2"
trap "exit 0" HUP
-mkdir -p ~/.config/openbox
-cat > ~/.config/openbox/rc.xml << EOF
-<openbox_config xmlns="http://openbox.org/3.4/rc"
- xmlns:xi="http://www.w3.org/2001/XInclude">
-<applications>
- <application class="*">
- <decor>no</decor>
- <desktop>all</desktop>
- <maximized>yes</maximized>
- </application>
-</applications>
-</openbox_config>
-EOF
-
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
export DISPLAY=:$D
cat > ~/seremote << __EOF
#!/bin/sh

12
SOURCES/semodule-utils-fedora.patch
View File

@ -1,12 +0,0 @@
diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c
index 3515234..7b75b3f 100644
--- semodule-utils-2.8/semodule_package/semodule_package.c
+++ semodule-utils-2.8/semodule_package/semodule_package.c
@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
}
if (!sb.st_size) {
*len = 0;
+ close(fd);
return 0;
}

220
SPECS/policycoreutils.spec
View File

@ -1,26 +1,28 @@
%global libauditver 2.1.3-4
%global libsepolver 2.8-2
%global libsemanagever 2.8-4
%global libselinuxver 2.8-6
%global sepolgenver 2.8
%global libauditver 3.0
%global libsepolver 2.9-1
%global libsemanagever 2.9-1
%global libselinuxver 2.9-1
%global sepolgenver 2.9
%global generatorsdir %{_prefix}/lib/systemd/system-generators
# Disable automatic compilation of Python files in extra directories
%global _python_bytecompile_extra 0
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.8
Release: 16.1%{?dist}
Version: 2.9
Release: 3%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz
Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-gui-2.8.tar.gz
Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-sandbox-2.8.tar.gz
Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-dbus-2.8.tar.gz
Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/semodule-utils-2.8.tar.gz
Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/restorecond-2.8.tar.gz
URL: https://github.com/SELinuxProject
Source12: policycoreutils_man_ru2.tar.bz2
Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz
Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz
Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz
Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz
Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz
Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz
URL: https://github.com/SELinuxProject/selinux
Source13: system-config-selinux.png
Source14: sepolicy-icons.tgz
Source15: selinux-autorelabel
@ -32,19 +34,35 @@ Source20: policycoreutils-po.tgz
Source21: python-po.tgz
Source22: gui-po.tgz
Source23: sandbox-po.tgz
# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
# run:
# HEAD 15b521e6d24b1cb3a004d49f630f1d33f3e11466
# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
# VERSION=2.8 ./make-fedora-selinux-patch.sh $i
# done
Patch: policycoreutils-fedora.patch
Patch1: selinux-python-fedora.patch
Patch2: selinux-gui-fedora.patch
Patch3: selinux-sandbox-fedora.patch
Patch4: selinux-dbus-fedora.patch
Patch5: semodule-utils-fedora.patch
Patch6: restorecond-fedora.patch
# https://gitlab.cee.redhat.com/SELinux/selinux
# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch
Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch
Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch
Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch
Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch
# this is too big and it's covered by sources 20 - 23
# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch
Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
@ -57,6 +75,7 @@ BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >=
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
BuildRequires: python3-devel
BuildRequires: systemd
BuildRequires: git
Requires: util-linux grep gawk diffutils rpm sed
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
@ -76,44 +95,49 @@ for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles.
%prep
%prep -p /usr/bin/bash
# create selinux/ directory and extract sources
%setup -q -c -n selinux
%setup -q -T -D -a 1 -n selinux
%setup -q -T -D -a 2 -n selinux
%setup -q -T -D -a 3 -n selinux
%setup -q -T -D -a 4 -n selinux
%setup -q -T -D -a 5 -n selinux
%setup -q -T -D -a 6 -n selinux
%patch -p0 -b .policycoreutils-fedora
%autosetup -S git -N -c -n selinux
%autosetup -S git -N -T -D -a 1 -n selinux
%autosetup -S git -N -T -D -a 2 -n selinux
%autosetup -S git -N -T -D -a 3 -n selinux
%autosetup -S git -N -T -D -a 4 -n selinux
%autosetup -S git -N -T -D -a 5 -n selinux
%autosetup -S git -N -T -D -a 6 -n selinux
cp %{SOURCE13} selinux-gui-%{version}/
tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
%patch1 -p0 -b .selinux-python
%patch2 -p0 -b .selinux-gui
%patch3 -p0 -b .selinux-sandbox
%patch4 -p0 -b .selinux-dbus
%patch5 -p0 -b .semodule-utils
%patch6 -p0 -b .restorecond
for i in *; do
git mv $i ${i/-%{version}/}
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
done
for i in selinux-*; do
git mv $i ${i#selinux-}
git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i#selinux-}"
done
git am %{_sourcedir}/[0-9]*.patch
cp %{SOURCE13} gui/
tar -xvf %{SOURCE14} -C python/sepolicy/
# Since patches containing translation changes were too big, translations were moved to separate tarballs
# For more information see README.translations
tar -x -f %{SOURCE20} -C policycoreutils-%{version} -z
tar -x -f %{SOURCE21} -C selinux-python-%{version} -z
tar -x -f %{SOURCE22} -C selinux-gui-%{version} -z
tar -x -f %{SOURCE23} -C selinux-sandbox-%{version} -z
tar -x -f %{SOURCE20} -C policycoreutils -z
tar -x -f %{SOURCE21} -C python -z
tar -x -f %{SOURCE22} -C gui -z
tar -x -f %{SOURCE23} -C sandbox -z
%build
%set_build_flags
export PYTHON=%{__python3}
make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-python-%{version} PYTHON=%{__python3} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
%install
mkdir -p %{buildroot}%{_bindir}
@ -123,19 +147,19 @@ mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
# Fix perms on newrole so that objcopy can process it
chmod 0755 %{buildroot}%{_bindir}/newrole
@ -143,9 +167,8 @@ chmod 0755 %{buildroot}%{_bindir}/newrole
# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
tar -jxf %{SOURCE12} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8*
rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
rm -f %{buildroot}/usr/sbin/open_init_pty
@ -154,21 +177,6 @@ rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
rm -f %{buildroot}/etc/pam.d/run_init*
ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
%{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
desktop-file-install --dir %{buildroot}%{_datadir}/applications \
%{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
mkdir -m 755 -p %{buildroot}/%{generatorsdir}
install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
@ -190,7 +198,6 @@ pathfix.py -i "%{__python3} -Es" -p \
%{buildroot}%{_bindir}/sepolgen-ifgen \
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
%{buildroot}%{_datadir}/system-config-selinux/polgengui.py \
%nil
# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
@ -198,6 +205,10 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
%{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
-type f -name '*~' | xargs rm -f
# Manually invoke the python byte compile macro for each path that needs byte
# compilation.
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
%find_lang policycoreutils
%find_lang selinux-python
%find_lang selinux-gui
@ -222,12 +233,14 @@ an SELinux environment.
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
%{_mandir}/ru/man1/audit2why.1*
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/sandbox.8*
%{_mandir}/ru/man8/sandbox.8*
%{_mandir}/man8/semanage*.8*
%{_mandir}/ru/man8/semanage.8*
%{_mandir}/ru/man8/semanage*.8*
%{_datadir}/bash-completion/completions/semanage
%package dbus
@ -245,7 +258,9 @@ an SELinux environment.
%{_datadir}/dbus-1/system-services/org.selinux.service
%{_datadir}/polkit-1/actions/org.selinux.policy
%{_datadir}/polkit-1/actions/org.selinux.config.policy
%{_datadir}/system-config-selinux/selinux_server.py*
%{_datadir}/system-config-selinux/selinux_server.py
%dir %{_datadir}/system-config-selinux/__pycache__
%{_datadir}/system-config-selinux/__pycache__/selinux_server.*
%package -n python3-policycoreutils
%{?python_provide:%python_provide python3-policycoreutils}
@ -303,6 +318,7 @@ The policycoreutils-devel package contains the management tools use to develop p
/var/lib/sepolgen/perm_map
%{_bindir}/sepolicy
%{_mandir}/man8/sepolgen.8*
%{_mandir}/ru/man8/sepolgen.8*
%{_mandir}/man8/sepolicy-booleans.8*
%{_mandir}/man8/sepolicy-generate.8*
%{_mandir}/man8/sepolicy-interface.8*
@ -311,6 +327,7 @@ The policycoreutils-devel package contains the management tools use to develop p
%{_mandir}/man8/sepolicy-communicate.8*
%{_mandir}/man8/sepolicy-manpage.8*
%{_mandir}/man8/sepolicy-transition.8*
%{_mandir}/ru/man8/sepolicy*.8*
%{_usr}/share/bash-completion/completions/sepolicy
@ -331,7 +348,9 @@ sandboxes
%{_datadir}/sandbox/start
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
%{_mandir}/man8/seunshare.8*
%{_mandir}/ru/man8/seunshare.8*
%{_mandir}/man5/sandbox.5*
%{_mandir}/ru/man5/sandbox.5*
%package newrole
Summary: The newrole application for RBAC/MLS
@ -344,6 +363,7 @@ or level of a logged in user.
%files newrole
%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
%{_mandir}/man1/newrole.1.gz
%{_mandir}/ru/man1/newrole.1.gz
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%package gui
@ -366,19 +386,23 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
%{_datadir}/pixmaps/system-config-selinux.png
%dir %{_datadir}/system-config-selinux
%dir %{_datadir}/system-config-selinux/__pycache__
%{_datadir}/system-config-selinux/system-config-selinux.png
%{_datadir}/system-config-selinux/*Page.py*
%{_datadir}/system-config-selinux/html_util.py*
%{_datadir}/system-config-selinux/polgengui.py*
%{_datadir}/system-config-selinux/system-config-selinux.py*
%{_datadir}/system-config-selinux/*Page.py
%{_datadir}/system-config-selinux/__pycache__/*Page.*
%{_datadir}/system-config-selinux/system-config-selinux.py
%{_datadir}/system-config-selinux/__pycache__/system-config-selinux.*
%{_datadir}/system-config-selinux/*.ui
%{python3_sitelib}/sepolicy/gui.py*
%{python3_sitelib}/sepolicy/sepolicy.glade
%{_datadir}/icons/hicolor/*/apps/sepolicy.png
%{_datadir}/pixmaps/sepolicy.png
%{_mandir}/man8/system-config-selinux.8*
%{_mandir}/ru/man8/system-config-selinux.8*
%{_mandir}/man8/selinux-polgengui.8*
%{_mandir}/ru/man8/selinux-polgengui.8*
%{_mandir}/man8/sepolicy-gui.8*
%{_mandir}/ru/man8/sepolicy-gui.8*
%files -f %{name}.lang
%{_sbindir}/restorecon
@ -402,9 +426,10 @@ system-config-selinux is a utility for managing the SELinux environment
%{_unitdir}/selinux-autorelabel.target
%{generatorsdir}/selinux-autorelabel-generator.sh
%config(noreplace) %{_sysconfdir}/sestatus.conf
# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%{_mandir}/man5/selinux_config.5.gz
%{_mandir}/ru/man5/selinux_config.5.gz
%{_mandir}/man5/sestatus.conf.5.gz
%{_mandir}/ru/man5/sestatus.conf.5.gz
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
@ -412,6 +437,7 @@ system-config-selinux is a utility for managing the SELinux environment
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecon_xattr.8*
%{_mandir}/ru/man8/restorecon_xattr.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/sestatus.8*
@ -423,17 +449,19 @@ system-config-selinux is a utility for managing the SELinux environment
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8*
%{_mandir}/ru/man8/genhomedircon.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_unpackage.8*
%{_mandir}/ru/man8/semodule_unpackage.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%dir %{_datadir}/bash-completion
%{_datadir}/bash-completion/completions/setsebool
%{!?_licensedir:%global license %%doc}
%license policycoreutils-%{version}/COPYING
%license policycoreutils/COPYING
%doc %{_usr}/share/doc/%{name}
%package restorecond
@ -453,7 +481,7 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{!?_licensedir:%global license %%doc}
%license policycoreutils-%{version}/COPYING
%license policycoreutils/COPYING
%post
%systemd_post selinux-autorelabel-mark.service
@ -471,6 +499,16 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
* Thu Aug 22 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
- fixfiles: Fix unbound variable problem (#1743213)
* Tue Jul 2 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2
- Update transition
- fixfiles: Fix [-B] [-F] onboot
* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
- SELinux userspace 2.9 release
* Fri Dec 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-16.1
- semanage: move valid_types initialisations to class constructors
- semanage: import sepolicy only when it's needed