From 0176069af5804a338571df577ec24764edc480b3 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 5 Nov 2019 15:21:02 -0500 Subject: [PATCH] import policycoreutils-2.9-3.el8 --- .gitignore | 15 +- .policycoreutils.metadata | 23 +- ...engui.py-to-usr-bin-selinux-polgengu.patch | 43 + ...ktop-files-to-usr-share-applications.patch | 49 + ...t-to-Xephyr-as-it-works-better-with-.patch | 26 + ...RD_FILE_CONTEXT-section-in-man-pages.patch | 46 + ...xecutable-we-don-t-want-to-print-a-p.patch | 27 + ...sepolicy-manpage-web-functionality.-.patch | 169 + ...e-the-trailing-newline-for-etc-syste.patch | 26 + ...-in-manpage.py-to-not-contain-online.patch | 25 + ...t-be-verbose-if-you-are-not-on-a-tty.patch | 24 + ...d-interface-file_type_is_executable-.patch | 63 + ...her-small-optimization-for-mcs-types.patch | 53 + ...ion-files-into-the-right-sub-directo.patch | 516 ++ ...ettext-domains-in-python-gui-sandbox.patch | 306 ++ ...al-.pot-files-for-gui-python-sandbox.patch | 4532 +++++++++++++++++ ...setfiles-Improve-description-of-d-sw.patch | 31 + ...rate-Handle-more-reserved-port-types.patch | 71 + ...ix-RESOURCE_LEAK-coverity-scan-defec.patch | 24 + ...hbox-window-manager-instead-of-openb.patch | 74 + ...-python-Use-ipaddress-instead-of-IPy.patch | 45 + ...Do-not-traceback-when-the-default-po.patch | 93 + ...icycoreutils-fixfiles-Fix-B-F-onboot.patch | 108 + ...fixfiles-Force-full-relabel-when-SEL.patch | 33 + ...fixfiles-Fix-unbound-variable-proble.patch | 32 + SOURCES/policycoreutils-fedora.patch | 152 - SOURCES/restorecond-fedora.patch | 12 - SOURCES/selinux-dbus-fedora.patch | 35 - SOURCES/selinux-gui-fedora.patch | 306 -- SOURCES/selinux-python-fedora.patch | 2515 --------- SOURCES/selinux-sandbox-fedora.patch | 186 - SOURCES/semodule-utils-fedora.patch | 12 - SPECS/policycoreutils.spec | 220 +- 33 files changed, 6563 insertions(+), 3329 deletions(-) create mode 100644 SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch create mode 100644 SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch create mode 100644 SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch create mode 100644 SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch create mode 100644 SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch create mode 100644 SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch create mode 100644 SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch create mode 100644 SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch create mode 100644 SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch create mode 100644 SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch create mode 100644 SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch create mode 100644 SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch create mode 100644 SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch create mode 100644 SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch create mode 100644 SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch create mode 100644 SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch create mode 100644 SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch create mode 100644 SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch create mode 100644 SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch create mode 100644 SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch create mode 100644 SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch create mode 100644 SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch create mode 100644 SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch delete mode 100644 SOURCES/policycoreutils-fedora.patch delete mode 100644 SOURCES/restorecond-fedora.patch delete mode 100644 SOURCES/selinux-dbus-fedora.patch delete mode 100644 SOURCES/selinux-gui-fedora.patch delete mode 100644 SOURCES/selinux-python-fedora.patch delete mode 100644 SOURCES/selinux-sandbox-fedora.patch delete mode 100644 SOURCES/semodule-utils-fedora.patch diff --git a/.gitignore b/.gitignore index cf49f0f..57456b5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,13 @@ SOURCES/gui-po.tgz -SOURCES/policycoreutils-2.8.tar.gz +SOURCES/policycoreutils-2.9.tar.gz SOURCES/policycoreutils-po.tgz -SOURCES/policycoreutils_man_ru2.tar.bz2 SOURCES/python-po.tgz -SOURCES/restorecond-2.8.tar.gz +SOURCES/restorecond-2.9.tar.gz SOURCES/sandbox-po.tgz -SOURCES/selinux-dbus-2.8.tar.gz -SOURCES/selinux-gui-2.8.tar.gz -SOURCES/selinux-python-2.8.tar.gz -SOURCES/selinux-sandbox-2.8.tar.gz -SOURCES/semodule-utils-2.8.tar.gz +SOURCES/selinux-dbus-2.9.tar.gz +SOURCES/selinux-gui-2.9.tar.gz +SOURCES/selinux-python-2.9.tar.gz +SOURCES/selinux-sandbox-2.9.tar.gz +SOURCES/semodule-utils-2.9.tar.gz SOURCES/sepolicy-icons.tgz SOURCES/system-config-selinux.png diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata index 81ecb45..e3c572c 100644 --- a/.policycoreutils.metadata +++ b/.policycoreutils.metadata @@ -1,14 +1,13 @@ -b65686d84acd60d522c8721d38f938a75e25a4cc SOURCES/gui-po.tgz -fed6a10a3205f8dbc12fd1ae40821e7f7b1d92b0 SOURCES/policycoreutils-2.8.tar.gz -7288a10d135a7b1d72e4fdb1a7d757b56ec33975 SOURCES/policycoreutils-po.tgz -be6e4cb77bb89b98ecb246f03780389b30646198 SOURCES/policycoreutils_man_ru2.tar.bz2 -ea880063f39c78e6d1c8262392a16493b3f20a04 SOURCES/python-po.tgz -3b73350c485a5a9d2a1a133c8b6b180f6a792b37 SOURCES/restorecond-2.8.tar.gz -14c9fff2633cf4a73e37909a8c3be08e323b61a8 SOURCES/sandbox-po.tgz -20b0df570e1a83946068652eb6ebda07e9d58795 SOURCES/selinux-dbus-2.8.tar.gz -4ea6ec0827feafe752d8af30db256fe25eff757e SOURCES/selinux-gui-2.8.tar.gz -977e0f569970cb243851381b6fbe9efad60eeee4 SOURCES/selinux-python-2.8.tar.gz -f782ccff747552ea0baec1cd4e8f4a2ae12a7488 SOURCES/selinux-sandbox-2.8.tar.gz -62cc0f1d4a6f61260d5ec5015d31d12b44aa522b SOURCES/semodule-utils-2.8.tar.gz +1774f04937a737c415273ee118b0d295e01864f3 SOURCES/gui-po.tgz +6e64d9a38fb516738023eb429eef29af5383f443 SOURCES/policycoreutils-2.9.tar.gz +136d495d4ad657aab34727edad0de2fc6a3c6553 SOURCES/policycoreutils-po.tgz +2218891a934c10bea73fd017a8aa5ce9417a78c4 SOURCES/python-po.tgz +0a34ef54394972870203832c8ce52d4405bd5330 SOURCES/restorecond-2.9.tar.gz +36c396e7151f3f6d55cbf4983d3d73a79be41899 SOURCES/sandbox-po.tgz +8645509cdfc433278c2e4d29ee8f511625c7edcc SOURCES/selinux-dbus-2.9.tar.gz +5c155ae47692389d9fabaa154195e7f978f2a3f0 SOURCES/selinux-gui-2.9.tar.gz +660e1ab824ef80f7a69f0b70f61e231957fd398e SOURCES/selinux-python-2.9.tar.gz +0e208cad193021ad17a445b76b72af3fef8db999 SOURCES/selinux-sandbox-2.9.tar.gz +a4414223e60bb664ada4824e54f8d36ab208d599 SOURCES/semodule-utils-2.9.tar.gz d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz 611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png diff --git a/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch new file mode 100644 index 0000000..61dfcc7 --- /dev/null +++ b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch @@ -0,0 +1,43 @@ +From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 5 Mar 2019 17:38:55 +0100 +Subject: [PATCH 01/20] gui: Install polgengui.py to /usr/bin/selinux-polgengui + +polgengui.py is a standalone gui tool which should be in /usr/bin with other +tools. + +Signed-off-by: Petr Lautrbach +--- + gui/Makefile | 2 +- + gui/modulesPage.py | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/gui/Makefile b/gui/Makefile +index c2f982de..b2375fbf 100644 +--- a/gui/Makefile ++++ b/gui/Makefile +@@ -31,7 +31,7 @@ install: all + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ + install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) +- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) ++ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui + install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) + install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8 + install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 +diff --git a/gui/modulesPage.py b/gui/modulesPage.py +index 34c5d9e3..cb856b2d 100644 +--- a/gui/modulesPage.py ++++ b/gui/modulesPage.py +@@ -118,7 +118,7 @@ class modulesPage(semanagePage): + + def new_module(self, args): + try: +- Popen(["/usr/share/system-config-selinux/polgengui.py"]) ++ Popen(["selinux-polgengui"]) + except ValueError as e: + self.error(e.args[0]) + +-- +2.21.0 + diff --git a/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch new file mode 100644 index 0000000..84eeb22 --- /dev/null +++ b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch @@ -0,0 +1,49 @@ +From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 5 Mar 2019 17:25:00 +0100 +Subject: [PATCH 02/20] gui: Install .desktop files to /usr/share/applications + by default + +/usr/share/applications is a standard directory for .desktop files. +Installation path can be changed using DESKTOPDIR variable in installation +phase, e.g. + +make DESKTOPDIR=/usr/local/share/applications install + +Signed-off-by: Petr Lautrbach +--- + gui/Makefile | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/gui/Makefile b/gui/Makefile +index b2375fbf..ca965c94 100644 +--- a/gui/Makefile ++++ b/gui/Makefile +@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin + SHAREDIR ?= $(PREFIX)/share/system-config-selinux + DATADIR ?= $(PREFIX)/share + MANDIR ?= $(PREFIX)/share/man ++DESKTOPDIR ?= $(PREFIX)/share/applications + + TARGETS= \ + booleansPage.py \ +@@ -29,6 +30,7 @@ install: all + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps + -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps + -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ ++ -mkdir -p $(DESTDIR)$(DESKTOPDIR) + install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) + install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) + install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui +@@ -44,7 +46,7 @@ install: all + install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps + install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps + install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux +- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux ++ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR) + -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps + install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png + for i in 16 22 32 48 256; do \ +-- +2.21.0 + diff --git a/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch new file mode 100644 index 0000000..deed0f4 --- /dev/null +++ b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch @@ -0,0 +1,26 @@ +From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 20 Aug 2015 12:58:41 +0200 +Subject: [PATCH 03/20] sandbox: add -reset to Xephyr as it works better with + it in recent Fedoras + +--- + sandbox/sandboxX.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh +index eaa500d0..47745280 100644 +--- a/sandbox/sandboxX.sh ++++ b/sandbox/sandboxX.sh +@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF + + EOF + +-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do ++(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do + export DISPLAY=:$D + cat > ~/seremote << __EOF + #!/bin/sh +-- +2.21.0 + diff --git a/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch new file mode 100644 index 0000000..72c1043 --- /dev/null +++ b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch @@ -0,0 +1,46 @@ +From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Mon, 21 Apr 2014 13:54:40 -0400 +Subject: [PATCH 04/20] Fix STANDARD_FILE_CONTEXT section in man pages + +Signed-off-by: Miroslav Grepl +--- + python/sepolicy/sepolicy/manpage.py | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py +index 1d367962..24e311a3 100755 +--- a/python/sepolicy/sepolicy/manpage.py ++++ b/python/sepolicy/sepolicy/manpage.py +@@ -735,10 +735,13 @@ Default Defined Ports:""") + + def _file_context(self): + flist = [] ++ flist_non_exec = [] + mpaths = [] + for f in self.all_file_types: + if f.startswith(self.domainname): + flist.append(f) ++ if not file_type_is_executable(f) or not file_type_is_entrypoint(f): ++ flist_non_exec.append(f) + if f in self.fcdict: + mpaths = mpaths + self.fcdict[f]["regex"] + if len(mpaths) == 0: +@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d + SELinux defines the file context types for the %(domainname)s, if you wanted to + store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. + +-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?' ++.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?' + .br + .B restorecon -R -v /srv/my%(domainname)s_content + + Note: SELinux often uses regular expressions to specify labels that match multiple files. +-""" % {'domainname': self.domainname, "type": flist[0]}) ++""" % {'domainname': self.domainname, "type": flist_non_exec[-1]}) + + self.fd.write(r""" + .I The following file types are defined for %(domainname)s: +-- +2.21.0 + diff --git a/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch new file mode 100644 index 0000000..da1c1a2 --- /dev/null +++ b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch @@ -0,0 +1,27 @@ +From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Mon, 12 May 2014 14:11:22 +0200 +Subject: [PATCH 05/20] If there is no executable we don't want to print a part + of STANDARD FILE CONTEXT + +--- + python/sepolicy/sepolicy/manpage.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py +index 24e311a3..46092be0 100755 +--- a/python/sepolicy/sepolicy/manpage.py ++++ b/python/sepolicy/sepolicy/manpage.py +@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d + .PP + """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) + +- self.fd.write(r""" ++ if flist_non_exec: ++ self.fd.write(r""" + .PP + .B STANDARD FILE CONTEXT + +-- +2.21.0 + diff --git a/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch new file mode 100644 index 0000000..a2a2dd9 --- /dev/null +++ b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch @@ -0,0 +1,169 @@ +From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Thu, 19 Feb 2015 17:45:15 +0100 +Subject: [PATCH 06/20] Simplication of sepolicy-manpage web functionality. + system_release is no longer hardcoded and it creates only index.html and html + man pages in the directory for the system release. + +--- + python/sepolicy/sepolicy/__init__.py | 25 +++-------- + python/sepolicy/sepolicy/manpage.py | 65 +++------------------------- + 2 files changed, 13 insertions(+), 77 deletions(-) + +diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py +index 6aed31bd..88a2b8f6 100644 +--- a/python/sepolicy/sepolicy/__init__.py ++++ b/python/sepolicy/sepolicy/__init__.py +@@ -1209,27 +1209,14 @@ def boolean_desc(boolean): + + + def get_os_version(): +- os_version = "" +- pkg_name = "selinux-policy" ++ system_release = "" + try: +- try: +- from commands import getstatusoutput +- except ImportError: +- from subprocess import getstatusoutput +- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) +- if rc == 0: +- os_version = output.split(".")[-2] +- except: +- os_version = "" +- +- if os_version[0:2] == "fc": +- os_version = "Fedora" + os_version[2:] +- elif os_version[0:2] == "el": +- os_version = "RHEL" + os_version[2:] +- else: +- os_version = "" ++ with open('/etc/system-release') as f: ++ system_release = f.readline() ++ except IOError: ++ system_release = "Misc" + +- return os_version ++ return system_release + + + def reinit(): +diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py +index 46092be0..d60acfaf 100755 +--- a/python/sepolicy/sepolicy/manpage.py ++++ b/python/sepolicy/sepolicy/manpage.py +@@ -149,10 +149,6 @@ def prettyprint(f, trim): + manpage_domains = [] + manpage_roles = [] + +-fedora_releases = ["Fedora17", "Fedora18"] +-rhel_releases = ["RHEL6", "RHEL7"] +- +- + def get_alphabet_manpages(manpage_list): + alphabet_manpages = dict.fromkeys(string.ascii_letters, []) + for i in string.ascii_letters: +@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage): + class HTMLManPages: + + """ +- Generate a HHTML Manpages on an given SELinux domains ++ Generate a HTML Manpages on an given SELinux domains + """ + + def __init__(self, manpage_roles, manpage_domains, path, os_version): +@@ -190,9 +186,9 @@ class HTMLManPages: + self.manpage_domains = get_alphabet_manpages(manpage_domains) + self.os_version = os_version + self.old_path = path + "/" +- self.new_path = self.old_path + self.os_version + "/" ++ self.new_path = self.old_path + +- if self.os_version in fedora_releases or self.os_version in rhel_releases: ++ if self.os_version: + self.__gen_html_manpages() + else: + print("SELinux HTML man pages can not be generated for this %s" % os_version) +@@ -201,7 +197,6 @@ class HTMLManPages: + def __gen_html_manpages(self): + self._write_html_manpage() + self._gen_index() +- self._gen_body() + self._gen_css() + + def _write_html_manpage(self): +@@ -219,67 +214,21 @@ class HTMLManPages: + convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) + + def _gen_index(self): +- index = self.old_path + "index.html" +- fd = open(index, 'w') +- fd.write(""" +- +- +- +- SELinux man pages online +- +- +-

SELinux man pages

+-

+-Fedora or Red Hat Enterprise Linux Man Pages. +-

+-
+-

Fedora

+- +- +-
+-
+-
+-""")
+-        for f in fedora_releases:
+-            fd.write("""
+-%s - SELinux man pages for %s """ % (f, f, f, f))
+-
+-        fd.write("""
+-
+-
+-

RHEL

+- +- +-
+-
+-
+-""")
+-        for r in rhel_releases:
+-            fd.write("""
+-%s - SELinux man pages for %s """ % (r, r, r, r))
+-
+-        fd.write("""
+-
+- """) +- fd.close() +- print("%s has been created" % index) +- +- def _gen_body(self): + html = self.new_path + self.os_version + ".html" + fd = open(html, 'w') + fd.write(""" + + +- +- Linux man-pages online for Fedora18 ++ ++ SELinux man pages online + + +-

SELinux man pages for Fedora18

++

SELinux man pages for %s

+
+ +
+

SELinux roles

+-""") ++""" % self.os_version) + for letter in self.manpage_roles: + if len(self.manpage_roles[letter]): + fd.write(""" +-- +2.21.0 + diff --git a/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch new file mode 100644 index 0000000..9680bf2 --- /dev/null +++ b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch @@ -0,0 +1,26 @@ +From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 20 Feb 2015 16:42:01 +0100 +Subject: [PATCH 07/20] We want to remove the trailing newline for + /etc/system_release. + +--- + python/sepolicy/sepolicy/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py +index 88a2b8f6..0c66f4d5 100644 +--- a/python/sepolicy/sepolicy/__init__.py ++++ b/python/sepolicy/sepolicy/__init__.py +@@ -1212,7 +1212,7 @@ def get_os_version(): + system_release = "" + try: + with open('/etc/system-release') as f: +- system_release = f.readline() ++ system_release = f.readline().rstrip() + except IOError: + system_release = "Misc" + +-- +2.21.0 + diff --git a/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch new file mode 100644 index 0000000..eb9315b --- /dev/null +++ b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch @@ -0,0 +1,25 @@ +From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 20 Feb 2015 16:42:53 +0100 +Subject: [PATCH 08/20] Fix title in manpage.py to not contain 'online'. + +--- + python/sepolicy/sepolicy/manpage.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py +index d60acfaf..de8184d8 100755 +--- a/python/sepolicy/sepolicy/manpage.py ++++ b/python/sepolicy/sepolicy/manpage.py +@@ -220,7 +220,7 @@ class HTMLManPages: + + + +- SELinux man pages online ++ SELinux man pages + + +

SELinux man pages for %s

+-- +2.21.0 + diff --git a/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch new file mode 100644 index 0000000..7e332bf --- /dev/null +++ b/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch @@ -0,0 +1,24 @@ +From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Fri, 14 Feb 2014 12:32:12 -0500 +Subject: [PATCH 09/20] Don't be verbose if you are not on a tty + +--- + policycoreutils/scripts/fixfiles | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles +index b2779581..53d28c7b 100755 +--- a/policycoreutils/scripts/fixfiles ++++ b/policycoreutils/scripts/fixfiles +@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { + fullFlag=0 + BOOTTIME="" + VERBOSE="-p" ++[ -t 1 ] || VERBOSE="" + FORCEFLAG="" + RPMFILES="" + PREFC="" +-- +2.21.0 + diff --git a/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch new file mode 100644 index 0000000..acf85da --- /dev/null +++ b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch @@ -0,0 +1,63 @@ +From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 27 Feb 2017 17:12:39 +0100 +Subject: [PATCH 10/20] sepolicy: Drop old interface file_type_is_executable(f) + and file_type_is_entrypoint(f) + +- use direct queries +- load exec_types and entry_types only once +--- + python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py +index de8184d8..f8a94fc0 100755 +--- a/python/sepolicy/sepolicy/manpage.py ++++ b/python/sepolicy/sepolicy/manpage.py +@@ -125,8 +125,24 @@ def gen_domains(): + domains.sort() + return domains + +-types = None + ++exec_types = None ++ ++def _gen_exec_types(): ++ global exec_types ++ if exec_types is None: ++ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"] ++ return exec_types ++ ++entry_types = None ++ ++def _gen_entry_types(): ++ global entry_types ++ if entry_types is None: ++ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"] ++ return entry_types ++ ++types = None + + def _gen_types(): + global types +@@ -372,6 +388,8 @@ class ManPage: + self.all_file_types = sepolicy.get_all_file_types() + self.role_allows = sepolicy.get_all_role_allows() + self.types = _gen_types() ++ self.exec_types = _gen_exec_types() ++ self.entry_types = _gen_entry_types() + + if self.source_files: + self.fcpath = self.root + "file_contexts" +@@ -689,7 +707,7 @@ Default Defined Ports:""") + for f in self.all_file_types: + if f.startswith(self.domainname): + flist.append(f) +- if not file_type_is_executable(f) or not file_type_is_entrypoint(f): ++ if not f in self.exec_types or not f in self.entry_types: + flist_non_exec.append(f) + if f in self.fcdict: + mpaths = mpaths + self.fcdict[f]["regex"] +-- +2.21.0 + diff --git a/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch new file mode 100644 index 0000000..98d30be --- /dev/null +++ b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch @@ -0,0 +1,53 @@ +From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 28 Feb 2017 21:29:46 +0100 +Subject: [PATCH 11/20] sepolicy: Another small optimization for mcs types + +--- + python/sepolicy/sepolicy/manpage.py | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py +index f8a94fc0..67d39301 100755 +--- a/python/sepolicy/sepolicy/manpage.py ++++ b/python/sepolicy/sepolicy/manpage.py +@@ -142,6 +142,15 @@ def _gen_entry_types(): + entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"] + return entry_types + ++mcs_constrained_types = None ++ ++def _gen_mcs_constrained_types(): ++ global mcs_constrained_types ++ if mcs_constrained_types is None: ++ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) ++ return mcs_constrained_types ++ ++ + types = None + + def _gen_types(): +@@ -390,6 +399,7 @@ class ManPage: + self.types = _gen_types() + self.exec_types = _gen_exec_types() + self.entry_types = _gen_entry_types() ++ self.mcs_constrained_types = _gen_mcs_constrained_types() + + if self.source_files: + self.fcpath = self.root + "file_contexts" +@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a + %s""" % ", ".join(paths)) + + def _mcs_types(self): +- try: +- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) +- except StopIteration: +- return +- if self.type not in mcs_constrained_type['types']: ++ if self.type not in self.mcs_constrained_types['types']: + return + self.fd.write (""" + .SH "MCS Constrained" +-- +2.21.0 + diff --git a/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch new file mode 100644 index 0000000..38a569e --- /dev/null +++ b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch @@ -0,0 +1,516 @@ +From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 6 Aug 2018 13:23:00 +0200 +Subject: [PATCH 12/20] Move po/ translation files into the right + sub-directories + +When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/ +sub-directories, po/ translation files stayed in policycoreutils/. + +This commit split original policycoreutils/po directory into +policycoreutils/po +python/po +gui/po +sandbox/po + +See https://github.com/fedora-selinux/selinux/issues/43 +--- + gui/Makefile | 3 ++ + gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++ + gui/po/POTFILES | 17 ++++++++ + policycoreutils/po/Makefile | 70 ++----------------------------- + policycoreutils/po/POTFILES | 9 ++++ + python/Makefile | 2 +- + python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++ + python/po/POTFILES | 10 +++++ + sandbox/Makefile | 2 + + sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++ + sandbox/po/POTFILES | 1 + + 11 files changed, 293 insertions(+), 68 deletions(-) + create mode 100644 gui/po/Makefile + create mode 100644 gui/po/POTFILES + create mode 100644 policycoreutils/po/POTFILES + create mode 100644 python/po/Makefile + create mode 100644 python/po/POTFILES + create mode 100644 sandbox/po/Makefile + create mode 100644 sandbox/po/POTFILES + +diff --git a/gui/Makefile b/gui/Makefile +index ca965c94..5a5bf6dc 100644 +--- a/gui/Makefile ++++ b/gui/Makefile +@@ -22,6 +22,7 @@ system-config-selinux.ui \ + usersPage.py + + all: $(TARGETS) system-config-selinux.py polgengui.py ++ (cd po && $(MAKE) $@) + + install: all + -mkdir -p $(DESTDIR)$(MANDIR)/man8 +@@ -54,6 +55,8 @@ install: all + install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ + done + install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ ++ (cd po && $(MAKE) $@) ++ + clean: + + indent: +diff --git a/gui/po/Makefile b/gui/po/Makefile +new file mode 100644 +index 00000000..a0f5439f +--- /dev/null ++++ b/gui/po/Makefile +@@ -0,0 +1,82 @@ ++# ++# Makefile for the PO files (translation) catalog ++# ++ ++PREFIX ?= /usr ++ ++# What is this package? ++NLSPACKAGE = gui ++POTFILE = $(NLSPACKAGE).pot ++INSTALL = /usr/bin/install -c -p ++INSTALL_DATA = $(INSTALL) -m 644 ++INSTALL_DIR = /usr/bin/install -d ++ ++# destination directory ++INSTALL_NLS_DIR = $(PREFIX)/share/locale ++ ++# PO catalog handling ++MSGMERGE = msgmerge ++MSGMERGE_FLAGS = -q ++XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) ++MSGFMT = msgfmt ++ ++# All possible linguas ++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) ++ ++# Only the files matching what the user has set in LINGUAS ++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) ++ ++# if no valid LINGUAS, build all languages ++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) ++ ++POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) ++MOFILES = $(patsubst %.po,%.mo,$(POFILES)) ++POTFILES = $(shell cat POTFILES) ++ ++#default:: clean ++ ++all:: $(MOFILES) ++ ++$(POTFILE): $(POTFILES) ++ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) ++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ ++ rm -f $(NLSPACKAGE).po; \ ++ else \ ++ mv -f $(NLSPACKAGE).po $(POTFILE); \ ++ fi; \ ++ ++ ++refresh-po: Makefile ++ for cat in $(POFILES); do \ ++ lang=`basename $$cat .po`; \ ++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ ++ mv -f $$lang.pot $$lang.po ; \ ++ echo "$(MSGMERGE) of $$lang succeeded" ; \ ++ else \ ++ echo "$(MSGMERGE) of $$lang failed" ; \ ++ rm -f $$lang.pot ; \ ++ fi \ ++ done ++ ++clean: ++ @rm -fv *mo *~ .depend ++ @rm -rf tmp ++ ++install: $(MOFILES) ++ @for n in $(MOFILES); do \ ++ l=`basename $$n .mo`; \ ++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ ++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ ++ done ++ ++%.mo: %.po ++ $(MSGFMT) -o $@ $< ++report: ++ @for cat in $(wildcard *.po); do \ ++ echo -n "$$cat: "; \ ++ msgfmt -v --statistics -o /dev/null $$cat; \ ++ done ++ ++.PHONY: missing depend ++ ++relabel: +diff --git a/gui/po/POTFILES b/gui/po/POTFILES +new file mode 100644 +index 00000000..1795c5c1 +--- /dev/null ++++ b/gui/po/POTFILES +@@ -0,0 +1,17 @@ ++../booleansPage.py ++../domainsPage.py ++../fcontextPage.py ++../loginsPage.py ++../modulesPage.py ++../org.selinux.config.policy ++../polgengui.py ++../polgen.ui ++../portsPage.py ++../selinux-polgengui.desktop ++../semanagePage.py ++../sepolicy.desktop ++../statusPage.py ++../system-config-selinux.desktop ++../system-config-selinux.py ++../system-config-selinux.ui ++../usersPage.py +diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile +index 575e1431..18bc1dff 100644 +--- a/policycoreutils/po/Makefile ++++ b/policycoreutils/po/Makefile +@@ -3,7 +3,6 @@ + # + + PREFIX ?= /usr +-TOP = ../.. + + # What is this package? + NLSPACKAGE = policycoreutils +@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) + + POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) + MOFILES = $(patsubst %.po,%.mo,$(POFILES)) +-POTFILES = \ +- ../run_init/open_init_pty.c \ +- ../run_init/run_init.c \ +- ../semodule_link/semodule_link.c \ +- ../audit2allow/audit2allow \ +- ../semanage/seobject.py \ +- ../setsebool/setsebool.c \ +- ../newrole/newrole.c \ +- ../load_policy/load_policy.c \ +- ../sestatus/sestatus.c \ +- ../semodule/semodule.c \ +- ../setfiles/setfiles.c \ +- ../semodule_package/semodule_package.c \ +- ../semodule_deps/semodule_deps.c \ +- ../semodule_expand/semodule_expand.c \ +- ../scripts/chcat \ +- ../scripts/fixfiles \ +- ../restorecond/stringslist.c \ +- ../restorecond/restorecond.h \ +- ../restorecond/utmpwatcher.h \ +- ../restorecond/stringslist.h \ +- ../restorecond/restorecond.c \ +- ../restorecond/utmpwatcher.c \ +- ../gui/booleansPage.py \ +- ../gui/fcontextPage.py \ +- ../gui/loginsPage.py \ +- ../gui/mappingsPage.py \ +- ../gui/modulesPage.py \ +- ../gui/polgen.glade \ +- ../gui/polgengui.py \ +- ../gui/portsPage.py \ +- ../gui/semanagePage.py \ +- ../gui/statusPage.py \ +- ../gui/system-config-selinux.glade \ +- ../gui/system-config-selinux.py \ +- ../gui/usersPage.py \ +- ../secon/secon.c \ +- booleans.py \ +- ../sepolicy/sepolicy.py \ +- ../sepolicy/sepolicy/communicate.py \ +- ../sepolicy/sepolicy/__init__.py \ +- ../sepolicy/sepolicy/network.py \ +- ../sepolicy/sepolicy/generate.py \ +- ../sepolicy/sepolicy/sepolicy.glade \ +- ../sepolicy/sepolicy/gui.py \ +- ../sepolicy/sepolicy/manpage.py \ +- ../sepolicy/sepolicy/transition.py \ +- ../sepolicy/sepolicy/templates/executable.py \ +- ../sepolicy/sepolicy/templates/__init__.py \ +- ../sepolicy/sepolicy/templates/network.py \ +- ../sepolicy/sepolicy/templates/rw.py \ +- ../sepolicy/sepolicy/templates/script.py \ +- ../sepolicy/sepolicy/templates/semodule.py \ +- ../sepolicy/sepolicy/templates/tmp.py \ +- ../sepolicy/sepolicy/templates/user.py \ +- ../sepolicy/sepolicy/templates/var_lib.py \ +- ../sepolicy/sepolicy/templates/var_log.py \ +- ../sepolicy/sepolicy/templates/var_run.py \ +- ../sepolicy/sepolicy/templates/var_spool.py ++POTFILES = $(shell cat POTFILES) + + #default:: clean + +-all:: $(MOFILES) ++all:: $(POTFILE) $(MOFILES) + +-booleans.py: +- sepolicy booleans -a > booleans.py +- +-$(POTFILE): $(POTFILES) booleans.py ++$(POTFILE): $(POTFILES) + $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) + @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ + rm -f $(NLSPACKAGE).po; \ +@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py + mv -f $(NLSPACKAGE).po $(POTFILE); \ + fi; \ + +-update-po: Makefile $(POTFILE) refresh-po +- @rm -f booleans.py + + refresh-po: Makefile + for cat in $(POFILES); do \ +diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES +new file mode 100644 +index 00000000..12237dc6 +--- /dev/null ++++ b/policycoreutils/po/POTFILES +@@ -0,0 +1,9 @@ ++../run_init/open_init_pty.c ++../run_init/run_init.c ++../setsebool/setsebool.c ++../newrole/newrole.c ++../load_policy/load_policy.c ++../sestatus/sestatus.c ++../semodule/semodule.c ++../setfiles/setfiles.c ++../secon/secon.c +diff --git a/python/Makefile b/python/Makefile +index 9b66d52f..00312dbd 100644 +--- a/python/Makefile ++++ b/python/Makefile +@@ -1,4 +1,4 @@ +-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat ++SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po + + all install relabel clean indent test: + @for subdir in $(SUBDIRS); do \ +diff --git a/python/po/Makefile b/python/po/Makefile +new file mode 100644 +index 00000000..4e052d5a +--- /dev/null ++++ b/python/po/Makefile +@@ -0,0 +1,83 @@ ++# ++# Makefile for the PO files (translation) catalog ++# ++ ++PREFIX ?= /usr ++ ++# What is this package? ++NLSPACKAGE = python ++POTFILE = $(NLSPACKAGE).pot ++INSTALL = /usr/bin/install -c -p ++INSTALL_DATA = $(INSTALL) -m 644 ++INSTALL_DIR = /usr/bin/install -d ++ ++# destination directory ++INSTALL_NLS_DIR = $(PREFIX)/share/locale ++ ++# PO catalog handling ++MSGMERGE = msgmerge ++MSGMERGE_FLAGS = -q ++XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) ++MSGFMT = msgfmt ++ ++# All possible linguas ++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) ++ ++# Only the files matching what the user has set in LINGUAS ++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) ++ ++# if no valid LINGUAS, build all languages ++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) ++ ++POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) ++MOFILES = $(patsubst %.po,%.mo,$(POFILES)) ++POTFILES = $(shell cat POTFILES) ++ ++#default:: clean ++ ++all:: $(MOFILES) ++ ++$(POTFILE): $(POTFILES) ++ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES) ++ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade ++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ ++ rm -f $(NLSPACKAGE).po; \ ++ else \ ++ mv -f $(NLSPACKAGE).po $(POTFILE); \ ++ fi; \ ++ ++ ++refresh-po: Makefile ++ for cat in $(POFILES); do \ ++ lang=`basename $$cat .po`; \ ++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ ++ mv -f $$lang.pot $$lang.po ; \ ++ echo "$(MSGMERGE) of $$lang succeeded" ; \ ++ else \ ++ echo "$(MSGMERGE) of $$lang failed" ; \ ++ rm -f $$lang.pot ; \ ++ fi \ ++ done ++ ++clean: ++ @rm -fv *mo *~ .depend ++ @rm -rf tmp ++ ++install: $(MOFILES) ++ @for n in $(MOFILES); do \ ++ l=`basename $$n .mo`; \ ++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ ++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ ++ done ++ ++%.mo: %.po ++ $(MSGFMT) -o $@ $< ++report: ++ @for cat in $(wildcard *.po); do \ ++ echo -n "$$cat: "; \ ++ msgfmt -v --statistics -o /dev/null $$cat; \ ++ done ++ ++.PHONY: missing depend ++ ++relabel: +diff --git a/python/po/POTFILES b/python/po/POTFILES +new file mode 100644 +index 00000000..128eb870 +--- /dev/null ++++ b/python/po/POTFILES +@@ -0,0 +1,10 @@ ++../audit2allow/audit2allow ++../chcat/chcat ++../semanage/semanage ++../semanage/seobject.py ++../sepolgen/src/sepolgen/interfaces.py ++../sepolicy/sepolicy/generate.py ++../sepolicy/sepolicy/gui.py ++../sepolicy/sepolicy/__init__.py ++../sepolicy/sepolicy/interface.py ++../sepolicy/sepolicy.py +diff --git a/sandbox/Makefile b/sandbox/Makefile +index 9da5e58d..b817824e 100644 +--- a/sandbox/Makefile ++++ b/sandbox/Makefile +@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng + SEUNSHARE_OBJS = seunshare.o + + all: sandbox seunshare sandboxX.sh start ++ (cd po && $(MAKE) $@) + + seunshare: $(SEUNSHARE_OBJS) + +@@ -39,6 +40,7 @@ install: all + install -m 755 start $(DESTDIR)$(SHAREDIR) + -mkdir -p $(DESTDIR)$(SYSCONFDIR) + install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox ++ (cd po && $(MAKE) $@) + + test: + @$(PYTHON) test_sandbox.py -v +diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile +new file mode 100644 +index 00000000..0556bbe9 +--- /dev/null ++++ b/sandbox/po/Makefile +@@ -0,0 +1,82 @@ ++# ++# Makefile for the PO files (translation) catalog ++# ++ ++PREFIX ?= /usr ++ ++# What is this package? ++NLSPACKAGE = sandbox ++POTFILE = $(NLSPACKAGE).pot ++INSTALL = /usr/bin/install -c -p ++INSTALL_DATA = $(INSTALL) -m 644 ++INSTALL_DIR = /usr/bin/install -d ++ ++# destination directory ++INSTALL_NLS_DIR = $(PREFIX)/share/locale ++ ++# PO catalog handling ++MSGMERGE = msgmerge ++MSGMERGE_FLAGS = -q ++XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE) ++MSGFMT = msgfmt ++ ++# All possible linguas ++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) ++ ++# Only the files matching what the user has set in LINGUAS ++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) ++ ++# if no valid LINGUAS, build all languages ++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) ++ ++POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) ++MOFILES = $(patsubst %.po,%.mo,$(POFILES)) ++POTFILES = $(shell cat POTFILES) ++ ++#default:: clean ++ ++all:: $(POTFILE) $(MOFILES) ++ ++$(POTFILE): $(POTFILES) ++ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) ++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ ++ rm -f $(NLSPACKAGE).po; \ ++ else \ ++ mv -f $(NLSPACKAGE).po $(POTFILE); \ ++ fi; \ ++ ++ ++refresh-po: Makefile ++ for cat in $(POFILES); do \ ++ lang=`basename $$cat .po`; \ ++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ ++ mv -f $$lang.pot $$lang.po ; \ ++ echo "$(MSGMERGE) of $$lang succeeded" ; \ ++ else \ ++ echo "$(MSGMERGE) of $$lang failed" ; \ ++ rm -f $$lang.pot ; \ ++ fi \ ++ done ++ ++clean: ++ @rm -fv *mo *~ .depend ++ @rm -rf tmp ++ ++install: $(MOFILES) ++ @for n in $(MOFILES); do \ ++ l=`basename $$n .mo`; \ ++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ ++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ ++ done ++ ++%.mo: %.po ++ $(MSGFMT) -o $@ $< ++report: ++ @for cat in $(wildcard *.po); do \ ++ echo -n "$$cat: "; \ ++ msgfmt -v --statistics -o /dev/null $$cat; \ ++ done ++ ++.PHONY: missing depend ++ ++relabel: +diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES +new file mode 100644 +index 00000000..deff3f2f +--- /dev/null ++++ b/sandbox/po/POTFILES +@@ -0,0 +1 @@ ++../sandbox +-- +2.21.0 + diff --git a/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch new file mode 100644 index 0000000..895077e --- /dev/null +++ b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch @@ -0,0 +1,306 @@ +From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 6 Aug 2018 13:37:07 +0200 +Subject: [PATCH 13/20] Use correct gettext domains in python/ gui/ sandbox/ + +https://github.com/fedora-selinux/selinux/issues/43 +--- + gui/booleansPage.py | 2 +- + gui/domainsPage.py | 2 +- + gui/fcontextPage.py | 2 +- + gui/loginsPage.py | 2 +- + gui/modulesPage.py | 2 +- + gui/polgengui.py | 2 +- + gui/portsPage.py | 2 +- + gui/semanagePage.py | 2 +- + gui/statusPage.py | 2 +- + gui/system-config-selinux.py | 2 +- + gui/usersPage.py | 2 +- + python/chcat/chcat | 2 +- + python/semanage/semanage | 2 +- + python/semanage/seobject.py | 2 +- + python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +- + python/sepolicy/sepolicy.py | 2 +- + python/sepolicy/sepolicy/__init__.py | 2 +- + python/sepolicy/sepolicy/generate.py | 2 +- + python/sepolicy/sepolicy/gui.py | 2 +- + python/sepolicy/sepolicy/interface.py | 2 +- + sandbox/sandbox | 2 +- + 21 files changed, 21 insertions(+), 21 deletions(-) + +diff --git a/gui/booleansPage.py b/gui/booleansPage.py +index 7849bea2..dd12b6d6 100644 +--- a/gui/booleansPage.py ++++ b/gui/booleansPage.py +@@ -38,7 +38,7 @@ DISABLED = 2 + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/domainsPage.py b/gui/domainsPage.py +index bad5140d..6bbe4de5 100644 +--- a/gui/domainsPage.py ++++ b/gui/domainsPage.py +@@ -30,7 +30,7 @@ from semanagePage import * + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py +index 370bbee4..e424366d 100644 +--- a/gui/fcontextPage.py ++++ b/gui/fcontextPage.py +@@ -47,7 +47,7 @@ class context: + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/loginsPage.py b/gui/loginsPage.py +index b67eb8bc..cbfb0cc2 100644 +--- a/gui/loginsPage.py ++++ b/gui/loginsPage.py +@@ -29,7 +29,7 @@ from semanagePage import * + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/modulesPage.py b/gui/modulesPage.py +index cb856b2d..26ac5404 100644 +--- a/gui/modulesPage.py ++++ b/gui/modulesPage.py +@@ -30,7 +30,7 @@ from semanagePage import * + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/polgengui.py b/gui/polgengui.py +index b1cc9937..46a1bd2c 100644 +--- a/gui/polgengui.py ++++ b/gui/polgengui.py +@@ -63,7 +63,7 @@ def get_all_modules(): + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/portsPage.py b/gui/portsPage.py +index 30f58383..a537ecc8 100644 +--- a/gui/portsPage.py ++++ b/gui/portsPage.py +@@ -35,7 +35,7 @@ from semanagePage import * + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/semanagePage.py b/gui/semanagePage.py +index 4127804f..5361d69c 100644 +--- a/gui/semanagePage.py ++++ b/gui/semanagePage.py +@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/statusPage.py b/gui/statusPage.py +index 766854b1..a8f079b9 100644 +--- a/gui/statusPage.py ++++ b/gui/statusPage.py +@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel" + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py +index c42301b6..1e0d5eb1 100644 +--- a/gui/system-config-selinux.py ++++ b/gui/system-config-selinux.py +@@ -45,7 +45,7 @@ import selinux + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/gui/usersPage.py b/gui/usersPage.py +index 26794ed5..d15d4c5a 100644 +--- a/gui/usersPage.py ++++ b/gui/usersPage.py +@@ -29,7 +29,7 @@ from semanagePage import * + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-gui" + try: + import gettext + kwargs = {} +diff --git a/python/chcat/chcat b/python/chcat/chcat +index ba398684..df2509f2 100755 +--- a/python/chcat/chcat ++++ b/python/chcat/chcat +@@ -30,7 +30,7 @@ import getopt + import selinux + import seobject + +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 144cc000..56db3e0d 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -27,7 +27,7 @@ import traceback + import argparse + import seobject + import sys +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py +index 13fdf531..b90b1070 100644 +--- a/python/semanage/seobject.py ++++ b/python/semanage/seobject.py +@@ -29,7 +29,7 @@ import sys + import stat + import socket + from semanage import * +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + import sepolicy + import setools + from IPy import IP +diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py +index 998c4356..56ebd807 100644 +--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py ++++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py +@@ -19,7 +19,7 @@ + + try: + import gettext +- t = gettext.translation( 'yumex' ) ++ t = gettext.translation( 'selinux-python' ) + _ = t.gettext + except: + def _(str): +diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py +index 1934cd86..8bd6a579 100755 +--- a/python/sepolicy/sepolicy.py ++++ b/python/sepolicy/sepolicy.py +@@ -27,7 +27,7 @@ import selinux + import sepolicy + from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text + import argparse +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py +index 0c66f4d5..b6ca57c3 100644 +--- a/python/sepolicy/sepolicy/__init__.py ++++ b/python/sepolicy/sepolicy/__init__.py +@@ -13,7 +13,7 @@ import os + import re + import gzip + +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py +index 019e7836..7175d36b 100644 +--- a/python/sepolicy/sepolicy/generate.py ++++ b/python/sepolicy/sepolicy/generate.py +@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py +index 00fd7a11..805cee67 100644 +--- a/python/sepolicy/sepolicy/gui.py ++++ b/python/sepolicy/sepolicy/gui.py +@@ -41,7 +41,7 @@ import os + import re + import unicodedata + +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py +index 583091ae..e2b8d23b 100644 +--- a/python/sepolicy/sepolicy/interface.py ++++ b/python/sepolicy/sepolicy/interface.py +@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us + ## + ## I18N + ## +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-python" + try: + import gettext + kwargs = {} +diff --git a/sandbox/sandbox b/sandbox/sandbox +index 1dec07ac..a12403b3 100644 +--- a/sandbox/sandbox ++++ b/sandbox/sandbox +@@ -37,7 +37,7 @@ import sepolicy + + SEUNSHARE = "/usr/sbin/seunshare" + SANDBOXSH = "/usr/share/sandbox/sandboxX.sh" +-PROGNAME = "policycoreutils" ++PROGNAME = "selinux-sandbox" + try: + import gettext + kwargs = {} +-- +2.21.0 + diff --git a/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch new file mode 100644 index 0000000..c3d65d2 --- /dev/null +++ b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch @@ -0,0 +1,4532 @@ +From c8c59758d2fb7f6cbe368c9ff8f356ea7acebb4b Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 6 Aug 2018 14:23:19 +0200 +Subject: [PATCH 14/20] Initial .pot files for gui/ python/ sandbox/ + +https://github.com/fedora-selinux/selinux/issues/43 +--- + gui/po/gui.pot | 964 ++++++++++++ + python/po/python.pot | 3375 ++++++++++++++++++++++++++++++++++++++++ + sandbox/po/sandbox.pot | 157 ++ + 3 files changed, 4496 insertions(+) + create mode 100644 gui/po/gui.pot + create mode 100644 python/po/python.pot + create mode 100644 sandbox/po/sandbox.pot + +diff --git a/gui/po/gui.pot b/gui/po/gui.pot +new file mode 100644 +index 00000000..1663b4ca +--- /dev/null ++++ b/gui/po/gui.pot +@@ -0,0 +1,964 @@ ++# SOME DESCRIPTIVE TITLE. ++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER ++# This file is distributed under the same license as the PACKAGE package. ++# FIRST AUTHOR , YEAR. ++# ++#, fuzzy ++msgid "" ++msgstr "" ++"Project-Id-Version: PACKAGE VERSION\n" ++"Report-Msgid-Bugs-To: \n" ++"POT-Creation-Date: 2018-08-06 14:22+0200\n" ++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" ++"Last-Translator: FULL NAME \n" ++"Language-Team: LANGUAGE \n" ++"Language: \n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=CHARSET\n" ++"Content-Transfer-Encoding: 8bit\n" ++ ++#: ../booleansPage.py:198 ../system-config-selinux.ui:1025 ++msgid "Boolean" ++msgstr "" ++ ++#: ../booleansPage.py:248 ../semanagePage.py:166 ++msgid "all" ++msgstr "" ++ ++#: ../booleansPage.py:250 ../semanagePage.py:168 ++#: ../system-config-selinux.ui:961 ../system-config-selinux.ui:1097 ++#: ../system-config-selinux.ui:1506 ++msgid "Customized" ++msgstr "" ++ ++#: ../domainsPage.py:55 ../system-config-selinux.ui:1834 ++msgid "Process Domain" ++msgstr "" ++ ++#: ../domainsPage.py:63 ++msgid "Domain Name" ++msgstr "" ++ ++#: ../domainsPage.py:68 ++msgid "Mode" ++msgstr "" ++ ++#: ../domainsPage.py:101 ../domainsPage.py:112 ../domainsPage.py:156 ++#: ../statusPage.py:73 ../system-config-selinux.ui:622 ++#: ../system-config-selinux.ui:1755 ++msgid "Permissive" ++msgstr "" ++ ++#: ../fcontextPage.py:72 ../system-config-selinux.ui:1160 ++msgid "File Labeling" ++msgstr "" ++ ++#: ../fcontextPage.py:82 ++msgid "" ++"File\n" ++"Specification" ++msgstr "" ++ ++#: ../fcontextPage.py:89 ++msgid "" ++"Selinux\n" ++"File Type" ++msgstr "" ++ ++#: ../fcontextPage.py:96 ++msgid "" ++"File\n" ++"Type" ++msgstr "" ++ ++#: ../loginsPage.py:55 ../system-config-selinux.ui:1281 ++msgid "User Mapping" ++msgstr "" ++ ++#: ../loginsPage.py:59 ++msgid "" ++"Login\n" ++"Name" ++msgstr "" ++ ++#: ../loginsPage.py:63 ../usersPage.py:60 ++msgid "" ++"SELinux\n" ++"User" ++msgstr "" ++ ++#: ../loginsPage.py:66 ../usersPage.py:65 ++msgid "" ++"MLS/\n" ++"MCS Range" ++msgstr "" ++ ++#: ../loginsPage.py:135 ++#, python-format ++msgid "Login '%s' is required" ++msgstr "" ++ ++#: ../modulesPage.py:55 ../system-config-selinux.ui:1722 ++msgid "Policy Module" ++msgstr "" ++ ++#: ../modulesPage.py:65 ++msgid "Module Name" ++msgstr "" ++ ++#: ../modulesPage.py:70 ++msgid "Priority" ++msgstr "" ++ ++#: ../modulesPage.py:79 ++msgid "Kind" ++msgstr "" ++ ++#: ../modulesPage.py:147 ++msgid "Disable Audit" ++msgstr "" ++ ++#: ../modulesPage.py:150 ../system-config-selinux.ui:1659 ++msgid "Enable Audit" ++msgstr "" ++ ++#: ../modulesPage.py:175 ++msgid "Load Policy Module" ++msgstr "" ++ ++#: ../org.selinux.config.policy:11 ++msgid "Run System Config SELinux" ++msgstr "" ++ ++#: ../org.selinux.config.policy:12 ++msgid "Authentication is required to run system-config-selinux" ++msgstr "" ++ ++#: ../polgengui.py:288 ../polgen.ui:728 ++msgid "Name" ++msgstr "" ++ ++#: ../polgengui.py:290 ../polgen.ui:111 ++msgid "Description" ++msgstr "" ++ ++#: ../polgengui.py:298 ++msgid "Role" ++msgstr "" ++ ++#: ../polgengui.py:305 ++msgid "Existing_User" ++msgstr "" ++ ++#: ../polgengui.py:319 ../polgengui.py:327 ../polgengui.py:341 ++msgid "Application" ++msgstr "" ++ ++#: ../polgengui.py:386 ++#, python-format ++msgid "%s must be a directory" ++msgstr "" ++ ++#: ../polgengui.py:446 ../polgengui.py:727 ++msgid "You must select a user" ++msgstr "" ++ ++#: ../polgengui.py:576 ++msgid "Select executable file to be confined." ++msgstr "" ++ ++#: ../polgengui.py:587 ++msgid "Select init script file to be confined." ++msgstr "" ++ ++#: ../polgengui.py:597 ++msgid "Select file(s) that confined application creates or writes" ++msgstr "" ++ ++#: ../polgengui.py:604 ++msgid "Select directory(s) that the confined application owns and writes into" ++msgstr "" ++ ++#: ../polgengui.py:666 ++msgid "Select directory to generate policy files in" ++msgstr "" ++ ++#: ../polgengui.py:683 ++#, python-format ++msgid "" ++"Type %s_t already defined in current policy.\n" ++"Do you want to continue?" ++msgstr "" ++ ++#: ../polgengui.py:683 ../polgengui.py:687 ++msgid "Verify Name" ++msgstr "" ++ ++#: ../polgengui.py:687 ++#, python-format ++msgid "" ++"Module %s already loaded in current policy.\n" ++"Do you want to continue?" ++msgstr "" ++ ++#: ../polgengui.py:733 ++msgid "" ++"You must add a name made up of letters and numbers and containing no spaces." ++msgstr "" ++ ++#: ../polgengui.py:747 ++msgid "You must enter a executable" ++msgstr "" ++ ++#: ../polgengui.py:772 ../system-config-selinux.py:184 ++msgid "Configue SELinux" ++msgstr "" ++ ++#: ../polgen.ui:9 ++msgid "Red Hat 2007" ++msgstr "" ++ ++#: ../polgen.ui:11 ++msgid "GPL" ++msgstr "" ++ ++#. TRANSLATORS: Replace this string with your names, one name per line. ++#: ../polgen.ui:13 ../system-config-selinux.ui:15 ++msgid "translator-credits" ++msgstr "" ++ ++#: ../polgen.ui:34 ++msgid "Add Booleans Dialog" ++msgstr "" ++ ++#: ../polgen.ui:99 ++msgid "Boolean Name" ++msgstr "" ++ ++#: ../polgen.ui:234 ../selinux-polgengui.desktop:3 ++msgid "SELinux Policy Generation Tool" ++msgstr "" ++ ++#: ../polgen.ui:255 ++msgid "" ++"Select the policy type for the application or user role you want to " ++"confine:" ++msgstr "" ++ ++#: ../polgen.ui:288 ++msgid "Applications" ++msgstr "" ++ ++#: ../polgen.ui:320 ++msgid "Standard Init Daemon" ++msgstr "" ++ ++#: ../polgen.ui:324 ../polgen.ui:340 ++msgid "" ++"Standard Init Daemon are daemons started on boot via init scripts. Usually " ++"requires a script in /etc/rc.d/init.d" ++msgstr "" ++ ++#: ../polgen.ui:336 ++msgid "DBUS System Daemon" ++msgstr "" ++ ++#: ../polgen.ui:353 ++msgid "Internet Services Daemon (inetd)" ++msgstr "" ++ ++#: ../polgen.ui:357 ++msgid "Internet Services Daemon are daemons started by xinetd" ++msgstr "" ++ ++#: ../polgen.ui:370 ++msgid "Web Application/Script (CGI)" ++msgstr "" ++ ++#: ../polgen.ui:374 ++msgid "" ++"Web Applications/Script (CGI) CGI scripts started by the web server (apache)" ++msgstr "" ++ ++#: ../polgen.ui:387 ++msgid "User Application" ++msgstr "" ++ ++#: ../polgen.ui:391 ../polgen.ui:408 ++msgid "" ++"User Application are any application that you would like to confine that is " ++"started by a user" ++msgstr "" ++ ++#: ../polgen.ui:404 ++msgid "Sandbox" ++msgstr "" ++ ++#: ../polgen.ui:450 ++msgid "Login Users" ++msgstr "" ++ ++#: ../polgen.ui:482 ++msgid "Existing User Roles" ++msgstr "" ++ ++#: ../polgen.ui:486 ++msgid "Modify an existing login user record." ++msgstr "" ++ ++#: ../polgen.ui:499 ++msgid "Minimal Terminal User Role" ++msgstr "" ++ ++#: ../polgen.ui:503 ++msgid "" ++"This user will login to a machine only via a terminal or remote login. By " ++"default this user will have no setuid, no networking, no su, no sudo." ++msgstr "" ++ ++#: ../polgen.ui:516 ++msgid "Minimal X Windows User Role" ++msgstr "" ++ ++#: ../polgen.ui:520 ++msgid "" ++"This user can login to a machine via X or terminal. By default this user " ++"will have no setuid, no networking, no sudo, no su" ++msgstr "" ++ ++#: ../polgen.ui:533 ++msgid "User Role" ++msgstr "" ++ ++#: ../polgen.ui:537 ++msgid "" ++"User with full networking, no setuid applications without transition, no " ++"sudo, no su." ++msgstr "" ++ ++#: ../polgen.ui:550 ++msgid "Admin User Role" ++msgstr "" ++ ++#: ../polgen.ui:554 ++msgid "" ++"User with full networking, no setuid applications without transition, no su, " ++"can sudo to Root Administration Roles" ++msgstr "" ++ ++#: ../polgen.ui:596 ++msgid "Root Users" ++msgstr "" ++ ++#: ../polgen.ui:627 ++msgid "Root Admin User Role" ++msgstr "" ++ ++#: ../polgen.ui:631 ++msgid "" ++"Select Root Administrator User Role, if this user will be used to administer " ++"the machine while running as root. This user will not be able to login to " ++"the system directly." ++msgstr "" ++ ++#: ../polgen.ui:705 ++msgid "Enter name of application or user role:" ++msgstr "" ++ ++#: ../polgen.ui:739 ++msgid "Enter complete path for executable to be confined." ++msgstr "" ++ ++#: ../polgen.ui:756 ../polgen.ui:838 ../polgen.ui:2317 ++msgid "..." ++msgstr "" ++ ++#: ../polgen.ui:776 ++msgid "Enter unique name for the confined application or user role." ++msgstr "" ++ ++#: ../polgen.ui:794 ++msgid "Executable" ++msgstr "" ++ ++#: ../polgen.ui:808 ++msgid "Init script" ++msgstr "" ++ ++#: ../polgen.ui:821 ++msgid "" ++"Enter complete path to init script used to start the confined application." ++msgstr "" ++ ++#: ../polgen.ui:883 ++msgid "Select existing role to modify:" ++msgstr "" ++ ++#: ../polgen.ui:904 ++#, python-format ++msgid "Select the user roles that will transiton to the %s domain." ++msgstr "" ++ ++#: ../polgen.ui:921 ++msgid "role tab" ++msgstr "" ++ ++#: ../polgen.ui:937 ++#, python-format ++msgid "Select roles that %s will transition to:" ++msgstr "" ++ ++#: ../polgen.ui:955 ++#, python-format ++msgid "Select applications domains that %s will transition to." ++msgstr "" ++ ++#: ../polgen.ui:972 ++msgid "" ++"transition \n" ++"role tab" ++msgstr "" ++ ++#: ../polgen.ui:989 ++#, python-format ++msgid "Select the user_roles that will transition to %s:" ++msgstr "" ++ ++#: ../polgen.ui:1007 ++msgid "Select the user roles that will transiton to this applications domains." ++msgstr "" ++ ++#: ../polgen.ui:1040 ++#, python-format ++msgid "Select domains that %s will administer:" ++msgstr "" ++ ++#: ../polgen.ui:1058 ../polgen.ui:1109 ++msgid "Select the domains that you would like this user administer." ++msgstr "" ++ ++#: ../polgen.ui:1091 ++#, python-format ++msgid "Select additional roles for %s:" ++msgstr "" ++ ++#: ../polgen.ui:1142 ++#, python-format ++msgid "Enter network ports that %s binds on:" ++msgstr "" ++ ++#: ../polgen.ui:1162 ../polgen.ui:1529 ++msgid "TCP Ports" ++msgstr "" ++ ++#: ../polgen.ui:1199 ../polgen.ui:1366 ../polgen.ui:1561 ../polgen.ui:1670 ++msgid "All" ++msgstr "" ++ ++#: ../polgen.ui:1203 ../polgen.ui:1370 ++#, python-format ++msgid "Allows %s to bind to any udp port" ++msgstr "" ++ ++#: ../polgen.ui:1216 ../polgen.ui:1383 ++msgid "600-1024" ++msgstr "" ++ ++#: ../polgen.ui:1220 ../polgen.ui:1387 ++#, python-format ++msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" ++msgstr "" ++ ++#: ../polgen.ui:1233 ../polgen.ui:1400 ++msgid "Unreserved Ports (>1024)" ++msgstr "" ++ ++#: ../polgen.ui:1237 ../polgen.ui:1404 ++#, python-format ++msgid "" ++"Enter a comma separated list of udp ports or ranges of ports that %s binds " ++"to. Example: 612, 650-660" ++msgstr "" ++ ++#: ../polgen.ui:1265 ../polgen.ui:1432 ../polgen.ui:1581 ../polgen.ui:1690 ++msgid "Select Ports" ++msgstr "" ++ ++#: ../polgen.ui:1278 ../polgen.ui:1445 ++#, python-format ++msgid "Allows %s to bind to any udp ports > 1024" ++msgstr "" ++ ++#: ../polgen.ui:1329 ../polgen.ui:1638 ++msgid "UDP Ports" ++msgstr "" ++ ++#: ../polgen.ui:1492 ++msgid "" ++"Network\n" ++"Bind tab" ++msgstr "" ++ ++#: ../polgen.ui:1509 ++#, python-format ++msgid "Select network ports that %s connects to:" ++msgstr "" ++ ++#: ../polgen.ui:1565 ++#, python-format ++msgid "Allows %s to connect to any tcp port" ++msgstr "" ++ ++#: ../polgen.ui:1594 ++#, python-format ++msgid "" ++"Enter a comma separated list of tcp ports or ranges of ports that %s " ++"connects to. Example: 612, 650-660" ++msgstr "" ++ ++#: ../polgen.ui:1674 ++#, python-format ++msgid "Allows %s to connect to any udp port" ++msgstr "" ++ ++#: ../polgen.ui:1703 ++#, python-format ++msgid "" ++"Enter a comma separated list of udp ports or ranges of ports that %s " ++"connects to. Example: 612, 650-660" ++msgstr "" ++ ++#: ../polgen.ui:1760 ++#, python-format ++msgid "Select common application traits for %s:" ++msgstr "" ++ ++#: ../polgen.ui:1777 ++msgid "Writes syslog messages\t" ++msgstr "" ++ ++#: ../polgen.ui:1792 ++msgid "Create/Manipulate temporary files in /tmp" ++msgstr "" ++ ++#: ../polgen.ui:1807 ++msgid "Uses Pam for authentication" ++msgstr "" ++ ++#: ../polgen.ui:1822 ++msgid "Uses nsswitch or getpw* calls" ++msgstr "" ++ ++#: ../polgen.ui:1837 ++msgid "Uses dbus" ++msgstr "" ++ ++#: ../polgen.ui:1852 ++msgid "Sends audit messages" ++msgstr "" ++ ++#: ../polgen.ui:1867 ++msgid "Interacts with the terminal" ++msgstr "" ++ ++#: ../polgen.ui:1882 ++msgid "Sends email" ++msgstr "" ++ ++#: ../polgen.ui:1925 ++#, python-format ++msgid "Add files/directories that %s manages" ++msgstr "" ++ ++#: ../polgen.ui:2086 ++#, python-format ++msgid "" ++"Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " ++"Files ..." ++msgstr "" ++ ++#: ../polgen.ui:2126 ++#, python-format ++msgid "Add booleans from the %s policy:" ++msgstr "" ++ ++#: ../polgen.ui:2234 ++#, python-format ++msgid "Add/Remove booleans used by the %s domain" ++msgstr "" ++ ++#: ../polgen.ui:2272 ++#, python-format ++msgid "Which directory you will generate the %s policy?" ++msgstr "" ++ ++#: ../polgen.ui:2290 ++msgid "Policy Directory" ++msgstr "" ++ ++#: ../portsPage.py:60 ../system-config-selinux.ui:1570 ++msgid "Network Port" ++msgstr "" ++ ++#: ../portsPage.py:95 ++msgid "" ++"SELinux Port\n" ++"Type" ++msgstr "" ++ ++#: ../portsPage.py:101 ../system-config-selinux.ui:294 ++msgid "Protocol" ++msgstr "" ++ ++#: ../portsPage.py:106 ../system-config-selinux.ui:355 ++msgid "" ++"MLS/MCS\n" ++"Level" ++msgstr "" ++ ++#: ../portsPage.py:111 ++msgid "Port" ++msgstr "" ++ ++#: ../portsPage.py:213 ++#, python-format ++msgid "Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 " ++msgstr "" ++ ++#: ../portsPage.py:258 ++msgid "List View" ++msgstr "" ++ ++#: ../portsPage.py:261 ../system-config-selinux.ui:1492 ++msgid "Group View" ++msgstr "" ++ ++#: ../selinux-polgengui.desktop:32 ../sepolicy.desktop:4 ++msgid "Generate SELinux policy modules" ++msgstr "" ++ ++#: ../selinux-polgengui.desktop:62 ../system-config-selinux.desktop:62 ++msgid "system-config-selinux" ++msgstr "" ++ ++#: ../semanagePage.py:130 ++#, python-format ++msgid "Are you sure you want to delete %s '%s'?" ++msgstr "" ++ ++#: ../semanagePage.py:130 ++#, python-format ++msgid "Delete %s" ++msgstr "" ++ ++#: ../semanagePage.py:138 ++#, python-format ++msgid "Add %s" ++msgstr "" ++ ++#: ../semanagePage.py:152 ++#, python-format ++msgid "Modify %s" ++msgstr "" ++ ++#: ../sepolicy.desktop:3 ++msgid "SELinux Policy Management Tool" ++msgstr "" ++ ++#: ../sepolicy.desktop:5 ++msgid "sepolicy" ++msgstr "" ++ ++#: ../sepolicy.desktop:11 ++msgid "policy;security;selinux;avc;permission;mac;" ++msgstr "" ++ ++#: ../statusPage.py:74 ../system-config-selinux.ui:625 ++#: ../system-config-selinux.ui:1770 ++msgid "Enforcing" ++msgstr "" ++ ++#: ../statusPage.py:79 ../system-config-selinux.ui:619 ++msgid "Disabled" ++msgstr "" ++ ++#: ../statusPage.py:98 ++msgid "Status" ++msgstr "" ++ ++#: ../statusPage.py:137 ++msgid "" ++"Changing the policy type will cause a relabel of the entire file system on " ++"the next boot. Relabeling takes a long time depending on the size of the " ++"file system. Do you wish to continue?" ++msgstr "" ++ ++#: ../statusPage.py:151 ++msgid "" ++"Changing to SELinux disabled requires a reboot. It is not recommended. If " ++"you later decide to turn SELinux back on, the system will be required to " ++"relabel. If you just want to see if SELinux is causing a problem on your " ++"system, you can go to permissive mode which will only log errors and not " ++"enforce SELinux policy. Permissive mode does not require a reboot Do you " ++"wish to continue?" ++msgstr "" ++ ++#: ../statusPage.py:156 ++msgid "" ++"Changing to SELinux enabled will cause a relabel of the entire file system " ++"on the next boot. Relabeling takes a long time depending on the size of the " ++"file system. Do you wish to continue?" ++msgstr "" ++ ++#: ../system-config-selinux.desktop:3 ++msgid "SELinux Management" ++msgstr "" ++ ++#: ../system-config-selinux.desktop:32 ++msgid "Configure SELinux in a graphical setting" ++msgstr "" ++ ++#: ../system-config-selinux.ui:11 ++msgid "" ++"Copyright (c)2006 Red Hat, Inc.\n" ++"Copyright (c) 2006 Dan Walsh " ++msgstr "" ++ ++#: ../system-config-selinux.ui:53 ../system-config-selinux.ui:433 ++msgid "Add SELinux Login Mapping" ++msgstr "" ++ ++#: ../system-config-selinux.ui:117 ++msgid "Login Name" ++msgstr "" ++ ++#: ../system-config-selinux.ui:128 ../system-config-selinux.ui:1402 ++#: ../system-config-selinux.ui:1937 ../usersPage.py:54 ++msgid "SELinux User" ++msgstr "" ++ ++#: ../system-config-selinux.ui:139 ../system-config-selinux.ui:1948 ++msgid "MLS/MCS Range" ++msgstr "" ++ ++#: ../system-config-selinux.ui:219 ++msgid "Add SELinux Network Ports" ++msgstr "" ++ ++#: ../system-config-selinux.ui:283 ++msgid "Port Number" ++msgstr "" ++ ++#: ../system-config-selinux.ui:305 ../system-config-selinux.ui:519 ++msgid "SELinux Type" ++msgstr "" ++ ++#: ../system-config-selinux.ui:406 ++msgid "all files" ++msgstr "" ++ ++#: ../system-config-selinux.ui:409 ++msgid "regular file" ++msgstr "" ++ ++#: ../system-config-selinux.ui:412 ++msgid "directory" ++msgstr "" ++ ++#: ../system-config-selinux.ui:415 ++msgid "character device" ++msgstr "" ++ ++#: ../system-config-selinux.ui:418 ++msgid "block device" ++msgstr "" ++ ++#: ../system-config-selinux.ui:421 ++msgid "socket file" ++msgstr "" ++ ++#: ../system-config-selinux.ui:424 ++msgid "symbolic link" ++msgstr "" ++ ++#: ../system-config-selinux.ui:427 ++msgid "named pipe" ++msgstr "" ++ ++#: ../system-config-selinux.ui:497 ++msgid "File Specification" ++msgstr "" ++ ++#: ../system-config-selinux.ui:508 ++msgid "File Type" ++msgstr "" ++ ++#: ../system-config-selinux.ui:569 ++msgid "MLS" ++msgstr "" ++ ++#: ../system-config-selinux.ui:631 ++msgid "SELinux Administration" ++msgstr "" ++ ++#: ../system-config-selinux.ui:648 ++msgid "_File" ++msgstr "" ++ ++#: ../system-config-selinux.ui:656 ++msgid "_Add" ++msgstr "" ++ ++#: ../system-config-selinux.ui:668 ++msgid "_Properties" ++msgstr "" ++ ++#: ../system-config-selinux.ui:680 ++msgid "_Delete" ++msgstr "" ++ ++#: ../system-config-selinux.ui:707 ++msgid "_Help" ++msgstr "" ++ ++#: ../system-config-selinux.ui:754 ++msgid "Select Management Object" ++msgstr "" ++ ++#: ../system-config-selinux.ui:767 ++msgid "Select:" ++msgstr "" ++ ++#: ../system-config-selinux.ui:797 ++msgid "System Default Enforcing Mode" ++msgstr "" ++ ++#: ../system-config-selinux.ui:826 ++msgid "Current Enforcing Mode" ++msgstr "" ++ ++#: ../system-config-selinux.ui:848 ++msgid "System Default Policy Type: " ++msgstr "" ++ ++#: ../system-config-selinux.ui:871 ++msgid "" ++"Select if you wish to relabel then entire file system on next reboot. " ++"Relabeling can take a very long time, depending on the size of the system. " ++"If you are changing policy types or going from disabled to enforcing, a " ++"relabel is required." ++msgstr "" ++ ++#: ../system-config-selinux.ui:903 ++msgid "Relabel on next reboot." ++msgstr "" ++ ++#: ../system-config-selinux.ui:947 ++msgid "Revert boolean setting to system default" ++msgstr "" ++ ++#: ../system-config-selinux.ui:960 ++msgid "Toggle between Customized and All Booleans" ++msgstr "" ++ ++#: ../system-config-selinux.ui:986 ../system-config-selinux.ui:1122 ++#: ../system-config-selinux.ui:1242 ../system-config-selinux.ui:1363 ++#: ../system-config-selinux.ui:1531 ../system-config-selinux.ui:1683 ++#: ../system-config-selinux.ui:1795 ++msgid "Filter" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1057 ++msgid "Add File Context" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1070 ++msgid "Modify File Context" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1083 ++msgid "Delete File Context" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1096 ++msgid "Toggle between all and customized file context" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1192 ++msgid "Add SELinux User Mapping" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1205 ++msgid "Modify SELinux User Mapping" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1218 ++msgid "Delete SELinux User Mapping" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1313 ++msgid "Add User" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1326 ++msgid "Modify User" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1339 ++msgid "Delete User" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1434 ++msgid "Add Network Port" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1447 ++msgid "Edit Network Port" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1460 ++msgid "Delete Network Port" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1491 ../system-config-selinux.ui:1505 ++msgid "Toggle between Customized and All Ports" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1602 ++msgid "Generate new policy module" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1614 ++msgid "Load policy module" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1627 ++msgid "Remove loadable policy module" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1658 ++msgid "" ++"Enable/Disable additional audit rules, that are normally not reported in the " ++"log files." ++msgstr "" ++ ++#: ../system-config-selinux.ui:1754 ++msgid "Change process mode to permissive." ++msgstr "" ++ ++#: ../system-config-selinux.ui:1769 ++msgid "Change process mode to enforcing" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1873 ++msgid "Add SELinux User" ++msgstr "" ++ ++#: ../system-config-selinux.ui:1970 ../usersPage.py:69 ++msgid "SELinux Roles" ++msgstr "" ++ ++#: ../usersPage.py:142 ++#, python-format ++msgid "SELinux user '%s' is required" ++msgstr "" +diff --git a/python/po/python.pot b/python/po/python.pot +new file mode 100644 +index 00000000..a279b0e8 +--- /dev/null ++++ b/python/po/python.pot +@@ -0,0 +1,3375 @@ ++# SOME DESCRIPTIVE TITLE. ++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER ++# This file is distributed under the same license as the PACKAGE package. ++# FIRST AUTHOR , YEAR. ++# ++#, fuzzy ++msgid "" ++msgstr "" ++"Project-Id-Version: PACKAGE VERSION\n" ++"Report-Msgid-Bugs-To: \n" ++"POT-Creation-Date: 2018-08-06 14:22+0200\n" ++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" ++"Last-Translator: FULL NAME \n" ++"Language-Team: LANGUAGE \n" ++"Language: \n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=CHARSET\n" ++"Content-Transfer-Encoding: 8bit\n" ++ ++#: ../audit2allow/audit2allow:237 ++msgid "******************** IMPORTANT ***********************\n" ++msgstr "" ++ ++#: ../audit2allow/audit2allow:238 ++#, python-format ++msgid "" ++"To make this policy package active, execute:\n" ++"\n" ++"semodule -i %s\n" ++"\n" ++msgstr "" ++ ++#: ../chcat/chcat:115 ../chcat/chcat:194 ++msgid "Requires at least one category" ++msgstr "" ++ ++#: ../chcat/chcat:129 ../chcat/chcat:208 ++#, python-format ++msgid "Can not modify sensitivity levels using '+' on %s" ++msgstr "" ++ ++#: ../chcat/chcat:133 ++#, python-format ++msgid "%s is already in %s" ++msgstr "" ++ ++#: ../chcat/chcat:213 ../chcat/chcat:223 ++#, python-format ++msgid "%s is not in %s" ++msgstr "" ++ ++#: ../chcat/chcat:295 ../chcat/chcat:300 ++msgid "Can not combine +/- with other types of categories" ++msgstr "" ++ ++#: ../chcat/chcat:350 ++msgid "Can not have multiple sensitivities" ++msgstr "" ++ ++#: ../chcat/chcat:357 ++#, python-format ++msgid "Usage %s CATEGORY File ..." ++msgstr "" ++ ++#: ../chcat/chcat:358 ++#, python-format ++msgid "Usage %s -l CATEGORY user ..." ++msgstr "" ++ ++#: ../chcat/chcat:359 ++#, python-format ++msgid "Usage %s [[+|-]CATEGORY],...] File ..." ++msgstr "" ++ ++#: ../chcat/chcat:360 ++#, python-format ++msgid "Usage %s -l [[+|-]CATEGORY],...] user ..." ++msgstr "" ++ ++#: ../chcat/chcat:361 ++#, python-format ++msgid "Usage %s -d File ..." ++msgstr "" ++ ++#: ../chcat/chcat:362 ++#, python-format ++msgid "Usage %s -l -d user ..." ++msgstr "" ++ ++#: ../chcat/chcat:363 ++#, python-format ++msgid "Usage %s -L" ++msgstr "" ++ ++#: ../chcat/chcat:364 ++#, python-format ++msgid "Usage %s -L -l user" ++msgstr "" ++ ++#: ../chcat/chcat:365 ++msgid "Use -- to end option list. For example" ++msgstr "" ++ ++#: ../chcat/chcat:366 ++msgid "chcat -- -CompanyConfidential /docs/businessplan.odt" ++msgstr "" ++ ++#: ../chcat/chcat:367 ++msgid "chcat -l +CompanyConfidential juser" ++msgstr "" ++ ++#: ../chcat/chcat:436 ++#, python-format ++msgid "Options Error %s " ++msgstr "" ++ ++#: ../semanage/semanage:203 ++msgid "Select an alternate SELinux Policy Store to manage" ++msgstr "" ++ ++#: ../semanage/semanage:207 ++msgid "Select a priority for module operations" ++msgstr "" ++ ++#: ../semanage/semanage:211 ++#, python-format ++msgid "Do not print heading when listing %s object types" ++msgstr "" ++ ++#: ../semanage/semanage:215 ++msgid "Do not reload policy after commit" ++msgstr "" ++ ++#: ../semanage/semanage:219 ++#, python-format ++msgid "List %s local customizations" ++msgstr "" ++ ++#: ../semanage/semanage:223 ++#, python-format ++msgid "Add a record of the %s object type" ++msgstr "" ++ ++#: ../semanage/semanage:227 ++msgid "SELinux Type for the object" ++msgstr "" ++ ++#: ../semanage/semanage:231 ++msgid "" ++"Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)" ++msgstr "" ++ ++#: ../semanage/semanage:236 ++msgid "" ++"\n" ++"MLS/MCS Security Range (MLS/MCS Systems only)\n" ++"SELinux Range for SELinux login mapping\n" ++"defaults to the SELinux user record range.\n" ++"SELinux Range for SELinux user defaults to s0.\n" ++msgstr "" ++ ++#: ../semanage/semanage:245 ++msgid "" ++"\n" ++" Protocol for the specified port (tcp|udp) or internet protocol\n" ++" version for the specified node (ipv4|ipv6).\n" ++msgstr "" ++ ++#: ../semanage/semanage:251 ++msgid "" ++"\n" ++" Subnet prefix for the specified infiniband ibpkey.\n" ++msgstr "" ++ ++#: ../semanage/semanage:256 ++msgid "" ++"\n" ++" Name for the specified infiniband end port.\n" ++msgstr "" ++ ++#: ../semanage/semanage:261 ++#, python-format ++msgid "Modify a record of the %s object type" ++msgstr "" ++ ++#: ../semanage/semanage:265 ++#, python-format ++msgid "List records of the %s object type" ++msgstr "" ++ ++#: ../semanage/semanage:269 ++#, python-format ++msgid "Delete a record of the %s object type" ++msgstr "" ++ ++#: ../semanage/semanage:273 ++msgid "Extract customizable commands, for use within a transaction" ++msgstr "" ++ ++#: ../semanage/semanage:277 ++#, python-format ++msgid "Remove all %s objects local customizations" ++msgstr "" ++ ++#: ../semanage/semanage:281 ++msgid "SELinux user name" ++msgstr "" ++ ++#: ../semanage/semanage:286 ++msgid "Manage login mappings between linux users and SELinux confined users" ++msgstr "" ++ ++#: ../semanage/semanage:303 ++#, python-format ++msgid "login_name | %%groupname" ++msgstr "" ++ ++#: ../semanage/semanage:355 ++msgid "Manage file context mapping definitions" ++msgstr "" ++ ++#: ../semanage/semanage:369 ++msgid "" ++"Substitute target path with sourcepath when generating default\n" ++" label. " ++"This is used with fcontext. Requires source and target\n" ++" path " ++"arguments. The context labeling for the target subtree is\n" ++" made " ++"equivalent to that defined for the source." ++msgstr "" ++ ++#: ../semanage/semanage:377 ++msgid "file_spec" ++msgstr "" ++ ++#: ../semanage/semanage:405 ++msgid "Manage SELinux confined users (Roles and levels for an SELinux user)" ++msgstr "" ++ ++#: ../semanage/semanage:423 ++msgid "" ++"\n" ++"SELinux Roles. You must enclose multiple roles within " ++"quotes, separate by spaces. Or specify -R multiple times.\n" ++msgstr "" ++ ++#: ../semanage/semanage:427 ++msgid "selinux_name" ++msgstr "" ++ ++#: ../semanage/semanage:455 ++msgid "Manage network port type definitions" ++msgstr "" ++ ++#: ../semanage/semanage:471 ++msgid "port | port_range" ++msgstr "" ++ ++#: ../semanage/semanage:500 ++msgid "Manage infiniband ibpkey type definitions" ++msgstr "" ++ ++#: ../semanage/semanage:516 ++msgid "pkey | pkey_range" ++msgstr "" ++ ++#: ../semanage/semanage:543 ++msgid "Manage infiniband end port type definitions" ++msgstr "" ++ ++#: ../semanage/semanage:559 ++msgid "ibendport" ++msgstr "" ++ ++#: ../semanage/semanage:586 ++msgid "Manage network interface type definitions" ++msgstr "" ++ ++#: ../semanage/semanage:601 ++msgid "interface_spec" ++msgstr "" ++ ++#: ../semanage/semanage:625 ++msgid "Manage SELinux policy modules" ++msgstr "" ++ ++#: ../semanage/semanage:637 ++msgid "Remove a module" ++msgstr "" ++ ++#: ../semanage/semanage:638 ++msgid "Disable a module" ++msgstr "" ++ ++#: ../semanage/semanage:639 ++msgid "Enable a module" ++msgstr "" ++ ++#: ../semanage/semanage:640 ++msgid "Name of the module to act on" ++msgstr "" ++ ++#: ../semanage/semanage:667 ++msgid "Manage network node type definitions" ++msgstr "" ++ ++#: ../semanage/semanage:681 ++msgid "Network Mask" ++msgstr "" ++ ++#: ../semanage/semanage:685 ++msgid "node" ++msgstr "" ++ ++#: ../semanage/semanage:710 ++msgid "Manage booleans to selectively enable functionality" ++msgstr "" ++ ++#: ../semanage/semanage:715 ++msgid "boolean" ++msgstr "" ++ ++#: ../semanage/semanage:725 ++msgid "Enable the boolean" ++msgstr "" ++ ++#: ../semanage/semanage:726 ++msgid "Disable the boolean" ++msgstr "" ++ ++#: ../semanage/semanage:743 ++msgid "semanage permissive: error: the following argument is required: type\n" ++msgstr "" ++ ++#: ../semanage/semanage:748 ++msgid "Manage process type enforcement mode" ++msgstr "" ++ ++#: ../semanage/semanage:760 ../semanage/seobject.py:2611 ++msgid "type" ++msgstr "" ++ ++#: ../semanage/semanage:771 ++msgid "Disable/Enable dontaudit rules in policy" ++msgstr "" ++ ++#: ../semanage/semanage:791 ++msgid "Output local customizations" ++msgstr "" ++ ++#: ../semanage/semanage:793 ++msgid "Output file" ++msgstr "" ++ ++#: ../semanage/semanage:871 ++msgid "Import local customizations" ++msgstr "" ++ ++#: ../semanage/semanage:874 ++msgid "Input file" ++msgstr "" ++ ++#: ../semanage/seobject.py:274 ++msgid "Could not create semanage handle" ++msgstr "" ++ ++#: ../semanage/seobject.py:282 ++msgid "SELinux policy is not managed or store cannot be accessed." ++msgstr "" ++ ++#: ../semanage/seobject.py:287 ++msgid "Cannot read policy store." ++msgstr "" ++ ++#: ../semanage/seobject.py:292 ++msgid "Could not establish semanage connection" ++msgstr "" ++ ++#: ../semanage/seobject.py:297 ++msgid "Could not test MLS enabled status" ++msgstr "" ++ ++#: ../semanage/seobject.py:303 ../semanage/seobject.py:319 ++msgid "Not yet implemented" ++msgstr "" ++ ++#: ../semanage/seobject.py:307 ++msgid "Semanage transaction already in progress" ++msgstr "" ++ ++#: ../semanage/seobject.py:316 ++msgid "Could not start semanage transaction" ++msgstr "" ++ ++#: ../semanage/seobject.py:330 ++msgid "Could not commit semanage transaction" ++msgstr "" ++ ++#: ../semanage/seobject.py:335 ++msgid "Semanage transaction not in progress" ++msgstr "" ++ ++#: ../semanage/seobject.py:349 ../semanage/seobject.py:469 ++msgid "Could not list SELinux modules" ++msgstr "" ++ ++#: ../semanage/seobject.py:356 ++msgid "Could not get module name" ++msgstr "" ++ ++#: ../semanage/seobject.py:360 ++msgid "Could not get module enabled" ++msgstr "" ++ ++#: ../semanage/seobject.py:364 ++msgid "Could not get module priority" ++msgstr "" ++ ++#: ../semanage/seobject.py:368 ++msgid "Could not get module lang_ext" ++msgstr "" ++ ++#: ../semanage/seobject.py:389 ++msgid "Module Name" ++msgstr "" ++ ++#: ../semanage/seobject.py:389 ++msgid "Priority" ++msgstr "" ++ ++#: ../semanage/seobject.py:389 ++msgid "Language" ++msgstr "" ++ ++#: ../semanage/seobject.py:392 ../sepolicy/sepolicy/sepolicy.glade:3431 ++msgid "Disabled" ++msgstr "" ++ ++#: ../semanage/seobject.py:401 ++#, python-format ++msgid "Module does not exist: %s " ++msgstr "" ++ ++#: ../semanage/seobject.py:405 ../semanage/seobject.py:432 ++#, python-format ++msgid "Invalid priority %d (needs to be between 1 and 999)" ++msgstr "" ++ ++#: ../semanage/seobject.py:415 ++msgid "Could not create module key" ++msgstr "" ++ ++#: ../semanage/seobject.py:419 ++msgid "Could not set module key name" ++msgstr "" ++ ++#: ../semanage/seobject.py:424 ++#, python-format ++msgid "Could not enable module %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:426 ++#, python-format ++msgid "Could not disable module %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:437 ++#, python-format ++msgid "Could not remove module %s (remove failed)" ++msgstr "" ++ ++#: ../semanage/seobject.py:454 ++msgid "dontaudit requires either 'on' or 'off'" ++msgstr "" ++ ++#: ../semanage/seobject.py:484 ++msgid "Builtin Permissive Types" ++msgstr "" ++ ++#: ../semanage/seobject.py:494 ++msgid "Customized Permissive Types" ++msgstr "" ++ ++#: ../semanage/seobject.py:502 ++msgid "" ++"The sepolgen python module is required to setup permissive domains.\n" ++"In some distributions it is included in the policycoreutils-devel package.\n" ++"# yum install policycoreutils-devel\n" ++"Or similar for your distro." ++msgstr "" ++ ++#: ../semanage/seobject.py:512 ++#, python-format ++msgid "Could not set permissive domain %s (module installation failed)" ++msgstr "" ++ ++#: ../semanage/seobject.py:518 ++#, python-format ++msgid "Could not remove permissive domain %s (remove failed)" ++msgstr "" ++ ++#: ../semanage/seobject.py:555 ../semanage/seobject.py:627 ++#: ../semanage/seobject.py:674 ../semanage/seobject.py:794 ++#: ../semanage/seobject.py:824 ../semanage/seobject.py:889 ++#: ../semanage/seobject.py:945 ../semanage/seobject.py:1209 ++#: ../semanage/seobject.py:1468 ../semanage/seobject.py:2442 ++#: ../semanage/seobject.py:2512 ../semanage/seobject.py:2536 ++#: ../semanage/seobject.py:2664 ../semanage/seobject.py:2715 ++#, python-format ++msgid "Could not create a key for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:559 ../semanage/seobject.py:631 ++#: ../semanage/seobject.py:678 ../semanage/seobject.py:684 ++#, python-format ++msgid "Could not check if login mapping for %s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:561 ++#, python-format ++msgid "Login mapping for %s is already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:566 ++#, python-format ++msgid "Linux Group %s does not exist" ++msgstr "" ++ ++#: ../semanage/seobject.py:571 ++#, python-format ++msgid "Linux User %s does not exist" ++msgstr "" ++ ++#: ../semanage/seobject.py:575 ++#, python-format ++msgid "Could not create login mapping for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:579 ../semanage/seobject.py:838 ++#, python-format ++msgid "Could not set name for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:584 ../semanage/seobject.py:848 ++#, python-format ++msgid "Could not set MLS range for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:588 ++#, python-format ++msgid "Could not set SELinux user for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:592 ++#, python-format ++msgid "Could not add login mapping for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:610 ++msgid "Requires seuser or serange" ++msgstr "" ++ ++#: ../semanage/seobject.py:633 ../semanage/seobject.py:680 ++#, python-format ++msgid "Login mapping for %s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:637 ++#, python-format ++msgid "Could not query seuser for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:652 ++#, python-format ++msgid "Could not modify login mapping for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:686 ++#, python-format ++msgid "Login mapping for %s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:690 ++#, python-format ++msgid "Could not delete login mapping for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:712 ../semanage/seobject.py:745 ++#: ../semanage/seobject.py:988 ++msgid "Could not list login mappings" ++msgstr "" ++ ++#: ../semanage/seobject.py:769 ../semanage/seobject.py:781 ++#: ../sepolicy/sepolicy/sepolicy.glade:1162 ++#: ../sepolicy/sepolicy/sepolicy.glade:3156 ++msgid "Login Name" ++msgstr "" ++ ++#: ../semanage/seobject.py:769 ../semanage/seobject.py:781 ++#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040 ++#: ../sepolicy/sepolicy/sepolicy.glade:1188 ++#: ../sepolicy/sepolicy/sepolicy.glade:3174 ++#: ../sepolicy/sepolicy/sepolicy.glade:3260 ++#: ../sepolicy/sepolicy/sepolicy.glade:4915 ++msgid "SELinux User" ++msgstr "" ++ ++#: ../semanage/seobject.py:769 ++msgid "MLS/MCS Range" ++msgstr "" ++ ++#: ../semanage/seobject.py:769 ++msgid "Service" ++msgstr "" ++ ++#: ../semanage/seobject.py:797 ../semanage/seobject.py:828 ++#: ../semanage/seobject.py:893 ../semanage/seobject.py:949 ++#: ../semanage/seobject.py:955 ++#, python-format ++msgid "Could not check if SELinux user %s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:800 ../semanage/seobject.py:899 ++#: ../semanage/seobject.py:961 ++#, python-format ++msgid "Could not query user for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:820 ++#, python-format ++msgid "You must add at least one role for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:830 ++#, python-format ++msgid "SELinux user %s is already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:834 ++#, python-format ++msgid "Could not create SELinux user for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:843 ++#, python-format ++msgid "Could not add role %s for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:852 ++#, python-format ++msgid "Could not set MLS level for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:855 ++#, python-format ++msgid "Could not add prefix %s for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:858 ++#, python-format ++msgid "Could not extract key for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:862 ++#, python-format ++msgid "Could not add SELinux user %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:883 ++msgid "Requires prefix, roles, level or range" ++msgstr "" ++ ++#: ../semanage/seobject.py:885 ++msgid "Requires prefix or roles" ++msgstr "" ++ ++#: ../semanage/seobject.py:895 ../semanage/seobject.py:951 ++#, python-format ++msgid "SELinux user %s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:924 ++#, python-format ++msgid "Could not modify SELinux user %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:957 ++#, python-format ++msgid "SELinux user %s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:968 ++#, python-format ++msgid "Could not delete SELinux user %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1006 ++msgid "Could not list SELinux users" ++msgstr "" ++ ++#: ../semanage/seobject.py:1012 ++#, python-format ++msgid "Could not list roles for user %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1034 ++msgid "Labeling" ++msgstr "" ++ ++#: ../semanage/seobject.py:1034 ++msgid "MLS/" ++msgstr "" ++ ++#: ../semanage/seobject.py:1035 ++msgid "Prefix" ++msgstr "" ++ ++#: ../semanage/seobject.py:1035 ++msgid "MCS Level" ++msgstr "" ++ ++#: ../semanage/seobject.py:1035 ++msgid "MCS Range" ++msgstr "" ++ ++#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040 ++#: ../sepolicy/sepolicy/sepolicy.glade:3280 ++#: ../sepolicy/sepolicy/sepolicy.glade:5251 ++#: ../sepolicy/sepolicy/sepolicy.glade:5400 ++msgid "SELinux Roles" ++msgstr "" ++ ++#: ../semanage/seobject.py:1061 ++msgid "Protocol udp or tcp is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1063 ++msgid "Port is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1073 ++msgid "Invalid Port" ++msgstr "" ++ ++#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1345 ++#, python-format ++msgid "Could not create a key for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1088 ../semanage/seobject.py:1356 ++#: ../semanage/seobject.py:1604 ++msgid "Type is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1091 ../semanage/seobject.py:1155 ++#, python-format ++msgid "Type %s is invalid, must be a port type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1097 ../semanage/seobject.py:1161 ++#: ../semanage/seobject.py:1227 ../semanage/seobject.py:1233 ++#, python-format ++msgid "Could not check if port %s/%s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1099 ++#, python-format ++msgid "Port %s/%s already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1103 ++#, python-format ++msgid "Could not create port for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1109 ../semanage/seobject.py:1377 ++#: ../semanage/seobject.py:1624 ++#, python-format ++msgid "Could not create context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1113 ++#, python-format ++msgid "Could not set user in port context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1117 ++#, python-format ++msgid "Could not set role in port context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1121 ++#, python-format ++msgid "Could not set type in port context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1126 ++#, python-format ++msgid "Could not set mls fields in port context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1130 ++#, python-format ++msgid "Could not set port context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1134 ++#, python-format ++msgid "Could not add port %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1150 ../semanage/seobject.py:1416 ++#: ../semanage/seobject.py:1663 ../semanage/seobject.py:1923 ++#: ../semanage/seobject.py:2125 ++msgid "Requires setype or serange" ++msgstr "" ++ ++#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1418 ++#: ../semanage/seobject.py:1665 ++msgid "Requires setype" ++msgstr "" ++ ++#: ../semanage/seobject.py:1163 ../semanage/seobject.py:1229 ++#, python-format ++msgid "Port %s/%s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1167 ++#, python-format ++msgid "Could not query port %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1181 ++#, python-format ++msgid "Could not modify port %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1196 ++msgid "Could not list the ports" ++msgstr "" ++ ++#: ../semanage/seobject.py:1213 ++#, python-format ++msgid "Could not delete the port %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1235 ++#, python-format ++msgid "Port %s/%s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:1239 ++#, python-format ++msgid "Could not delete port %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1277 ++msgid "Could not list ports" ++msgstr "" ++ ++#: ../semanage/seobject.py:1311 ../sepolicy/sepolicy/sepolicy.glade:2676 ++#: ../sepolicy/sepolicy/sepolicy.glade:2774 ++#: ../sepolicy/sepolicy/sepolicy.glade:4648 ++msgid "SELinux Port Type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1311 ++msgid "Proto" ++msgstr "" ++ ++#: ../semanage/seobject.py:1311 ../semanage/seobject.py:1801 ++#: ../sepolicy/sepolicy/sepolicy.glade:1413 ++msgid "Port Number" ++msgstr "" ++ ++#: ../semanage/seobject.py:1331 ++msgid "Subnet Prefix is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1341 ++msgid "Invalid Pkey" ++msgstr "" ++ ++#: ../semanage/seobject.py:1359 ../semanage/seobject.py:1421 ++#, python-format ++msgid "Type %s is invalid, must be a ibpkey type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1365 ../semanage/seobject.py:1427 ++#: ../semanage/seobject.py:1481 ../semanage/seobject.py:1487 ++#, python-format ++msgid "Could not check if ibpkey %s/%s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1367 ++#, python-format ++msgid "ibpkey %s/%s already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1371 ++#, python-format ++msgid "Could not create ibpkey for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1381 ++#, python-format ++msgid "Could not set user in ibpkey context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1385 ++#, python-format ++msgid "Could not set role in ibpkey context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1389 ++#, python-format ++msgid "Could not set type in ibpkey context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1394 ++#, python-format ++msgid "Could not set mls fields in ibpkey context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1398 ++#, python-format ++msgid "Could not set ibpkey context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1402 ++#, python-format ++msgid "Could not add ibpkey %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1429 ../semanage/seobject.py:1483 ++#, python-format ++msgid "ibpkey %s/%s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1433 ++#, python-format ++msgid "Could not query ibpkey %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1444 ++#, python-format ++msgid "Could not modify ibpkey %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1457 ++msgid "Could not list the ibpkeys" ++msgstr "" ++ ++#: ../semanage/seobject.py:1472 ++#, python-format ++msgid "Could not delete the ibpkey %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1489 ++#, python-format ++msgid "ibpkey %s/%s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:1493 ++#, python-format ++msgid "Could not delete ibpkey %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1509 ../semanage/seobject.py:1530 ++msgid "Could not list ibpkeys" ++msgstr "" ++ ++#: ../semanage/seobject.py:1564 ++msgid "SELinux IB Pkey Type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1564 ++msgid "Subnet_Prefix" ++msgstr "" ++ ++#: ../semanage/seobject.py:1564 ++msgid "Pkey Number" ++msgstr "" ++ ++#: ../semanage/seobject.py:1584 ++msgid "IB device name is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1589 ++msgid "Invalid Port Number" ++msgstr "" ++ ++#: ../semanage/seobject.py:1593 ++#, python-format ++msgid "Could not create a key for ibendport %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1607 ../semanage/seobject.py:1668 ++#, python-format ++msgid "Type %s is invalid, must be an ibendport type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1612 ../semanage/seobject.py:1674 ++#: ../semanage/seobject.py:1726 ../semanage/seobject.py:1732 ++#, python-format ++msgid "Could not check if ibendport %s/%s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1614 ++#, python-format ++msgid "ibendport %s/%s already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1618 ++#, python-format ++msgid "Could not create ibendport for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1628 ++#, python-format ++msgid "Could not set user in ibendport context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1632 ++#, python-format ++msgid "Could not set role in ibendport context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1636 ++#, python-format ++msgid "Could not set type in ibendport context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1641 ++#, python-format ++msgid "Could not set mls fields in ibendport context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1645 ++#, python-format ++msgid "Could not set ibendport context for %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1649 ++#, python-format ++msgid "Could not add ibendport %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1676 ../semanage/seobject.py:1728 ++#, python-format ++msgid "ibendport %s/%s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1680 ++#, python-format ++msgid "Could not query ibendport %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1691 ++#, python-format ++msgid "Could not modify ibendport %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1704 ++msgid "Could not list the ibendports" ++msgstr "" ++ ++#: ../semanage/seobject.py:1713 ++#, python-format ++msgid "Could not create a key for %s/%d" ++msgstr "" ++ ++#: ../semanage/seobject.py:1717 ++#, python-format ++msgid "Could not delete the ibendport %s/%d" ++msgstr "" ++ ++#: ../semanage/seobject.py:1734 ++#, python-format ++msgid "ibendport %s/%s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:1738 ++#, python-format ++msgid "Could not delete ibendport %s/%s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1754 ../semanage/seobject.py:1774 ++msgid "Could not list ibendports" ++msgstr "" ++ ++#: ../semanage/seobject.py:1801 ++msgid "SELinux IB End Port Type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1801 ++msgid "IB Device Name" ++msgstr "" ++ ++#: ../semanage/seobject.py:1825 ++msgid "Node Address is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1840 ++msgid "Unknown or missing protocol" ++msgstr "" ++ ++#: ../semanage/seobject.py:1854 ++msgid "SELinux node type is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:1857 ../semanage/seobject.py:1926 ++#, python-format ++msgid "Type %s is invalid, must be a node type" ++msgstr "" ++ ++#: ../semanage/seobject.py:1861 ../semanage/seobject.py:1930 ++#: ../semanage/seobject.py:1968 ../semanage/seobject.py:2066 ++#: ../semanage/seobject.py:2129 ../semanage/seobject.py:2165 ++#: ../semanage/seobject.py:2377 ++#, python-format ++msgid "Could not create key for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1863 ../semanage/seobject.py:1934 ++#: ../semanage/seobject.py:1972 ../semanage/seobject.py:1978 ++#, python-format ++msgid "Could not check if addr %s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1867 ++#, python-format ++msgid "Addr %s already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1871 ++#, python-format ++msgid "Could not create addr for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1877 ../semanage/seobject.py:2081 ++#: ../semanage/seobject.py:2333 ++#, python-format ++msgid "Could not create context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1881 ++#, python-format ++msgid "Could not set mask for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1885 ++#, python-format ++msgid "Could not set user in addr context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1889 ++#, python-format ++msgid "Could not set role in addr context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1893 ++#, python-format ++msgid "Could not set type in addr context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1898 ++#, python-format ++msgid "Could not set mls fields in addr context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1902 ++#, python-format ++msgid "Could not set addr context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1906 ++#, python-format ++msgid "Could not add addr %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1936 ../semanage/seobject.py:1974 ++#, python-format ++msgid "Addr %s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:1940 ++#, python-format ++msgid "Could not query addr %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1950 ++#, python-format ++msgid "Could not modify addr %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1980 ++#, python-format ++msgid "Addr %s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:1984 ++#, python-format ++msgid "Could not delete addr %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:1998 ++msgid "Could not deleteall node mappings" ++msgstr "" ++ ++#: ../semanage/seobject.py:2012 ++msgid "Could not list addrs" ++msgstr "" ++ ++#: ../semanage/seobject.py:2062 ../semanage/seobject.py:2370 ++msgid "SELinux Type is required" ++msgstr "" ++ ++#: ../semanage/seobject.py:2070 ../semanage/seobject.py:2133 ++#: ../semanage/seobject.py:2169 ../semanage/seobject.py:2175 ++#, python-format ++msgid "Could not check if interface %s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2072 ++#, python-format ++msgid "Interface %s already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2076 ++#, python-format ++msgid "Could not create interface for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2085 ++#, python-format ++msgid "Could not set user in interface context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2089 ++#, python-format ++msgid "Could not set role in interface context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2093 ++#, python-format ++msgid "Could not set type in interface context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2098 ++#, python-format ++msgid "Could not set mls fields in interface context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2102 ++#, python-format ++msgid "Could not set interface context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2106 ++#, python-format ++msgid "Could not set message context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2110 ++#, python-format ++msgid "Could not add interface %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2135 ../semanage/seobject.py:2171 ++#, python-format ++msgid "Interface %s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2139 ++#, python-format ++msgid "Could not query interface %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2150 ++#, python-format ++msgid "Could not modify interface %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2177 ++#, python-format ++msgid "Interface %s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:2181 ++#, python-format ++msgid "Could not delete interface %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2195 ++msgid "Could not delete all interface mappings" ++msgstr "" ++ ++#: ../semanage/seobject.py:2209 ++msgid "Could not list interfaces" ++msgstr "" ++ ++#: ../semanage/seobject.py:2231 ++msgid "SELinux Interface" ++msgstr "" ++ ++#: ../semanage/seobject.py:2231 ../semanage/seobject.py:2611 ++msgid "Context" ++msgstr "" ++ ++#: ../semanage/seobject.py:2299 ++#, python-format ++msgid "Target %s is not valid. Target is not allowed to end with '/'" ++msgstr "" ++ ++#: ../semanage/seobject.py:2302 ++#, python-format ++msgid "Substiture %s is not valid. Substitute is not allowed to end with '/'" ++msgstr "" ++ ++#: ../semanage/seobject.py:2305 ++#, python-format ++msgid "Equivalence class for %s already exists" ++msgstr "" ++ ++#: ../semanage/seobject.py:2311 ++#, python-format ++msgid "File spec %s conflicts with equivalency rule '%s %s'" ++msgstr "" ++ ++#: ../semanage/seobject.py:2322 ++#, python-format ++msgid "Equivalence class for %s does not exist" ++msgstr "" ++ ++#: ../semanage/seobject.py:2339 ++#, python-format ++msgid "Could not set user in file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2343 ++#, python-format ++msgid "Could not set role in file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2348 ../semanage/seobject.py:2406 ++#, python-format ++msgid "Could not set mls fields in file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2354 ++msgid "Invalid file specification" ++msgstr "" ++ ++#: ../semanage/seobject.py:2356 ++msgid "File specification can not include spaces" ++msgstr "" ++ ++#: ../semanage/seobject.py:2361 ++#, python-format ++msgid "" ++"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" ++msgstr "" ++ ++#: ../semanage/seobject.py:2373 ../semanage/seobject.py:2436 ++#, python-format ++msgid "Type %s is invalid, must be a file or device type" ++msgstr "" ++ ++#: ../semanage/seobject.py:2381 ../semanage/seobject.py:2386 ++#: ../semanage/seobject.py:2446 ../semanage/seobject.py:2540 ++#: ../semanage/seobject.py:2544 ++#, python-format ++msgid "Could not check if file context for %s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2389 ++#, python-format ++msgid "File context for %s already defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2393 ++#, python-format ++msgid "Could not create file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2401 ++#, python-format ++msgid "Could not set type in file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2409 ../semanage/seobject.py:2476 ++#: ../semanage/seobject.py:2480 ++#, python-format ++msgid "Could not set file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2415 ++#, python-format ++msgid "Could not add file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2434 ++msgid "Requires setype, serange or seuser" ++msgstr "" ++ ++#: ../semanage/seobject.py:2450 ../semanage/seobject.py:2548 ++#, python-format ++msgid "File context for %s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2458 ++#, python-format ++msgid "Could not query file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2484 ++#, python-format ++msgid "Could not modify file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2502 ++msgid "Could not list the file contexts" ++msgstr "" ++ ++#: ../semanage/seobject.py:2516 ++#, python-format ++msgid "Could not delete the file context %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2546 ++#, python-format ++msgid "File context for %s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:2552 ++#, python-format ++msgid "Could not delete file context for %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2569 ++msgid "Could not list file contexts" ++msgstr "" ++ ++#: ../semanage/seobject.py:2573 ++msgid "Could not list file contexts for home directories" ++msgstr "" ++ ++#: ../semanage/seobject.py:2577 ++msgid "Could not list local file contexts" ++msgstr "" ++ ++#: ../semanage/seobject.py:2611 ++msgid "SELinux fcontext" ++msgstr "" ++ ++#: ../semanage/seobject.py:2624 ++msgid "" ++"\n" ++"SELinux Distribution fcontext Equivalence \n" ++msgstr "" ++ ++#: ../semanage/seobject.py:2629 ++msgid "" ++"\n" ++"SELinux Local fcontext Equivalence \n" ++msgstr "" ++ ++#: ../semanage/seobject.py:2667 ../semanage/seobject.py:2718 ++#: ../semanage/seobject.py:2724 ++#, python-format ++msgid "Could not check if boolean %s is defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2669 ../semanage/seobject.py:2720 ++#, python-format ++msgid "Boolean %s is not defined" ++msgstr "" ++ ++#: ../semanage/seobject.py:2673 ++#, python-format ++msgid "Could not query file context %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2678 ++#, python-format ++msgid "You must specify one of the following values: %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2683 ++#, python-format ++msgid "Could not set active value of boolean %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2686 ++#, python-format ++msgid "Could not modify boolean %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2702 ++#, python-format ++msgid "Bad format %s: Record %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2726 ++#, python-format ++msgid "Boolean %s is defined in policy, cannot be deleted" ++msgstr "" ++ ++#: ../semanage/seobject.py:2730 ++#, python-format ++msgid "Could not delete boolean %s" ++msgstr "" ++ ++#: ../semanage/seobject.py:2742 ../semanage/seobject.py:2759 ++msgid "Could not list booleans" ++msgstr "" ++ ++#: ../semanage/seobject.py:2792 ++msgid "off" ++msgstr "" ++ ++#: ../semanage/seobject.py:2792 ++msgid "on" ++msgstr "" ++ ++#: ../semanage/seobject.py:2804 ++msgid "SELinux boolean" ++msgstr "" ++ ++#: ../semanage/seobject.py:2804 ++msgid "State" ++msgstr "" ++ ++#: ../semanage/seobject.py:2804 ++msgid "Default" ++msgstr "" ++ ++#: ../semanage/seobject.py:2804 ../sepolicy/sepolicy/sepolicy.glade:2148 ++#: ../sepolicy/sepolicy/sepolicy.glade:2518 ++#: ../sepolicy/sepolicy/sepolicy.glade:5117 ++msgid "Description" ++msgstr "" ++ ++#: ../sepolgen/src/sepolgen/interfaces.py:486 ++msgid "Found circular interface class" ++msgstr "" ++ ++#: ../sepolgen/src/sepolgen/interfaces.py:491 ++#, python-format ++msgid "Missing interface definition for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:141 ++msgid "Standard Init Daemon" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:142 ++msgid "DBUS System Daemon" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:143 ++msgid "Internet Services Daemon" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:144 ++msgid "Web Application/Script (CGI)" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:145 ++msgid "Sandbox" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:146 ++msgid "User Application" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:147 ++msgid "Existing Domain Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:148 ++msgid "Minimal Terminal Login User Role" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:149 ++msgid "Minimal X Windows Login User Role" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:150 ++msgid "Desktop Login User Role" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:151 ++msgid "Administrator Login User Role" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:152 ++msgid "Confined Root Administrator Role" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:153 ++msgid "Module information for a new type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:159 ++msgid "Valid Types:\n" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:194 ++#, python-format ++msgid "Ports must be numbers or ranges of numbers from 1 to %d " ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:206 ++msgid "You must enter a valid policy type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:209 ++#, python-format ++msgid "You must enter a name for your policy module for your '%s'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:347 ++msgid "" ++"Name must be alpha numberic with no spaces. Consider using option \"-n " ++"MODULENAME\"" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:439 ++msgid "User Role types can not be assigned executables." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:445 ++msgid "Only Daemon apps can use an init script.." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:463 ++msgid "use_resolve must be a boolean value " ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:469 ++msgid "use_syslog must be a boolean value " ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:475 ++msgid "use_kerberos must be a boolean value " ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:481 ++msgid "manage_krb5_rcache must be a boolean value " ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:511 ++msgid "USER Types automatically get a tmp type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:848 ++#, python-format ++msgid "'%s' policy modules require existing domains" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:873 ++msgid "Type field required" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:886 ++#, python-format ++msgid "" ++"You need to define a new type which ends with: \n" ++" %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:1114 ++msgid "You must enter the executable path for your confined process" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:1381 ++msgid "Type Enforcement file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:1382 ++msgid "Interface file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:1383 ++msgid "File Contexts file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:1386 ++msgid "Spec file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/generate.py:1387 ++msgid "Setup Script" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3742 ++#: ../sepolicy/sepolicy/sepolicy.glade:3844 ++#: ../sepolicy/sepolicy/sepolicy.glade:3907 ++#: ../sepolicy/sepolicy/sepolicy.glade:3970 ++msgid "No" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3725 ++#: ../sepolicy/sepolicy/sepolicy.glade:3826 ++#: ../sepolicy/sepolicy/sepolicy.glade:3890 ++#: ../sepolicy/sepolicy/sepolicy.glade:3953 ++msgid "Yes" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:69 ++msgid "Disable" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:69 ++msgid "Enable" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:82 ../sepolicy/sepolicy/sepolicy.glade:726 ++#: ../sepolicy/sepolicy/sepolicy.glade:1467 ++#: ../sepolicy/sepolicy/sepolicy.glade:3511 ++msgid "Advanced >>" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:82 ++msgid "Advanced <<" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:83 ../sepolicy/sepolicy/sepolicy.glade:80 ++msgid "Advanced Search >>" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:83 ++msgid "Advanced Search <<" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:108 ++msgid "" ++"\n" ++"To change from Disabled to Enforcing mode\n" ++"- Change the system mode from Disabled to Permissive\n" ++"- Reboot, so that the system can relabel\n" ++"- Once the system is working as planned\n" ++" * Change the system mode to Enforcing\n" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:503 ++#, python-format ++msgid "%s is not a valid domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:652 ++msgid "System Status: Disabled" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:750 ++msgid "Help: Start Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:754 ++msgid "Help: Booleans Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:760 ++msgid "Help: Executable Files Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:763 ++msgid "Help: Writable Files Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:766 ++msgid "Help: Application Types Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:771 ++msgid "Help: Outbound Network Connections Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:774 ++msgid "Help: Inbound Network Connections Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:780 ++msgid "Help: Transition from application Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:783 ++msgid "Help: Transition into application Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:786 ++msgid "Help: Transition application file Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:790 ++msgid "Help: Systems Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:794 ++msgid "Help: Lockdown Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:798 ++msgid "Help: Login Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:802 ++msgid "Help: SELinux User Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:806 ++msgid "Help: File Equivalence Page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:951 ../sepolicy/sepolicy/gui.py:1242 ++#: ../sepolicy/sepolicy/gui.py:1682 ../sepolicy/sepolicy/gui.py:1929 ++#: ../sepolicy/sepolicy/gui.py:2717 ++msgid "More..." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1059 ++#, python-format ++msgid "File path used to enter the '%s' domain." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1060 ++#, python-format ++msgid "Files to which the '%s' domain can write." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1061 ++#, python-format ++msgid "Network Ports to which the '%s' is allowed to connect." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1062 ++#, python-format ++msgid "Network Ports to which the '%s' is allowed to listen." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1063 ++#, python-format ++msgid "File Types defined for the '%s'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1064 ++#, python-format ++msgid "" ++"Display boolean information that can be used to modify the policy for the " ++"'%s'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1065 ++#, python-format ++msgid "Display file type information that can be used by the '%s'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1066 ++#, python-format ++msgid "Display network ports to which the '%s' can connect or listen to." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1067 ++#, python-format ++msgid "Application Transitions Into '%s'" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1068 ++#, python-format ++msgid "Application Transitions From '%s'" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1069 ++#, python-format ++msgid "File Transitions From '%s'" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1070 ++#, python-format ++msgid "" ++"Executables which will transition to '%s', when executing selected domains " ++"entrypoint." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1071 ++#, python-format ++msgid "" ++"Executables which will transition to a different domain, when '%s' executes " ++"them." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1072 ++#, python-format ++msgid "Files by '%s' with transitions to a different label." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1073 ++#, python-format ++msgid "Display applications that can transition into or out of the '%s'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1167 ../sepolicy/sepolicy/__init__.py:74 ++msgid "all files" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1181 ++msgid "MISSING FILE PATH" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1296 ++#, python-format ++msgid "To disable this transition, go to the %sBoolean section%s." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1298 ++#, python-format ++msgid "To enable this transition, go to the %sBoolean section%s." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1355 ++msgid "executable" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1358 ++msgid "writable" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1361 ++msgid "application" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1362 ++#, python-format ++msgid "Add new %(TYPE)s file path for '%(DOMAIN)s' domains." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1363 ++#, python-format ++msgid "Delete %(TYPE)s file paths for '%(DOMAIN)s' domain." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1364 ++#, python-format ++msgid "" ++"Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the " ++"list can be selected, this indicates they were modified previously." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1376 ++msgid "connect" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1379 ++msgid "listen for inbound connections" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1381 ++#, python-format ++msgid "" ++"Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1382 ++#, python-format ++msgid "" ++"Delete modified port definitions to which the '%(APP)s' domain is allowed to " ++"%(PERM)s." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1383 ++#, python-format ++msgid "" ++"Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1412 ++msgid "Add new SELinux User/Role definition." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1413 ++msgid "Delete modified SELinux User/Role definitions." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1414 ++msgid "Modify selected modified SELinux User/Role definitions." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1421 ++msgid "Add new Login Mapping definition." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1422 ++msgid "Delete modified Login Mapping definitions." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1423 ++msgid "Modify selected modified Login Mapping definitions." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1430 ++msgid "Add new File Equivalence definition." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1431 ++msgid "Delete modified File Equivalence definitions." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1432 ++msgid "" ++"Modify selected modified File Equivalence definitions. Only bolded items in " ++"the list can be selected, this indicates they were modified previously." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1460 ++#, python-format ++msgid "Boolean %s Allow Rules" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1473 ++#, python-format ++msgid "Add Network Port for %s. Ports will be created when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1474 ++#, python-format ++msgid "Add Network Port for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1479 ++#, python-format ++msgid "" ++"Add File Labeling for %s. File labels will be created when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1480 ../sepolicy/sepolicy/gui.py:1533 ++#, python-format ++msgid "Add File Labeling for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1490 ++msgid "Add Login Mapping. User Mapping will be created when Update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1491 ++msgid "Add Login Mapping" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1496 ++msgid "" ++"Add SELinux User Role. SELinux user roles will be created when update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1497 ++msgid "Add SELinux Users" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1504 ++msgid "" ++"Add File Equivalency Mapping. Mapping will be created when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1505 ++msgid "Add SELinux File Equivalency" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1532 ++#, python-format ++msgid "" ++"Modify File Labeling for %s. File labels will be created when update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1588 ++msgid "" ++"Modify SELinux User Role. SELinux user roles will be modified when update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1589 ++msgid "Modify SELinux Users" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1597 ++msgid "" ++"Modify Login Mapping. Login Mapping will be modified when Update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1598 ++msgid "Modify Login Mapping" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1604 ++msgid "" ++"Modify File Equivalency Mapping. Mapping will be created when update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1605 ++msgid "Modify SELinux File Equivalency" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1690 ++#, python-format ++msgid "" ++"Modify Network Port for %s. Ports will be created when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1691 ++#, python-format ++msgid "Modify Network Port for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1910 ++#, python-format ++msgid "The entry '%s' is not a valid path. Paths must begin with a '/'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:1923 ++msgid "Port number must be between 1 and 65536" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2203 ++#, python-format ++msgid "SELinux name: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2214 ++#, python-format ++msgid "Add file labeling for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2216 ++#, python-format ++msgid "Delete file labeling for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2218 ++#, python-format ++msgid "Modify file labeling for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2222 ++#, python-format ++msgid "File path: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2225 ++#, python-format ++msgid "File class: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2228 ../sepolicy/sepolicy/gui.py:2252 ++#, python-format ++msgid "SELinux file type: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2237 ++#, python-format ++msgid "Add ports for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2239 ++#, python-format ++msgid "Delete ports for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2241 ++#, python-format ++msgid "Modify ports for %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2244 ++#, python-format ++msgid "Network ports: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2247 ++#, python-format ++msgid "Network protocol: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2261 ++msgid "Add user" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2263 ++msgid "Delete user" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2265 ++msgid "Modify user" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2268 ++#, python-format ++msgid "SELinux User : %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2273 ++#, python-format ++msgid "Roles: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2277 ../sepolicy/sepolicy/gui.py:2302 ++#, python-format ++msgid "MLS/MCS Range: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2286 ++msgid "Add login mapping" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2288 ++msgid "Delete login mapping" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2290 ++msgid "Modify login mapping" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2294 ++#, python-format ++msgid "Login Name : %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2298 ++#, python-format ++msgid "SELinux User: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2311 ++msgid "Add file equiv labeling." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2313 ++msgid "Delete file equiv labeling." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2315 ++msgid "Modify file equiv labeling." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2319 ++#, python-format ++msgid "File path : %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2323 ++#, python-format ++msgid "Equivalence: %s" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2354 ../sepolicy/sepolicy/sepolicy.glade:129 ++#: ../sepolicy/sepolicy/sepolicy.glade:1898 ++#: ../sepolicy/sepolicy/sepolicy.glade:3803 ++msgid "System" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2363 ../sepolicy/sepolicy/sepolicy.glade:95 ++msgid "File Equivalence" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2373 ../sepolicy/sepolicy/sepolicy.glade:112 ++msgid "Users" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2426 ++#, python-format ++msgid "" ++"Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the " ++"default %(DEF_CONTEXT)s?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2436 ../sepolicy/sepolicy/sepolicy.glade:4226 ++msgid "Update" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2438 ++msgid "Update Changes" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2440 ++msgid "Revert Changes" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2571 ++msgid "System Status: Enforcing" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2574 ++msgid "System Status: Permissive" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2638 ++msgid "" ++"Changing the policy type will cause a relabel of the entire file system on " ++"the next boot. Relabeling takes a long time depending on the size of the " ++"file system. Do you wish to continue?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2768 ++msgid "" ++"Changing to SELinux disabled requires a reboot. It is not recommended. If " ++"you later decide to turn SELinux back on, the system will be required to " ++"relabel. If you just want to see if SELinux is causing a problem on your " ++"system, you can go to permissive mode which will only log errors and not " ++"enforce SELinux policy. Permissive mode does not require a reboot. Do you " ++"wish to continue?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2772 ++msgid "" ++"Changing to SELinux enabled will cause a relabel of the entire file system " ++"on the next boot. Relabeling takes a long time depending on the size of the " ++"file system. Do you wish to continue?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2802 ++msgid "" ++"You are attempting to close the application without applying your changes.\n" ++" * To apply changes you have made during this session, click No and " ++"click Update.\n" ++" * To leave the application without applying your changes, click Yes. " ++"All changes that you have made during this session will be lost." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/gui.py:2802 ++msgid "Loss of data Dialog" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:75 ++msgid "regular file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:76 ++msgid "directory" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:77 ++msgid "character device" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:78 ++msgid "block device" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:79 ++msgid "socket file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:80 ++msgid "symbolic link" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:81 ++msgid "named pipe" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:130 ++msgid "No SELinux Policy installed" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:157 ++#, python-format ++msgid "Failed to read %s policy file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:418 ++#, python-format ++msgid "-- Allowed %s [ %s ]" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:831 ++msgid "You must regenerate interface info by running /usr/bin/sepolgen-ifgen" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/__init__.py:1150 ++msgid "unknown" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/interface.py:223 ++#, python-format ++msgid "Compiling %s interface" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/interface.py:231 ++#, python-format ++msgid "" ++"\n" ++"Compile test for %s failed.\n" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/interface.py:234 ++#, python-format ++msgid "" ++"\n" ++"Compile test for %s has not run. %s\n" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/interface.py:240 ++#, python-format ++msgid "" ++"\n" ++"Compiling of %s interface is not supported." ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:227 ++#, python-format ++msgid "Interface %s does not exist." ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:324 ++msgid "You need to install policycoreutils-gui package to use the gui option" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:329 ++msgid "Graphical User Interface for SELinux Policy" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:332 ../sepolicy/sepolicy.py:380 ++msgid "Domain name(s) of man pages to be created" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:345 ++msgid "Alternative root needs to be setup" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:362 ++msgid "Generate SELinux man pages" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:365 ++msgid "path in which the generated SELinux man pages will be stored" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:367 ++msgid "name of the OS for man pages" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:369 ++msgid "Generate HTML man pages structure for selected SELinux man page" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:371 ++msgid "Alternate root directory, defaults to /" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:373 ++msgid "" ++"With this flag, alternative root path needs to include file context files " ++"and policy.xml file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:377 ++msgid "All domains" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:386 ++msgid "Query SELinux policy network information" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:391 ++msgid "list all SELinux port types" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:394 ++msgid "show SELinux type related to the port" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:397 ++msgid "Show ports defined for this SELinux type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:400 ++msgid "show ports to which this domain can bind and/or connect" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:403 ++msgid "show ports to which this application can bind and/or connect" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:420 ++msgid "query SELinux policy to see if domains can communicate with each other" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:423 ++msgid "Source Domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:426 ++msgid "Target Domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:447 ++msgid "query SELinux Policy to see description of booleans" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:451 ++msgid "get all booleans descriptions" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:454 ++msgid "boolean to get description" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:466 ++msgid "" ++"query SELinux Policy to see how a source process domain can transition to " ++"the target process domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:469 ++msgid "source process domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:472 ++msgid "target process domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:517 ++#, python-format ++msgid "sepolicy generate: error: one of the arguments %s is required" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:522 ++msgid "Command required for this type of policy" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:533 ++#, python-format ++msgid "" ++"-t option can not be used with '%s' domains. Read usage for more details." ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:538 ++#, python-format ++msgid "" ++"-d option can not be used with '%s' domains. Read usage for more details." ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:542 ++#, python-format ++msgid "" ++"-a option can not be used with '%s' domains. Read usage for more details." ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:546 ++msgid "-w option can not be used with the --newtype option" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:567 ++msgid "List SELinux Policy interfaces" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:587 ++msgid "Enter interface names, you wish to query" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:597 ++msgid "Generate SELinux Policy module template" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:600 ++msgid "Enter domain type which you will be extending" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:603 ++msgid "Enter SELinux user(s) which will transition to this domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:606 ++msgid "Enter SELinux role(s) to which the administror domain will transition" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:609 ++msgid "Enter domain(s) which this confined admin will administrate" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:612 ++msgid "name of policy to generate" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:619 ++msgid "path in which the generated policy files will be stored" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:621 ++msgid "path to which the confined processes will need to write" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:622 ++msgid "Policy types which require a command" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:626 ../sepolicy/sepolicy.py:629 ++#: ../sepolicy/sepolicy.py:632 ../sepolicy/sepolicy.py:635 ++#: ../sepolicy/sepolicy.py:638 ../sepolicy/sepolicy.py:644 ++#: ../sepolicy/sepolicy.py:647 ../sepolicy/sepolicy.py:650 ++#: ../sepolicy/sepolicy.py:656 ../sepolicy/sepolicy.py:659 ++#: ../sepolicy/sepolicy.py:662 ../sepolicy/sepolicy.py:665 ++#, python-format ++msgid "Generate '%s' policy" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:653 ++#, python-format ++msgid "Generate '%s' policy " ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:667 ++msgid "executable to confine" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:672 ++msgid "commands" ++msgstr "" ++ ++#: ../sepolicy/sepolicy.py:675 ++msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:25 ++#: ../sepolicy/sepolicy/sepolicy.glade:4330 ++msgid "Applications" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:52 ++msgid "Select domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:189 ++#: ../sepolicy/sepolicy/sepolicy.glade:4367 ++#: ../sepolicy/sepolicy/sepolicy.glade:4460 ++#: ../sepolicy/sepolicy/sepolicy.glade:4606 ++#: ../sepolicy/sepolicy/sepolicy.glade:4755 ++#: ../sepolicy/sepolicy/sepolicy.glade:4889 ++#: ../sepolicy/sepolicy/sepolicy.glade:5030 ++#: ../sepolicy/sepolicy/sepolicy.glade:5103 ++#: ../sepolicy/sepolicy/sepolicy.glade:5238 ++msgid "Select" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:204 ++#: ../sepolicy/sepolicy/sepolicy.glade:539 ++#: ../sepolicy/sepolicy/sepolicy.glade:684 ++#: ../sepolicy/sepolicy/sepolicy.glade:1239 ++#: ../sepolicy/sepolicy/sepolicy.glade:1535 ++#: ../sepolicy/sepolicy/sepolicy.glade:4540 ++#: ../sepolicy/sepolicy/sepolicy.glade:4690 ++#: ../sepolicy/sepolicy/sepolicy.glade:4821 ++#: ../sepolicy/sepolicy/sepolicy.glade:4955 ++#: ../sepolicy/sepolicy/sepolicy.glade:5173 ++#: ../sepolicy/sepolicy/sepolicy.glade:5304 ++#: ../sepolicy/sepolicy/sepolicy.glade:5464 ++msgid "Cancel" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:332 ++msgid "" ++"The entry that was entered is incorrect. Please try again in the " ++"ex:/.../... format." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:358 ++msgid "Retry" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:442 ++#: ../sepolicy/sepolicy/sepolicy.glade:1120 ++#: ../sepolicy/sepolicy/sepolicy.glade:1368 ++#: ../sepolicy/sepolicy/sepolicy.glade:5332 ++msgid "Network Port Definitions" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:458 ++msgid "" ++"Add file Equivalence Mapping. Mapping will be created when Update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:483 ++#: ../sepolicy/sepolicy/sepolicy.glade:4046 ++msgid "Path" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:493 ++#: ../sepolicy/sepolicy/sepolicy.glade:5384 ++msgid "" ++"Specify a new SELinux user name. By convention SELinux User names usually " ++"end in an _u." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:497 ++msgid "Enter the path to which you want to setup an equivalence label." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:510 ++#: ../sepolicy/sepolicy/sepolicy.glade:4063 ++#: ../sepolicy/sepolicy/sepolicy.glade:4781 ++msgid "Equivalence Path" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:524 ++#: ../sepolicy/sepolicy/sepolicy.glade:669 ++#: ../sepolicy/sepolicy/sepolicy.glade:1224 ++#: ../sepolicy/sepolicy/sepolicy.glade:1520 ++#: ../sepolicy/sepolicy/sepolicy.glade:5449 ++msgid "Save to update" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:564 ++msgid "" ++"Specify the mapping between the new path and the equivalence path. " ++"Everything under this new path will be labeled as if they were under the " ++"equivalence path." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:621 ++msgid "Add a file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:638 ++msgid "" ++" File Labeling for . File labels will be created " ++"when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:711 ++#: ../sepolicy/sepolicy/sepolicy.glade:1485 ++msgid "MLS" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:747 ++#: ../sepolicy/sepolicy/sepolicy.glade:2306 ++#: ../sepolicy/sepolicy/sepolicy.glade:2418 ++#: ../sepolicy/sepolicy/sepolicy.glade:2540 ++#: ../sepolicy/sepolicy/sepolicy.glade:4500 ++msgid "Class" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:763 ++msgid "Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:777 ++msgid "" ++"Select the file class to which this label will be applied. Defaults to all " ++"classes." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:804 ++msgid "Make Path Recursive" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:808 ++msgid "" ++"Select Make Path Recursive if you want to apply this label to all children " ++"of the specified directory path. objects under the directory to have this " ++"label." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:821 ++msgid "Browse" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:825 ++msgid "Browse to select the file/directory for labeling." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:869 ++msgid "Path " ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:880 ++msgid "" ++"Specify the path using regular expressions that you would like to modify the " ++"labeling." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:902 ++msgid "Select the SELinux file type to assign to this path." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:929 ++msgid "Enter the MLS Label to assign to this file path." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:933 ++msgid "SELinux MLS Label you wish to assign to this path." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1070 ++msgid "Analyzing Policy..." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1137 ++msgid "" ++"Add Login Mapping. Login Mapping will be created when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1172 ++msgid "" ++"Enter the login user name of the user to which you wish to add SELinux User " ++"confinement." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1201 ++msgid "" ++"Select the SELinux User to assign to this login user. Login users by " ++"default get assigned by the __default__ user." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1264 ++msgid "" ++"Enter MLS/MCS Range for this login User. Defaults to the range for the " ++"Selected SELinux User." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1267 ++#: ../sepolicy/sepolicy/sepolicy.glade:3192 ++#: ../sepolicy/sepolicy/sepolicy.glade:3313 ++#: ../sepolicy/sepolicy/sepolicy.glade:5414 ++msgid "MLS Range" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1279 ++msgid "" ++"Specify the MLS Range for this user to login in with. Defaults to the " ++"selected SELinux Users MLS Range." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1385 ++msgid "" ++" Network Port for . Ports will be created when " ++"update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1423 ++msgid "Enter the port number or range to which you want to add a port type." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1439 ++#: ../sepolicy/sepolicy/sepolicy.glade:2658 ++#: ../sepolicy/sepolicy/sepolicy.glade:2756 ++#: ../sepolicy/sepolicy/sepolicy.glade:4633 ++msgid "Protocol" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1453 ++msgid "Port Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1498 ++msgid "Select the port type you want to assign to the specified port number." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1562 ++msgid "tcp" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1566 ++msgid "" ++"Select tcp if the port type should be assigned to tcp port numbers." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1579 ++msgid "udp" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1583 ++msgid "" ++"Select udp if the port type should be assigned to udp port numbers." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1605 ++msgid "Enter the MLS Label to assign to this port." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1707 ++msgid "SELinux Configuration" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1743 ++msgid "Select..." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1792 ++#: ../sepolicy/sepolicy/sepolicy.glade:2212 ++msgid "Booleans" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1796 ++msgid "" ++"Display boolean information that can be used to modify the policy for the " ++"'selected domain'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1810 ++#: ../sepolicy/sepolicy/sepolicy.glade:2597 ++msgid "Files" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1814 ++msgid "" ++"Display file type information that can be used by the 'selected domain'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1828 ++#: ../sepolicy/sepolicy/sepolicy.glade:2830 ++msgid "Network" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1832 ++msgid "" ++"Display network ports to which the 'selected domain' can connect or listen " ++"to." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1846 ++#: ../sepolicy/sepolicy/sepolicy.glade:3121 ++msgid "Transitions" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1850 ++msgid "" ++"Display applications that can transition into or out of the 'selected " ++"domain'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1864 ++#: ../sepolicy/sepolicy/sepolicy.glade:3222 ++msgid "Login Mapping" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1867 ++#: ../sepolicy/sepolicy/sepolicy.glade:1884 ++#: ../sepolicy/sepolicy/sepolicy.glade:1901 ++msgid "Manage the SELinux configuration" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1881 ++#: ../sepolicy/sepolicy/sepolicy.glade:3344 ++msgid "SELinux Users" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1915 ++#: ../sepolicy/sepolicy/sepolicy.glade:4016 ++msgid "Lockdown" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1918 ++msgid "" ++"Lockdown the SELinux System.\n" ++"This screen can be used to turn up the SELinux Protections." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1933 ++msgid "radiobutton" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:1993 ++msgid "Filter" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2021 ++msgid "Show Modified Only" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2060 ++msgid "Mislabeled files exist" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2080 ++msgid "Show mislabeled files only" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2120 ++#: ../sepolicy/sepolicy/sepolicy.glade:3244 ++msgid "" ++"If-Then-Else rules written in policy that can\n" ++"allow alternative access control." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2132 ++msgid "Enabled" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2183 ++msgid "Name" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2252 ++#: ../sepolicy/sepolicy/sepolicy.glade:2364 ++#: ../sepolicy/sepolicy/sepolicy.glade:2482 ++#: ../sepolicy/sepolicy/sepolicy.glade:4473 ++#: ../sepolicy/sepolicy/sepolicy.glade:4768 ++msgid "File Path" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2288 ++#: ../sepolicy/sepolicy/sepolicy.glade:2399 ++msgid "SELinux File Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2332 ++msgid "File path used to enter the 'selected domain'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2333 ++msgid "Executable Files" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2448 ++msgid "Files to which the 'selected domain' can write." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2449 ++msgid "Writable files" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2571 ++msgid "File Types defined for the 'selected domain'." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2572 ++msgid "Application File Types" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2639 ++#: ../sepolicy/sepolicy/sepolicy.glade:2738 ++#: ../sepolicy/sepolicy/sepolicy.glade:4619 ++msgid "Port" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2704 ++msgid "Network Ports to which the 'selected domain' is allowed to connect." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2705 ++msgid "Outbound" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2804 ++msgid "Network Ports to which the 'selected domain' is allowed to listen." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2805 ++msgid "Inbound" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2866 ++#: ../sepolicy/sepolicy/sepolicy.glade:2956 ++msgid "" ++"Boolean\n" ++"Enabled" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2892 ++msgid "Boolean name" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2909 ++msgid "SELinux Application Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2930 ++msgid "" ++"Executables which will transition to a different domain, when the 'selected " ++"domain' executes them." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2933 ++msgid "Application Transitions From 'select domain'" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2972 ++msgid "Calling Process Domain" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:2988 ++msgid "Executable File" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3012 ++msgid "" ++"Executables which will transition to the 'selected domain', when executing a " ++"selected domains entrypoint." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3013 ++msgid "Application Transitions Into 'select domain'" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3028 ++msgid "" ++"File Transitions define what happens when the current domain creates the " ++"content of a particular class in a directory of the destination type. " ++"Optionally a file name could be specified for the transition." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3036 ++msgid "SELinux Directory Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3049 ++msgid "Destination Class" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3063 ++msgid "SELinux Destination Type" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3076 ++msgid "File Name" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3098 ++msgid "File Transitions From 'select domain'" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3297 ++#: ../sepolicy/sepolicy/sepolicy.glade:5508 ++msgid "Default Level" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3383 ++msgid "Select the system mode when the system first boots up" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3395 ++#: ../sepolicy/sepolicy/sepolicy.glade:3469 ++msgid "Enforcing" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3414 ++#: ../sepolicy/sepolicy/sepolicy.glade:3487 ++msgid "Permissive" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3456 ++msgid "Select the system mode for the current session" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3533 ++msgid "System Policy Type:" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3594 ++msgid "System Mode" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3632 ++msgid "Import system settings from another machine" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3640 ++msgid "Import" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3659 ++msgid "Export system settings to a file" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3669 ++msgid "Export" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3688 ++msgid "Relabel all files back to system defaults on reboot" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3783 ++msgid "System Configuration" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3830 ++#: ../sepolicy/sepolicy/sepolicy.glade:3848 ++msgid "" ++"An unconfined domain is a process label that allows the process to do what " ++"it wants, without SELinux interfering. Applications started at boot by the " ++"init system that SELinux do not have defined SELinux policy will run as " ++"unconfined if this module is enabled. Disabling it means all daemons will " ++"now be confined. To disable the unconfined_t user you must first remove " ++"unconfined_t from the users/login screens." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3866 ++msgid "Disable ability to run unconfined system processes?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3894 ++#: ../sepolicy/sepolicy/sepolicy.glade:3911 ++#: ../sepolicy/sepolicy/sepolicy.glade:3957 ++#: ../sepolicy/sepolicy/sepolicy.glade:3974 ++msgid "" ++"A permissive domain is a process label that allows the process to do what it " ++"wants, with SELinux only logging the denials, but not enforcing them. " ++"Usually permissive domains indicate experimental policy, disabling the " ++"module could cause SELinux to deny access to a domain, that should be " ++"allowed." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3929 ++msgid "Disable all permissive processes?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:3995 ++msgid "Deny all processes from ptracing or debugging other processes?" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4032 ++msgid "" ++"File equivalence cause the system to label content under the new path as if " ++"it were under the equivalence path." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4088 ++msgid "Files Equivalence" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4101 ++msgid "...SELECT TO VIEW DATA..." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4132 ++msgid "Delete" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4148 ++msgid "Modify" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4163 ++msgid "Add" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4209 ++msgid "Revert" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4214 ++msgid "" ++"Revert button will launch a dialog window which allows you to revert changes " ++"within the current transaction." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4231 ++msgid "Commit all changes in your current transaction to the server." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4279 ++msgid "Applications - Advanced Search" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4344 ++msgid "Process Types" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4385 ++msgid "More Details" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4421 ++#: ../sepolicy/sepolicy/sepolicy.glade:4715 ++msgid "Delete Modified File Labeling" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4439 ++msgid "" ++"Select file labeling to delete. File labeling will be deleted when update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4486 ++msgid "SELinux File Label" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4525 ++#: ../sepolicy/sepolicy/sepolicy.glade:4675 ++#: ../sepolicy/sepolicy/sepolicy.glade:4806 ++#: ../sepolicy/sepolicy/sepolicy.glade:4940 ++#: ../sepolicy/sepolicy/sepolicy.glade:5289 ++msgid "Save to Update" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4565 ++msgid "Delete Modified Ports" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4583 ++msgid "Select ports to delete. Ports will be deleted when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4733 ++msgid "" ++"Select file equivalence labeling to delete. File equivalence labeling will " ++"be deleted when update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4849 ++#: ../sepolicy/sepolicy/sepolicy.glade:5198 ++msgid "Delete Modified Users Mapping." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4867 ++msgid "" ++"Select login user mapping to delete. Login user mapping will be deleted when " ++"update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4902 ++msgid "Login name" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:4983 ++msgid "More Types" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5010 ++msgid "Types" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5069 ++msgid "" ++"Review the updates you have made before committing them to the system. To " ++"reset an item, uncheck the checkbox. All items checked will be updated in " ++"the system when you select update." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5132 ++msgid "Action" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5158 ++msgid "Apply" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5216 ++msgid "" ++"Select users mapping to delete.Users mapping will be deleted when update is " ++"applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5264 ++msgid "SELinux Username" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5349 ++msgid "" ++"Add User Roles. SELinux User Roles will be created when Update is applied." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5374 ++msgid "SELinux User Name" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5489 ++msgid "" ++"Enter MLS/MCS Range for this SELinux User.\n" ++"s0-s0:c1023" ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5520 ++msgid "" ++"Specify the default level that you would like this SELinux user to login " ++"with. Defaults to s0." ++msgstr "" ++ ++#: ../sepolicy/sepolicy/sepolicy.glade:5524 ++msgid "Enter Default Level for SELinux User to login with. Default s0" ++msgstr "" +diff --git a/sandbox/po/sandbox.pot b/sandbox/po/sandbox.pot +new file mode 100644 +index 00000000..328b4f01 +--- /dev/null ++++ b/sandbox/po/sandbox.pot +@@ -0,0 +1,157 @@ ++# SOME DESCRIPTIVE TITLE. ++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER ++# This file is distributed under the same license as the PACKAGE package. ++# FIRST AUTHOR , YEAR. ++# ++#, fuzzy ++msgid "" ++msgstr "" ++"Project-Id-Version: PACKAGE VERSION\n" ++"Report-Msgid-Bugs-To: \n" ++"POT-Creation-Date: 2018-08-06 14:22+0200\n" ++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" ++"Last-Translator: FULL NAME \n" ++"Language-Team: LANGUAGE \n" ++"Language: \n" ++"MIME-Version: 1.0\n" ++"Content-Type: text/plain; charset=CHARSET\n" ++"Content-Transfer-Encoding: 8bit\n" ++ ++#: ../sandbox:119 ++#, python-format ++msgid "Do you want to save changes to '%s' (Y/N): " ++msgstr "" ++ ++#: ../sandbox:120 ++msgid "Sandbox Message" ++msgstr "" ++ ++#: ../sandbox:132 ++#, python-format ++msgid "Do you want to save changes to '%s' (y/N): " ++msgstr "" ++ ++#: ../sandbox:133 ++msgid "[yY]" ++msgstr "" ++ ++#: ../sandbox:156 ++msgid "User account must be setup with an MCS Range" ++msgstr "" ++ ++#: ../sandbox:184 ++msgid "" ++"Failed to find any unused category sets. Consider a larger MCS range for " ++"this user." ++msgstr "" ++ ++#: ../sandbox:215 ++msgid "Homedir and tempdir required for level mounts" ++msgstr "" ++ ++#: ../sandbox:218 ../sandbox:229 ../sandbox:234 ++#, python-format ++msgid "" ++"\n" ++"%s is required for the action you want to perform.\n" ++msgstr "" ++ ++#: ../sandbox:305 ++#, python-format ++msgid "" ++"\n" ++"Policy defines the following types for use with the -t:\n" ++"\t%s\n" ++msgstr "" ++ ++#: ../sandbox:312 ++#, python-format ++msgid "" ++"\n" ++"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I " ++"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t " ++"type ] command\n" ++"\n" ++"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I " ++"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t " ++"type ] -S\n" ++"%s\n" ++msgstr "" ++ ++#: ../sandbox:324 ++msgid "include file in sandbox" ++msgstr "" ++ ++#: ../sandbox:327 ++msgid "read list of files to include in sandbox from INCLUDEFILE" ++msgstr "" ++ ++#: ../sandbox:329 ++msgid "run sandbox with SELinux type" ++msgstr "" ++ ++#: ../sandbox:332 ++msgid "mount new home and/or tmp directory" ++msgstr "" ++ ++#: ../sandbox:336 ++msgid "dots per inch for X display" ++msgstr "" ++ ++#: ../sandbox:339 ++msgid "run complete desktop session within sandbox" ++msgstr "" ++ ++#: ../sandbox:342 ++msgid "Shred content before tempory directories are removed" ++msgstr "" ++ ++#: ../sandbox:346 ++msgid "run X application within a sandbox" ++msgstr "" ++ ++#: ../sandbox:352 ++msgid "alternate home directory to use for mounting" ++msgstr "" ++ ++#: ../sandbox:357 ++msgid "alternate /tmp directory to use for mounting" ++msgstr "" ++ ++#: ../sandbox:366 ++msgid "alternate window manager" ++msgstr "" ++ ++#: ../sandbox:369 ++msgid "MCS/MLS level for the sandbox" ++msgstr "" ++ ++#: ../sandbox:385 ++msgid "" ++"Sandbox Policy is not currently installed.\n" ++"You need to install the selinux-policy-sandbox package in order to run this " ++"command" ++msgstr "" ++ ++#: ../sandbox:397 ++msgid "" ++"You must specify a Homedir and tempdir when setting up a session sandbox" ++msgstr "" ++ ++#: ../sandbox:399 ++msgid "Commands are not allowed in a session sandbox" ++msgstr "" ++ ++#: ../sandbox:409 ++msgid "Command required" ++msgstr "" ++ ++#: ../sandbox:412 ++#, python-format ++msgid "%s is not an executable" ++msgstr "" ++ ++#: ../sandbox:535 ++#, python-format ++msgid "Invalid value %s" ++msgstr "" +-- +2.21.0 + diff --git a/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch new file mode 100644 index 0000000..1149a84 --- /dev/null +++ b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch @@ -0,0 +1,31 @@ +From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 21 Mar 2018 08:51:31 +0100 +Subject: [PATCH 16/20] policycoreutils/setfiles: Improve description of -d + switch + +The "-q" switch is becoming obsolete (completely unused in fedora) and +debug output ("-d" switch) makes sense in any scenario. Therefore both +options can be specified at once. + +Resolves: rhbz#1271327 +--- + policycoreutils/setfiles/setfiles.8 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 +index ccaaf4de..a8a76c86 100644 +--- a/policycoreutils/setfiles/setfiles.8 ++++ b/policycoreutils/setfiles/setfiles.8 +@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy. + .TP + .B \-d + show what specification matched each file (do not abort validation +-after ABORT_ON_ERRORS errors). ++after ABORT_ON_ERRORS errors). Not affected by "\-q" + .TP + .BI \-e \ directory + directory to exclude (repeat option for more than one directory). +-- +2.21.0 + diff --git a/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch b/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch new file mode 100644 index 0000000..382e4ea --- /dev/null +++ b/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch @@ -0,0 +1,71 @@ +From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001 +From: Masatake YAMATO +Date: Thu, 14 Dec 2017 15:57:58 +0900 +Subject: [PATCH 17/20] sepolicy-generate: Handle more reserved port types + +Currently only reserved_port_t, port_t and hi_reserved_port_t are +handled as special when making a ports-dictionary. However, as fas as +corenetwork.te.in of serefpolicy, unreserved_port_t and +ephemeral_port_t should be handled in the same way, too. + +(Details) I found the need of this change when I was using +selinux-polgengui. Though tcp port 12345, which my application may +use, was given to the gui, selinux-polgengui generates expected te +file and sh file which didn't utilize the tcp port. + +selinux-polgengui checks whether a port given via gui is already typed +or not. + +If it is already typed, selinux-polgengui generates a te file having +rules to allow the application to use the port. (A) + +If not, it seems for me that selinux-polgengui is designed to generate +a te file having rules to allow the application to own(?) the port; +and a sh file having a command line to assign the application own type +to the port. (B) + +As we can see the output of `semanage port -l' some of ports for +specified purpose have types already. The important point is that the +rest of ports also have types already: + + hi_reserved_port_t tcp 512-1023 + hi_reserved_port_t udp 512-1023 + unreserved_port_t tcp 1024-32767, 61001-65535 + unreserved_port_t udp 1024-32767, 61001-65535 + ephemeral_port_t tcp 32768-61000 + ephemeral_port_t udp 32768-61000 + +As my patch shows, the original selinux-polgengui ignored +hi_reserved_port_t; though hi_reserved_port_t is assigned, +selinux-polgengui considered ports 512-1023 are not used. As the +result selinux-polgengui generates file sets of (B). + +For the purpose of selinux-polgengui, I think unreserved_port_t and +ephemeral_port_t are treated as the same as hi_reserved_port_t. + +Signed-off-by: Masatake YAMATO + +Fedora only patch: +https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redhat.com/ +--- + python/sepolicy/sepolicy/generate.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py +index 7175d36b..93caedee 100644 +--- a/python/sepolicy/sepolicy/generate.py ++++ b/python/sepolicy/sepolicy/generate.py +@@ -100,7 +100,9 @@ def get_all_ports(): + for p in sepolicy.info(sepolicy.PORT): + if p['type'] == "reserved_port_t" or \ + p['type'] == "port_t" or \ +- p['type'] == "hi_reserved_port_t": ++ p['type'] == "hi_reserved_port_t" or \ ++ p['type'] == "ephemeral_port_t" or \ ++ p['type'] == "unreserved_port_t": + continue + dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) + return dict +-- +2.21.0 + diff --git a/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch new file mode 100644 index 0000000..a3771a0 --- /dev/null +++ b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch @@ -0,0 +1,24 @@ +From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 8 Nov 2018 09:20:58 +0100 +Subject: [PATCH 18/20] semodule-utils: Fix RESOURCE_LEAK coverity scan defects + +--- + semodule-utils/semodule_package/semodule_package.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c +index 3515234e..7b75b3fd 100644 +--- a/semodule-utils/semodule_package/semodule_package.c ++++ b/semodule-utils/semodule_package/semodule_package.c +@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len) + } + if (!sb.st_size) { + *len = 0; ++ close(fd); + return 0; + } + +-- +2.21.0 + diff --git a/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch new file mode 100644 index 0000000..84d6a67 --- /dev/null +++ b/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch @@ -0,0 +1,74 @@ +From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Wed, 18 Jul 2018 09:09:35 +0200 +Subject: [PATCH 19/20] sandbox: Use matchbox-window-manager instead of openbox + +--- + sandbox/sandbox | 4 ++-- + sandbox/sandbox.8 | 2 +- + sandbox/sandboxX.sh | 14 -------------- + 3 files changed, 3 insertions(+), 17 deletions(-) + +diff --git a/sandbox/sandbox b/sandbox/sandbox +index a12403b3..707959a6 100644 +--- a/sandbox/sandbox ++++ b/sandbox/sandbox +@@ -268,7 +268,7 @@ class Sandbox: + copyfile(f, "/tmp", self.__tmpdir) + copyfile(f, "/var/tmp", self.__tmpdir) + +- def __setup_sandboxrc(self, wm="/usr/bin/openbox"): ++ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"): + execfile = self.__homedir + "/.sandboxrc" + fd = open(execfile, "w+") + if self.__options.session: +@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- + + parser.add_option("-W", "--windowmanager", dest="wm", + type="string", +- default="/usr/bin/openbox", ++ default="/usr/bin/matchbox-window-manager", + help=_("alternate window manager")) + + parser.add_option("-l", "--level", dest="level", +diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8 +index d83fee76..90ef4951 100644 +--- a/sandbox/sandbox.8 ++++ b/sandbox/sandbox.8 +@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz + \fB\-W\fR \fB\-\-windowmanager\fR + Select alternative window manager to run within + .B sandbox \-X. +-Default to /usr/bin/openbox. ++Default to /usr/bin/matchbox-window-manager. + .TP + \fB\-X\fR + Create an X based Sandbox for gui apps, temporary files for +diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh +index 47745280..c211ebc1 100644 +--- a/sandbox/sandboxX.sh ++++ b/sandbox/sandboxX.sh +@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8 + [ -z $2 ] && export DPI="96" || export DPI="$2" + trap "exit 0" HUP + +-mkdir -p ~/.config/openbox +-cat > ~/.config/openbox/rc.xml << EOF +- +- +- +- no +- all +- yes +- +- +- +-EOF +- + (/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do + export DISPLAY=:$D + cat > ~/seremote << __EOF +-- +2.21.0 + diff --git a/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch new file mode 100644 index 0000000..6f2d075 --- /dev/null +++ b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch @@ -0,0 +1,45 @@ +From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 3 Dec 2018 14:40:09 +0100 +Subject: [PATCH 20/20] python: Use ipaddress instead of IPy + +ipaddress module was added in python 3.3 and this allows us to drop python3-IPy +--- + python/semanage/seobject.py | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py +index b90b1070..58497e3b 100644 +--- a/python/semanage/seobject.py ++++ b/python/semanage/seobject.py +@@ -32,7 +32,7 @@ from semanage import * + PROGNAME = "selinux-python" + import sepolicy + import setools +-from IPy import IP ++import ipaddress + + try: + import gettext +@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords): + + # verify valid comination + if len(mask) == 0 or mask[0] == "/": +- i = IP(addr + mask) +- newaddr = i.strNormal(0) +- newmask = str(i.netmask()) +- if newmask == "0.0.0.0" and i.version() == 6: ++ i = ipaddress.ip_network(addr + mask) ++ newaddr = str(i.network_address) ++ newmask = str(i.netmask) ++ if newmask == "0.0.0.0" and i.version == 6: + newmask = "::" + +- protocol = "ipv%d" % i.version() ++ protocol = "ipv%d" % i.version + + try: + newprotocol = self.protocol.index(protocol) +-- +2.21.0 + diff --git a/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch new file mode 100644 index 0000000..f4a0800 --- /dev/null +++ b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch @@ -0,0 +1,93 @@ +From 6051f6a56d0ad63fc8aa7c806d43b0594652a0b9 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 4 Apr 2019 23:02:56 +0200 +Subject: [PATCH] python/semanage: Do not traceback when the default policy is + not available + +"import seobject" causes "import sepolicy" which crashes when the system policy +is not available. It's better to provide an error message instead. + +Signed-off-by: Petr Lautrbach +--- + python/semanage/semanage | 37 +++++++++++++++++++++---------------- + 1 file changed, 21 insertions(+), 16 deletions(-) + +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 56db3e0d..4c766ae3 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -25,7 +25,6 @@ + + import traceback + import argparse +-import seobject + import sys + PROGNAME = "selinux-python" + try: +@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action): + sys.exit(1) + setattr(namespace, self.dest, values) + +-# define dictonary for seobject OBEJCTS +-object_dict = { +- 'login': seobject.loginRecords, +- 'user': seobject.seluserRecords, +- 'port': seobject.portRecords, +- 'module': seobject.moduleRecords, +- 'interface': seobject.interfaceRecords, +- 'node': seobject.nodeRecords, +- 'fcontext': seobject.fcontextRecords, +- 'boolean': seobject.booleanRecords, +- 'permissive': seobject.permissiveRecords, +- 'dontaudit': seobject.dontauditClass, +- 'ibpkey': seobject.ibpkeyRecords, +- 'ibendport': seobject.ibendportRecords +-} + + def generate_custom_usage(usage_text, usage_dict): + # generate custom usage from given text and dictonary +@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers): + + + def handleModule(args): ++ import seobject + OBJECT = seobject.moduleRecords(args) + if args.action_add: + OBJECT.add(args.action_add[0], args.priority) +@@ -846,6 +831,7 @@ def mkargv(line): + + + def handleImport(args): ++ import seobject + trans = seobject.semanageRecords(args) + trans.start() + +@@ -887,6 +873,25 @@ def createCommandParser(): + #To add a new subcommand define the parser for it in a function above and call it here. + subparsers = commandParser.add_subparsers(dest='subcommand') + subparsers.required = True ++ ++ import seobject ++ # define dictonary for seobject OBEJCTS ++ global object_dict ++ object_dict = { ++ 'login': seobject.loginRecords, ++ 'user': seobject.seluserRecords, ++ 'port': seobject.portRecords, ++ 'module': seobject.moduleRecords, ++ 'interface': seobject.interfaceRecords, ++ 'node': seobject.nodeRecords, ++ 'fcontext': seobject.fcontextRecords, ++ 'boolean': seobject.booleanRecords, ++ 'permissive': seobject.permissiveRecords, ++ 'dontaudit': seobject.dontauditClass, ++ 'ibpkey': seobject.ibpkeyRecords, ++ 'ibendport': seobject.ibendportRecords ++ } ++ + setupImportParser(subparsers) + setupExportParser(subparsers) + setupLoginParser(subparsers) +-- +2.21.0 + diff --git a/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch new file mode 100644 index 0000000..7fb0ec5 --- /dev/null +++ b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch @@ -0,0 +1,108 @@ +From 99582e3bf63475b7af5793bb9230e88d847dc7c8 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 2 Jul 2019 17:11:32 +0200 +Subject: [PATCH 22/23] policycoreutils/fixfiles: Fix [-B] [-F] onboot + +Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel" +command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes +`fixfiles -B onboot` to show usage instead of updating /.autorelabel + +The code is restructured to handle -B for different modes correctly. + +Fixes: + # fixfiles -B onboot + Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel + ... + +Signed-off-by: Petr Lautrbach +--- + policycoreutils/scripts/fixfiles | 29 +++++++++++++++-------------- + 1 file changed, 15 insertions(+), 14 deletions(-) + +diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles +index 53d28c7b..9dd44213 100755 +--- a/policycoreutils/scripts/fixfiles ++++ b/policycoreutils/scripts/fixfiles +@@ -112,7 +112,7 @@ VERBOSE="-p" + FORCEFLAG="" + RPMFILES="" + PREFC="" +-RESTORE_MODE="DEFAULT" ++RESTORE_MODE="" + SETFILES=/sbin/setfiles + RESTORECON=/sbin/restorecon + FILESYSTEMSRW=`get_rw_labeled_mounts` +@@ -214,16 +214,17 @@ restore () { + OPTION=$1 + shift + +-case "$RESTORE_MODE" in +- PREFC) +- diff_filecontext $* +- return +- ;; +- BOOTTIME) ++# [-B | -N time ] ++if [ -z "$BOOTTIME" ]; then + newer $BOOTTIME $* + return +- ;; +-esac ++fi ++ ++# -C PREVIOUS_FILECONTEXT ++if [ "$RESTORE_MODE" == PREFC ]; then ++ diff_filecontext $* ++ return ++fi + + [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon + +@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in + FILEPATH) + ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH" + ;; +- DEFAULT) ++ *) + if [ -n "${FILESYSTEMSRW}" ]; then + LogReadOnly + echo "${OPTION}ing `echo ${FILESYSTEMSRW}`" +@@ -272,7 +273,7 @@ fullrelabel() { + + + relabel() { +- if [ "$RESTORE_MODE" != DEFAULT ]; then ++ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then + usage + exit 1 + fi +@@ -306,7 +307,7 @@ case "$1" in + verify) restore Verify -n;; + relabel) relabel;; + onboot) +- if [ "$RESTORE_MODE" != DEFAULT ]; then ++ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then + usage + exit 1 + fi +@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then + fi + + set_restore_mode() { +- if [ "$RESTORE_MODE" != DEFAULT ]; then ++ if [ -n "$RESTORE_MODE" ]; then + # can't specify two different modes + usage + exit 1 +@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do + case "$i" in + B) + BOOTTIME=`/bin/who -b | awk '{print $3}'` +- set_restore_mode BOOTTIME ++ set_restore_mode DEFAULT + ;; + N) + BOOTTIME=$OPTARG +-- +2.22.0 + diff --git a/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch new file mode 100644 index 0000000..e0b7e1b --- /dev/null +++ b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch @@ -0,0 +1,33 @@ +From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 2 Jul 2019 17:12:07 +0200 +Subject: [PATCH 23/23] policycoreutils/fixfiles: Force full relabel when + SELinux is disabled + +The previous check used getfilecon to check whether / slash contains a label, +but getfilecon fails only when SELinux is disabled. Therefore it's better to +check this using selinuxenabled. + +Signed-off-by: Petr Lautrbach +--- + policycoreutils/scripts/fixfiles | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles +index 9dd44213..a9d27d13 100755 +--- a/policycoreutils/scripts/fixfiles ++++ b/policycoreutils/scripts/fixfiles +@@ -314,8 +314,8 @@ case "$1" in + > /.autorelabel || exit $? + [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel + [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel +- # Force full relabel if / does not have a label on it +- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel ++ # Force full relabel if SELinux is not enabled ++ selinuxenabled || echo -F > /.autorelabel + echo "System will relabel on next boot" + ;; + *) +-- +2.22.0 + diff --git a/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch new file mode 100644 index 0000000..b05c325 --- /dev/null +++ b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch @@ -0,0 +1,32 @@ +From 7383f8fbab82826de21d3013a43680867642e49e Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Wed, 21 Aug 2019 17:43:25 +0200 +Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem + +Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix +[-B] [-F] onboot"), which broke "fixfiles relabel": + + #fixfiles relabel + /sbin/fixfiles: line 151: $1: unbound variable + +Resolves: rhbz#1743213 +--- + policycoreutils/scripts/fixfiles | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles +index a9d27d13..df0042aa 100755 +--- a/policycoreutils/scripts/fixfiles ++++ b/policycoreutils/scripts/fixfiles +@@ -215,7 +215,7 @@ OPTION=$1 + shift + + # [-B | -N time ] +-if [ -z "$BOOTTIME" ]; then ++if [ -n "$BOOTTIME" ]; then + newer $BOOTTIME $* + return + fi +-- +2.17.2 + diff --git a/SOURCES/policycoreutils-fedora.patch b/SOURCES/policycoreutils-fedora.patch deleted file mode 100644 index d7d40a5..0000000 --- a/SOURCES/policycoreutils-fedora.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff --git policycoreutils-2.8/newrole/newrole.1 policycoreutils-2.8/newrole/newrole.1 -index 0d9738a..893c42f 100644 ---- policycoreutils-2.8/newrole/newrole.1 -+++ policycoreutils-2.8/newrole/newrole.1 -@@ -44,7 +44,7 @@ specified by that range. If the - or - .B --preserve-environment - option is specified, the shell with the new SELinux context will preserve environment variables, --otherwise a new minimal enviroment is created. -+otherwise a new minimal environment is created. - .PP - Additional arguments - .I ARGS -diff --git policycoreutils-2.8/po/Makefile policycoreutils-2.8/po/Makefile -index 575e143..18bc1df 100644 ---- policycoreutils-2.8/po/Makefile -+++ policycoreutils-2.8/po/Makefile -@@ -3,7 +3,6 @@ - # - - PREFIX ?= /usr --TOP = ../.. - - # What is this package? - NLSPACKAGE = policycoreutils -@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) - - POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) - MOFILES = $(patsubst %.po,%.mo,$(POFILES)) --POTFILES = \ -- ../run_init/open_init_pty.c \ -- ../run_init/run_init.c \ -- ../semodule_link/semodule_link.c \ -- ../audit2allow/audit2allow \ -- ../semanage/seobject.py \ -- ../setsebool/setsebool.c \ -- ../newrole/newrole.c \ -- ../load_policy/load_policy.c \ -- ../sestatus/sestatus.c \ -- ../semodule/semodule.c \ -- ../setfiles/setfiles.c \ -- ../semodule_package/semodule_package.c \ -- ../semodule_deps/semodule_deps.c \ -- ../semodule_expand/semodule_expand.c \ -- ../scripts/chcat \ -- ../scripts/fixfiles \ -- ../restorecond/stringslist.c \ -- ../restorecond/restorecond.h \ -- ../restorecond/utmpwatcher.h \ -- ../restorecond/stringslist.h \ -- ../restorecond/restorecond.c \ -- ../restorecond/utmpwatcher.c \ -- ../gui/booleansPage.py \ -- ../gui/fcontextPage.py \ -- ../gui/loginsPage.py \ -- ../gui/mappingsPage.py \ -- ../gui/modulesPage.py \ -- ../gui/polgen.glade \ -- ../gui/polgengui.py \ -- ../gui/portsPage.py \ -- ../gui/semanagePage.py \ -- ../gui/statusPage.py \ -- ../gui/system-config-selinux.glade \ -- ../gui/system-config-selinux.py \ -- ../gui/usersPage.py \ -- ../secon/secon.c \ -- booleans.py \ -- ../sepolicy/sepolicy.py \ -- ../sepolicy/sepolicy/communicate.py \ -- ../sepolicy/sepolicy/__init__.py \ -- ../sepolicy/sepolicy/network.py \ -- ../sepolicy/sepolicy/generate.py \ -- ../sepolicy/sepolicy/sepolicy.glade \ -- ../sepolicy/sepolicy/gui.py \ -- ../sepolicy/sepolicy/manpage.py \ -- ../sepolicy/sepolicy/transition.py \ -- ../sepolicy/sepolicy/templates/executable.py \ -- ../sepolicy/sepolicy/templates/__init__.py \ -- ../sepolicy/sepolicy/templates/network.py \ -- ../sepolicy/sepolicy/templates/rw.py \ -- ../sepolicy/sepolicy/templates/script.py \ -- ../sepolicy/sepolicy/templates/semodule.py \ -- ../sepolicy/sepolicy/templates/tmp.py \ -- ../sepolicy/sepolicy/templates/user.py \ -- ../sepolicy/sepolicy/templates/var_lib.py \ -- ../sepolicy/sepolicy/templates/var_log.py \ -- ../sepolicy/sepolicy/templates/var_run.py \ -- ../sepolicy/sepolicy/templates/var_spool.py -+POTFILES = $(shell cat POTFILES) - - #default:: clean - --all:: $(MOFILES) -+all:: $(POTFILE) $(MOFILES) - --booleans.py: -- sepolicy booleans -a > booleans.py -- --$(POTFILE): $(POTFILES) booleans.py -+$(POTFILE): $(POTFILES) - $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) - @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ - rm -f $(NLSPACKAGE).po; \ -@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py - mv -f $(NLSPACKAGE).po $(POTFILE); \ - fi; \ - --update-po: Makefile $(POTFILE) refresh-po -- @rm -f booleans.py - - refresh-po: Makefile - for cat in $(POFILES); do \ -diff --git policycoreutils-2.8/po/POTFILES policycoreutils-2.8/po/POTFILES -new file mode 100644 -index 0000000..12237dc ---- /dev/null -+++ policycoreutils-2.8/po/POTFILES -@@ -0,0 +1,9 @@ -+../run_init/open_init_pty.c -+../run_init/run_init.c -+../setsebool/setsebool.c -+../newrole/newrole.c -+../load_policy/load_policy.c -+../sestatus/sestatus.c -+../semodule/semodule.c -+../setfiles/setfiles.c -+../secon/secon.c -diff --git policycoreutils-2.8/scripts/fixfiles policycoreutils-2.8/scripts/fixfiles -index b277958..53d28c7 100755 ---- policycoreutils-2.8/scripts/fixfiles -+++ policycoreutils-2.8/scripts/fixfiles -@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { - fullFlag=0 - BOOTTIME="" - VERBOSE="-p" -+[ -t 1 ] || VERBOSE="" - FORCEFLAG="" - RPMFILES="" - PREFC="" -diff --git policycoreutils-2.8/setfiles/setfiles.8 policycoreutils-2.8/setfiles/setfiles.8 -index ccaaf4d..a8a76c8 100644 ---- policycoreutils-2.8/setfiles/setfiles.8 -+++ policycoreutils-2.8/setfiles/setfiles.8 -@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy. - .TP - .B \-d - show what specification matched each file (do not abort validation --after ABORT_ON_ERRORS errors). -+after ABORT_ON_ERRORS errors). Not affected by "\-q" - .TP - .BI \-e \ directory - directory to exclude (repeat option for more than one directory). diff --git a/SOURCES/restorecond-fedora.patch b/SOURCES/restorecond-fedora.patch deleted file mode 100644 index e386f21..0000000 --- a/SOURCES/restorecond-fedora.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git restorecond-2.8/restorecond.c restorecond-2.8/restorecond.c -index 6fbbd35..e1d26cb 100644 ---- restorecond-2.8/restorecond.c -+++ restorecond-2.8/restorecond.c -@@ -105,6 +105,7 @@ static int write_pid_file(void) - } - if (write(pidfd, val, (unsigned int)len) != len) { - syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno)); -+ close(pidfd); - return 1; - } - close(pidfd); diff --git a/SOURCES/selinux-dbus-fedora.patch b/SOURCES/selinux-dbus-fedora.patch deleted file mode 100644 index 28e4cc2..0000000 --- a/SOURCES/selinux-dbus-fedora.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git selinux-dbus-2.8/org.selinux.conf selinux-dbus-2.8/org.selinux.conf -index a350978..1ae079d 100644 ---- selinux-dbus-2.8/org.selinux.conf -+++ selinux-dbus-2.8/org.selinux.conf -@@ -12,12 +12,8 @@ - - -- -- -- - -- -+ - - - -diff --git selinux-dbus-2.8/org.selinux.policy selinux-dbus-2.8/org.selinux.policy -index 0126610..9772127 100644 ---- selinux-dbus-2.8/org.selinux.policy -+++ selinux-dbus-2.8/org.selinux.policy -@@ -70,9 +70,9 @@ - auth_admin_keep - - -- -- SELinux write access -- System policy prevents change_policy_type access to SELinux -+ -+ Change SELinux default enforcing mode -+ System policy prevents change_default_policy access to SELinux - - no - no diff --git a/SOURCES/selinux-gui-fedora.patch b/SOURCES/selinux-gui-fedora.patch deleted file mode 100644 index 9b9982f..0000000 --- a/SOURCES/selinux-gui-fedora.patch +++ /dev/null @@ -1,306 +0,0 @@ -diff --git selinux-gui-2.8/Makefile selinux-gui-2.8/Makefile -index a72e58c..ffe8b97 100644 ---- selinux-gui-2.8/Makefile -+++ selinux-gui-2.8/Makefile -@@ -21,6 +21,7 @@ system-config-selinux.ui \ - usersPage.py - - all: $(TARGETS) system-config-selinux.py polgengui.py -+ (cd po && $(MAKE) $@) - - install: all - -mkdir -p $(DESTDIR)$(MANDIR)/man8 -@@ -46,6 +47,8 @@ install: all - install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ - done - install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ -+ (cd po && $(MAKE) $@) -+ - clean: - - indent: -diff --git selinux-gui-2.8/booleansPage.py selinux-gui-2.8/booleansPage.py -index 7849bea..dd12b6d 100644 ---- selinux-gui-2.8/booleansPage.py -+++ selinux-gui-2.8/booleansPage.py -@@ -38,7 +38,7 @@ DISABLED = 2 - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/domainsPage.py selinux-gui-2.8/domainsPage.py -index bad5140..6bbe4de 100644 ---- selinux-gui-2.8/domainsPage.py -+++ selinux-gui-2.8/domainsPage.py -@@ -30,7 +30,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/fcontextPage.py selinux-gui-2.8/fcontextPage.py -index 370bbee..e424366 100644 ---- selinux-gui-2.8/fcontextPage.py -+++ selinux-gui-2.8/fcontextPage.py -@@ -47,7 +47,7 @@ class context: - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/loginsPage.py selinux-gui-2.8/loginsPage.py -index b67eb8b..cbfb0cc 100644 ---- selinux-gui-2.8/loginsPage.py -+++ selinux-gui-2.8/loginsPage.py -@@ -29,7 +29,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/modulesPage.py selinux-gui-2.8/modulesPage.py -index 34c5d9e..627ad95 100644 ---- selinux-gui-2.8/modulesPage.py -+++ selinux-gui-2.8/modulesPage.py -@@ -30,7 +30,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/po/Makefile selinux-gui-2.8/po/Makefile -new file mode 100644 -index 0000000..a0f5439 ---- /dev/null -+++ selinux-gui-2.8/po/Makefile -@@ -0,0 +1,82 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = gui -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git selinux-gui-2.8/po/POTFILES selinux-gui-2.8/po/POTFILES -new file mode 100644 -index 0000000..1795c5c ---- /dev/null -+++ selinux-gui-2.8/po/POTFILES -@@ -0,0 +1,17 @@ -+../booleansPage.py -+../domainsPage.py -+../fcontextPage.py -+../loginsPage.py -+../modulesPage.py -+../org.selinux.config.policy -+../polgengui.py -+../polgen.ui -+../portsPage.py -+../selinux-polgengui.desktop -+../semanagePage.py -+../sepolicy.desktop -+../statusPage.py -+../system-config-selinux.desktop -+../system-config-selinux.py -+../system-config-selinux.ui -+../usersPage.py -diff --git selinux-gui-2.8/polgen.ui selinux-gui-2.8/polgen.ui -index aa4c70a..6a8c067 100644 ---- selinux-gui-2.8/polgen.ui -+++ selinux-gui-2.8/polgen.ui -@@ -1975,7 +1975,7 @@ Tab - - True - False -- Add File -+ Add File - True - - -@@ -2028,7 +2028,7 @@ Tab - - True - False -- Add Directory -+ Add Directory - True - - -@@ -2176,7 +2176,7 @@ Tab - - True - False -- Add Boolean -+ Add Boolean - True - - -diff --git selinux-gui-2.8/polgengui.py selinux-gui-2.8/polgengui.py -index 1601dbe..7e0d9d0 100644 ---- selinux-gui-2.8/polgengui.py -+++ selinux-gui-2.8/polgengui.py -@@ -63,7 +63,7 @@ def get_all_modules(): - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/portsPage.py selinux-gui-2.8/portsPage.py -index 30f5838..a537ecc 100644 ---- selinux-gui-2.8/portsPage.py -+++ selinux-gui-2.8/portsPage.py -@@ -35,7 +35,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/semanagePage.py selinux-gui-2.8/semanagePage.py -index 4127804..5361d69 100644 ---- selinux-gui-2.8/semanagePage.py -+++ selinux-gui-2.8/semanagePage.py -@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/statusPage.py selinux-gui-2.8/statusPage.py -index 766854b..a8f079b 100644 ---- selinux-gui-2.8/statusPage.py -+++ selinux-gui-2.8/statusPage.py -@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel" - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/system-config-selinux.py selinux-gui-2.8/system-config-selinux.py -index ce7c74b..a81e9dd 100644 ---- selinux-gui-2.8/system-config-selinux.py -+++ selinux-gui-2.8/system-config-selinux.py -@@ -45,7 +45,7 @@ import selinux - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git selinux-gui-2.8/usersPage.py selinux-gui-2.8/usersPage.py -index 26794ed..d15d4c5 100644 ---- selinux-gui-2.8/usersPage.py -+++ selinux-gui-2.8/usersPage.py -@@ -29,7 +29,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} diff --git a/SOURCES/selinux-python-fedora.patch b/SOURCES/selinux-python-fedora.patch deleted file mode 100644 index 9b00778..0000000 --- a/SOURCES/selinux-python-fedora.patch +++ /dev/null @@ -1,2515 +0,0 @@ -diff --git selinux-python-2.8/Makefile selinux-python-2.8/Makefile -index 80bc124..891bdee 100644 ---- selinux-python-2.8/Makefile -+++ selinux-python-2.8/Makefile -@@ -1,4 +1,4 @@ --SUBDIRS = sepolicy audit2allow semanage sepolgen chcat -+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po - - all install relabel clean indent: - @for subdir in $(SUBDIRS); do \ -diff --git selinux-python-2.8/audit2allow/audit2allow selinux-python-2.8/audit2allow/audit2allow -index 37ab23a..195f151 100644 ---- selinux-python-2.8/audit2allow/audit2allow -+++ selinux-python-2.8/audit2allow/audit2allow -@@ -86,6 +86,8 @@ class AuditToPolicy: - dest="type") - parser.add_option("--perm-map", dest="perm_map", help="file name of perm map") - parser.add_option("--interface-info", dest="interface_info", help="file name of interface information") -+ parser.add_option("-x", "--xperms", action="store_true", dest="xperms", -+ default=False, help="generate extended permission rules") - parser.add_option("--debug", dest="debug", action="store_true", default=False, - help="leave generated modules for -M") - parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0]) == "audit2why"), -@@ -314,6 +316,10 @@ class AuditToPolicy: - ifs, perm_maps = self.__load_interface_info() - g.set_gen_refpol(ifs, perm_maps) - -+ # Extended permissions -+ if self.__options.xperms: -+ g.set_gen_xperms(True) -+ - # Explanation - if self.__options.verbose: - g.set_gen_explain(policygen.SHORT_EXPLANATION) -diff --git selinux-python-2.8/audit2allow/audit2allow.1 selinux-python-2.8/audit2allow/audit2allow.1 -index 21d286b..c61067b 100644 ---- selinux-python-2.8/audit2allow/audit2allow.1 -+++ selinux-python-2.8/audit2allow/audit2allow.1 -@@ -85,6 +85,9 @@ This is the default behavior. - Generate reference policy using installed macros. - This attempts to match denials against interfaces and may be inaccurate. - .TP -+.B "\-x" | "\-\-xperms" -+Generate extended permission access vector rules -+.TP - .B "\-w" | "\-\-why" - Translates SELinux audit messages into a description of why the access was denied - -diff --git selinux-python-2.8/audit2allow/test.log selinux-python-2.8/audit2allow/test.log -index 05249dc..718aca7 100644 ---- selinux-python-2.8/audit2allow/test.log -+++ selinux-python-2.8/audit2allow/test.log -@@ -34,3 +34,4 @@ node=mary.example.com type=AVC msg=audit(1166023021.373:910): avc: denied { re - node=lilly.example.com type=AVC_PATH msg=audit(1164783469.561:109): path="/linuxtest/LVT/lvt/log.current" - node=lilly.example.com type=SYSCALL msg=audit(1164783469.561:109): arch=14 syscall=11 success=yes exit=0 a0=10120520 a1=10120a78 a2=10120970 a3=118 items=0 ppid=8310 pid=8311 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=root:system_r:smbd_t:s0 key=(null) - node=lilly.example.com type=AVC msg=audit(1164783469.561:109): avc: denied { append } for pid=8311 comm="smbd" name="log.current" dev=dm-0 ino=130930 scontext=root:system_r:smbd_t:s0 tcontext=root:object_r:default_t:s0 tclass=dir -+node=lilly.example.com type=AVC msg=audit(1164783469.561:109): avc: denied { ioctl } for pid=8311 comm="smbd" name="log.current" ioctlcmd=0x2a scontext=root:system_r:smbd_t:s0 tcontext=root:object_r:default_t:s0 tclass=tcp_socket -diff --git selinux-python-2.8/audit2allow/test_audit2allow.py selinux-python-2.8/audit2allow/test_audit2allow.py -index a826a9f..4427dea 100644 ---- selinux-python-2.8/audit2allow/test_audit2allow.py -+++ selinux-python-2.8/audit2allow/test_audit2allow.py -@@ -47,5 +47,14 @@ class Audit2allowTests(unittest.TestCase): - print(out, err) - self.assertSuccess("audit2why", p.returncode, err) - -+ def test_xperms(self): -+ "Verify that xperms generation works" -+ p = Popen(['python', './audit2allow', "-x", "-i", "test.log"], stdout=PIPE) -+ out, err = p.communicate() -+ if err: -+ print(out, err) -+ self.assertTrue(b"allowxperm" in out) -+ self.assertSuccess("xperms", p.returncode, err) -+ - if __name__ == "__main__": - unittest.main() -diff --git selinux-python-2.8/chcat/chcat selinux-python-2.8/chcat/chcat -index 4bd9fc6..27c537e 100755 ---- selinux-python-2.8/chcat/chcat -+++ selinux-python-2.8/chcat/chcat -@@ -4,7 +4,7 @@ - # - # chcat is a script that allows you modify the Security label on a file - # --#` Author: Daniel Walsh -+# Author: Daniel Walsh - # - # This program is free software; you can redistribute it and/or - # modify it under the terms of the GNU General Public License as -@@ -22,19 +22,15 @@ - # 02111-1307 USA - # - # --try: -- from subprocess import getstatusoutput --except ImportError: -- from commands import getstatusoutput -+import subprocess - import sys - import os - import pwd --import string - import getopt - import selinux - import seobject - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -@@ -44,7 +40,7 @@ try: - localedir="/usr/share/locale", - codeset='utf-8', - **kwargs) --except: -+except ImportError: - try: - import builtins - builtins.__dict__['_'] = str -@@ -86,8 +82,7 @@ def chcat_user_add(newcat, users): - if len(serange) > 1: - top = serange[1].split(":") - if len(top) > 1: -- cats.append(top[1]) -- cats = expandCats(cats) -+ cats = expandCats(top[1].split(',')) - - for i in newcat[1:]: - if i not in cats: -@@ -99,12 +94,12 @@ def chcat_user_add(newcat, users): - new_serange = "%s-%s" % (serange[0], top[0]) - - if add_ind: -- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) -+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u] - else: -- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) -- rc = getstatusoutput(cmd) -- if rc[0] != 0: -- print(rc[1]) -+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u] -+ try: -+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False) -+ except subprocess.CalledProcessError: - errors += 1 - - return errors -@@ -140,10 +135,11 @@ def chcat_add(orig, newcat, objects, login_ind): - cat_string = "%s,%s" % (cat_string, c) - else: - cat_string = cat -- cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f) -- rc = getstatusoutput(cmd) -- if rc[0] != 0: -- print(rc[1]) -+ -+ cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f] -+ try: -+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False) -+ except subprocess.CalledProcessError: - errors += 1 - return errors - -@@ -166,8 +162,7 @@ def chcat_user_remove(newcat, users): - if len(serange) > 1: - top = serange[1].split(":") - if len(top) > 1: -- cats.append(top[1]) -- cats = expandCats(cats) -+ cats = expandCats(top[1].split(',')) - - for i in newcat[1:]: - if i in cats: -@@ -179,13 +174,15 @@ def chcat_user_remove(newcat, users): - new_serange = "%s-%s" % (serange[0], top[0]) - - if add_ind: -- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) -+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u] - else: -- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) -- rc = getstatusoutput(cmd) -- if rc[0] != 0: -- print(rc[1]) -+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u] -+ -+ try: -+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False) -+ except subprocess.CalledProcessError: - errors += 1 -+ - return errors - - -@@ -224,12 +221,14 @@ def chcat_remove(orig, newcat, objects, login_ind): - continue - - if len(cat) == 0: -- cmd = 'chcon -l %s %s' % (sensitivity, f) -+ new_serange = sensitivity - else: -- cmd = 'chcon -l %s:%s %s' % (sensitivity, cat, f) -- rc = getstatusoutput(cmd) -- if rc[0] != 0: -- print(rc[1]) -+ new_serange = '%s:%s' % (sensitivity, cat) -+ -+ cmd = ["chcon", "-l", new_serange, f] -+ try: -+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False) -+ except subprocess.CalledProcessError: - errors += 1 - return errors - -@@ -247,17 +246,17 @@ def chcat_user_replace(newcat, users): - add_ind = 1 - user = seusers["__default__"] - serange = user[1].split("-") -- new_serange = "%s-%s:%s" % (serange[0], newcat[0], string.join(newcat[1:], ",")) -+ new_serange = "%s-%s:%s" % (serange[0], newcat[0], ",".join(newcat[1:])) - if new_serange[-1:] == ":": - new_serange = new_serange[:-1] - - if add_ind: -- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u) -+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u] - else: -- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u) -- rc = getstatusoutput(cmd) -- if rc[0] != 0: -- print(rc[1]) -+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u] -+ try: -+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False) -+ except subprocess.CalledProcessError: - errors += 1 - return errors - -@@ -266,21 +265,18 @@ def chcat_replace(newcat, objects, login_ind): - if login_ind == 1: - return chcat_user_replace(newcat, objects) - errors = 0 -+ # newcat[0] is the sensitivity level, newcat[1:] are the categories - if len(newcat) == 1: -- sensitivity = newcat[0] -- cmd = 'chcon -l %s ' % newcat[0] -+ new_serange = newcat[0] - else: -- sensitivity = newcat[0] -- cmd = 'chcon -l %s:%s' % (sensitivity, newcat[1]) -+ new_serange = "%s:%s" % (newcat[0], newcat[1]) - for cat in newcat[2:]: -- cmd = '%s,%s' % (cmd, cat) -- -- for f in objects: -- cmd = "%s %s" % (cmd, f) -+ new_serange = '%s,%s' % (new_serange, cat) - -- rc = getstatusoutput(cmd) -- if rc[0] != 0: -- print(rc[1]) -+ cmd = ["chcon", "-l", new_serange] + objects -+ try: -+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False) -+ except subprocess.CalledProcessError: - errors += 1 - - return errors -@@ -384,7 +380,7 @@ def listusercats(users): - if len(users) == 0: - try: - users.append(os.getlogin()) -- except: -+ except OSError: - users.append(pwd.getpwuid(os.getuid()).pw_name) - - verify_users(users) -@@ -401,6 +397,7 @@ def error(msg): - print("%s: %s" % (sys.argv[0], msg)) - sys.exit(1) - -+ - if __name__ == '__main__': - if selinux.is_selinux_mls_enabled() != 1: - error("Requires a mls enabled system") -@@ -435,7 +432,7 @@ if __name__ == '__main__': - except getopt.error as error: - errorExit(_("Options Error %s ") % error.msg) - -- except ValueError as e: -+ except ValueError: - usage() - - if delete_ind: -diff --git selinux-python-2.8/po/Makefile selinux-python-2.8/po/Makefile -new file mode 100644 -index 0000000..4e052d5 ---- /dev/null -+++ selinux-python-2.8/po/Makefile -@@ -0,0 +1,83 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = python -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES) -+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git selinux-python-2.8/po/POTFILES selinux-python-2.8/po/POTFILES -new file mode 100644 -index 0000000..128eb87 ---- /dev/null -+++ selinux-python-2.8/po/POTFILES -@@ -0,0 +1,10 @@ -+../audit2allow/audit2allow -+../chcat/chcat -+../semanage/semanage -+../semanage/seobject.py -+../sepolgen/src/sepolgen/interfaces.py -+../sepolicy/sepolicy/generate.py -+../sepolicy/sepolicy/gui.py -+../sepolicy/sepolicy/__init__.py -+../sepolicy/sepolicy/interface.py -+../sepolicy/sepolicy.py -diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage -index 8d8a086..301207e 100644 ---- selinux-python-2.8/semanage/semanage -+++ selinux-python-2.8/semanage/semanage -@@ -27,7 +27,7 @@ import traceback - import argparse - import seobject - import sys --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -@@ -53,7 +53,7 @@ usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] [" - usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)} - - usage_user = "semanage user [-h] [-n] [-N] [-S STORE] [" --usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name'')'), ' --delete': ('selinux_name',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} -+usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', 'SEUSER', ')'), ' --delete': ('SEUSER',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'SEUSER', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} - - usage_port = "semanage port [-h] [-n] [-N] [-S STORE] [" - usage_port_dict = {' --add': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --modify': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --delete': ('-p PROTOCOL', '(', 'port_name', '|', 'port_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} -@@ -62,7 +62,7 @@ usage_ibpkey = "semanage ibpkey [-h] [-n] [-N] [-s STORE] [" - usage_ibpkey_dict = {' --add': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --modify': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --delete': ('-x SUBNET_PREFIX', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} - - usage_ibendport = "semanage ibendport [-h] [-n] [-N] [-s STORE] [" --usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE''(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} -+usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} - - usage_node = "semanage node [-h] [-n] [-N] [-S STORE] [" - usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} -@@ -73,7 +73,7 @@ usage_interface_dict = {' --add': ('-t TYPE', '-r RANGE', 'interface'), ' --modi - usage_boolean = "semanage boolean [-h] [-n] [-N] [-S STORE] [" - usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)} - --import sepolicy -+ - - - class CheckRole(argparse.Action): -@@ -82,7 +82,11 @@ class CheckRole(argparse.Action): - newval = getattr(namespace, self.dest) - if not newval: - newval = [] -- roles = sepolicy.get_all_roles() -+ try: -+ import sepolicy -+ roles = sepolicy.get_all_roles() -+ except ValueError: -+ roles = [] - for v in value.split(): - if v not in roles: - raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (v, ", ".join(roles))) -@@ -421,7 +425,7 @@ def setupUserParser(subparsers): - userParser.add_argument('-R', '--roles', default=[], - action=CheckRole, - help=_(''' --SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times. -+SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times. - ''')) - userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS) - userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name')) -@@ -604,19 +608,19 @@ def setupInterfaceParser(subparsers): - - def handleModule(args): - OBJECT = seobject.moduleRecords(args) -- if args.action == "add": -- OBJECT.add(args.module_name, args.priority) -- if args.action == "enable": -- OBJECT.set_enabled(args.module_name, True) -- if args.action == "disable": -- OBJECT.set_enabled(args.module_name, False) -- if args.action == "remove": -- OBJECT.delete(args.module_name, args.priority) -- if args.action is "deleteall": -+ if args.action_add: -+ OBJECT.add(args.action_add, args.priority) -+ if args.action_enable: -+ OBJECT.set_enabled(args.action_enable, True) -+ if args.action_disable: -+ OBJECT.set_enabled(args.action_disable, False) -+ if args.action_remove: -+ OBJECT.delete(args.action_remove, args.priority) -+ if args.action == "deleteall": - OBJECT.deleteall() - if args.action == "list": - OBJECT.list(args.noheading, args.locallist) -- if args.action is "extract": -+ if args.action == "extract": - for i in OBJECT.customized(): - print("module %s" % str(i)) - -@@ -630,14 +634,13 @@ def setupModuleParser(subparsers): - parser_add_priority(moduleParser, "module") - - mgroup = moduleParser.add_mutually_exclusive_group(required=True) -- parser_add_add(mgroup, "module") - parser_add_list(mgroup, "module") - parser_add_extract(mgroup, "module") - parser_add_deleteall(mgroup, "module") -- mgroup.add_argument('-r', '--remove', dest='action', action='store_const', const='remove', help=_("Remove a module")) -- mgroup.add_argument('-d', '--disable', dest='action', action='store_const', const='disable', help=_("Disable a module")) -- mgroup.add_argument('-e', '--enable', dest='action', action='store_const', const='enable', help=_("Enable a module")) -- moduleParser.add_argument('module_name', nargs='?', default=None, help=_('Name of the module to act on')) -+ mgroup.add_argument('-a', '--add', dest='action_add', action='store', nargs=1, metavar='module_name', help=_("Add a module")) -+ mgroup.add_argument('-r', '--remove', dest='action_remove', action='store', nargs='+', metavar='module_name', help=_("Remove a module")) -+ mgroup.add_argument('-d', '--disable', dest='action_disable', action='store', nargs='+', metavar='module_name', help=_("Disable a module")) -+ mgroup.add_argument('-e', '--enable', dest='action_enable', action='store', nargs='+', metavar='module_name', help=_("Enable a module")) - moduleParser.set_defaults(func=handleModule) - - -@@ -739,9 +742,7 @@ def handlePermissive(args): - if args.action is "delete": - OBJECT.delete(args.type) - else: -- args.parser.print_usage(sys.stderr) -- sys.stderr.write(_('semanage permissive: error: the following argument is required: type\n')) -- sys.exit(1) -+ args.parser.error(message=_('semanage permissive: error: the following argument is required: type\n')) - - - def setupPermissiveParser(subparsers): -@@ -776,7 +777,7 @@ def setupDontauditParser(subparsers): - - - def handleExport(args): -- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module"] -+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"] - for i in manageditems: - print("%s -D" % i) - for i in manageditems: -diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8 -index 30bc670..23fec69 100644 ---- selinux-python-2.8/semanage/semanage-user.8 -+++ selinux-python-2.8/semanage/semanage-user.8 -@@ -2,7 +2,7 @@ - .SH "NAME" - .B semanage\-user \- SELinux Policy Management SELinux User mapping tool - .SH "SYNOPSIS" --.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ] -+.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE SEUSER) | \-\-delete SEUSER | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE SEUSER ) ] - - .SH "DESCRIPTION" - semanage is used to configure certain elements of -diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8 -index 0bdb90f..0cdcfcc 100644 ---- selinux-python-2.8/semanage/semanage.8 -+++ selinux-python-2.8/semanage/semanage.8 -@@ -57,9 +57,8 @@ to SELinux user identities (which controls the initial security context - assigned to Linux users when they login and bounds their authorized role set) - as well as security context mappings for various kinds of objects, such - as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts) --as well as the file context mapping. See the EXAMPLES section below for some --examples of common usage. Note that the semanage login command deals with the --mapping from Linux usernames (logins) to SELinux user identities, -+as well as the file context mapping. Note that the semanage login command deals -+with the mapping from Linux usernames (logins) to SELinux user identities, - while the semanage user command deals with the mapping from SELinux - user identities to authorized role sets. In most cases, only the - former mapping needs to be adjusted by the administrator; the latter -diff --git selinux-python-2.8/semanage/seobject.py selinux-python-2.8/semanage/seobject.py -index c76dce8..59df249 100644 ---- selinux-python-2.8/semanage/seobject.py -+++ selinux-python-2.8/semanage/seobject.py -@@ -30,10 +30,10 @@ import sys - import stat - import socket - from semanage import * --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - import sepolicy - import setools --from IPy import IP -+import ipaddress - - try: - import gettext -@@ -101,6 +101,8 @@ ftype_to_audit = {"": "any", - - try: - import audit -+ #test if audit module is enabled -+ audit.audit_close(audit.audit_open()) - - class logger: - -@@ -138,7 +140,7 @@ try: - - self.log_list = [] - self.log_change_list = [] --except: -+except (OSError, ImportError): - class logger: - - def __init__(self): -@@ -258,6 +260,7 @@ class semanageRecords: - if self.store == "" or self.store == localstore: - self.mylog = logger() - else: -+ sepolicy.load_store_policy(self.store) - self.mylog = nulllogger() - - def set_reload(self, load): -@@ -397,6 +400,8 @@ class moduleRecords(semanageRecords): - print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled)) - - def add(self, file, priority): -+ if type(file) == list: -+ file = file[0] - if not os.path.exists(file): - raise ValueError(_("Module does not exist: %s ") % file) - -@@ -409,7 +414,9 @@ class moduleRecords(semanageRecords): - self.commit() - - def set_enabled(self, module, enable): -- for m in module.split(): -+ if type(module) == str: -+ module = module.split() -+ for m in module: - rc, key = semanage_module_key_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create module key")) -@@ -431,7 +438,9 @@ class moduleRecords(semanageRecords): - if rc < 0: - raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority) - -- for m in module.split(): -+ if type(module) == str: -+ module = module.split() -+ for m in module: - rc = semanage_module_remove(self.sh, m) - if rc < 0 and rc != -2: - raise ValueError(_("Could not remove module %s (remove failed)") % m) -@@ -593,7 +602,6 @@ class loginRecords(semanageRecords): - - semanage_seuser_key_free(k) - semanage_seuser_free(u) -- self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) - - def add(self, name, sename, serange): - try: -@@ -601,7 +609,6 @@ class loginRecords(semanageRecords): - self.__add(name, sename, serange) - self.commit() - except ValueError as error: -- self.mylog.commit(0) - raise error - - def __modify(self, name, sename="", serange=""): -@@ -653,7 +660,6 @@ class loginRecords(semanageRecords): - - semanage_seuser_key_free(k) - semanage_seuser_free(u) -- self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) - - def modify(self, name, sename="", serange=""): - try: -@@ -661,7 +667,6 @@ class loginRecords(semanageRecords): - self.__modify(name, sename, serange) - self.commit() - except ValueError as error: -- self.mylog.commit(0) - raise error - - def __delete(self, name): -@@ -694,8 +699,6 @@ class loginRecords(semanageRecords): - rec, self.sename, self.serange = selinux.getseuserbyname("__default__") - range, (rc, serole) = userrec.get(self.sename) - -- self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange) -- - def delete(self, name): - try: - self.begin() -@@ -703,7 +706,6 @@ class loginRecords(semanageRecords): - self.commit() - - except ValueError as error: -- self.mylog.commit(0) - raise error - - def deleteall(self): -@@ -717,7 +719,6 @@ class loginRecords(semanageRecords): - self.__delete(semanage_seuser_get_name(u)) - self.commit() - except ValueError as error: -- self.mylog.commit(0) - raise error - - def get_all_logins(self): -@@ -753,7 +754,10 @@ class loginRecords(semanageRecords): - l = [] - ddict = self.get_all(True) - for k in sorted(ddict.keys()): -- l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k)) -+ if ddict[k][1]: -+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k)) -+ else: -+ l.append("-a -s %s %s" % (ddict[k][0], k)) - return l - - def list(self, heading=1, locallist=0): -@@ -1020,7 +1024,10 @@ class seluserRecords(semanageRecords): - l = [] - ddict = self.get_all(True) - for k in sorted(ddict.keys()): -- l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k)) -+ if ddict[k][1] or ddict[k][2]: -+ l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k)) -+ else: -+ l.append("-a -R '%s' %s" % (ddict[k][3], k)) - return l - - def list(self, heading=1, locallist=0): -@@ -1043,13 +1050,15 @@ class seluserRecords(semanageRecords): - - - class portRecords(semanageRecords): -- try: -- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) -- except RuntimeError: -- valid_types = [] -+ -+ valid_types = [] - - def __init__(self, args = None): - semanageRecords.__init__(self, args) -+ try: -+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) -+ except RuntimeError: -+ pass - - def __genkey(self, port, proto): - if proto == "tcp": -@@ -1087,6 +1096,8 @@ class portRecords(semanageRecords): - if type == "": - raise ValueError(_("Type is required")) - -+ type = sepolicy.get_real_type_name(type) -+ - if type not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be a port type") % type) - -@@ -1151,6 +1162,7 @@ class portRecords(semanageRecords): - else: - raise ValueError(_("Requires setype")) - -+ setype = sepolicy.get_real_type_name(setype) - if setype and setype not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be a port type") % setype) - -@@ -1295,10 +1307,11 @@ class portRecords(semanageRecords): - l = [] - ddict = self.get_all(True) - for k in sorted(ddict.keys()): -- if k[0] == k[1]: -- l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0])) -+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1]) -+ if ddict[k][1]: -+ l.append("-a -t %s -r '%s' -p %s %s" % (ddict[k][0], ddict[k][1], k[2], port)) - else: -- l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1])) -+ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], port)) - return l - - def list(self, heading=1, locallist=0): -@@ -1355,6 +1368,8 @@ class ibpkeyRecords(semanageRecords): - if type == "": - raise ValueError(_("Type is required")) - -+ type = sepolicy.get_real_type_name(type) -+ - if type not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be a ibpkey type") % type) - -@@ -1417,6 +1432,8 @@ class ibpkeyRecords(semanageRecords): - else: - raise ValueError(_("Requires setype")) - -+ setype = sepolicy.get_real_type_name(setype) -+ - if setype and setype not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be a ibpkey type") % setype) - -@@ -1548,10 +1565,11 @@ class ibpkeyRecords(semanageRecords): - ddict = self.get_all(True) - - for k in sorted(ddict.keys()): -- if k[0] == k[1]: -- l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0])) -+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1]) -+ if ddict[k][1]: -+ l.append("-a -t %s -r '%s' -x %s %s" % (ddict[k][0], ddict[k][1], k[2], port)) - else: -- l.append("-a -t %s -x %s %s-%s" % (ddict[k][0], k[2], k[0], k[1])) -+ l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], port)) - return l - - def list(self, heading=1, locallist=0): -@@ -1603,6 +1621,8 @@ class ibendportRecords(semanageRecords): - if type == "": - raise ValueError(_("Type is required")) - -+ type = sepolicy.get_real_type_name(type) -+ - if type not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be an ibendport type") % type) - (k, ibendport, port) = self.__genkey(ibendport, ibdev_name) -@@ -1664,6 +1684,8 @@ class ibendportRecords(semanageRecords): - else: - raise ValueError(_("Requires setype")) - -+ setype = sepolicy.get_real_type_name(setype) -+ - if setype and setype not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be an ibendport type") % setype) - -@@ -1788,7 +1810,10 @@ class ibendportRecords(semanageRecords): - ddict = self.get_all(True) - - for k in sorted(ddict.keys()): -- l.append("-a -t %s -r %s -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0])) -+ if ddict[k][1]: -+ l.append("-a -t %s -r '%s' -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0])) -+ else: -+ l.append("-a -t %s -z %s %s" % (ddict[k][0], k[1], k[0])) - return l - - def list(self, heading=1, locallist=0): -@@ -1807,14 +1832,16 @@ class ibendportRecords(semanageRecords): - print(rec) - - class nodeRecords(semanageRecords): -- try: -- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"]) -- except RuntimeError: -- valid_types = [] -+ -+ valid_types = [] - - def __init__(self, args = None): - semanageRecords.__init__(self, args) - self.protocol = ["ipv4", "ipv6"] -+ try: -+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"]) -+ except RuntimeError: -+ pass - - def validate(self, addr, mask, protocol): - newaddr = addr -@@ -1826,13 +1853,13 @@ class nodeRecords(semanageRecords): - - # verify valid comination - if len(mask) == 0 or mask[0] == "/": -- i = IP(addr + mask) -- newaddr = i.strNormal(0) -- newmask = str(i.netmask()) -- if newmask == "0.0.0.0" and i.version() == 6: -+ i = ipaddress.ip_network(addr + mask) -+ newaddr = str(i.network_address) -+ newmask = str(i.netmask) -+ if newmask == "0.0.0.0" and i.version == 6: - newmask = "::" - -- protocol = "ipv%d" % i.version() -+ protocol = "ipv%d" % i.version - - try: - newprotocol = self.protocol.index(protocol) -@@ -1853,6 +1880,8 @@ class nodeRecords(semanageRecords): - if ctype == "": - raise ValueError(_("SELinux node type is required")) - -+ ctype = sepolicy.get_real_type_name(ctype) -+ - if ctype not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be a node type") % ctype) - -@@ -1922,6 +1951,8 @@ class nodeRecords(semanageRecords): - if serange == "" and setype == "": - raise ValueError(_("Requires setype or serange")) - -+ setype = sepolicy.get_real_type_name(setype) -+ - if setype and setype not in self.valid_types: - raise ValueError(_("Type %s is invalid, must be a node type") % setype) - -@@ -2024,7 +2055,10 @@ class nodeRecords(semanageRecords): - l = [] - ddict = self.get_all(True) - for k in sorted(ddict.keys()): -- l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0])) -+ if ddict[k][3]: -+ l.append("-a -M %s -p %s -t %s -r '%s' %s" % (k[1], k[2], ddict[k][2], ddict[k][3], k[0])) -+ else: -+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0])) - return l - - def list(self, heading=1, locallist=0): -@@ -2218,7 +2252,10 @@ class interfaceRecords(semanageRecords): - l = [] - ddict = self.get_all(True) - for k in sorted(ddict.keys()): -- l.append("-a -t %s %s" % (ddict[k][2], k)) -+ if ddict[k][3]: -+ l.append("-a -t %s -r '%s' %s" % (ddict[k][2], ddict[k][3], k)) -+ else: -+ l.append("-a -t %s %s" % (ddict[k][2], k)) - return l - - def list(self, heading=1, locallist=0): -@@ -2238,15 +2275,17 @@ class interfaceRecords(semanageRecords): - - - class fcontextRecords(semanageRecords): -- try: -- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"]) -- valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"]) -- valid_types.append("<>") -- except RuntimeError: -- valid_types = [] -+ -+ valid_types = [] - - def __init__(self, args = None): - semanageRecords.__init__(self, args) -+ try: -+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"]) -+ self.valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"]) -+ except RuntimeError: -+ pass -+ - self.equiv = {} - self.equiv_dist = {} - self.equal_ind = False -@@ -2369,8 +2408,10 @@ class fcontextRecords(semanageRecords): - if type == "": - raise ValueError(_("SELinux Type is required")) - -- if type not in self.valid_types: -- raise ValueError(_("Type %s is invalid, must be a file or device type") % type) -+ if type != "<>": -+ type = sepolicy.get_real_type_name(type) -+ if type not in self.valid_types: -+ raise ValueError(_("Type %s is invalid, must be a file or device type") % type) - - (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) - if rc < 0: -@@ -2432,8 +2473,10 @@ class fcontextRecords(semanageRecords): - def __modify(self, target, setype, ftype, serange, seuser): - if serange == "" and setype == "" and seuser == "": - raise ValueError(_("Requires setype, serange or seuser")) -- if setype and setype not in self.valid_types: -- raise ValueError(_("Type %s is invalid, must be a file or device type") % setype) -+ if setype not in ["", "<>"]: -+ setype = sepolicy.get_real_type_name(setype) -+ if setype not in self.valid_types: -+ raise ValueError(_("Type %s is invalid, must be a file or device type") % setype) - - self.validate(target) - -@@ -2597,7 +2640,10 @@ class fcontextRecords(semanageRecords): - fcon_dict = self.get_all(True) - for k in sorted(fcon_dict.keys()): - if fcon_dict[k]: -- l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0])) -+ if fcon_dict[k][3]: -+ l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0])) -+ else: -+ l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0])) - - if len(self.equiv): - for target in self.equiv.keys(): -diff --git selinux-python-2.8/sepolgen/src/sepolgen/access.py selinux-python-2.8/sepolgen/src/sepolgen/access.py -index a5d8698..ba80f93 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/access.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/access.py -@@ -78,6 +78,7 @@ class AccessVector(util.Comparison): - .obj_class - The object class to which access is allowed. [String or None] - .perms - The permissions allowed to the object class. [IdSet] - .audit_msgs - The audit messages that generated this access vector [List of strings] -+ .xperms - Extended permissions attached to the AV. [Dictionary {operation: xperm set}] - """ - def __init__(self, init_list=None): - if init_list: -@@ -87,9 +88,11 @@ class AccessVector(util.Comparison): - self.tgt_type = None - self.obj_class = None - self.perms = refpolicy.IdSet() -- self.audit_msgs = [] -- self.type = audit2why.TERULE -- self.data = [] -+ -+ self.audit_msgs = [] -+ self.type = audit2why.TERULE -+ self.data = [] -+ self.xperms = {} - # when implementing __eq__ also __hash__ is needed on py2 - # if object is muttable __hash__ should be None - self.__hash__ = None -@@ -131,6 +134,15 @@ class AccessVector(util.Comparison): - l.extend(sorted(self.perms)) - return l - -+ def merge(self, av): -+ """Add permissions and extended permissions from AV""" -+ self.perms.update(av.perms) -+ -+ for op in av.xperms: -+ if op not in self.xperms: -+ self.xperms[op] = refpolicy.XpermSet() -+ self.xperms[op].extend(av.xperms[op]) -+ - def __str__(self): - return self.to_string() - -@@ -260,28 +272,28 @@ class AccessVectorSet: - def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, data=[]): - """Add an access vector to the set. - """ -- tgt = self.src.setdefault(src_type, { }) -- cls = tgt.setdefault(tgt_type, { }) -- -- if (obj_class, avc_type) in cls: -- access = cls[obj_class, avc_type] -- else: -- access = AccessVector() -- access.src_type = src_type -- access.tgt_type = tgt_type -- access.obj_class = obj_class -- access.data = data -- access.type = avc_type -- cls[obj_class, avc_type] = access -- -- access.perms.update(perms) -- if audit_msg: -- access.audit_msgs.append(audit_msg) -+ av = AccessVector() -+ av.src_type = src_type -+ av.tgt_type = tgt_type -+ av.obj_class = obj_class -+ av.perms = perms -+ av.data = data -+ av.type = avc_type -+ -+ self.add_av(av, audit_msg) - - def add_av(self, av, audit_msg=None): - """Add an access vector to the set.""" -- self.add(av.src_type, av.tgt_type, av.obj_class, av.perms) -+ tgt = self.src.setdefault(av.src_type, { }) -+ cls = tgt.setdefault(av.tgt_type, { }) - -+ if (av.obj_class, av.type) in cls: -+ cls[av.obj_class, av.type].merge(av) -+ else: -+ cls[av.obj_class, av.type] = av -+ -+ if audit_msg: -+ cls[av.obj_class, av.type].audit_msgs.append(audit_msg) - - def avs_extract_types(avs): - types = refpolicy.IdSet() -diff --git selinux-python-2.8/sepolgen/src/sepolgen/audit.py selinux-python-2.8/sepolgen/src/sepolgen/audit.py -index 26ce6c9..daed58c 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/audit.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/audit.py -@@ -152,6 +152,7 @@ class AVCMessage(AuditMessage): - access - list of accesses that were allowed or denied - denial - boolean indicating whether this was a denial (True) or granted - (False) message. -+ ioctlcmd - ioctl 'request' parameter - - An example audit message generated from the audit daemon looks like (line breaks - added): -@@ -178,6 +179,7 @@ class AVCMessage(AuditMessage): - self.name = "" - self.accesses = [] - self.denial = True -+ self.ioctlcmd = None - self.type = audit2why.TERULE - - def __parse_access(self, recs, start): -@@ -237,6 +239,11 @@ class AVCMessage(AuditMessage): - self.exe = fields[1][1:-1] - elif fields[0] == "name": - self.name = fields[1][1:-1] -+ elif fields[0] == "ioctlcmd": -+ try: -+ self.ioctlcmd = int(fields[1], 16) -+ except ValueError: -+ pass - - if not found_src or not found_tgt or not found_class or not found_access: - raise ValueError("AVC message in invalid format [%s]\n" % self.message) -@@ -522,13 +529,20 @@ class AuditParser: - for avc in self.avc_msgs: - if avc.denial != True and only_denials: - continue -- if avc_filter: -- if avc_filter.filter(avc): -- av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass, -- avc.accesses, avc, avc_type=avc.type, data=avc.data) -- else: -- av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass, -- avc.accesses, avc, avc_type=avc.type, data=avc.data) -+ -+ if not avc_filter or avc_filter.filter(avc): -+ av = access.AccessVector([avc.scontext.type, avc.tcontext.type, -+ avc.tclass] + avc.accesses) -+ av.data = avc.data -+ av.type = avc.type -+ -+ if avc.ioctlcmd: -+ xperm_set = refpolicy.XpermSet() -+ xperm_set.add(avc.ioctlcmd) -+ av.xperms["ioctl"] = xperm_set -+ -+ av_set.add_av(av, audit_msg=avc) -+ - return av_set - - class AVCTypeFilter: -diff --git selinux-python-2.8/sepolgen/src/sepolgen/policygen.py selinux-python-2.8/sepolgen/src/sepolgen/policygen.py -index ee664fb..319da15 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/policygen.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/policygen.py -@@ -50,10 +50,11 @@ class PolicyGenerator: - in the form of access vectors. - - It generates allow rules and optionally module require -- statements and reference policy interfaces. By default -- only allow rules are generated. The methods .set_gen_refpol -- and .set_gen_requires turns on interface generation and -- requires generation respectively. -+ statements, reference policy interfaces, and extended -+ permission access vector rules. By default only allow rules -+ are generated. The methods .set_gen_refpol, .set_gen_requires -+ and .set_gen_xperms turns on interface generation, -+ requires generation, and xperms rules genration respectively. - - PolicyGenerator can also optionally add comments explaining - why a particular access was allowed based on the audit -@@ -82,6 +83,7 @@ class PolicyGenerator: - self.module = refpolicy.Module() - - self.dontaudit = False -+ self.xperms = False - - self.domains = None - def set_gen_refpol(self, if_set=None, perm_maps=None): -@@ -120,6 +122,12 @@ class PolicyGenerator: - def set_gen_dontaudit(self, dontaudit): - self.dontaudit = dontaudit - -+ def set_gen_xperms(self, xperms): -+ """Set whether extended permission access vector rules -+ are generated. -+ """ -+ self.xperms = xperms -+ - def __set_module_style(self): - if self.ifgen: - refpolicy = True -@@ -153,51 +161,69 @@ class PolicyGenerator: - """Return the generated module""" - return self.module - -- def __add_allow_rules(self, avs): -- for av in avs: -- rule = refpolicy.AVRule(av) -+ def __add_av_rule(self, av): -+ """Add access vector rule. -+ """ -+ rule = refpolicy.AVRule(av) -+ -+ if self.dontaudit: -+ rule.rule_type = rule.DONTAUDIT -+ rule.comment = "" -+ if self.explain: -+ rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain))) -+ -+ if av.type == audit2why.ALLOW: -+ rule.comment += "\n#!!!! This avc is allowed in the current policy" -+ -+ if av.xperms: -+ rule.comment += "\n#!!!! This av rule may have been overridden by an extended permission av rule" -+ -+ if av.type == audit2why.DONTAUDIT: -+ rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy" -+ -+ if av.type == audit2why.BOOLEAN: -+ if len(av.data) > 1: -+ rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join([x[0] for x in av.data]) -+ else: -+ rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0] -+ -+ if av.type == audit2why.CONSTRAINT: -+ rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access." -+ rule.comment += "\n#Constraint rule: " -+ rule.comment += "\n#\t" + av.data[0] -+ for reason in av.data[1:]: -+ rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason -+ -+ try: -+ if ( av.type == audit2why.TERULE and -+ "write" in av.perms and -+ ( "dir" in av.obj_class or "open" in av.perms )): -+ if not self.domains: -+ self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"] -+ types=[] -+ -+ for i in [x[TCONTEXT] for x in sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})]: -+ if i not in self.domains: -+ types.append(i) -+ if len(types) == 1: -+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) -+ elif len(types) >= 1: -+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) -+ except: -+ pass -+ -+ self.module.children.append(rule) -+ -+ def __add_ext_av_rules(self, av): -+ """Add extended permission access vector rules. -+ """ -+ for op in av.xperms.keys(): -+ extrule = refpolicy.AVExtRule(av, op) -+ - if self.dontaudit: -- rule.rule_type = rule.DONTAUDIT -- rule.comment = "" -- if self.explain: -- rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain))) -- if av.type == audit2why.ALLOW: -- rule.comment += "\n#!!!! This avc is allowed in the current policy" -- if av.type == audit2why.DONTAUDIT: -- rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy" -- -- if av.type == audit2why.BOOLEAN: -- if len(av.data) > 1: -- rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join([x[0] for x in av.data]) -- else: -- rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0] -- -- if av.type == audit2why.CONSTRAINT: -- rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access." -- rule.comment += "\n#Constraint rule: " -- rule.comment += "\n#\t" + av.data[0] -- for reason in av.data[1:]: -- rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason -- -- try: -- if ( av.type == audit2why.TERULE and -- "write" in av.perms and -- ( "dir" in av.obj_class or "open" in av.perms )): -- if not self.domains: -- self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"] -- types=[] -- -- for i in [x[TCONTEXT] for x in sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})]: -- if i not in self.domains: -- types.append(i) -- if len(types) == 1: -- rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) -- elif len(types) >= 1: -- rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types)) -- except: -- pass -- self.module.children.append(rule) -+ extrule.rule_type = extrule.DONTAUDITXPERM - -+ self.module.children.append(extrule) - - def add_access(self, av_set): - """Add the access from the access vector set to this -@@ -215,7 +241,10 @@ class PolicyGenerator: - raw_allow = av_set - - # Generate the raw allow rules from the filtered list -- self.__add_allow_rules(raw_allow) -+ for av in raw_allow: -+ self.__add_av_rule(av) -+ if self.xperms and av.xperms: -+ self.__add_ext_av_rules(av) - - def add_role_types(self, role_type_set): - for role_type in role_type_set: -diff --git selinux-python-2.8/sepolgen/src/sepolgen/refparser.py selinux-python-2.8/sepolgen/src/sepolgen/refparser.py -index 2cef8e8..3415aff 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/refparser.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/refparser.py -@@ -786,7 +786,7 @@ def p_role_allow(p): - - def p_permissive(p): - 'permissive : PERMISSIVE names SEMI' -- t.skip(1) -+ pass - - def p_avrule_def(p): - '''avrule_def : ALLOW names names COLON names names SEMI -diff --git selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py -index 352b187..c30a8c7 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py -@@ -109,6 +109,9 @@ class Node(PolicyBase): - def avrules(self): - return filter(lambda x: isinstance(x, AVRule), walktree(self)) - -+ def avextrules(self): -+ return filter(lambda x: isinstance(x, AVExtRule), walktree(self)) -+ - def typerules(self): - return filter(lambda x: isinstance(x, TypeRule), walktree(self)) - -@@ -352,6 +355,65 @@ class ObjectClass(Leaf): - self.name = name - self.perms = IdSet() - -+class XpermSet(): -+ """Extended permission set. -+ -+ This class represents one or more extended permissions -+ represented by numeric values or ranges of values. The -+ .complement attribute is used to specify all permission -+ except those specified. -+ -+ Two xperm set can be merged using the .extend() method. -+ """ -+ def __init__(self, complement=False): -+ self.complement = complement -+ self.ranges = [] -+ -+ def __normalize_ranges(self): -+ """Ensure that ranges are not overlapping. -+ """ -+ self.ranges.sort() -+ -+ i = 0 -+ while i < len(self.ranges): -+ while i + 1 < len(self.ranges): -+ if self.ranges[i + 1][0] <= self.ranges[i][1] + 1: -+ self.ranges[i] = (self.ranges[i][0], max(self.ranges[i][1], -+ self.ranges[i + 1][1])) -+ del self.ranges[i + 1] -+ else: -+ break -+ i += 1 -+ -+ def extend(self, s): -+ """Add ranges from an xperm set -+ """ -+ self.ranges.extend(s.ranges) -+ self.__normalize_ranges() -+ -+ def add(self, minimum, maximum=None): -+ """Add value of range of values to the xperm set. -+ """ -+ if maximum is None: -+ maximum = minimum -+ self.ranges.append((minimum, maximum)) -+ self.__normalize_ranges() -+ -+ def to_string(self): -+ if not self.ranges: -+ return "" -+ -+ compl = "~ " if self.complement else "" -+ -+ # print single value without braces -+ if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]: -+ return compl + str(self.ranges[0][0]) -+ -+ vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x, -+ self.ranges) -+ -+ return "%s{ %s }" % (compl, " ".join(vals)) -+ - # Basic statements - - class TypeAttribute(Leaf): -@@ -472,8 +534,10 @@ class AVRule(Leaf): - return "allow" - elif self.rule_type == self.DONTAUDIT: - return "dontaudit" -- else: -+ elif self.rule_type == self.AUDITALLOW: - return "auditallow" -+ elif self.rule_type == self.NEVERALLOW: -+ return "neverallow" - - def from_av(self, av): - """Add the access from an access vector to this allow -@@ -497,6 +561,65 @@ class AVRule(Leaf): - self.tgt_types.to_space_str(), - self.obj_classes.to_space_str(), - self.perms.to_space_str()) -+ -+class AVExtRule(Leaf): -+ """Extended permission access vector rule. -+ -+ The AVExtRule class represents allowxperm, dontauditxperm, -+ auditallowxperm, and neverallowxperm rules. -+ -+ The source and target types, and object classes are represented -+ by sets containing strings. The operation is a single string, -+ e.g. 'ioctl'. Extended permissions are represented by an XpermSet. -+ """ -+ ALLOWXPERM = 0 -+ DONTAUDITXPERM = 1 -+ AUDITALLOWXPERM = 2 -+ NEVERALLOWXPERM = 3 -+ -+ def __init__(self, av=None, op=None, parent=None): -+ Leaf.__init__(self, parent) -+ self.src_types = IdSet() -+ self.tgt_types = IdSet() -+ self.obj_classes = IdSet() -+ self.rule_type = self.ALLOWXPERM -+ self.xperms = XpermSet() -+ self.operation = op -+ if av: -+ self.from_av(av, op) -+ -+ def __rule_type_str(self): -+ if self.rule_type == self.ALLOWXPERM: -+ return "allowxperm" -+ elif self.rule_type == self.DONTAUDITXPERM: -+ return "dontauditxperm" -+ elif self.rule_type == self.AUDITALLOWXPERM: -+ return "auditallowxperm" -+ elif self.rule_type == self.NEVERALLOWXPERM: -+ return "neverallowxperm" -+ -+ def from_av(self, av, op): -+ self.src_types.add(av.src_type) -+ if av.src_type == av.tgt_type: -+ self.tgt_types.add("self") -+ else: -+ self.tgt_types.add(av.tgt_type) -+ self.obj_classes.add(av.obj_class) -+ self.operation = op -+ self.xperms = av.xperms[op] -+ -+ def to_string(self): -+ """Return a string representation of the rule that is -+ a valid policy language representation (assuming that -+ the types, object class, etc. are valid). -+ """ -+ return "%s %s %s:%s %s %s;" % (self.__rule_type_str(), -+ self.src_types.to_space_str(), -+ self.tgt_types.to_space_str(), -+ self.obj_classes.to_space_str(), -+ self.operation, -+ self.xperms.to_string()) -+ - class TypeRule(Leaf): - """SELinux type rules. - -diff --git selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py -index 998c435..56ebd80 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py -@@ -19,7 +19,7 @@ - - try: - import gettext -- t = gettext.translation( 'yumex' ) -+ t = gettext.translation( 'selinux-python' ) - _ = t.gettext - except: - def _(str): -diff --git selinux-python-2.8/sepolgen/src/sepolgen/util.py selinux-python-2.8/sepolgen/src/sepolgen/util.py -index 1fca971..b3d2616 100644 ---- selinux-python-2.8/sepolgen/src/sepolgen/util.py -+++ selinux-python-2.8/sepolgen/src/sepolgen/util.py -@@ -125,7 +125,7 @@ class Comparison(): - _compare function within your class.""" - - def _compare(self, other, method): -- raise NotImplemented -+ return NotImplemented - - def __eq__(self, other): - return self._compare(other, lambda a, b: a == b) -diff --git selinux-python-2.8/sepolgen/tests/test_access.py selinux-python-2.8/sepolgen/tests/test_access.py -index d45a823..73a5407 100644 ---- selinux-python-2.8/sepolgen/tests/test_access.py -+++ selinux-python-2.8/sepolgen/tests/test_access.py -@@ -32,6 +32,7 @@ class TestAccessVector(unittest.TestCase): - self.assertEqual(a.obj_class, None) - self.assertTrue(isinstance(a.perms, refpolicy.IdSet)) - self.assertTrue(isinstance(a.audit_msgs, type([]))) -+ self.assertTrue(isinstance(a.xperms, type({}))) - self.assertEqual(len(a.audit_msgs), 0) - - # Construction from a list -@@ -61,6 +62,10 @@ class TestAccessVector(unittest.TestCase): - self.assertEqual(a.obj_class, l.obj_class) - self.assertEqual(a.perms, l.perms) - -+ l2 = access.AccessVector() -+ with self.assertRaises(ValueError): -+ l2.from_list(['foo', 'bar', 'file']) -+ - def test_to_list(self): - a = access.AccessVector() - a.src_type = "foo" -@@ -145,7 +150,80 @@ class TestAccessVector(unittest.TestCase): - - b.perms = refpolicy.IdSet(["read", "append"]) - self.assertNotEqual(a, b) -+ -+ def test_merge_noxperm(self): -+ """Test merging two AVs without xperms""" -+ a = access.AccessVector(["foo", "bar", "file", "read", "write"]) -+ b = access.AccessVector(["foo", "bar", "file", "append"]) -+ -+ a.merge(b) -+ self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"]) -+ -+ def text_merge_xperm1(self): -+ """Test merging AV that contains xperms with AV that does not""" -+ a = access.AccessVector(["foo", "bar", "file", "read"]) -+ b = access.AccessVector(["foo", "bar", "file", "read"]) -+ xp = refpolicy.XpermSet() -+ xp.add(42) -+ xp.add(12345) -+ b.xperms = {"ioctl": xp} -+ -+ a.merge(b) -+ self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"]) -+ self.assertEqual(list(a.xperms.keys()), ["ioctl"]) -+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }") -+ -+ def text_merge_xperm2(self): -+ """Test merging AV that does not contain xperms with AV that does""" -+ a = access.AccessVector(["foo", "bar", "file", "read"]) -+ xp = refpolicy.XpermSet() -+ xp.add(42) -+ xp.add(12345) -+ a.xperms = {"ioctl": xp} -+ b = access.AccessVector(["foo", "bar", "file", "read"]) -+ -+ a.merge(b) -+ self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"]) -+ self.assertEqual(list(a.xperms.keys()), ["ioctl"]) -+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }") -+ -+ def test_merge_xperm_diff_op(self): -+ """Test merging two AVs that contain xperms with different operation""" -+ a = access.AccessVector(["foo", "bar", "file", "read"]) -+ xp1 = refpolicy.XpermSet() -+ xp1.add(23) -+ a.xperms = {"asdf": xp1} -+ -+ b = access.AccessVector(["foo", "bar", "file", "read"]) -+ xp2 = refpolicy.XpermSet() -+ xp2.add(42) -+ xp2.add(12345) -+ b.xperms = {"ioctl": xp2} -+ -+ a.merge(b) -+ self.assertEqual(list(a.perms), ["read"]) -+ self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"]) -+ self.assertEqual(a.xperms["asdf"].to_string(), "23") -+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }") - -+ def test_merge_xperm_same_op(self): -+ """Test merging two AVs that contain xperms with same operation""" -+ a = access.AccessVector(["foo", "bar", "file", "read"]) -+ xp1 = refpolicy.XpermSet() -+ xp1.add(23) -+ a.xperms = {"ioctl": xp1} -+ -+ b = access.AccessVector(["foo", "bar", "file", "read"]) -+ xp2 = refpolicy.XpermSet() -+ xp2.add(42) -+ xp2.add(12345) -+ b.xperms = {"ioctl": xp2} -+ -+ a.merge(b) -+ self.assertEqual(list(a.perms), ["read"]) -+ self.assertEqual(list(a.xperms.keys()), ["ioctl"]) -+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }") -+ - class TestUtilFunctions(unittest.TestCase): - def test_is_idparam(self): - self.assertTrue(access.is_idparam("$1")) -@@ -260,3 +338,53 @@ class TestAccessVectorSet(unittest.TestCase): - b = access.AccessVectorSet() - b.from_list(avl) - self.assertEqual(len(b), 3) -+ -+ def test_add_av_first(self): -+ """Test adding first AV to the AV set""" -+ avs = access.AccessVectorSet() -+ av = access.AccessVector(['foo', 'bar', 'file', 'read']) -+ -+ avs.add_av(av) -+ -+ self.assertEqual(avs.to_list(), [['foo', 'bar', 'file', 'read']]) -+ -+ def test_add_av_second(self): -+ """Test adding second AV to the AV set with same source and target -+ context and class""" -+ avs = access.AccessVectorSet() -+ av1 = access.AccessVector(['foo', 'bar', 'file', 'read']) -+ av2 = access.AccessVector(['foo', 'bar', 'file', 'write']) -+ -+ avs.add_av(av1) -+ avs.add_av(av2) -+ -+ self.assertEqual(avs.to_list(), [['foo', 'bar', 'file', 'read', -+ 'write']]) -+ -+ def test_add_av_with_msg(self): -+ """Test adding audit message""" -+ avs = access.AccessVectorSet() -+ av = access.AccessVector(['foo', 'bar', 'file', 'read']) -+ -+ avs.add_av(av, 'test message') -+ -+ self.assertEqual(avs.src['foo']['bar']['file', av.type].audit_msgs, -+ ['test message']) -+ -+ def test_add(self): -+ """Test adding AV to the set""" -+ s = access.AccessVectorSet() -+ -+ def test_add_av(av, audit_msg=None): -+ self.assertEqual(av.src_type, 'foo') -+ self.assertEqual(av.tgt_type, 'bar') -+ self.assertEqual(av.obj_class, 'file') -+ self.assertEqual(list(av.perms), ['read']) -+ self.assertEqual(av.data, 'test data') -+ self.assertEqual(av.type, 42) -+ self.assertEqual(audit_msg, 'test message') -+ -+ s.add_av = test_add_av -+ -+ s.add("foo", "bar", "file", refpolicy.IdSet(["read"]), -+ audit_msg='test message', avc_type=42, data='test data') -diff --git selinux-python-2.8/sepolgen/tests/test_audit.py selinux-python-2.8/sepolgen/tests/test_audit.py -index 6379954..dbe6be2 100644 ---- selinux-python-2.8/sepolgen/tests/test_audit.py -+++ selinux-python-2.8/sepolgen/tests/test_audit.py -@@ -56,6 +56,18 @@ type=SYSCALL msg=audit(1162852201.019:1225): arch=40000003 syscall=11 success=ye - type=AVC msg=audit(1162852201.019:1225): avc: denied { execute_no_trans } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file - type=AVC msg=audit(1162852201.019:1225): avc: denied { execute } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file""" - -+xperms1 = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0x42 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0 -+""" -+xperms2 = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0x42 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0 -+type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0x1234 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0 -+type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0xdead scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0 -+type=AVC msg=audit(1516626657.910:4461): avc: denied { getattr } for pid=4310 comm="test" path="/root/test" ino=8619937 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=dir permissive=0 -+""" -+xperms_invalid = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=asdf scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0 -+""" -+xperms_without = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0 -+""" -+ - class TestAVCMessage(unittest.TestCase): - def test_defs(self): - avc = sepolgen.audit.AVCMessage(audit1) -@@ -64,6 +76,7 @@ class TestAVCMessage(unittest.TestCase): - self.assertEqual(avc.tcontext, sc) - self.assertEqual(avc.tclass, "") - self.assertEqual(avc.accesses, []) -+ self.assertEqual(avc.ioctlcmd, None) - - def test_granted(self): - avc = sepolgen.audit.AVCMessage(granted1) -@@ -84,6 +97,29 @@ class TestAVCMessage(unittest.TestCase): - - self.assertEqual(avc.denial, False) - -+ def test_xperms(self): -+ """Test that the ioctlcmd field is parsed""" -+ avc = sepolgen.audit.AVCMessage(xperms1) -+ recs = xperms1.split() -+ avc.from_split_string(recs) -+ -+ self.assertEqual(avc.ioctlcmd, 66) -+ -+ def test_xperms_invalid(self): -+ """Test message with invalid value in the ioctlcmd field""" -+ avc = sepolgen.audit.AVCMessage(xperms_invalid) -+ recs = xperms_invalid.split() -+ avc.from_split_string(recs) -+ -+ self.assertIsNone(avc.ioctlcmd) -+ -+ def test_xperms_without(self): -+ """Test message without the ioctlcmd field""" -+ avc = sepolgen.audit.AVCMessage(xperms_without) -+ recs = xperms_without.split() -+ avc.from_split_string(recs) -+ -+ self.assertIsNone(avc.ioctlcmd) - - def test_from_split_string(self): - # syslog message -@@ -172,6 +208,20 @@ class TestAuditParser(unittest.TestCase): - self.assertEqual(len(a.invalid_msgs), 0) - self.assertEqual(len(a.policy_load_msgs), 0) - -+ def test_parse_xperms(self): -+ """ Test that correct access vectors are generated from a set of AVC -+ denial messages. """ -+ a = sepolgen.audit.AuditParser() -+ a.parse_string(xperms2) -+ av_set = a.to_access() -+ -+ self.assertEqual(len(av_set), 2) -+ av_list = list(sorted(av_set)) -+ self.assertEqual(av_list[0].xperms, {}) -+ self.assertEqual(list(av_list[1].xperms), ["ioctl"]) -+ self.assertEqual(av_list[1].xperms["ioctl"].ranges, [(66,66), -+ (4660,4660), (57005,57005)]) -+ - class TestGeneration(unittest.TestCase): - def test_generation(self): - parser = sepolgen.audit.AuditParser() -diff --git selinux-python-2.8/sepolgen/tests/test_policygen.py selinux-python-2.8/sepolgen/tests/test_policygen.py -index 58d1adf..59496e8 100644 ---- selinux-python-2.8/sepolgen/tests/test_policygen.py -+++ selinux-python-2.8/sepolgen/tests/test_policygen.py -@@ -19,13 +19,117 @@ - - import unittest - import sepolgen.policygen as policygen -+import sepolgen.access as access -+import sepolgen.refpolicy as refpolicy - --class PolicyGenerator(unittest.TestCase): -- def __init__(self): -- g = policygen.PolicyGenerator() -- -+class TestPolicyGenerator(unittest.TestCase): -+ def setUp(self): -+ self.g = policygen.PolicyGenerator() - -+ def test_init(self): -+ """ Test that extended permission AV rules are not generated by -+ default. """ -+ self.assertFalse(self.g.xperms) - -+ def test_set_gen_xperms(self): -+ """ Test turning on and off generating of extended permission -+ AV rules. """ -+ self.g.set_gen_xperms(True) -+ self.assertTrue(self.g.xperms) -+ self.g.set_gen_xperms(False) -+ self.assertFalse(self.g.xperms) - -+ def test_av_rules(self): -+ """ Test generating of AV rules from access vectors. """ -+ av1 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "ioctl"]) -+ av2 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "open"]) -+ av3 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "read"]) - -+ avs = access.AccessVectorSet() -+ avs.add_av(av1) -+ avs.add_av(av2) -+ avs.add_av(av3) -+ -+ self.g.add_access(avs) -+ -+ self.assertEqual(len(self.g.module.children), 1) -+ r = self.g.module.children[0] -+ self.assertIsInstance(r, refpolicy.AVRule) -+ self.assertEqual(r.to_string(), -+ "allow test_src_t test_tgt_t:file { ioctl open read };") -+ -+ def test_ext_av_rules(self): -+ """ Test generating of extended permission AV rules from access -+ vectors. """ -+ self.g.set_gen_xperms(True) -+ -+ av1 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "ioctl"]) -+ av1.xperms['ioctl'] = refpolicy.XpermSet() -+ av1.xperms['ioctl'].add(42) -+ av2 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "ioctl"]) -+ av2.xperms['ioctl'] = refpolicy.XpermSet() -+ av2.xperms['ioctl'].add(1234) -+ av3 = access.AccessVector(["test_src_t", "test_tgt_t", "dir", "ioctl"]) -+ av3.xperms['ioctl'] = refpolicy.XpermSet() -+ av3.xperms['ioctl'].add(2345) -+ -+ avs = access.AccessVectorSet() -+ avs.add_av(av1) -+ avs.add_av(av2) -+ avs.add_av(av3) -+ -+ self.g.add_access(avs) -+ -+ self.assertEqual(len(self.g.module.children), 4) -+ -+ # we cannot sort the rules, so find all rules manually -+ av_rule1 = av_rule2 = av_ext_rule1 = av_ext_rule2 = None -+ -+ for r in self.g.module.children: -+ if isinstance(r, refpolicy.AVRule): -+ if 'file' in r.obj_classes: -+ av_rule1 = r -+ else: -+ av_rule2 = r -+ elif isinstance(r, refpolicy.AVExtRule): -+ if 'file' in r.obj_classes: -+ av_ext_rule1 = r -+ else: -+ av_ext_rule2 = r -+ else: -+ self.fail("Unexpected rule type '%s'" % type(r)) -+ -+ # check that all rules are present -+ self.assertNotIn(None, (av_rule1, av_rule2, av_ext_rule1, av_ext_rule2)) -+ -+ self.assertEqual(av_rule1.rule_type, av_rule1.ALLOW) -+ self.assertEqual(av_rule1.src_types, {"test_src_t"}) -+ self.assertEqual(av_rule1.tgt_types, {"test_tgt_t"}) -+ self.assertEqual(av_rule1.obj_classes, {"file"}) -+ self.assertEqual(av_rule1.perms, {"ioctl"}) -+ -+ self.assertEqual(av_ext_rule1.rule_type, av_ext_rule1.ALLOWXPERM) -+ self.assertEqual(av_ext_rule1.src_types, {"test_src_t"}) -+ self.assertEqual(av_ext_rule1.tgt_types, {"test_tgt_t"}) -+ self.assertEqual(av_ext_rule1.obj_classes, {"file"}) -+ self.assertEqual(av_ext_rule1.operation, "ioctl") -+ xp1 = refpolicy.XpermSet() -+ xp1.add(42) -+ xp1.add(1234) -+ self.assertEqual(av_ext_rule1.xperms.ranges, xp1.ranges) -+ -+ self.assertEqual(av_rule2.rule_type, av_rule2.ALLOW) -+ self.assertEqual(av_rule2.src_types, {"test_src_t"}) -+ self.assertEqual(av_rule2.tgt_types, {"test_tgt_t"}) -+ self.assertEqual(av_rule2.obj_classes, {"dir"}) -+ self.assertEqual(av_rule2.perms, {"ioctl"}) -+ -+ self.assertEqual(av_ext_rule2.rule_type, av_ext_rule2.ALLOWXPERM) -+ self.assertEqual(av_ext_rule2.src_types, {"test_src_t"}) -+ self.assertEqual(av_ext_rule2.tgt_types, {"test_tgt_t"}) -+ self.assertEqual(av_ext_rule2.obj_classes, {"dir"}) -+ self.assertEqual(av_ext_rule2.operation, "ioctl") -+ xp2 = refpolicy.XpermSet() -+ xp2.add(2345) -+ self.assertEqual(av_ext_rule2.xperms.ranges, xp2.ranges) - -diff --git selinux-python-2.8/sepolgen/tests/test_refpolicy.py selinux-python-2.8/sepolgen/tests/test_refpolicy.py -index 16e6680..64c48df 100644 ---- selinux-python-2.8/sepolgen/tests/test_refpolicy.py -+++ selinux-python-2.8/sepolgen/tests/test_refpolicy.py -@@ -19,6 +19,7 @@ - - import unittest - import sepolgen.refpolicy as refpolicy -+import sepolgen.access as access - import selinux - - class TestIdSet(unittest.TestCase): -@@ -33,6 +34,74 @@ class TestIdSet(unittest.TestCase): - s.add("read") - self.assertEqual(s.to_space_str(), "read") - -+class TestXpermSet(unittest.TestCase): -+ def test_init(self): -+ """ Test that all atttributes are correctly initialized. """ -+ s1 = refpolicy.XpermSet() -+ self.assertEqual(s1.complement, False) -+ self.assertEqual(s1.ranges, []) -+ -+ s2 = refpolicy.XpermSet(True) -+ self.assertEqual(s2.complement, True) -+ self.assertEqual(s2.ranges, []) -+ -+ def test_normalize_ranges(self): -+ """ Test that ranges that are overlapping or neighboring are correctly -+ merged into one range. """ -+ s = refpolicy.XpermSet() -+ s.ranges = [(1, 7), (5, 10), (100, 110), (102, 107), (200, 205), -+ (205, 210), (300, 305), (306, 310), (400, 405), (407, 410), -+ (500, 502), (504, 508), (500, 510)] -+ s._XpermSet__normalize_ranges() -+ -+ i = 0 -+ r = list(sorted(s.ranges)) -+ while i < len(r) - 1: -+ # check that range low bound is less than equal than the upper bound -+ self.assertLessEqual(r[i][0], r[i][1]) -+ # check that two ranges are not overlapping or neighboring -+ self.assertGreater(r[i + 1][0] - r[i][1], 1) -+ i += 1 -+ -+ def test_add(self): -+ """ Test adding new values or ranges to the set. """ -+ s = refpolicy.XpermSet() -+ s.add(1, 7) -+ s.add(5, 10) -+ s.add(42) -+ self.assertEqual(s.ranges, [(1,10), (42,42)]) -+ -+ def test_extend(self): -+ """ Test adding ranges from another XpermSet object. """ -+ a = refpolicy.XpermSet() -+ a.add(1, 7) -+ -+ b = refpolicy.XpermSet() -+ b.add(5, 10) -+ -+ a.extend(b) -+ self.assertEqual(a.ranges, [(1,10)]) -+ -+ def test_to_string(self): -+ """ Test printing the values to a string. """ -+ a = refpolicy.XpermSet() -+ a.complement = False -+ self.assertEqual(a.to_string(), "") -+ a.complement = True -+ self.assertEqual(a.to_string(), "") -+ a.add(1234) -+ self.assertEqual(a.to_string(), "~ 1234") -+ a.complement = False -+ self.assertEqual(a.to_string(), "1234") -+ a.add(2345) -+ self.assertEqual(a.to_string(), "{ 1234 2345 }") -+ a.complement = True -+ self.assertEqual(a.to_string(), "~ { 1234 2345 }") -+ a.add(42,64) -+ self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }") -+ a.complement = False -+ self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }") -+ - class TestSecurityContext(unittest.TestCase): - def test_init(self): - sc = refpolicy.SecurityContext() -@@ -110,6 +179,76 @@ class TestAVRule(unittest.TestCase): - b.sort() - self.assertEqual(a, b) - -+class TestAVExtRule(unittest.TestCase): -+ def test_init(self): -+ """ Test initialization of attributes """ -+ a = refpolicy.AVExtRule() -+ self.assertEqual(a.rule_type, a.ALLOWXPERM) -+ self.assertIsInstance(a.src_types, set) -+ self.assertIsInstance(a.tgt_types, set) -+ self.assertIsInstance(a.obj_classes, set) -+ self.assertIsNone(a.operation) -+ self.assertIsInstance(a.xperms, refpolicy.XpermSet) -+ -+ def test_rule_type_str(self): -+ """ Test strings returned by __rule_type_str() """ -+ a = refpolicy.AVExtRule() -+ self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm") -+ a.rule_type = a.ALLOWXPERM -+ self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm") -+ a.rule_type = a.DONTAUDITXPERM -+ self.assertEqual(a._AVExtRule__rule_type_str(), "dontauditxperm") -+ a.rule_type = a.NEVERALLOWXPERM -+ self.assertEqual(a._AVExtRule__rule_type_str(), "neverallowxperm") -+ a.rule_type = a.AUDITALLOWXPERM -+ self.assertEqual(a._AVExtRule__rule_type_str(), "auditallowxperm") -+ a.rule_type = 42 -+ self.assertIsNone(a._AVExtRule__rule_type_str()) -+ -+ def test_from_av(self): -+ """ Test creating the rule from an access vector. """ -+ av = access.AccessVector(["foo", "bar", "file", "ioctl"]) -+ xp = refpolicy.XpermSet() -+ av.xperms = { "ioctl": xp } -+ -+ a = refpolicy.AVExtRule() -+ -+ a.from_av(av, "ioctl") -+ self.assertEqual(a.src_types, {"foo"}) -+ self.assertEqual(a.tgt_types, {"bar"}) -+ self.assertEqual(a.obj_classes, {"file"}) -+ self.assertEqual(a.operation, "ioctl") -+ self.assertIs(a.xperms, xp) -+ -+ def test_from_av_self(self): -+ """ Test creating the rule from an access vector that has same -+ source and target context. """ -+ av = access.AccessVector(["foo", "foo", "file", "ioctl"]) -+ xp = refpolicy.XpermSet() -+ av.xperms = { "ioctl": xp } -+ -+ a = refpolicy.AVExtRule() -+ -+ a.from_av(av, "ioctl") -+ self.assertEqual(a.src_types, {"foo"}) -+ self.assertEqual(a.tgt_types, {"self"}) -+ self.assertEqual(a.obj_classes, {"file"}) -+ self.assertEqual(a.operation, "ioctl") -+ self.assertIs(a.xperms, xp) -+ -+ def test_to_string(self): -+ """ Test printing the rule to a string. """ -+ a = refpolicy.AVExtRule() -+ a._AVExtRule__rule_type_str = lambda: "first" -+ a.src_types.to_space_str = lambda: "second" -+ a.tgt_types.to_space_str = lambda: "third" -+ a.obj_classes.to_space_str = lambda: "fourth" -+ a.operation = "fifth" -+ a.xperms.to_string = lambda: "seventh" -+ -+ self.assertEqual(a.to_string(), -+ "first second third:fourth fifth seventh;") -+ - class TestTypeRule(unittest.TestCase): - def test_init(self): - a = refpolicy.TypeRule() -diff --git selinux-python-2.8/sepolicy/sepolicy.py selinux-python-2.8/sepolicy/sepolicy.py -index 141f64e..5880176 100755 ---- selinux-python-2.8/sepolicy/sepolicy.py -+++ selinux-python-2.8/sepolicy/sepolicy.py -@@ -27,7 +27,7 @@ import selinux - import sepolicy - from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text - import argparse --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -@@ -60,8 +60,6 @@ class CheckPath(argparse.Action): - class CheckType(argparse.Action): - - def __call__(self, parser, namespace, values, option_string=None): -- domains = sepolicy.get_all_domains() -- - if isinstance(values, str): - setattr(namespace, self.dest, values) - else: -@@ -103,6 +101,7 @@ class CheckDomain(argparse.Action): - domains = sepolicy.get_all_domains() - - if isinstance(values, str): -+ values = sepolicy.get_real_type_name(values) - if values not in domains: - raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (values, ", ".join(domains))) - setattr(namespace, self.dest, values) -@@ -112,6 +111,7 @@ class CheckDomain(argparse.Action): - newval = [] - - for v in values: -+ v = sepolicy.get_real_type_name(v) - if v not in domains: - raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(domains))) - newval.append(v) -@@ -167,10 +167,11 @@ class CheckPortType(argparse.Action): - if not newval: - newval = [] - for v in values: -+ v = sepolicy.get_real_type_name(v) - if v not in port_types: - raise ValueError("%s must be an SELinux port type:\nValid port types: %s" % (v, ", ".join(port_types))) - newval.append(v) -- setattr(namespace, self.dest, values) -+ setattr(namespace, self.dest, newval) - - - class LoadPolicy(argparse.Action): -diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py -index 89346ab..6039489 100644 ---- selinux-python-2.8/sepolicy/sepolicy/__init__.py -+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py -@@ -15,7 +15,7 @@ import os - import re - import gzip - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -@@ -129,6 +129,13 @@ def get_installed_policy(root="/"): - pass - raise ValueError(_("No SELinux Policy installed")) - -+def get_store_policy(store, root="/"): -+ try: -+ policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store)) -+ policies.sort() -+ return policies[-1] -+ except: -+ return None - - def policy(policy_file): - global all_domains -@@ -156,6 +163,11 @@ def policy(policy_file): - except: - raise ValueError(_("Failed to read %s policy file") % policy_file) - -+def load_store_policy(store): -+ policy_file = get_store_policy(store) -+ if not policy_file: -+ return None -+ policy(policy_file) - - try: - policy_file = get_installed_policy() -@@ -168,15 +180,21 @@ except ValueError as e: - def info(setype, name=None): - if setype == TYPE: - q = setools.TypeQuery(_pol) -- if name: -- q.name = name -+ q.name = name -+ results = list(q.results()) -+ -+ if name and len(results) < 1: -+ # type not found, try alias -+ q.name = None -+ q.alias = name -+ results = list(q.results()) - - return ({ - 'aliases': list(map(str, x.aliases())), - 'name': str(x), - 'permissive': bool(x.ispermissive), - 'attributes': list(map(str, x.attributes())) -- } for x in q.results()) -+ } for x in results) - - elif setype == ROLE: - q = setools.RoleQuery(_pol) -@@ -272,34 +290,38 @@ def _setools_rule_to_dict(rule): - 'class': str(rule.tclass), - } - -+ # Evaluate boolean expression associated with given rule (if there is any) - try: -- enabled = bool(rule.qpol_symbol.is_enabled(rule.policy)) -+ # Get state of all booleans in the conditional expression -+ boolstate = {} -+ for boolean in rule.conditional.booleans: -+ boolstate[str(boolean)] = boolean.state -+ # evaluate if the rule is enabled -+ enabled = rule.conditional.evaluate(**boolstate) == rule.conditional_block - except AttributeError: -+ # non-conditional rules are always enabled - enabled = True - -- if isinstance(rule, setools.policyrep.terule.AVRule): -- d['enabled'] = enabled -+ d['enabled'] = enabled - - try: - d['permlist'] = list(map(str, rule.perms)) -- except setools.policyrep.exception.RuleUseError: -+ except AttributeError: - pass - - try: - d['transtype'] = str(rule.default) -- except setools.policyrep.exception.RuleUseError: -+ except AttributeError: - pass - - try: - d['boolean'] = [(str(rule.conditional), enabled)] -- except (AttributeError, setools.policyrep.exception.RuleNotConditional): -+ except AttributeError: - pass - - try: - d['filename'] = rule.filename -- except (AttributeError, -- setools.policyrep.exception.RuleNotConditional, -- setools.policyrep.exception.TERuleNoFilename): -+ except AttributeError: - pass - - return d -@@ -334,6 +356,8 @@ def search(types, seinfo=None): - tertypes.append(NEVERALLOW) - if AUDITALLOW in types: - tertypes.append(AUDITALLOW) -+ if DONTAUDIT in types: -+ tertypes.append(DONTAUDIT) - - if len(tertypes) > 0: - q = setools.TERuleQuery(_pol, -@@ -437,6 +461,20 @@ def get_file_types(setype): - return mpaths - - -+def get_real_type_name(name): -+ """Return the real name of a type -+ -+ * If 'name' refers to a type alias, return the corresponding type name. -+ * Otherwise return the original name (even if the type does not exist). -+ """ -+ if not name: -+ return name -+ -+ try: -+ return next(info(TYPE, name))["name"] -+ except (RuntimeError, StopIteration): -+ return name -+ - def get_writable_files(setype): - file_types = get_all_file_types() - all_writes = [] -@@ -1048,6 +1086,8 @@ def _dict_has_perms(dict, perms): - def gen_short_name(setype): - all_domains = get_all_domains() - if setype.endswith("_t"): -+ # replace aliases with corresponding types -+ setype = get_real_type_name(setype) - domainname = setype[:-2] - else: - domainname = setype -@@ -1160,27 +1200,14 @@ def boolean_desc(boolean): - - - def get_os_version(): -- os_version = "" -- pkg_name = "selinux-policy" -+ system_release = "" - try: -- try: -- from commands import getstatusoutput -- except ImportError: -- from subprocess import getstatusoutput -- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) -- if rc == 0: -- os_version = output.split(".")[-2] -- except: -- os_version = "" -- -- if os_version[0:2] == "fc": -- os_version = "Fedora" + os_version[2:] -- elif os_version[0:2] == "el": -- os_version = "RHEL" + os_version[2:] -- else: -- os_version = "" -+ with open('/etc/system-release') as f: -+ system_release = f.readline().rstrip() -+ except IOError: -+ system_release = "Misc" - -- return os_version -+ return system_release - - - def reinit(): -diff --git selinux-python-2.8/sepolicy/sepolicy/generate.py selinux-python-2.8/sepolicy/sepolicy/generate.py -index f814e27..8e53033 100644 ---- selinux-python-2.8/sepolicy/sepolicy/generate.py -+++ selinux-python-2.8/sepolicy/sepolicy/generate.py -@@ -52,7 +52,7 @@ import sepolgen.defaults as defaults - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -@@ -103,7 +103,9 @@ def get_all_ports(): - for p in sepolicy.info(sepolicy.PORT): - if p['type'] == "reserved_port_t" or \ - p['type'] == "port_t" or \ -- p['type'] == "hi_reserved_port_t": -+ p['type'] == "hi_reserved_port_t" or \ -+ p['type'] == "ephemeral_port_t" or \ -+ p['type'] == "unreserved_port_t": - continue - dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) - return dict -diff --git selinux-python-2.8/sepolicy/sepolicy/gui.py selinux-python-2.8/sepolicy/sepolicy/gui.py -index 537d516..63aa02c 100644 ---- selinux-python-2.8/sepolicy/sepolicy/gui.py -+++ selinux-python-2.8/sepolicy/sepolicy/gui.py -@@ -43,7 +43,7 @@ import os - import re - import unicodedata - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git selinux-python-2.8/sepolicy/sepolicy/interface.py selinux-python-2.8/sepolicy/sepolicy/interface.py -index 18374dc..ca0122d 100644 ---- selinux-python-2.8/sepolicy/sepolicy/interface.py -+++ selinux-python-2.8/sepolicy/sepolicy/interface.py -@@ -32,7 +32,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git selinux-python-2.8/sepolicy/sepolicy/manpage.py selinux-python-2.8/sepolicy/sepolicy/manpage.py -index ed8cb71..8121e5c 100755 ---- selinux-python-2.8/sepolicy/sepolicy/manpage.py -+++ selinux-python-2.8/sepolicy/sepolicy/manpage.py -@@ -126,8 +126,33 @@ def gen_domains(): - domains.sort() - return domains - --types = None - -+exec_types = None -+ -+def _gen_exec_types(): -+ global exec_types -+ if exec_types is None: -+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"] -+ return exec_types -+ -+entry_types = None -+ -+def _gen_entry_types(): -+ global entry_types -+ if entry_types is None: -+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"] -+ return entry_types -+ -+mcs_constrained_types = None -+ -+def _gen_mcs_constrained_types(): -+ global mcs_constrained_types -+ if mcs_constrained_types is None: -+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -+ return mcs_constrained_types -+ -+ -+types = None - - def _gen_types(): - global types -@@ -150,10 +175,6 @@ def prettyprint(f, trim): - manpage_domains = [] - manpage_roles = [] - --fedora_releases = ["Fedora17", "Fedora18"] --rhel_releases = ["RHEL6", "RHEL7"] -- -- - def get_alphabet_manpages(manpage_list): - alphabet_manpages = dict.fromkeys(string.ascii_letters, []) - for i in string.ascii_letters: -@@ -183,7 +204,7 @@ def convert_manpage_to_html(html_manpage, manpage): - class HTMLManPages: - - """ -- Generate a HHTML Manpages on an given SELinux domains -+ Generate a HTML Manpages on an given SELinux domains - """ - - def __init__(self, manpage_roles, manpage_domains, path, os_version): -@@ -191,9 +212,9 @@ class HTMLManPages: - self.manpage_domains = get_alphabet_manpages(manpage_domains) - self.os_version = os_version - self.old_path = path + "/" -- self.new_path = self.old_path + self.os_version + "/" -+ self.new_path = self.old_path - -- if self.os_version in fedora_releases or self.os_version in rhel_releases: -+ if self.os_version: - self.__gen_html_manpages() - else: - print("SELinux HTML man pages can not be generated for this %s" % os_version) -@@ -202,7 +223,6 @@ class HTMLManPages: - def __gen_html_manpages(self): - self._write_html_manpage() - self._gen_index() -- self._gen_body() - self._gen_css() - - def _write_html_manpage(self): -@@ -220,67 +240,21 @@ class HTMLManPages: - convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) - - def _gen_index(self): -- index = self.old_path + "index.html" -- fd = open(index, 'w') -- fd.write(""" -- -- -- -- SELinux man pages online -- -- --

SELinux man pages

--

--Fedora or Red Hat Enterprise Linux Man Pages. --

--
--

Fedora

-- -- --
--
--
--""")
--        for f in fedora_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (f, f, f, f))
--
--        fd.write("""
--
--
--

RHEL

-- -- --
--
--
--""")
--        for r in rhel_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (r, r, r, r))
--
--        fd.write("""
--
-- """) -- fd.close() -- print("%s has been created" % index) -- -- def _gen_body(self): - html = self.new_path + self.os_version + ".html" - fd = open(html, 'w') - fd.write(""" - - -- -- Linux man-pages online for Fedora18 -+ -+ SELinux man pages - - --

SELinux man pages for Fedora18

-+

SELinux man pages for %s

-
- -
-

SELinux roles

--""") -+""" % self.os_version) - for letter in self.manpage_roles: - if len(self.manpage_roles[letter]): - fd.write(""" -@@ -424,6 +398,9 @@ class ManPage: - self.all_file_types = sepolicy.get_all_file_types() - self.role_allows = sepolicy.get_all_role_allows() - self.types = _gen_types() -+ self.exec_types = _gen_exec_types() -+ self.entry_types = _gen_entry_types() -+ self.mcs_constrained_types = _gen_mcs_constrained_types() - - if self.source_files: - self.fcpath = self.root + "file_contexts" -@@ -736,10 +713,13 @@ Default Defined Ports:""") - - def _file_context(self): - flist = [] -+ flist_non_exec = [] - mpaths = [] - for f in self.all_file_types: - if f.startswith(self.domainname): - flist.append(f) -+ if not f in self.exec_types or not f in self.entry_types: -+ flist_non_exec.append(f) - if f in self.fcdict: - mpaths = mpaths + self.fcdict[f]["regex"] - if len(mpaths) == 0: -@@ -791,19 +771,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d - .PP - """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) - -- self.fd.write(r""" -+ if flist_non_exec: -+ self.fd.write(r""" - .PP - .B STANDARD FILE CONTEXT - - SELinux defines the file context types for the %(domainname)s, if you wanted to - store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. - --.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?' -+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?' - .br - .B restorecon -R -v /srv/my%(domainname)s_content - - Note: SELinux often uses regular expressions to specify labels that match multiple files. --""" % {'domainname': self.domainname, "type": flist[0]}) -+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]}) - - self.fd.write(r""" - .I The following file types are defined for %(domainname)s: -@@ -974,11 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a - %s""" % ", ".join(paths)) - - def _mcs_types(self): -- try: -- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -- except StopIteration: -- return -- if self.type not in mcs_constrained_type['types']: -+ if self.type not in self.mcs_constrained_types['types']: - return - self.fd.write (""" - .SH "MCS Constrained" diff --git a/SOURCES/selinux-sandbox-fedora.patch b/SOURCES/selinux-sandbox-fedora.patch deleted file mode 100644 index 4986b98..0000000 --- a/SOURCES/selinux-sandbox-fedora.patch +++ /dev/null @@ -1,186 +0,0 @@ -diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile -index 49c1d3f..9e45329 100644 ---- selinux-sandbox-2.8/Makefile -+++ selinux-sandbox-2.8/Makefile -@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng - SEUNSHARE_OBJS = seunshare.o - - all: sandbox seunshare sandboxX.sh start -+ (cd po && $(MAKE) $@) - - seunshare: $(SEUNSHARE_OBJS) - -@@ -30,6 +31,7 @@ install: all - install -m 755 start $(DESTDIR)$(SHAREDIR) - -mkdir -p $(DESTDIR)$(SYSCONFDIR) - install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox -+ (cd po && $(MAKE) $@) - - test: - @$(PYTHON) test_sandbox.py -v -diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile -new file mode 100644 -index 0000000..0556bbe ---- /dev/null -+++ selinux-sandbox-2.8/po/Makefile -@@ -0,0 +1,82 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = sandbox -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(POTFILE) $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES -new file mode 100644 -index 0000000..deff3f2 ---- /dev/null -+++ selinux-sandbox-2.8/po/POTFILES -@@ -0,0 +1 @@ -+../sandbox -diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox -index c07a1d8..948496d 100644 ---- selinux-sandbox-2.8/sandbox -+++ selinux-sandbox-2.8/sandbox -@@ -37,7 +37,7 @@ import sepolicy - - SEUNSHARE = "/usr/sbin/seunshare" - SANDBOXSH = "/usr/share/sandbox/sandboxX.sh" --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-sandbox" - try: - import gettext - kwargs = {} -@@ -268,7 +268,7 @@ class Sandbox: - copyfile(f, "/tmp", self.__tmpdir) - copyfile(f, "/var/tmp", self.__tmpdir) - -- def __setup_sandboxrc(self, wm="/usr/bin/openbox"): -+ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"): - execfile = self.__homedir + "/.sandboxrc" - fd = open(execfile, "w+") - if self.__options.session: -@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- - - parser.add_option("-W", "--windowmanager", dest="wm", - type="string", -- default="/usr/bin/openbox", -+ default="/usr/bin/matchbox-window-manager", - help=_("alternate window manager")) - - parser.add_option("-l", "--level", dest="level", -diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8 -index d83fee7..90ef495 100644 ---- selinux-sandbox-2.8/sandbox.8 -+++ selinux-sandbox-2.8/sandbox.8 -@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz - \fB\-W\fR \fB\-\-windowmanager\fR - Select alternative window manager to run within - .B sandbox \-X. --Default to /usr/bin/openbox. -+Default to /usr/bin/matchbox-window-manager. - .TP - \fB\-X\fR - Create an X based Sandbox for gui apps, temporary files for -diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh -index eaa500d..c211ebc 100644 ---- selinux-sandbox-2.8/sandboxX.sh -+++ selinux-sandbox-2.8/sandboxX.sh -@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8 - [ -z $2 ] && export DPI="96" || export DPI="$2" - trap "exit 0" HUP - --mkdir -p ~/.config/openbox --cat > ~/.config/openbox/rc.xml << EOF -- -- -- -- no -- all -- yes -- -- -- --EOF -- --(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do -+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do - export DISPLAY=:$D - cat > ~/seremote << __EOF - #!/bin/sh diff --git a/SOURCES/semodule-utils-fedora.patch b/SOURCES/semodule-utils-fedora.patch deleted file mode 100644 index cde0b2d..0000000 --- a/SOURCES/semodule-utils-fedora.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c -index 3515234..7b75b3f 100644 ---- semodule-utils-2.8/semodule_package/semodule_package.c -+++ semodule-utils-2.8/semodule_package/semodule_package.c -@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len) - } - if (!sb.st_size) { - *len = 0; -+ close(fd); - return 0; - } - diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec index 75b6dc1..5e19e89 100644 --- a/SPECS/policycoreutils.spec +++ b/SPECS/policycoreutils.spec @@ -1,26 +1,28 @@ -%global libauditver 2.1.3-4 -%global libsepolver 2.8-2 -%global libsemanagever 2.8-4 -%global libselinuxver 2.8-6 -%global sepolgenver 2.8 +%global libauditver 3.0 +%global libsepolver 2.9-1 +%global libsemanagever 2.9-1 +%global libselinuxver 2.9-1 +%global sepolgenver 2.9 %global generatorsdir %{_prefix}/lib/systemd/system-generators +# Disable automatic compilation of Python files in extra directories +%global _python_bytecompile_extra 0 + Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.8 -Release: 16.1%{?dist} +Version: 2.9 +Release: 3%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz -Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz -Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-gui-2.8.tar.gz -Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-sandbox-2.8.tar.gz -Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-dbus-2.8.tar.gz -Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/semodule-utils-2.8.tar.gz -Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/restorecond-2.8.tar.gz -URL: https://github.com/SELinuxProject -Source12: policycoreutils_man_ru2.tar.bz2 +Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz +Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz +Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz +Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz +Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz +Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz +URL: https://github.com/SELinuxProject/selinux Source13: system-config-selinux.png Source14: sepolicy-icons.tgz Source15: selinux-autorelabel @@ -32,19 +34,35 @@ Source20: policycoreutils-po.tgz Source21: python-po.tgz Source22: gui-po.tgz Source23: sandbox-po.tgz -# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh -# run: -# HEAD 15b521e6d24b1cb3a004d49f630f1d33f3e11466 -# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do -# VERSION=2.8 ./make-fedora-selinux-patch.sh $i -# done -Patch: policycoreutils-fedora.patch -Patch1: selinux-python-fedora.patch -Patch2: selinux-gui-fedora.patch -Patch3: selinux-sandbox-fedora.patch -Patch4: selinux-dbus-fedora.patch -Patch5: semodule-utils-fedora.patch -Patch6: restorecond-fedora.patch +# https://gitlab.cee.redhat.com/SELinux/selinux +# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond +# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done +Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch +Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch +Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch +Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch +Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch +Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch +Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch +Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch +Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch +Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch +Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch +Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch +Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch +# this is too big and it's covered by sources 20 - 23 +# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch +Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch +Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch +Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch +Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch +Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch +Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch +Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch +Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch + Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 # initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel @@ -57,6 +75,7 @@ BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel BuildRequires: python3-devel BuildRequires: systemd +BuildRequires: git Requires: util-linux grep gawk diffutils rpm sed Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver} @@ -76,44 +95,49 @@ for basic operation of a SELinux system. These utilities include load_policy to load policies, setfiles to label filesystems, newrole to switch roles. -%prep +%prep -p /usr/bin/bash # create selinux/ directory and extract sources -%setup -q -c -n selinux -%setup -q -T -D -a 1 -n selinux -%setup -q -T -D -a 2 -n selinux -%setup -q -T -D -a 3 -n selinux -%setup -q -T -D -a 4 -n selinux -%setup -q -T -D -a 5 -n selinux -%setup -q -T -D -a 6 -n selinux -%patch -p0 -b .policycoreutils-fedora +%autosetup -S git -N -c -n selinux +%autosetup -S git -N -T -D -a 1 -n selinux +%autosetup -S git -N -T -D -a 2 -n selinux +%autosetup -S git -N -T -D -a 3 -n selinux +%autosetup -S git -N -T -D -a 4 -n selinux +%autosetup -S git -N -T -D -a 5 -n selinux +%autosetup -S git -N -T -D -a 6 -n selinux -cp %{SOURCE13} selinux-gui-%{version}/ -tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/ -%patch1 -p0 -b .selinux-python -%patch2 -p0 -b .selinux-gui -%patch3 -p0 -b .selinux-sandbox -%patch4 -p0 -b .selinux-dbus -%patch5 -p0 -b .semodule-utils -%patch6 -p0 -b .restorecond +for i in *; do + git mv $i ${i/-%{version}/} + git commit -q --allow-empty -a --author 'rpm-build ' -m "$i -> ${i/-%{version}/}" +done + +for i in selinux-*; do + git mv $i ${i#selinux-} + git commit -q --allow-empty -a --author 'rpm-build ' -m "$i -> ${i#selinux-}" +done + +git am %{_sourcedir}/[0-9]*.patch + +cp %{SOURCE13} gui/ +tar -xvf %{SOURCE14} -C python/sepolicy/ # Since patches containing translation changes were too big, translations were moved to separate tarballs # For more information see README.translations -tar -x -f %{SOURCE20} -C policycoreutils-%{version} -z -tar -x -f %{SOURCE21} -C selinux-python-%{version} -z -tar -x -f %{SOURCE22} -C selinux-gui-%{version} -z -tar -x -f %{SOURCE23} -C selinux-sandbox-%{version} -z +tar -x -f %{SOURCE20} -C policycoreutils -z +tar -x -f %{SOURCE21} -C python -z +tar -x -f %{SOURCE22} -C gui -z +tar -x -f %{SOURCE23} -C sandbox -z %build %set_build_flags export PYTHON=%{__python3} -make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all -make -C selinux-python-%{version} PYTHON=%{__python3} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all -make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all -make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all -make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all -make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all -make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all %install mkdir -p %{buildroot}%{_bindir} @@ -123,19 +147,19 @@ mkdir -p %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_mandir}/man8 %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/ -make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install -make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install # Fix perms on newrole so that objcopy can process it chmod 0755 %{buildroot}%{_bindir}/newrole @@ -143,9 +167,8 @@ chmod 0755 %{buildroot}%{_bindir}/newrole # Systemd rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond -tar -jxf %{SOURCE12} -C %{buildroot}/ rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz -rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz +rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8* rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8 rm -f %{buildroot}/usr/sbin/open_init_pty @@ -154,21 +177,6 @@ rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8* rm -f %{buildroot}/usr/share/man/man8/run_init.8* rm -f %{buildroot}/etc/pam.d/run_init* -ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui - -desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \ - %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop - -desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \ - %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop - -desktop-file-install --dir %{buildroot}%{_datadir}/applications \ - %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop - -rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop -rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop -rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop - mkdir -m 755 -p %{buildroot}/%{generatorsdir} install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/ install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/ @@ -190,7 +198,6 @@ pathfix.py -i "%{__python3} -Es" -p \ %{buildroot}%{_bindir}/sepolgen-ifgen \ %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \ %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \ - %{buildroot}%{_datadir}/system-config-selinux/polgengui.py \ %nil # clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990 @@ -198,6 +205,10 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \ -type f -name '*~' | xargs rm -f +# Manually invoke the python byte compile macro for each path that needs byte +# compilation. +%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux + %find_lang policycoreutils %find_lang selinux-python %find_lang selinux-gui @@ -222,12 +233,14 @@ an SELinux environment. %{_mandir}/man1/audit2allow.1* %{_mandir}/ru/man1/audit2allow.1* %{_mandir}/man1/audit2why.1* +%{_mandir}/ru/man1/audit2why.1* %{_sysconfdir}/dbus-1/system.d/org.selinux.conf %{_mandir}/man8/chcat.8* %{_mandir}/ru/man8/chcat.8* %{_mandir}/man8/sandbox.8* +%{_mandir}/ru/man8/sandbox.8* %{_mandir}/man8/semanage*.8* -%{_mandir}/ru/man8/semanage.8* +%{_mandir}/ru/man8/semanage*.8* %{_datadir}/bash-completion/completions/semanage %package dbus @@ -245,7 +258,9 @@ an SELinux environment. %{_datadir}/dbus-1/system-services/org.selinux.service %{_datadir}/polkit-1/actions/org.selinux.policy %{_datadir}/polkit-1/actions/org.selinux.config.policy -%{_datadir}/system-config-selinux/selinux_server.py* +%{_datadir}/system-config-selinux/selinux_server.py +%dir %{_datadir}/system-config-selinux/__pycache__ +%{_datadir}/system-config-selinux/__pycache__/selinux_server.* %package -n python3-policycoreutils %{?python_provide:%python_provide python3-policycoreutils} @@ -303,6 +318,7 @@ The policycoreutils-devel package contains the management tools use to develop p /var/lib/sepolgen/perm_map %{_bindir}/sepolicy %{_mandir}/man8/sepolgen.8* +%{_mandir}/ru/man8/sepolgen.8* %{_mandir}/man8/sepolicy-booleans.8* %{_mandir}/man8/sepolicy-generate.8* %{_mandir}/man8/sepolicy-interface.8* @@ -311,6 +327,7 @@ The policycoreutils-devel package contains the management tools use to develop p %{_mandir}/man8/sepolicy-communicate.8* %{_mandir}/man8/sepolicy-manpage.8* %{_mandir}/man8/sepolicy-transition.8* +%{_mandir}/ru/man8/sepolicy*.8* %{_usr}/share/bash-completion/completions/sepolicy @@ -331,7 +348,9 @@ sandboxes %{_datadir}/sandbox/start %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare %{_mandir}/man8/seunshare.8* +%{_mandir}/ru/man8/seunshare.8* %{_mandir}/man5/sandbox.5* +%{_mandir}/ru/man5/sandbox.5* %package newrole Summary: The newrole application for RBAC/MLS @@ -344,6 +363,7 @@ or level of a logged in user. %files newrole %attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole %{_mandir}/man1/newrole.1.gz +%{_mandir}/ru/man1/newrole.1.gz %config(noreplace) %{_sysconfdir}/pam.d/newrole %package gui @@ -366,19 +386,23 @@ system-config-selinux is a utility for managing the SELinux environment %{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png %{_datadir}/pixmaps/system-config-selinux.png %dir %{_datadir}/system-config-selinux +%dir %{_datadir}/system-config-selinux/__pycache__ %{_datadir}/system-config-selinux/system-config-selinux.png -%{_datadir}/system-config-selinux/*Page.py* -%{_datadir}/system-config-selinux/html_util.py* -%{_datadir}/system-config-selinux/polgengui.py* -%{_datadir}/system-config-selinux/system-config-selinux.py* +%{_datadir}/system-config-selinux/*Page.py +%{_datadir}/system-config-selinux/__pycache__/*Page.* +%{_datadir}/system-config-selinux/system-config-selinux.py +%{_datadir}/system-config-selinux/__pycache__/system-config-selinux.* %{_datadir}/system-config-selinux/*.ui %{python3_sitelib}/sepolicy/gui.py* %{python3_sitelib}/sepolicy/sepolicy.glade %{_datadir}/icons/hicolor/*/apps/sepolicy.png %{_datadir}/pixmaps/sepolicy.png %{_mandir}/man8/system-config-selinux.8* +%{_mandir}/ru/man8/system-config-selinux.8* %{_mandir}/man8/selinux-polgengui.8* +%{_mandir}/ru/man8/selinux-polgengui.8* %{_mandir}/man8/sepolicy-gui.8* +%{_mandir}/ru/man8/sepolicy-gui.8* %files -f %{name}.lang %{_sbindir}/restorecon @@ -402,9 +426,10 @@ system-config-selinux is a utility for managing the SELinux environment %{_unitdir}/selinux-autorelabel.target %{generatorsdir}/selinux-autorelabel-generator.sh %config(noreplace) %{_sysconfdir}/sestatus.conf -# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them %{_mandir}/man5/selinux_config.5.gz +%{_mandir}/ru/man5/selinux_config.5.gz %{_mandir}/man5/sestatus.conf.5.gz +%{_mandir}/ru/man5/sestatus.conf.5.gz %{_mandir}/man8/fixfiles.8* %{_mandir}/ru/man8/fixfiles.8* %{_mandir}/man8/load_policy.8* @@ -412,6 +437,7 @@ system-config-selinux is a utility for managing the SELinux environment %{_mandir}/man8/restorecon.8* %{_mandir}/ru/man8/restorecon.8* %{_mandir}/man8/restorecon_xattr.8* +%{_mandir}/ru/man8/restorecon_xattr.8* %{_mandir}/man8/semodule.8* %{_mandir}/ru/man8/semodule.8* %{_mandir}/man8/sestatus.8* @@ -423,17 +449,19 @@ system-config-selinux is a utility for managing the SELinux environment %{_mandir}/man1/secon.1* %{_mandir}/ru/man1/secon.1* %{_mandir}/man8/genhomedircon.8* +%{_mandir}/ru/man8/genhomedircon.8* %{_mandir}/man8/semodule_expand.8* %{_mandir}/ru/man8/semodule_expand.8* %{_mandir}/man8/semodule_link.8* %{_mandir}/ru/man8/semodule_link.8* %{_mandir}/man8/semodule_unpackage.8* +%{_mandir}/ru/man8/semodule_unpackage.8* %{_mandir}/man8/semodule_package.8* %{_mandir}/ru/man8/semodule_package.8* %dir %{_datadir}/bash-completion %{_datadir}/bash-completion/completions/setsebool %{!?_licensedir:%global license %%doc} -%license policycoreutils-%{version}/COPYING +%license policycoreutils/COPYING %doc %{_usr}/share/doc/%{name} %package restorecond @@ -453,7 +481,7 @@ The policycoreutils-restorecond package contains the restorecond service. %{_mandir}/man8/restorecond.8* %{_mandir}/ru/man8/restorecond.8* %{!?_licensedir:%global license %%doc} -%license policycoreutils-%{version}/COPYING +%license policycoreutils/COPYING %post %systemd_post selinux-autorelabel-mark.service @@ -471,6 +499,16 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog +* Thu Aug 22 2019 Vit Mojzis - 2.9-3 +- fixfiles: Fix unbound variable problem (#1743213) + +* Tue Jul 2 2019 Petr Lautrbach - 2.9-2 +- Update transition +- fixfiles: Fix [-B] [-F] onboot + +* Mon Mar 18 2019 Petr Lautrbach - 2.9-1 +- SELinux userspace 2.9 release + * Fri Dec 14 2018 Petr Lautrbach - 2.8-16.1 - semanage: move valid_types initialisations to class constructors - semanage: import sepolicy only when it's needed