diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch deleted file mode 100644 index bb2965d..0000000 --- a/policycoreutils-gui.patch +++ /dev/null @@ -1,14359 +0,0 @@ -diff -up policycoreutils-2.1.11/gui/booleansPage.py.gui policycoreutils-2.1.11/gui/booleansPage.py ---- policycoreutils-2.1.11/gui/booleansPage.py.gui 2012-04-05 10:13:37.905837243 -0400 -+++ policycoreutils-2.1.11/gui/booleansPage.py 2012-04-05 10:13:37.905837243 -0400 -@@ -0,0 +1,247 @@ -+# -+# booleansPage.py - GUI for Booleans page in system-config-securitylevel -+# -+# Dan Walsh -+# -+# Copyright 2006, 2007 Red Hat, Inc. -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import tempfile -+import seobject -+import semanagePage -+ -+INSTALLPATH='/usr/share/system-config-selinux' -+sys.path.append(INSTALLPATH) -+ -+import commands -+ENFORCING=0 -+PERMISSIVE=1 -+DISABLED=2 -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+from glob import fnmatch -+ -+class Modifier: -+ def __init__(self,name, on, save): -+ self.on=on -+ self.name=name -+ self.save=save -+ -+ def set(self,value): -+ self.on=value -+ self.save=True -+ -+ def isOn(self): -+ return self.on -+ -+class Boolean(Modifier): -+ def __init__(self,name, val, save=False): -+ Modifier.__init__(self,name, val, save) -+ -+ACTIVE = 0 -+MODULE = 1 -+DESC = 2 -+BOOLEAN = 3 -+ -+class booleansPage: -+ def __init__(self, xml, doDebug=None): -+ self.xml = xml -+ xml.signal_connect("on_lockdown_clicked", self.on_lockdown_clicked) -+ self.window = self.xml.get_widget("mainWindow").get_root_window() -+ self.local = False -+ self.types=[] -+ self.selinuxsupport = True -+ self.typechanged = False -+ self.doDebug = doDebug -+ self.busy_cursor = gtk.gdk.Cursor(gtk.gdk.WATCH) -+ self.ready_cursor = gtk.gdk.Cursor(gtk.gdk.LEFT_PTR) -+ -+ # Bring in widgets from glade file. -+ self.typeHBox = xml.get_widget("typeHBox") -+ self.booleanSW = xml.get_widget("booleanSW") -+ self.booleansFilter = xml.get_widget("booleansFilter") -+ self.booleansFilter.connect("focus_out_event", self.filter_changed) -+ self.booleansFilter.connect("activate", self.filter_changed) -+ -+ self.booleansView = xml.get_widget("booleansView") -+ self.typeLabel = xml.get_widget("typeLabel") -+ self.modifySeparator = xml.get_widget("modifySeparator") -+ -+ self.revertButton = xml.get_widget("booleanRevertButton") -+ self.revertButton.set_sensitive(self.local) -+ self.revertButton.connect("clicked", self.on_revert_clicked) -+ listStore = gtk.ListStore(gobject.TYPE_STRING) -+ cell = gtk.CellRendererText() -+ -+ self.store = gtk.ListStore(gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.store.set_sort_column_id(1, gtk.SORT_ASCENDING) -+ self.booleansView.set_model(self.store) -+ -+ checkbox = gtk.CellRendererToggle() -+ checkbox.connect("toggled", self.boolean_toggled) -+ col = gtk.TreeViewColumn('Active', checkbox, active = ACTIVE) -+ col.set_clickable(True) -+ col.set_sort_column_id(ACTIVE) -+ self.booleansView.append_column(col) -+ -+ col = gtk.TreeViewColumn("Module", gtk.CellRendererText(), text=MODULE) -+ col.set_sort_column_id(MODULE) -+ col.set_resizable(True) -+ self.booleansView.append_column(col) -+ -+ col = gtk.TreeViewColumn("Description", gtk.CellRendererText(), text=DESC) -+ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) -+ col.set_fixed_width(400) -+ col.set_sort_column_id(DESC) -+ col.set_resizable(True) -+ self.booleansView.append_column(col) -+ -+ col = gtk.TreeViewColumn("Name", gtk.CellRendererText(), text=BOOLEAN) -+ col.set_sort_column_id(BOOLEAN) -+ col.set_resizable(True) -+ self.booleansView.set_search_equal_func(self.__search) -+ self.booleansView.append_column(col) -+ self.filter="" -+ self.load(self.filter) -+ -+ def __search(self, model, col, key, i): -+ sort_col = self.store.get_sort_column_id()[0] -+ if sort_col > 0: -+ val = model.get_value(i, sort_col) -+ if val.lower().startswith(key.lower()): -+ return False -+ return True -+ -+ def wait(self): -+ self.window.set_cursor(self.busy_cursor) -+ semanagePage.idle_func() -+ -+ def ready(self): -+ self.window.set_cursor(self.ready_cursor) -+ semanagePage.idle_func() -+ -+ def deleteDialog(self): -+ store, iter = self.booleansView.get_selection().get_selected() -+ if iter == None: -+ return -+ boolean = store.get_value(iter, BOOLEAN) -+ # change cursor -+ if boolean == None: -+ return -+ try: -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage boolean -d %s" % boolean) -+ -+ self.ready() -+ if rc != 0: -+ return self.error(out) -+ self.load(self.filter) -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def filter_changed(self, *arg): -+ filter = arg[0].get_text() -+ if filter != self.filter: -+ self.load(filter) -+ self.filter=filter -+ -+ def use_menus(self): -+ return False -+ -+ def get_description(self): -+ return _("Boolean") -+ -+ def match(self,key, filter=""): -+ try: -+ f=filter.lower() -+ cat=self.booleans.get_category(key).lower() -+ val=self.booleans.get_desc(key).lower() -+ k=key.lower() -+ return val.find(f) >= 0 or k.find(f) >= 0 or cat.find(f) >= 0 -+ except: -+ return False -+ -+ -+ def load(self, filter=None): -+ self.store.clear() -+ self.booleans = seobject.booleanRecords() -+ booleansList = self.booleans.get_all(self.local) -+ for name in booleansList: -+ rec = booleansList[name] -+ if self.match(name, filter): -+ iter=self.store.append() -+ self.store.set_value(iter, ACTIVE, rec[2] == 1) -+ self.store.set_value(iter, MODULE, self.booleans.get_category(name)) -+ self.store.set_value(iter, DESC, self.booleans.get_desc(name)) -+ self.store.set_value(iter, BOOLEAN, name) -+ -+ def boolean_toggled(self, widget, row): -+ iter = self.store.get_iter(row) -+ val = self.store.get_value(iter, ACTIVE) -+ key = self.store.get_value(iter, BOOLEAN) -+ self.store.set_value(iter, ACTIVE , not val) -+ self.wait() -+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val) -+ commands.getstatusoutput(setsebool) -+ self.load(self.filter) -+ self.ready() -+ -+ def on_revert_clicked(self, button): -+ self.wait() -+ setsebool="semanage boolean --deleteall" -+ commands.getstatusoutput(setsebool) -+ self.load(self.filter) -+ self.ready() -+ -+ def on_lockdown_clicked(self, button): -+ try: -+ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/lockdown.py") -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def on_local_clicked(self, button): -+ self.local = not self.local -+ self.revertButton.set_sensitive(self.local) -+ -+ if self.local: -+ button.set_label(_("all")) -+ else: -+ button.set_label(_("Customized")) -+ -+ self.load(self.filter) -+ return True -+ -diff -up policycoreutils-2.1.11/gui/domainsPage.py.gui policycoreutils-2.1.11/gui/domainsPage.py ---- policycoreutils-2.1.11/gui/domainsPage.py.gui 2012-04-05 10:13:37.905837243 -0400 -+++ policycoreutils-2.1.11/gui/domainsPage.py 2012-04-05 10:13:37.905837243 -0400 -@@ -0,0 +1,154 @@ -+## domainsPage.py - show selinux domains -+## Copyright (C) 2009 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import commands -+import gobject -+import sys -+import seobject -+import selinux -+from semanagePage import *; -+import polgen -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class domainsPage(semanagePage): -+ def __init__(self, xml): -+ semanagePage.__init__(self, xml, "domains", _("Process Domain")) -+ self.domain_filter = xml.get_widget("domainsFilterEntry") -+ self.domain_filter.connect("focus_out_event", self.filter_changed) -+ self.domain_filter.connect("activate", self.filter_changed) -+ -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Domain Name"), gtk.CellRendererText(), text = 0) -+ col.set_sort_column_id(0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Mode"), gtk.CellRendererText(), text = 1) -+ col.set_sort_column_id(1) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.view.get_selection().connect("changed", self.itemSelected) -+ -+ self.permissive_button = xml.get_widget("permissiveButton") -+ self.enforcing_button = xml.get_widget("enforcingButton") -+ -+ self.domains=polgen.get_all_domains() -+ self.load() -+ -+ def get_modules(self): -+ modules=[] -+ fd=os.popen("semodule -l") -+ mods = fd.readlines() -+ fd.close() -+ for l in mods: -+ modules.append(l.split()[0]) -+ return modules -+ -+ def load(self, filter=""): -+ self.filter=filter -+ self.store.clear() -+ try: -+ modules=self.get_modules() -+ for domain in self.domains: -+ if not self.match(domain, filter): -+ continue -+ iter = self.store.append() -+ self.store.set_value(iter, 0, domain) -+ t = "permissive_%s_t" % domain -+ if t in modules: -+ self.store.set_value(iter, 1, _("Permissive")) -+ else: -+ self.store.set_value(iter, 1, "") -+ except: -+ pass -+ self.view.get_selection().select_path ((0,)) -+ -+ def itemSelected(self, selection): -+ store, iter = selection.get_selected() -+ if iter == None: -+ return -+ p = store.get_value(iter, 1) == _("Permissive") -+ self.permissive_button.set_sensitive(not p) -+ self.enforcing_button.set_sensitive(p) -+ -+ def deleteDialog(self): -+ # Do nothing -+ return self.delete() -+ -+ def delete(self): -+ selection = self.view.get_selection() -+ store, iter = selection.get_selected() -+ domain = store.get_value(iter, 0) -+ try: -+ self.wait() -+ status, output = commands.getstatusoutput("semanage permissive -d %s_t" % domain) -+ self.ready() -+ if status != 0: -+ self.error(output) -+ else: -+ domain = store.set_value(iter, 1, "") -+ self.itemSelected(selection) -+ -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def propertiesDialog(self): -+ # Do nothing -+ return -+ -+ def addDialog(self): -+ # Do nothing -+ return self.add() -+ -+ def add(self): -+ selection = self.view.get_selection() -+ store, iter = selection.get_selected() -+ domain = store.get_value(iter, 0) -+ try: -+ self.wait() -+ status, output = commands.getstatusoutput("semanage permissive -a %s_t" % domain) -+ self.ready() -+ if status != 0: -+ self.error(output) -+ else: -+ domain = store.set_value(iter, 1, _("Permissive")) -+ self.itemSelected(selection) -+ -+ except ValueError, e: -+ self.error(e.args[0]) -diff -up policycoreutils-2.1.11/gui/fcontextPage.py.gui policycoreutils-2.1.11/gui/fcontextPage.py ---- policycoreutils-2.1.11/gui/fcontextPage.py.gui 2012-04-05 10:13:37.905837243 -0400 -+++ policycoreutils-2.1.11/gui/fcontextPage.py 2012-04-05 10:13:37.905837243 -0400 -@@ -0,0 +1,223 @@ -+## fcontextPage.py - show selinux mappings -+## Copyright (C) 2006 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import gtk -+import gtk.glade -+import os -+import gobject -+import seobject -+import commands -+from semanagePage import *; -+ -+SPEC_COL = 0 -+TYPE_COL = 1 -+FTYPE_COL = 2 -+ -+class context: -+ def __init__(self, scontext): -+ self.scontext = scontext -+ con=scontext.split(":") -+ self.type = con[0] -+ if len(con) > 1: -+ self.mls = con[1] -+ else: -+ self.mls = "s0" -+ -+ def __str__(self): -+ return self.scontext -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+ -+class fcontextPage(semanagePage): -+ def __init__(self, xml): -+ semanagePage.__init__(self, xml, "fcontext", _("File Labeling")) -+ self.fcontextFilter = xml.get_widget("fcontextFilterEntry") -+ self.fcontextFilter.connect("focus_out_event", self.filter_changed) -+ self.fcontextFilter.connect("activate", self.filter_changed) -+ -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.view = xml.get_widget("fcontextView") -+ self.view.set_model(self.store) -+ self.view.set_search_equal_func(self.search) -+ -+ col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=SPEC_COL) -+ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) -+ col.set_fixed_width(250) -+ -+ col.set_sort_column_id(SPEC_COL) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ col = gtk.TreeViewColumn(_("Selinux\nFile Type"), gtk.CellRendererText(), text=TYPE_COL) -+ -+ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED) -+ col.set_fixed_width(250) -+ col.set_sort_column_id(TYPE_COL) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ col = gtk.TreeViewColumn(_("File\nType"), gtk.CellRendererText(), text=2) -+ col.set_sort_column_id(FTYPE_COL) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ self.store.set_sort_column_id(SPEC_COL, gtk.SORT_ASCENDING) -+ self.load() -+ self.fcontextEntry = xml.get_widget("fcontextEntry") -+ self.fcontextFileTypeCombo = xml.get_widget("fcontextFileTypeCombo") -+ liststore=self.fcontextFileTypeCombo.get_model() -+ for k in seobject.file_types: -+ if len(k) > 0 and k[0] != '-': -+ iter=liststore.append() -+ liststore.set_value(iter, 0, k) -+ iter = liststore.get_iter_first() -+ self.fcontextFileTypeCombo.set_active_iter(iter) -+ self.fcontextTypeEntry = xml.get_widget("fcontextTypeEntry") -+ self.fcontextMLSEntry = xml.get_widget("fcontextMLSEntry") -+ -+ def match(self, fcon_dict, k, filter): -+ try: -+ f=filter.lower() -+ for con in k: -+ k=con.lower() -+ if k.find(f) >= 0: -+ return True -+ for con in fcon_dict[k]: -+ k=con.lower() -+ if k.find(f) >= 0: -+ return True -+ except: -+ pass -+ return False -+ -+ def load(self, filter=""): -+ self.filter=filter -+ self.fcontext=seobject.fcontextRecords() -+ self.store.clear() -+ fcon_dict=self.fcontext.get_all(self.local) -+ keys = fcon_dict.keys() -+ keys.sort() -+ for k in keys: -+ if not self.match(fcon_dict, k, filter): -+ continue -+ iter=self.store.append() -+ self.store.set_value(iter, SPEC_COL, k[0]) -+ self.store.set_value(iter, FTYPE_COL, k[1]) -+ if fcon_dict[k]: -+ rec="%s:%s" % (fcon_dict[k][2], seobject.translate(fcon_dict[k][3],False)) -+ else: -+ rec="<>" -+ self.store.set_value(iter, TYPE_COL, rec) -+ self.view.get_selection().select_path ((0,)) -+ -+ def filter_changed(self, *arg): -+ filter = arg[0].get_text() -+ if filter != self.filter: -+ self.load(filter) -+ -+ def dialogInit(self): -+ store, iter = self.view.get_selection().get_selected() -+ self.fcontextEntry.set_text(store.get_value(iter, SPEC_COL)) -+ self.fcontextEntry.set_sensitive(False) -+ scontext = store.get_value(iter, TYPE_COL) -+ scon=context(scontext) -+ self.fcontextTypeEntry.set_text(scon.type) -+ self.fcontextMLSEntry.set_text(scon.mls) -+ type=store.get_value(iter, FTYPE_COL) -+ liststore=self.fcontextFileTypeCombo.get_model() -+ iter = liststore.get_iter_first() -+ while iter != None and liststore.get_value(iter,0) != type: -+ iter = liststore.iter_next(iter) -+ if iter != None: -+ self.fcontextFileTypeCombo.set_active_iter(iter) -+ self.fcontextFileTypeCombo.set_sensitive(False) -+ -+ def dialogClear(self): -+ self.fcontextEntry.set_text("") -+ self.fcontextEntry.set_sensitive(True) -+ self.fcontextFileTypeCombo.set_sensitive(True) -+ self.fcontextTypeEntry.set_text("") -+ self.fcontextMLSEntry.set_text("s0") -+ -+ def delete(self): -+ store, iter = self.view.get_selection().get_selected() -+ try: -+ fspec=store.get_value(iter, SPEC_COL) -+ ftype=store.get_value(iter, FTYPE_COL) -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' '%s'" % (ftype, fspec)) -+ self.ready() -+ -+ if rc != 0: -+ return self.error(out) -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def add(self): -+ ftype=["", "--", "-d", "-c", "-b", "-s", "-l", "-p" ] -+ fspec=self.fcontextEntry.get_text().strip() -+ type=self.fcontextTypeEntry.get_text().strip() -+ mls=self.fcontextMLSEntry.get_text().strip() -+ list_model=self.fcontextFileTypeCombo.get_model() -+ active = self.fcontextFileTypeCombo.get_active() -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype[active], fspec)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ -+ iter=self.store.append() -+ self.store.set_value(iter, SPEC_COL, fspec) -+ self.store.set_value(iter, FTYPE_COL, ftype) -+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) -+ -+ def modify(self): -+ fspec=self.fcontextEntry.get_text().strip() -+ type=self.fcontextTypeEntry.get_text().strip() -+ mls=self.fcontextMLSEntry.get_text().strip() -+ list_model=self.fcontextFileTypeCombo.get_model() -+ iter = self.fcontextFileTypeCombo.get_active_iter() -+ ftype=list_model.get_value(iter,0) -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ -+ store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, SPEC_COL, fspec) -+ self.store.set_value(iter, FTYPE_COL, ftype) -+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) -diff -up policycoreutils-2.1.11/gui/html_util.py.gui policycoreutils-2.1.11/gui/html_util.py ---- policycoreutils-2.1.11/gui/html_util.py.gui 2012-04-05 10:13:37.905837243 -0400 -+++ policycoreutils-2.1.11/gui/html_util.py 2012-04-05 10:13:37.906837244 -0400 -@@ -0,0 +1,164 @@ -+# Authors: John Dennis -+# -+# Copyright (C) 2007 Red Hat, Inc. -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+ -+ -+__all__ = [ -+ 'escape_html', -+ 'unescape_html', -+ 'html_to_text', -+ -+ 'html_document', -+] -+ -+import htmllib -+import formatter as Formatter -+import string -+from types import * -+import StringIO -+ -+#------------------------------------------------------------------------------ -+ -+class TextWriter(Formatter.DumbWriter): -+ def __init__(self, file=None, maxcol=80, indent_width=4): -+ Formatter.DumbWriter.__init__(self, file, maxcol) -+ self.indent_level = 0 -+ self.indent_width = indent_width -+ self._set_indent() -+ -+ def _set_indent(self): -+ self.indent_col = self.indent_level * self.indent_width -+ self.indent = ' ' * self.indent_col -+ -+ def new_margin(self, margin, level): -+ self.indent_level = level -+ self._set_indent() -+ -+ def send_label_data(self, data): -+ data = data + ' ' -+ if len(data) > self.indent_col: -+ self.send_literal_data(data) -+ else: -+ offset = self.indent_col - len(data) -+ self.send_literal_data(' ' * offset + data) -+ -+ def send_flowing_data(self, data): -+ if not data: return -+ atbreak = self.atbreak or data[0] in string.whitespace -+ col = self.col -+ maxcol = self.maxcol -+ write = self.file.write -+ col = self.col -+ if col == 0: -+ write(self.indent) -+ col = self.indent_col -+ for word in data.split(): -+ if atbreak: -+ if col + len(word) >= maxcol: -+ write('\n' + self.indent) -+ col = self.indent_col -+ else: -+ write(' ') -+ col = col + 1 -+ write(word) -+ col = col + len(word) -+ atbreak = 1 -+ self.col = col -+ self.atbreak = data[-1] in string.whitespace -+ -+class HTMLParserAnchor(htmllib.HTMLParser): -+ -+ def __init__(self, formatter, verbose=0): -+ htmllib.HTMLParser.__init__(self, formatter, verbose) -+ -+ def anchor_bgn(self, href, name, type): -+ self.anchor = href -+ -+ def anchor_end(self): -+ if self.anchor: -+ self.handle_data(' (%s) ' % self.anchor) -+ self.anchor = None -+ -+#------------------------------------------------------------------------------ -+ -+def escape_html(s): -+ if s is None: return None -+ s = s.replace("&", "&") # Must be done first! -+ s = s.replace("<", "<") -+ s = s.replace(">", ">") -+ s = s.replace("'", "'") -+ s = s.replace('"', """) -+ return s -+ -+ -+def unescape_html(s): -+ if s is None: return None -+ if '&' not in s: -+ return s -+ s = s.replace("<", "<") -+ s = s.replace(">", ">") -+ s = s.replace("'", "'") -+ s = s.replace(""", '"') -+ s = s.replace("&", "&") # Must be last -+ return s -+ -+def html_to_text(html, maxcol=80): -+ try: -+ buffer = StringIO.StringIO() -+ formatter = Formatter.AbstractFormatter(TextWriter(buffer, maxcol)) -+ parser = HTMLParserAnchor(formatter) -+ parser.feed(html) -+ parser.close() -+ text = buffer.getvalue() -+ buffer.close() -+ return text -+ except Exception, e: -+ log_program.error('cannot convert html to text: %s' % e) -+ return None -+ -+def html_document(*body_components): -+ '''Wrap the body components in a HTML document structure with a valid header. -+ Accepts a variable number of arguments of of which canb be: -+ * string -+ * a sequences of strings (tuple or list). -+ * a callable object taking no parameters and returning a string or sequence of strings. -+ ''' -+ head = '\n \n \n \n \n' -+ tail = '\n \n' -+ -+ doc = head -+ -+ for body_component in body_components: -+ if type(body_component) is StringTypes: -+ doc += body_component -+ elif type(body_component) in [TupleType, ListType]: -+ for item in body_component: -+ doc += item -+ elif callable(body_component): -+ result = body_component() -+ if type(result) in [TupleType, ListType]: -+ for item in result: -+ doc += item -+ else: -+ doc += result -+ else: -+ doc += body_component -+ -+ doc += tail -+ return doc -+ -diff -up policycoreutils-2.1.11/gui/lockdown.glade.gui policycoreutils-2.1.11/gui/lockdown.glade ---- policycoreutils-2.1.11/gui/lockdown.glade.gui 2012-04-05 10:13:37.906837244 -0400 -+++ policycoreutils-2.1.11/gui/lockdown.glade 2012-04-05 10:13:37.906837244 -0400 -@@ -0,0 +1,771 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ 5 -+ False -+ system-config-selinux -+ Copyright (c)2006 Red Hat, Inc. -+Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com> -+ False -+ Daniel Walsh <dwalsh@redhat.com> -+ -+ translator-credits -+ system-config-selinux.png -+ -+ -+ -+ 800 -+ 400 -+ SELinux Boolean Lockdown -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ system-config-selinux.png -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_NORMAL -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ True -+ -+ -+ -+ True -+ True -+ -+ -+ -+ True -+ GTK_SHADOW_NONE -+ -+ -+ -+ True -+ GTK_PACK_DIRECTION_LTR -+ GTK_PACK_DIRECTION_LTR -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_FILE_TREE -+ -+ -+ -+ -+ -+ -+ True -+ _Forward -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-media-next -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ _Previous -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-media-previous -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ -+ -+ -+ -+ -+ True -+ Save As -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-save-as -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ Apply -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-apply -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_EXIT_ITEM -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_HELP_TREE -+ -+ -+ -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_ABOUT_ITEM -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ BONOBO_DOCK_TOP -+ 0 -+ 0 -+ 0 -+ BONOBO_DOCK_ITEM_BEH_EXCLUSIVE|BONOBO_DOCK_ITEM_BEH_NEVER_VERTICAL|BONOBO_DOCK_ITEM_BEH_LOCKED -+ -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ 5 -+ True -+ 0 -+ 0.5 -+ GTK_SHADOW_NONE -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 1 -+ 1 -+ 0 -+ 0 -+ 12 -+ 0 -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ 300 -+ True -+ Select Management Object -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ True -+ <b>Select:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ label_item -+ -+ -+ -+ -+ False -+ False -+ -+ -+ -+ -+ -+ False -+ 0 -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ 0 -+ -+ -+ -+ True -+ True -+ True -+ gtk-apply -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-save-as -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ True -+ 0 -+ -+ -+ -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-yes -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ Enable -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ enable_radiobutton -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-no -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Disable -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ enable_radiobutton -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-undo -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Default -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 11 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ 0 -+ -+ -+ -+ True -+ True -+ True -+ gtk-quit -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-media-previous -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-media-forward -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ 5 -+ Select file name to save boolean settings. -+ GTK_FILE_CHOOSER_ACTION_SAVE -+ True -+ False -+ False -+ False -+ Save Boolean Configuration File -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_MOUSE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ gtk-save -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ -+ -diff -up policycoreutils-2.1.11/gui/lockdown.gladep.gui policycoreutils-2.1.11/gui/lockdown.gladep ---- policycoreutils-2.1.11/gui/lockdown.gladep.gui 2012-04-05 10:13:37.906837244 -0400 -+++ policycoreutils-2.1.11/gui/lockdown.gladep 2012-04-05 10:13:37.906837244 -0400 -@@ -0,0 +1,7 @@ -+ -+ -+ -+ -+ -+ -+ -diff -up policycoreutils-2.1.11/gui/lockdown.py.gui policycoreutils-2.1.11/gui/lockdown.py ---- policycoreutils-2.1.11/gui/lockdown.py.gui 2012-04-05 10:13:37.907837244 -0400 -+++ policycoreutils-2.1.11/gui/lockdown.py 2012-04-05 10:13:37.907837244 -0400 -@@ -0,0 +1,375 @@ -+#!/usr/bin/python -+# -+# lockdown.py - GUI for Booleans page in system-config-securitylevel -+# -+# Dan Walsh -+# -+# Copyright 2008 Red Hat, Inc. -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+import signal -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import gnome -+import sys -+import selinux -+import seobject -+import webkit -+import commands -+import tempfile -+ -+from html_util import * -+ -+gnome.program_init("SELinux Boolean Lockdown Tool", "5") -+ -+INSTALLPATH='/usr/share/system-config-selinux' -+sys.path.append(INSTALLPATH) -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+from glob import fnmatch -+ -+STATUS=(_("Disable"), _("Enable"), _("Default")) -+DISABLE = 0 -+ENABLE = 1 -+DEFAULT = 2 -+ -+def idle_func(): -+ while gtk.events_pending(): -+ gtk.main_iteration() -+ -+def td_fmt(val): -+ return '%s' % val -+ -+tr_fmt = '%s\n' -+ -+p_fmt = '

%s\n' -+ -+## -+## Pull in the Glade file -+## -+if os.access("system-config-selinux.glade", os.F_OK): -+ xml = gtk.glade.XML ("lockdown.glade", domain=PROGNAME) -+else: -+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/lockdown.glade", domain=PROGNAME) -+BOOLEAN = 0 -+class booleanWindow: -+ def __init__(self): -+ self.tabs=[] -+ self.xml = xml -+ xml.signal_connect("on_cancel_clicked", self.cancel) -+ xml.signal_connect("on_forward_clicked", self.forward) -+ xml.signal_connect("on_previous_clicked", self.previous) -+ xml.signal_connect("on_save_clicked", self.save) -+ xml.signal_connect("on_apply_clicked", self.apply) -+ self.xml = xml -+ self.mainWindow = self.xml.get_widget("mainWindow") -+ self.forwardbutton = self.xml.get_widget("forwardButton") -+ self.window = self.xml.get_widget("mainWindow").get_root_window() -+ self.busy_cursor = gtk.gdk.Cursor(gtk.gdk.WATCH) -+ self.ready_cursor = gtk.gdk.Cursor(gtk.gdk.LEFT_PTR) -+ self.radiobox = self.xml.get_widget("radiobox") -+ self.savebox = self.xml.get_widget("savebox") -+ self.file_dialog = self.xml.get_widget("filechooserdialog") -+ self.vbox = self.xml.get_widget("vbox") -+ self.enable_radiobutton = self.xml.get_widget("enable_radiobutton") -+ self.enable_radiobutton.connect("toggled", self.toggled) -+ self.disable_radiobutton = self.xml.get_widget("disable_radiobutton") -+ self.disable_radiobutton.connect("toggled", self.toggled) -+ self.default_radiobutton = self.xml.get_widget("default_radiobutton") -+ self.default_radiobutton.connect("toggled", self.toggled) -+ self.html_scrolledwindow = self.xml.get_widget("html_scrolledwindow") -+ self.view = xml.get_widget("booleanView") -+ self.view.get_selection().connect("changed", self.itemSelected) -+ -+ self.store = gtk.TreeStore(gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ -+ col = gtk.TreeViewColumn("Boolean", gtk.CellRendererText(), text=BOOLEAN) -+ col.set_sort_column_id(BOOLEAN) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ self.html_view = self.create_htmlview(self.html_scrolledwindow) -+ self.load() -+ self.view.get_selection().select_path ((0,)) -+ -+ def create_htmlview(self, container): -+ view = webkit.WebView() -+ container.add(view) -+ return (view) -+ -+ def wait(self): -+ self.window.set_cursor(self.busy_cursor) -+ idle_func() -+ -+ def ready(self): -+ self.window.set_cursor(self.ready_cursor) -+ idle_func() -+ -+ def load(self): -+ self.store.clear() -+ self.booleans = seobject.booleanRecords() -+ booleansList = self.booleans.get_all(0) -+ self.booldict = {} -+ for name in booleansList: -+ cat = self.booleans.get_category(name) -+ if cat not in self.booldict: -+ self.booldict[cat] = {} -+ -+ rec = booleansList[name] -+ self.booldict[cat][name]= [rec[2], self.booleans.get_desc(name)] -+ -+ cats = self.booldict.keys() -+ cats.sort() -+ -+ citer = self.store.append(None) -+ self.store.set_value(citer, BOOLEAN, "Begin") -+ for cat in cats: -+ citer = self.store.append(None) -+ self.store.set_value(citer, BOOLEAN, cat) -+ bools = self.booldict[cat].keys() -+ for bool in bools: -+ biter = self.store.append(citer) -+ self.store.set_value(biter, BOOLEAN, bool) -+ biter = self.store.append(citer) -+ self.store.set_value(biter, BOOLEAN, "Finish") -+ citer = self.store.append(None) -+ self.store.set_value(citer, BOOLEAN, "Finish") -+ -+ def on_about_activate(self, args): -+ dlg = xml.get_widget ("aboutWindow") -+ dlg.run () -+ dlg.hide () -+ -+ def cancel(self, args): -+ gtk.main_quit() -+ -+ def error(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, -+ gtk.BUTTONS_CLOSE, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def __out(self): -+ out = '' -+ for c in self.booldict.keys(): -+ for b in self.booldict[c]: -+ out += "%s=%s\n" % (b, self.booldict[c][b][0]) -+ return out -+ -+ def save(self, args): -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE) -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_OK: -+ try: -+ fd = open(self.file_dialog.get_filename(), "w") -+ fd.write(self.__out()) -+ fd.close() -+ -+ except IOError, e: -+ self.error(e) -+ -+ def apply(self, args): -+ fd = tempfile.NamedTemporaryFile(dir = "/var/lib/selinux") -+ fd.write(self.__out()) -+ fd.flush() -+ self.wait() -+ rc, err = commands.getstatusoutput("semanage boolean -m -F %s" % fd.name) -+ self.ready() -+ fd.close() -+ if rc != 0: -+ self.error(err) -+ -+ def forward(self, args): -+ selection = self.view.get_selection() -+ store, iter = selection.get_selected() -+ if self.store.iter_has_child(iter): -+ store, rows = selection.get_selected_rows() -+ self.view.expand_to_path(rows[0]) -+ niter = self.store.iter_nth_child(iter, 0) -+ else: -+ niter = store.iter_next(iter) -+ -+ if niter == None: -+ piter = self.store.iter_parent(iter) -+ if piter == None: -+ return -+ niter = store.iter_next(piter) -+ -+ if niter != None: -+ selection.select_iter(niter) -+ store, rows = selection.get_selected_rows() -+ self.view.scroll_to_cell(rows[0]) -+ else: -+ print "Finish" -+ -+ def toggled(self, button): -+ if button.get_active() == False: -+ return -+ if self.cat == None: -+ return -+ if self.disable_radiobutton == button: -+ self.booldict[self.cat][self.name][0] = DISABLE -+ if self.enable_radiobutton == button: -+ self.booldict[self.cat][self.name][0] = ENABLE -+ if self.default_radiobutton == button: -+ self.booldict[self.cat][self.name][0] = DEFAULT -+ -+ def previous(self, args): -+ selection = self.view.get_selection() -+ store, iter = selection.get_selected() -+ store, rows = selection.get_selected_rows() -+ row = rows[0] -+ if len(row) == 1 or self.store.iter_has_child(iter): -+ if row[0] == 0: -+ return -+ nrow = row[0] - 1 -+ iter = self.store.get_iter((nrow,)) -+ if self.store.iter_has_child(iter): -+ self.view.expand_to_path((nrow,)) -+ n = store.iter_n_children(iter) -1 -+ piter = store.iter_nth_child(iter, n) -+ else: -+ piter = iter -+ else: -+ if row[1] == 0: -+ piter = self.store.iter_parent(iter) -+ else: -+ r0 = row[0] -+ r1 = row[1] - 1 -+ piter = self.store.get_iter((r0,r1)) -+ if piter != None: -+ selection.select_iter(piter) -+ store, rows = selection.get_selected_rows() -+ self.view.scroll_to_cell(rows[0]) -+ else: -+ print "Finish" -+ -+ def html_cat(self, cat): -+ html = "" -+ row = td_fmt(_("Boolean")) + td_fmt(_("Description")) + td_fmt(_("Status")) -+ html += tr_fmt % row -+ -+ for b in self.booldict[cat]: -+ row = td_fmt(b) + td_fmt(self.booleans.get_desc(b)) + td_fmt(STATUS[self.booldict[cat][b][0]]) -+ html += tr_fmt % row -+ return html -+ -+ def html_table(self, title, body): -+ html = self.html_head(title) -+ html += '\n' -+ html += body -+ html += '
' -+ return html -+ -+ def html_head(self, val): -+ # Wrap entire alert in one table -+ # 1st table: primary Information -+ -+ html = '%s\n\n\n' % val -+ return html -+ -+ def html_all(self): -+ html = "" -+ cats = self.booldict.keys() -+ cats.sort() -+ for cat in cats: -+ html += self.html_table((_("Category: %s
") % cat), self.html_cat(cat)) -+ return html -+ -+ def itemSelected(self, selection): -+ store, iter = selection.get_selected() -+ if iter == None: -+ return -+ -+ piter = self.store.iter_parent(iter) -+ if piter != None: -+ self.cat = store.get_value(piter, BOOLEAN) -+ else: -+ self.cat = None -+ -+ self.name = store.get_value(iter, BOOLEAN) -+ -+ html = '' -+ -+ self.radiobox.hide() -+ self.savebox.hide() -+ -+ if self.name == _("Begin"): -+ html += self.html_head(_("Welcome to the SELinux Lockdown Tool.

This tool can be used to lockdown SELinux booleans.The tool will generate a configuration file which can be used to lockdown this system or other SELinux systems.
")) -+ html += self.html_all() -+ else: -+ if self.name == _("Finish"): -+ if self.cat != None: -+ html += self.html_head(_("Category %s booleans completed

") % self.cat) -+ html += self.html_table(_("Current settings:

"), self.html_cat(self.cat)) -+ else: -+ html += self.html_head(_("Finish:

")) -+ html += self.html_all() -+ self.savebox.show() -+ else: -+ if self.store.iter_has_child(iter): -+ html += self.html_table(_("Category: %s

Current Settings

") % self.name, self.html_cat(self.name)) -+ else: -+ self.radiobox.show() -+ html += self.html_table(_("Boolean: %s

") % self.name, tr_fmt % td_fmt(self.booleans.get_desc(self.name))) -+ if self.booldict[self.cat][self.name][0] == ENABLE: -+ self.enable_radiobutton.set_active(True) -+ if self.booldict[self.cat][self.name][0] == DISABLE: -+ self.disable_radiobutton.set_active(True) -+ if self.booldict[self.cat][self.name][0] == DEFAULT: -+ self.default_radiobutton.set_active(True) -+ html_doc= html_document(html) -+ -+ self.html_view.load_html_string(html, "") -+ -+ def stand_alone(self): -+ desktopName = _("Lockdown SELinux Booleans") -+ -+ self.mainWindow.connect("destroy", self.cancel) -+ -+ self.mainWindow.show_all() -+ self.radiobox.hide() -+ self.savebox.hide() -+ gtk.main() -+ -+if __name__ == "__main__": -+ signal.signal (signal.SIGINT, signal.SIG_DFL) -+ -+ app = booleanWindow() -+ app.stand_alone() -diff -up policycoreutils-2.1.11/gui/loginsPage.py.gui policycoreutils-2.1.11/gui/loginsPage.py ---- policycoreutils-2.1.11/gui/loginsPage.py.gui 2012-04-05 10:13:37.907837244 -0400 -+++ policycoreutils-2.1.11/gui/loginsPage.py 2012-04-05 10:13:37.907837244 -0400 -@@ -0,0 +1,185 @@ -+## loginsPage.py - show selinux mappings -+## Copyright (C) 2006 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import commands -+import seobject -+from semanagePage import *; -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class loginsPage(semanagePage): -+ def __init__(self, xml): -+ self.firstTime = False -+ semanagePage.__init__(self, xml, "logins", _("User Mapping")) -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Login\nName"), gtk.CellRendererText(), text = 0) -+ col.set_sort_column_id(0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 1) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 2) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.load() -+ self.loginsNameEntry = xml.get_widget("loginsNameEntry") -+ self.loginsSelinuxUserCombo = xml.get_widget("loginsSelinuxUserCombo") -+ self.loginsMLSEntry = xml.get_widget("loginsMLSEntry") -+ -+ def load(self, filter = ""): -+ self.filter=filter -+ self.login = seobject.loginRecords() -+ dict = self.login.get_all(0) -+ keys = dict.keys() -+ keys.sort() -+ self.store.clear() -+ for k in keys: -+ range = seobject.translate(dict[k][1]) -+ if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter)): -+ continue -+ iter = self.store.append() -+ self.store.set_value(iter, 0, k) -+ self.store.set_value(iter, 1, dict[k][0]) -+ self.store.set_value(iter, 2, range) -+ self.view.get_selection().select_path ((0,)) -+ -+ def __dialogSetup(self): -+ if self.firstTime == True: -+ return -+ self.firstTime = True -+ liststore = gtk.ListStore(gobject.TYPE_STRING) -+ self.loginsSelinuxUserCombo.set_model(liststore) -+ cell = gtk.CellRendererText() -+ self.loginsSelinuxUserCombo.pack_start(cell, True) -+ self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0) -+ -+ selusers = seobject.seluserRecords().get_all(0) -+ keys = selusers.keys() -+ keys.sort() -+ for k in keys: -+ if k != "system_u": -+ self.loginsSelinuxUserCombo.append_text(k) -+ -+ iter = liststore.get_iter_first() -+ while liststore.get_value(iter,0) != "user_u": -+ iter = liststore.iter_next(iter) -+ self.loginsSelinuxUserCombo.set_active_iter(iter) -+ -+ def dialogInit(self): -+ self.__dialogSetup() -+ store, iter = self.view.get_selection().get_selected() -+ self.loginsNameEntry.set_text(store.get_value(iter, 0)) -+ self.loginsNameEntry.set_sensitive(False) -+ -+ self.loginsMLSEntry.set_text(store.get_value(iter, 2)) -+ seuser = store.get_value(iter, 1) -+ liststore = self.loginsSelinuxUserCombo.get_model() -+ iter = liststore.get_iter_first() -+ while iter != None and liststore.get_value(iter,0) != seuser: -+ iter = liststore.iter_next(iter) -+ if iter != None: -+ self.loginsSelinuxUserCombo.set_active_iter(iter) -+ -+ -+ def dialogClear(self): -+ self.__dialogSetup() -+ self.loginsNameEntry.set_text("") -+ self.loginsNameEntry.set_sensitive(True) -+ self.loginsMLSEntry.set_text("s0") -+ -+ def delete(self): -+ store, iter = self.view.get_selection().get_selected() -+ try: -+ login=store.get_value(iter, 0) -+ if login == "root" or login == "__default__": -+ raise ValueError(_("Login '%s' is required") % login) -+ -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage login -d %s" % login) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def add(self): -+ target=self.loginsNameEntry.get_text().strip() -+ serange=self.loginsMLSEntry.get_text().strip() -+ if serange == "": -+ serange="s0" -+ list_model=self.loginsSelinuxUserCombo.get_model() -+ iter = self.loginsSelinuxUserCombo.get_active_iter() -+ seuser = list_model.get_value(iter,0) -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage login -a -s %s -r %s %s" % (seuser, serange, target)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ -+ iter = self.store.append() -+ self.store.set_value(iter, 0, target) -+ self.store.set_value(iter, 1, seuser) -+ self.store.set_value(iter, 2, seobject.translate(serange)) -+ -+ def modify(self): -+ target=self.loginsNameEntry.get_text().strip() -+ serange=self.loginsMLSEntry.get_text().strip() -+ if serange == "": -+ serange = "s0" -+ list_model = self.loginsSelinuxUserCombo.get_model() -+ iter = self.loginsSelinuxUserCombo.get_active_iter() -+ seuser=list_model.get_value(iter,0) -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage login -m -s %s -r %s %s" % (seuser, serange, target)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ -+ store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, 0, target) -+ self.store.set_value(iter, 1, seuser) -+ self.store.set_value(iter, 2, seobject.translate(serange)) -+ -diff -up policycoreutils-2.1.11/gui/Makefile.gui policycoreutils-2.1.11/gui/Makefile ---- policycoreutils-2.1.11/gui/Makefile.gui 2012-04-05 10:13:37.907837244 -0400 -+++ policycoreutils-2.1.11/gui/Makefile 2012-04-05 10:13:37.907837244 -0400 -@@ -0,0 +1,40 @@ -+# Installation directories. -+PREFIX ?= ${DESTDIR}/usr -+BINDIR ?= $(PREFIX)/bin -+SHAREDIR ?= $(PREFIX)/share/system-config-selinux -+ -+TARGETS= \ -+booleansPage.py \ -+domainsPage.py \ -+fcontextPage.py \ -+html_util.py \ -+loginsPage.py \ -+mappingsPage.py \ -+modulesPage.py \ -+polgen.glade \ -+portsPage.py \ -+lockdown.glade \ -+semanagePage.py \ -+statusPage.py \ -+system-config-selinux.glade \ -+usersPage.py \ -+selinux.tbl -+ -+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py polgen.py -+ -+install: all -+ -mkdir -p $(SHAREDIR)/templates -+ -mkdir -p $(BINDIR) -+ install -m 755 system-config-selinux.py $(SHAREDIR) -+ install -m 755 polgengui.py $(SHAREDIR) -+ install -m 755 polgen.py $(SHAREDIR) -+ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen) -+ install -m 755 lockdown.py $(SHAREDIR) -+ install -m 644 $(TARGETS) $(SHAREDIR) -+ install -m 644 templates/*.py $(SHAREDIR)/templates/ -+ -+clean: -+ -+indent: -+ -+relabel: -diff -up policycoreutils-2.1.11/gui/mappingsPage.py.gui policycoreutils-2.1.11/gui/mappingsPage.py ---- policycoreutils-2.1.11/gui/mappingsPage.py.gui 2012-04-05 10:13:37.907837244 -0400 -+++ policycoreutils-2.1.11/gui/mappingsPage.py 2012-04-05 10:13:37.907837244 -0400 -@@ -0,0 +1,56 @@ -+## mappingsPage.py - show selinux mappings -+## Copyright (C) 2006 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import seobject -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class loginsPage: -+ def __init__(self, xml): -+ self.xml = xml -+ self.view = xml.get_widget("mappingsView") -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ self.view.set_model(self.store) -+ self.login = loginRecords() -+ dict = self.login.get_all(0) -+ keys = dict.keys() -+ keys.sort() -+ for k in keys: -+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) -+ -diff -up policycoreutils-2.1.11/gui/modulesPage.py.gui policycoreutils-2.1.11/gui/modulesPage.py ---- policycoreutils-2.1.11/gui/modulesPage.py.gui 2012-04-05 10:13:37.907837244 -0400 -+++ policycoreutils-2.1.11/gui/modulesPage.py 2012-04-05 10:13:37.907837244 -0400 -@@ -0,0 +1,190 @@ -+## modulesPage.py - show selinux mappings -+## Copyright (C) 2006-2009 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import commands -+import gobject -+import sys -+import seobject -+import selinux -+from semanagePage import *; -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class modulesPage(semanagePage): -+ def __init__(self, xml): -+ semanagePage.__init__(self, xml, "modules", _("Policy Module")) -+ self.module_filter = xml.get_widget("modulesFilterEntry") -+ self.module_filter.connect("focus_out_event", self.filter_changed) -+ self.module_filter.connect("activate", self.filter_changed) -+ self.audit_enabled = False -+ -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Module Name"), gtk.CellRendererText(), text = 0) -+ col.set_sort_column_id(0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Version"), gtk.CellRendererText(), text = 1) -+ self.enable_audit_button = xml.get_widget("enableAuditButton") -+ self.enable_audit_button.connect("clicked", self.enable_audit) -+ self.new_button = xml.get_widget("newModuleButton") -+ self.new_button.connect("clicked", self.new_module) -+ col.set_sort_column_id(1) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.store.set_sort_func(1,self.sort_int, "") -+ status, self.policy_type = selinux.selinux_getpolicytype() -+ -+ self.load() -+ -+ def sort_int(self, treemodel, iter1, iter2, user_data): -+ try: -+ p1 = int(treemodel.get_value(iter1,1)) -+ p2 = int(treemodel.get_value(iter1,1)) -+ if p1 > p2: -+ return 1 -+ if p1 == p2: -+ return 0 -+ return -1 -+ except: -+ return 0 -+ -+ def load(self, filter=""): -+ self.filter=filter -+ self.store.clear() -+ try: -+ fd=os.popen("semodule -l") -+ l = fd.readlines() -+ fd.close() -+ for i in l: -+ module, ver, newline = i.split('\t') -+ if not (self.match(module, filter) or self.match(ver, filter)): -+ continue -+ iter = self.store.append() -+ self.store.set_value(iter, 0, module.strip()) -+ self.store.set_value(iter, 1, ver.strip()) -+ except: -+ pass -+ self.view.get_selection().select_path ((0,)) -+ -+ -+ def new_module(self, args): -+ try: -+ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/polgengui.py") -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def delete(self): -+ store, iter = self.view.get_selection().get_selected() -+ module = store.get_value(iter, 0) -+ try: -+ self.wait() -+ status, output = commands.getstatusoutput("semodule -r %s" % module) -+ self.ready() -+ if status != 0: -+ self.error(output) -+ else: -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def enable_audit(self, button): -+ self.audit_enabled = not self.audit_enabled -+ try: -+ self.wait() -+ if self.audit_enabled: -+ status, output =commands.getstatusoutput("semodule -DB") -+ button.set_label(_("Disable Audit")) -+ else: -+ status, output =commands.getstatusoutput("semodule -B") -+ button.set_label(_("Enable Audit")) -+ self.ready() -+ -+ if status != 0: -+ self.error(output) -+ -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def disable_audit(self, button): -+ try: -+ self.wait() -+ status, output =commands.getstatusoutput("semodule -B") -+ self.ready() -+ if status != 0: -+ self.error(output) -+ -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def propertiesDialog(self): -+ # Do nothing -+ return -+ -+ def addDialog(self): -+ dialog = gtk.FileChooserDialog(_("Load Policy Module"), -+ None, -+ gtk.FILE_CHOOSER_ACTION_OPEN, -+ (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL, -+ gtk.STOCK_OPEN, gtk.RESPONSE_OK)) -+ dialog.set_default_response(gtk.RESPONSE_OK) -+ -+ filter = gtk.FileFilter() -+ filter.set_name("Policy Files") -+ filter.add_pattern("*.pp") -+ dialog.add_filter(filter) -+ -+ response = dialog.run() -+ if response == gtk.RESPONSE_OK: -+ self.add(dialog.get_filename()) -+ dialog.destroy() -+ -+ def add(self, file): -+ try: -+ self.wait() -+ status, output =commands.getstatusoutput("semodule -i %s" % file) -+ self.ready() -+ if status != 0: -+ self.error(output) -+ else: -+ self.load() -+ -+ except ValueError, e: -+ self.error(e.args[0]) -diff -up policycoreutils-2.1.11/gui/polgen.glade.gui policycoreutils-2.1.11/gui/polgen.glade ---- policycoreutils-2.1.11/gui/polgen.glade.gui 2012-04-05 10:13:37.909837247 -0400 -+++ policycoreutils-2.1.11/gui/polgen.glade 2012-04-05 10:13:37.909837247 -0400 -@@ -0,0 +1,3432 @@ -+ -+ -+ -+ -+ -+ -+ -+ 5 -+ GTK_FILE_CHOOSER_ACTION_OPEN -+ True -+ True -+ True -+ False -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_MOUSE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ -+ -+ -+ True -+ False -+ 24 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ gtk-add -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ -+ -+ 5 -+ False -+ Polgen -+ Red Hat 2007 -+ GPL -+ False -+ www.redhat.com -+ Daniel Walsh <dwalsh@redhat.com> -+ translator-credits -+ -+ -+ -+ True -+ SELinux Policy Generation Tool -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_NORMAL -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ -+ -+ -+ True -+ False -+ 18 -+ -+ -+ -+ True -+ False -+ True -+ GTK_POS_LEFT -+ False -+ False -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select the policy type for the application or user role you want to confine:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>Applications</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d -+ True -+ Standard Init Daemon -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d -+ True -+ DBUS System Daemon -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Internet Services Daemon are daemons started by xinetd -+ True -+ Internet Services Daemon (inetd) -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Web Applications/Script (CGI) CGI scripts started by the web server (apache) -+ True -+ Web Application/Script (CGI) -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ User Application are any application that you would like to confine that is started by a user -+ True -+ User Application -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ User Application are any application that you would like to confine that is started by a user -+ True -+ Sandbox -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>Login Users</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ Modify an existing login user record. -+ True -+ Existing User Roles -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo. -+ True -+ Minimal Terminal User Role -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su -+ True -+ Minimal X Windows User Role -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ User with full networking, no setuid applications without transition, no sudo, no su. -+ True -+ User Role -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles -+ True -+ Admin User Role -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>Root Users</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly. -+ True -+ Root Admin User Role -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ init_radiobutton -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ label104 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Enter name of application or user role:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ 3 -+ 3 -+ False -+ 6 -+ 12 -+ -+ -+ -+ True -+ Name -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Enter complete path for executable to be confined. -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ -+ True -+ True -+ ... -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ 2 -+ 3 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Enter unique name for the confined application or user role. -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 3 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ -+ True -+ Executable -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Init script -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Enter complete path to init script used to start the confined application. -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ -+ True -+ True -+ ... -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ 2 -+ 3 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label105 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select existing role to modify:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_AUTOMATIC -+ GTK_POLICY_AUTOMATIC -+ GTK_SHADOW_IN -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Select the user roles that will transiton to the %s domain. -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label106 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select roles that %s will transition to:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Select applications domains that %s will transition to. -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label107 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select the user_roles that will transition to %s:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Select the user roles that will transiton to this applications domains. -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label108 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select domains that %s will administer:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Select the domains that you would like this user administer. -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label109 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select additional roles for %s:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Select the domains that you would like this user administer. -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label111 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Enter network ports that %s binds on:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>TCP Ports</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ Allows %s to bind to any udp port -+ True -+ All -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Allow %s to call bindresvport with 0. Binding to port 600-1024 -+ True -+ 600-1024 -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 -+ True -+ Unreserved Ports (>1024) -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ Select Ports -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Allows %s to bind to any udp ports > 1024 -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>UDP Ports</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ Allows %s to bind to any udp port -+ True -+ All -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Allow %s to call bindresvport with 0. Binding to port 600-1024 -+ True -+ 600-1024 -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 -+ True -+ Unreserved Ports (>1024) -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ Select Ports -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Allows %s to bind to any udp ports > 1024 -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label113 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select network ports that %s connects to:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>TCP Ports</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ Allows %s to connect to any tcp port -+ True -+ True -+ All -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Select Ports -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660 -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ <b>UDP Ports</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ Allows %s to connect to any udp port -+ True -+ True -+ All -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Select Ports -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660 -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label114 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Select common application traits for %s:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ True -+ Writes syslog messages -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Create/Manipulate temporary files in /tmp -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Uses Pam for authentication -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Uses nsswitch or getpw* calls -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Uses dbus -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Sends audit messages -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Interacts with the terminal -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ Sends email -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label115 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Add files/directories that %s manages</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-add -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Add File -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-add -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Add Directory -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ gtk-delete -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 4 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_AUTOMATIC -+ GTK_POLICY_AUTOMATIC -+ GTK_SHADOW_IN -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ... -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label116 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Add booleans from the %s policy:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-add -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Add Boolean -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ gtk-delete -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 4 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_AUTOMATIC -+ GTK_POLICY_AUTOMATIC -+ GTK_SHADOW_IN -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Add/Remove booleans used by the %s domain -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ <b>Which directory you will generate the %s policy?</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ -+ True -+ Policy Directory -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ ... -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ 12 -+ False -+ False -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ 0 -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-go-back -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-media-forward -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -+ -+ -+ -+ -+ 5 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ 12 -+ Add Booleans Dialog -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_MOUSE -+ False -+ 400 -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ False -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-add -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ True -+ 2 -+ 2 -+ False -+ 6 -+ 12 -+ -+ -+ -+ True -+ Boolean Name -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Description -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 2 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ -+ -diff -up policycoreutils-2.1.11/gui/polgen.gladep.gui policycoreutils-2.1.11/gui/polgen.gladep ---- policycoreutils-2.1.11/gui/polgen.gladep.gui 2012-04-05 10:13:37.909837247 -0400 -+++ policycoreutils-2.1.11/gui/polgen.gladep 2012-04-05 10:13:37.909837247 -0400 -@@ -0,0 +1,7 @@ -+ -+ -+ -+ -+ -+ -+ -diff -up policycoreutils-2.1.11/gui/polgengui.py.gui policycoreutils-2.1.11/gui/polgengui.py ---- policycoreutils-2.1.11/gui/polgengui.py.gui 2012-04-05 10:13:37.909837247 -0400 -+++ policycoreutils-2.1.11/gui/polgengui.py 2012-04-05 10:13:37.910837250 -0400 -@@ -0,0 +1,750 @@ -+#!/usr/bin/python -Es -+# -+# polgengui.py - GUI for SELinux Config tool in system-config-selinux -+# -+# Dan Walsh -+# -+# Copyright (C) 2007-2011 Red Hat -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+import signal -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import gnome -+import sys -+import polgen -+import re -+ -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+gnome.program_init("SELinux Policy Generation Tool", "5") -+ -+version = "1.0" -+ -+sys.path.append('/usr/share/system-config-selinux') -+sys.path.append('.') -+ -+# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html -+def foreach(model, path, iter, selected): -+ selected.append(model.get_value(iter, 0)) -+ -+## -+## Pull in the Glade file -+## -+if os.access("polgen.glade", os.F_OK): -+ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME) -+else: -+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME) -+ -+FILE = 1 -+DIR = 2 -+ -+class childWindow: -+ START_PAGE = 0 -+ SELECT_TYPE_PAGE = 0 -+ APP_PAGE = 1 -+ EXISTING_USER_PAGE = 2 -+ TRANSITION_PAGE = 3 -+ USER_TRANSITION_PAGE = 4 -+ ADMIN_PAGE = 5 -+ ROLE_PAGE = 6 -+ IN_NET_PAGE = 7 -+ OUT_NET_PAGE = 8 -+ COMMON_APPS_PAGE = 9 -+ FILES_PAGE = 10 -+ BOOLEAN_PAGE = 11 -+ SELECT_DIR_PAGE = 12 -+ FINISH_PAGE = 12 -+ -+ def __init__(self): -+ self.xml = xml -+ self.notebook = xml.get_widget ("notebook") -+ self.label_dict = {} -+ self.tooltip_dict = {} -+ label = xml.get_widget ("select_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_user_roles_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_dir_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_domain_admin_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_in_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_out_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_common_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_manages_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("select_booleans_label") -+ self.label_dict[label] = label.get_text() -+ -+ label = xml.get_widget ("existing_user_treeview") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("transition_treeview") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_tcp_all_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_tcp_reserved_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_tcp_unreserved_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_tcp_entry") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_udp_all_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_udp_reserved_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_udp_unreserved_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("in_udp_entry") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("out_tcp_entry") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("out_udp_entry") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("out_tcp_all_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("out_udp_all_checkbutton") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("boolean_treeview") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ label = xml.get_widget ("write_treeview") -+ self.tooltip_dict[label] = label.get_tooltip_text() -+ -+ try: -+ self.all_types = polgen.get_all_types() -+ self.all_modules = polgen.get_all_modules() -+ self.all_roles = polgen.get_all_roles() -+ self.all_users = polgen.get_all_users() -+ except RuntimeError, e: -+ self.all_types = [] -+ self.all_modules = [] -+ self.all_roles = [] -+ self.all_users = [] -+ self.error(str(e)) -+ -+ self.name="" -+ xml.signal_connect("on_delete_clicked", self.delete) -+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean) -+ xml.signal_connect("on_exec_select_clicked", self.exec_select) -+ xml.signal_connect("on_init_script_select_clicked", self.init_script_select) -+ xml.signal_connect("on_add_clicked", self.add) -+ xml.signal_connect("on_add_boolean_clicked", self.add_boolean) -+ xml.signal_connect("on_add_dir_clicked", self.add_dir) -+ xml.signal_connect("on_about_clicked", self.on_about_clicked) -+ xml.get_widget ("cancel_button").connect("clicked",self.quit) -+ self.forward_button = xml.get_widget ("forward_button") -+ self.forward_button.connect("clicked",self.forward) -+ self.back_button = xml.get_widget ("back_button") -+ self.back_button.connect("clicked",self.back) -+ -+ self.boolean_dialog = xml.get_widget ("boolean_dialog") -+ self.boolean_name_entry = xml.get_widget ("boolean_name_entry") -+ self.boolean_description_entry = xml.get_widget ("boolean_description_entry") -+ -+ self.pages={} -+ for i in polgen.USERS: -+ self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[polgen.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[polgen.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[polgen.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] -+ self.pages[polgen.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ -+ for i in polgen.APPLICATIONS: -+ self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] -+ self.pages[polgen.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ -+ self.current_page = 0 -+ self.back_button.set_sensitive(0) -+ -+ self.network_buttons = {} -+ -+ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton") -+ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton") -+ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton") -+ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry") -+ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ] -+ -+ -+ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton") -+ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton") -+ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton") -+ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry") -+ -+ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ] -+ -+ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton") -+ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton") -+ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton") -+ self.in_udp_entry = self.xml.get_widget("in_udp_entry") -+ -+ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ] -+ -+ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton") -+ self.out_udp_entry = self.xml.get_widget("out_udp_entry") -+ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ] -+ -+ for b in self.network_buttons.keys(): -+ b.connect("clicked",self.network_all_clicked) -+ -+ self.boolean_treeview = self.xml.get_widget("boolean_treeview") -+ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING) -+ self.boolean_treeview.set_model(self.boolean_store) -+ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0) -+ self.boolean_treeview.append_column(col) -+ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1) -+ self.boolean_treeview.append_column(col) -+ -+ self.role_treeview = self.xml.get_widget("role_treeview") -+ self.role_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.role_treeview.set_model(self.role_store) -+ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0) -+ self.role_treeview.append_column(col) -+ -+ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview") -+ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.existing_user_treeview.set_model(self.existing_user_store) -+ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0) -+ self.existing_user_treeview.append_column(col) -+ -+ for i in self.all_roles: -+ iter = self.role_store.append() -+ self.role_store.set_value(iter, 0, i[:-2]) -+ -+ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton") -+ -+ self.transition_treeview = self.xml.get_widget("transition_treeview") -+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.transition_treeview.set_model(self.transition_store) -+ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) -+ self.transition_treeview.append_column(col) -+ -+ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview") -+ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.user_transition_treeview.set_model(self.user_transition_store) -+ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) -+ self.user_transition_treeview.append_column(col) -+ -+ for i in self.all_users: -+ iter = self.user_transition_store.append() -+ self.user_transition_store.set_value(iter, 0, i[:-2]) -+ iter = self.existing_user_store.append() -+ self.existing_user_store.set_value(iter, 0, i[:-2]) -+ -+ self.admin_treeview = self.xml.get_widget("admin_treeview") -+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.admin_treeview.set_model(self.admin_store) -+ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) -+ self.admin_treeview.append_column(col) -+ -+ for i in polgen.methods: -+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i) -+ if len(m) > 0: -+ if "%s_exec_t" % m[0] in self.all_types: -+ iter = self.transition_store.append() -+ self.transition_store.set_value(iter, 0, m[0]) -+ continue -+ -+ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i) -+ if len(m) > 0: -+ iter = self.admin_store.append() -+ self.admin_store.set_value(iter, 0, m[0]) -+ continue -+ -+ def confine_application(self): -+ return self.get_type() in polgen.APPLICATIONS -+ -+ def forward(self, arg): -+ type = self.get_type() -+ if self.current_page == self.START_PAGE: -+ self.back_button.set_sensitive(1) -+ -+ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE: -+ if self.on_select_type_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.IN_NET_PAGE: -+ if self.on_in_net_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE: -+ if self.on_out_net_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.APP_PAGE: -+ if self.on_name_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE: -+ if self.on_existing_user_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE: -+ outputdir = self.output_entry.get_text() -+ if not os.path.isdir(outputdir): -+ self.error(_("%s must be a directory") % outputdir ) -+ return False -+ -+ if self.pages[type][self.current_page] == self.FINISH_PAGE: -+ self.generate_policy() -+ self.xml.get_widget ("cancel_button").set_label(gtk.STOCK_CLOSE) -+ else: -+ self.current_page = self.current_page + 1 -+ self.notebook.set_current_page(self.pages[type][self.current_page]) -+ if self.pages[type][self.current_page] == self.FINISH_PAGE: -+ self.forward_button.set_label(gtk.STOCK_APPLY) -+ -+ def back(self,arg): -+ type = self.get_type() -+ if self.pages[type][self.current_page] == self.FINISH_PAGE: -+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD) -+ -+ self.current_page = self.current_page - 1 -+ self.notebook.set_current_page(self.pages[type][self.current_page]) -+ if self.pages[type][self.current_page] == self.START_PAGE: -+ self.back_button.set_sensitive(0) -+ -+ def network_all_clicked(self, button): -+ active = button.get_active() -+ for b in self.network_buttons[button]: -+ b.set_sensitive(not active) -+ -+ def verify(self, message, title="" ): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, -+ gtk.BUTTONS_YES_NO, -+ message) -+ dlg.set_title(title) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ rc = dlg.run() -+ dlg.destroy() -+ return rc -+ -+ def info(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, -+ gtk.BUTTONS_OK, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def error(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, -+ gtk.BUTTONS_CLOSE, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def get_name(self): -+ if self.existing_user_radiobutton.get_active(): -+ store, iter = self.existing_user_treeview.get_selection().get_selected() -+ if iter == None: -+ raise ValueError(_("You must select a user")) -+ return store.get_value(iter, 0) -+ else: -+ return self.name_entry.get_text() -+ -+ def get_type(self): -+ if self.sandbox_radiobutton.get_active(): -+ return polgen.SANDBOX -+ if self.cgi_radiobutton.get_active(): -+ return polgen.CGI -+ if self.user_radiobutton.get_active(): -+ return polgen.USER -+ if self.init_radiobutton.get_active(): -+ return polgen.DAEMON -+ if self.dbus_radiobutton.get_active(): -+ return polgen.DBUS -+ if self.inetd_radiobutton.get_active(): -+ return polgen.INETD -+ if self.login_user_radiobutton.get_active(): -+ return polgen.LUSER -+ if self.admin_user_radiobutton.get_active(): -+ return polgen.AUSER -+ if self.xwindows_user_radiobutton.get_active(): -+ return polgen.XUSER -+ if self.terminal_user_radiobutton.get_active(): -+ return polgen.TUSER -+ if self.root_user_radiobutton.get_active(): -+ return polgen.RUSER -+ if self.existing_user_radiobutton.get_active(): -+ return polgen.EUSER -+ -+ def generate_policy(self, *args): -+ outputdir = self.output_entry.get_text() -+ try: -+ my_policy=polgen.policy(self.get_name(), self.get_type()) -+ -+ iter= self.boolean_store.get_iter_first() -+ while(iter): -+ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) -+ iter= self.boolean_store.iter_next(iter) -+ -+ if self.get_type() in polgen.APPLICATIONS: -+ my_policy.set_program(self.exec_entry.get_text()) -+ my_policy.gen_symbols() -+ -+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1) -+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1) -+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1) -+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1) -+ -+ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1) -+ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1) -+ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1) -+ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) -+ if self.get_type() is polgen.DAEMON: -+ my_policy.set_init_script(self.init_script_entry.get_text()) -+ if self.get_type() == polgen.USER: -+ selected = [] -+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_transition_users(selected) -+ else: -+ if self.get_type() == polgen.RUSER: -+ selected = [] -+ self.admin_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_admin_domains(selected) -+ selected = [] -+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_transition_users(selected) -+ else: -+ selected = [] -+ self.transition_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_transition_domains(selected) -+ -+ selected = [] -+ self.role_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_admin_roles(selected) -+ -+ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text()) -+ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text()) -+ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text()) -+ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text()) -+ -+ iter= self.store.get_iter_first() -+ while(iter): -+ if self.store.get_value(iter, 1) == FILE: -+ my_policy.add_file(self.store.get_value(iter, 0)) -+ else: -+ my_policy.add_dir(self.store.get_value(iter, 0)) -+ iter= self.store.iter_next(iter) -+ -+ self.info(my_policy.generate(outputdir)) -+ return False -+ except ValueError, e: -+ self.error(e.message) -+ -+ def delete(self, args): -+ store, iter = self.view.get_selection().get_selected() -+ if iter != None: -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ -+ def delete_boolean(self, args): -+ store, iter = self.boolean_treeview.get_selection().get_selected() -+ if iter != None: -+ store.remove(iter) -+ self.boolean_treeview.get_selection().select_path ((0,)) -+ -+ def add_boolean(self,type): -+ self.boolean_name_entry.set_text("") -+ self.boolean_description_entry.set_text("") -+ rc = self.boolean_dialog.run() -+ self.boolean_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ iter = self.boolean_store.append() -+ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text()) -+ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text()) -+ -+ def __add(self,type): -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ for i in self.file_dialog.get_filenames(): -+ iter = self.store.append() -+ self.store.set_value(iter, 0, i) -+ self.store.set_value(iter, 1, type) -+ -+ def exec_select(self, args): -+ self.file_dialog.set_select_multiple(0) -+ self.file_dialog.set_title(_("Select executable file to be confined.")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) -+ self.file_dialog.set_current_folder("/usr/sbin") -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ self.exec_entry.set_text(self.file_dialog.get_filename()) -+ -+ def init_script_select(self, args): -+ self.file_dialog.set_select_multiple(0) -+ self.file_dialog.set_title(_("Select init script file to be confined.")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) -+ self.file_dialog.set_current_folder("/etc/rc.d/init.d") -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ self.init_script_entry.set_text(self.file_dialog.get_filename()) -+ -+ def add(self, args): -+ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes")) -+ self.file_dialog.set_current_folder("/") -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) -+ self.file_dialog.set_select_multiple(1) -+ self.__add(FILE) -+ -+ def add_dir(self, args): -+ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into")) -+ self.file_dialog.set_current_folder("/") -+ self.file_dialog.set_select_multiple(1) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) -+ self.__add(DIR) -+ -+ def on_about_clicked(self, args): -+ dlg = xml.get_widget ("about_dialog") -+ dlg.run () -+ dlg.hide () -+ -+ def quit(self, args): -+ gtk.main_quit() -+ -+ def setupScreen(self): -+ # Bring in widgets from glade file. -+ self.mainWindow = self.xml.get_widget("main_window") -+ self.druid = self.xml.get_widget("druid") -+ self.type = 0 -+ self.name_entry = self.xml.get_widget("name_entry") -+ self.name_entry.connect("insert_text",self.on_name_entry_changed) -+ self.name_entry.connect("focus_out_event",self.on_focus_out_event) -+ self.exec_entry = self.xml.get_widget("exec_entry") -+ self.exec_button = self.xml.get_widget("exec_button") -+ self.init_script_entry = self.xml.get_widget("init_script_entry") -+ self.init_script_button = self.xml.get_widget("init_script_button") -+ self.output_entry = self.xml.get_widget("output_entry") -+ self.output_entry.set_text(os.getcwd()) -+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked) -+ -+ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton") -+ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton") -+ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton") -+ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton") -+ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton") -+ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton") -+ -+ self.user_radiobutton = self.xml.get_widget("user_radiobutton") -+ self.init_radiobutton = self.xml.get_widget("init_radiobutton") -+ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton") -+ self.dbus_radiobutton = self.xml.get_widget("dbus_radiobutton") -+ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton") -+ self.sandbox_radiobutton = self.xml.get_widget("sandbox_radiobutton") -+ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton") -+ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton") -+ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton") -+ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton") -+ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton") -+ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton") -+ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton") -+ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton") -+ self.view = self.xml.get_widget("write_treeview") -+ self.file_dialog = self.xml.get_widget("filechooserdialog") -+ -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT) -+ self.view.set_model(self.store) -+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.view.get_selection().select_path ((0,)) -+ -+ def output_button_clicked(self, *args): -+ self.file_dialog.set_title(_("Select directory to generate policy files in")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) -+ self.file_dialog.set_select_multiple(0) -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ self.output_entry.set_text(self.file_dialog.get_filename()) -+ -+ def on_name_entry_changed(self, entry, text, size, position): -+ if text.find(" ") >= 0: -+ entry.emit_stop_by_name("insert_text") -+ -+ def on_focus_out_event(self, entry, third): -+ name = entry.get_text() -+ if self.name != name: -+ if name in self.all_types: -+ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: -+ entry.set_text("") -+ return False -+ if name in self.all_modules: -+ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: -+ entry.set_text("") -+ return False -+ -+ file = "/etc/rc.d/init.d/" + name -+ if os.path.isfile(file) and self.init_script_entry.get_text() == "": -+ self.init_script_entry.set_text(file) -+ -+ file = "/usr/sbin/" + name -+ if os.path.isfile(file) and self.exec_entry.get_text() == "": -+ self.exec_entry.set_text(file) -+ -+ self.name = name -+ return False -+ -+ def on_in_net_page_next(self, *args): -+ try: -+ polgen.verify_ports(self.in_tcp_entry.get_text()) -+ polgen.verify_ports(self.in_udp_entry.get_text()) -+ except ValueError, e: -+ self.error(e.message) -+ return True -+ -+ def on_out_net_page_next(self, *args): -+ try: -+ polgen.verify_ports(self.out_tcp_entry.get_text()) -+ polgen.verify_ports(self.out_udp_entry.get_text()) -+ except ValueError, e: -+ self.error(e.message) -+ return True -+ -+ def on_select_type_page_next(self, *args): -+ self.exec_entry.set_sensitive(self.confine_application()) -+ self.exec_button.set_sensitive(self.confine_application()) -+ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active()) -+ self.init_script_button.set_sensitive(self.init_radiobutton.get_active()) -+ -+ def on_existing_user_page_next(self, *args): -+ store, iter = self.view.get_selection().get_selected() -+ if iter != None: -+ self.error(_("You must select a user")) -+ return True -+ -+ def on_name_page_next(self, *args): -+ name=self.name_entry.get_text() -+ if not name.isalnum(): -+ self.error(_("You must add a name made up of letters and numbers and containing no spaces.")) -+ return True -+ -+ for i in self.label_dict: -+ text = '%s' % (self.label_dict[i] % ("'" + name + "'")) -+ i.set_markup(text) -+ -+ for i in self.tooltip_dict: -+ text = self.tooltip_dict[i] % ("'" + name + "'") -+ i.set_tooltip_text(text) -+ -+ if self.confine_application(): -+ exe = self.exec_entry.get_text() -+ if exe == "": -+ self.error(_("You must enter a executable")) -+ return True -+ policy=polgen.policy(name, self.get_type()) -+ policy.set_program(exe) -+ policy.gen_writeable() -+ policy.gen_symbols() -+ for f in policy.files.keys(): -+ iter = self.store.append() -+ self.store.set_value(iter, 0, f) -+ self.store.set_value(iter, 1, FILE) -+ -+ for f in policy.dirs.keys(): -+ iter = self.store.append() -+ self.store.set_value(iter, 0, f) -+ self.store.set_value(iter, 1, DIR) -+ self.tmp_checkbutton.set_active(policy.use_tmp) -+ self.uid_checkbutton.set_active(policy.use_uid) -+ self.pam_checkbutton.set_active(policy.use_pam) -+ self.dbus_checkbutton.set_active(policy.use_dbus) -+ self.audit_checkbutton.set_active(policy.use_audit) -+ self.terminal_checkbutton.set_active(policy.use_terminal) -+ self.mail_checkbutton.set_active(policy.use_mail) -+ self.syslog_checkbutton.set_active(policy.use_syslog) -+ -+ def stand_alone(self): -+ desktopName = _("Configue SELinux") -+ -+ self.setupScreen() -+ self.mainWindow.connect("destroy", self.quit) -+ -+ self.mainWindow.show_all() -+ gtk.main() -+ -+if __name__ == "__main__": -+ signal.signal (signal.SIGINT, signal.SIG_DFL) -+ -+ app = childWindow() -+ app.stand_alone() -diff -up policycoreutils-2.1.11/gui/polgen.py.gui policycoreutils-2.1.11/gui/polgen.py ---- policycoreutils-2.1.11/gui/polgen.py.gui 2012-04-05 10:13:37.910837250 -0400 -+++ policycoreutils-2.1.11/gui/polgen.py 2012-04-13 10:41:56.501251501 -0400 -@@ -0,0 +1,1354 @@ -+#!/usr/bin/python -Es -+# -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+import os, sys, stat -+import re -+import commands -+import setools -+ -+from templates import executable -+from templates import boolean -+from templates import etc_rw -+from templates import unit_file -+from templates import var_cache -+from templates import var_spool -+from templates import var_lib -+from templates import var_log -+from templates import var_run -+from templates import tmp -+from templates import rw -+from templates import network -+from templates import script -+from templates import user -+import sepolgen.interfaces as interfaces -+import sepolgen.defaults as defaults -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+methods = [] -+fn = defaults.interface_info() -+try: -+ fd = open(fn) -+ # List of per_role_template interfaces -+ ifs = interfaces.InterfaceSet() -+ ifs.from_file(fd) -+ methods = ifs.interfaces.keys() -+ fd.close() -+except: -+ sys.stderr.write("could not open interface info [%s]\n" % fn) -+ sys.exit(1) -+ -+all_types = None -+def get_all_types(): -+ global all_types -+ if all_types == None: -+ all_types = map(lambda x: x['name'], setools.seinfo(setools.TYPE)) -+ return all_types -+ -+def get_all_ports(): -+ dict = {} -+ for p in setools.seinfo(setools.PORT): -+ if p['type'] == "reserved_port_t" or \ -+ p['type'] == "port_t" or \ -+ p['type'] == "hi_reserved_port_t": -+ continue -+ dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range']) -+ return dict -+ -+def get_all_roles(): -+ roles = map(lambda x: x['name'], setools.seinfo(setools.ROLE)) -+ roles.remove("object_r") -+ roles.sort() -+ return roles -+ -+def get_all_attributes(): -+ attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE)) -+ attributes.sort() -+ return attributes -+ -+def get_all_domains(): -+ all_domains = [] -+ types=get_all_types() -+ types.sort() -+ for i in types: -+ m = re.findall("(.*)%s" % "_exec_t$", i) -+ if len(m) > 0: -+ if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains: -+ all_domains.append(m[0]) -+ return all_domains -+ -+def get_all_modules(): -+ try: -+ all_modules = [] -+ rc, output=commands.getstatusoutput("semodule -l 2>/dev/null") -+ if rc == 0: -+ l = output.split("\n") -+ for i in l: -+ all_modules.append(i.split()[0]) -+ except: -+ pass -+ -+ return all_modules -+ -+def get_all_users(): -+ users = map(lambda x: x['name'], setools.seinfo(setools.USER)) -+ users.remove("system_u") -+ users.remove("root") -+ users.sort() -+ return users -+ -+ALL = 0 -+RESERVED = 1 -+UNRESERVED = 2 -+PORTS = 3 -+ADMIN_TRANSITION_INTERFACE = "_admin$" -+USER_TRANSITION_INTERFACE = "_role$" -+ -+DAEMON = 0 -+DBUS = 1 -+INETD = 2 -+USER = 3 -+CGI = 4 -+XUSER = 5 -+TUSER = 6 -+LUSER = 7 -+AUSER = 8 -+EUSER = 9 -+RUSER = 10 -+SANDBOX = 11 -+ -+poltype={} -+poltype[DAEMON] = _("Standard Init Daemon") -+poltype[DBUS] = _("DBUS System Daemon") -+poltype[INETD] = _("Internet Services Daemon") -+poltype[CGI] = _("Web Application/Script (CGI)") -+poltype[USER] = _("User Application") -+poltype[TUSER] = _("Minimal Terminal User Role") -+poltype[XUSER] = _("Minimal X Windows User Role") -+poltype[LUSER] = _("User Role") -+poltype[AUSER] = _("Admin User Role") -+poltype[RUSER] = _("Root Admin User Role") -+poltype[SANDBOX] = _("Sandbox") -+ -+APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ] -+USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER] -+ -+def verify_ports(ports): -+ if ports == "": -+ return [] -+ max_port=2**16 -+ try: -+ temp = [] -+ for a in ports.split(","): -+ r = a.split("-") -+ if len(r) > 2: -+ raise ValueError -+ if len(r) == 1: -+ begin = int (r[0]) -+ end = int (r[0]) -+ else: -+ begin = int (r[0]) -+ end = int (r[1]) -+ -+ if begin > end: -+ raise ValueError -+ -+ for p in range(begin, end + 1): -+ if p < 1 or p > max_port: -+ raise ValueError -+ temp.append(p) -+ return temp -+ except ValueError: -+ raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port )) -+ -+class policy: -+ -+ def __init__(self, name, type): -+ self.ports = [] -+ try: -+ self.ports = get_all_ports() -+ except ValueError, e: -+ print "Can not get port types, must be root for this information" -+ except RuntimeError, e: -+ print "Can not get port types", e -+ -+ self.symbols = {} -+ self.symbols["openlog"] = "set_use_kerberos(True)" -+ self.symbols["openlog"] = "set_use_kerb_rcache(True)" -+ self.symbols["openlog"] = "set_use_syslog(True)" -+ self.symbols["gethostby"] = "set_use_resolve(True)" -+ self.symbols["getaddrinfo"] = "set_use_resolve(True)" -+ self.symbols["getnameinfo"] = "set_use_resolve(True)" -+ self.symbols["krb"] = "set_use_kerberos(True)" -+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)" -+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)" -+ self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)" -+ self.symbols["__syslog_chk"] = "set_use_syslog(True)" -+ self.symbols["getpwnam"] = "set_use_uid(True)" -+ self.symbols["getpwuid"] = "set_use_uid(True)" -+ self.symbols["dbus_"] = "set_use_dbus(True)" -+ self.symbols["pam_"] = "set_use_pam(True)" -+ self.symbols["pam_"] = "set_use_audit(True)" -+ self.symbols["fork"] = "add_process('fork')" -+ self.symbols["transition"] = "add_process('transition')" -+ self.symbols["sigchld"] = "add_process('sigchld')" -+ self.symbols["sigkill"] = "add_process('sigkill')" -+ self.symbols["sigstop"] = "add_process('sigstop')" -+ self.symbols["signull"] = "add_process('signull')" -+ self.symbols["signal"] = "add_process('signal')" -+ self.symbols["ptrace"] = "add_process('ptrace')" -+ self.symbols["getsched"] = "add_process('getsched')" -+ self.symbols["setsched"] = "add_process('setsched')" -+ self.symbols["getsession"] = "add_process('getsession')" -+ self.symbols["getpgid"] = "add_process('getpgid')" -+ self.symbols["setpgid"] = "add_process('setpgid')" -+ self.symbols["getcap"] = "add_process('getcap')" -+ self.symbols["setcap"] = "add_process('setcap')" -+ self.symbols["share"] = "add_process('share')" -+ self.symbols["getattr"] = "add_process('getattr')" -+ self.symbols["setexec"] = "add_process('setexec')" -+ self.symbols["setfscreate"] = "add_process('setfscreate')" -+ self.symbols["noatsecure"] = "add_process('noatsecure')" -+ self.symbols["siginh"] = "add_process('siginh')" -+ self.symbols["setrlimit"] = "add_process('setrlimit')" -+ self.symbols["rlimitinh"] = "add_process('rlimitinh')" -+ self.symbols["dyntransition"] = "add_process('dyntransition')" -+ self.symbols["setcurrent"] = "add_process('setcurrent')" -+ self.symbols["execmem"] = "add_process('execmem')" -+ self.symbols["execstack"] = "add_process('execstack')" -+ self.symbols["execheap"] = "add_process('execheap')" -+ self.symbols["setkeycreate"] = "add_process('setkeycreate')" -+ self.symbols["setsockcreate"] = "add_process('setsockcreate')" -+ -+ self.symbols["chown"] = "add_capability('chown')" -+ self.symbols["dac_override"] = "add_capability('dac_override')" -+ self.symbols["dac_read_search"] = "add_capability('dac_read_search')" -+ self.symbols["fowner"] = "add_capability('fowner')" -+ self.symbols["fsetid"] = "add_capability('fsetid')" -+ self.symbols["kill"] = "add_capability('kill')" -+ self.symbols["setgid"] = "add_capability('setgid')" -+ self.symbols["setresuid"] = "add_capability('setuid')" -+ self.symbols["setuid"] = "add_capability('setuid')" -+ self.symbols["setpcap"] = "add_capability('setpcap')" -+ self.symbols["linux_immutable"] = "add_capability('linux_immutable')" -+ self.symbols["net_bind_service"] = "add_capability('net_bind_service')" -+ self.symbols["net_broadcast"] = "add_capability('net_broadcast')" -+ self.symbols["net_admin"] = "add_capability('net_admin')" -+ self.symbols["net_raw"] = "add_capability('net_raw')" -+ self.symbols["ipc_lock"] = "add_capability('ipc_lock')" -+ self.symbols["ipc_owner"] = "add_capability('ipc_owner')" -+ self.symbols["sys_module"] = "add_capability('sys_module')" -+ self.symbols["sys_rawio"] = "add_capability('sys_rawio')" -+ self.symbols["chroot"] = "add_capability('sys_chroot')" -+ self.symbols["sys_chroot"] = "add_capability('sys_chroot')" -+ self.symbols["sys_ptrace"] = "add_capability('sys_ptrace')" -+ self.symbols["sys_pacct"] = "add_capability('sys_pacct')" -+ self.symbols["mount"] = "add_capability('sys_admin')" -+ self.symbols["unshare"] = "add_capability('sys_admin')" -+ self.symbols["sys_admin"] = "add_capability('sys_admin')" -+ self.symbols["sys_boot"] = "add_capability('sys_boot')" -+ self.symbols["sys_nice"] = "add_capability('sys_nice')" -+ self.symbols["sys_resource"] = "add_capability('sys_resource')" -+ self.symbols["sys_time"] = "add_capability('sys_time')" -+ self.symbols["sys_tty_config"] = "add_capability('sys_tty_config')" -+ self.symbols["mknod"] = "add_capability('mknod')" -+ self.symbols["lease"] = "add_capability('lease')" -+ self.symbols["audit_write"] = "add_capability('audit_write')" -+ self.symbols["audit_control"] = "add_capability('audit_control')" -+ self.symbols["setfcap"] = "add_capability('setfcap')" -+ -+ self.DEFAULT_DIRS = {} -+ self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw]; -+ self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp]; -+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw]; -+ self.DEFAULT_DIRS["/usr/lib/systemd/system"] = ["unit_file", [], unit_file]; -+ self.DEFAULT_DIRS["/lib/systemd/system"] = ["unit_file", [], unit_file]; -+ self.DEFAULT_DIRS["/etc/systemd/system"] = ["unit_file", [], unit_file]; -+ self.DEFAULT_DIRS["/var/cache"] = ["var_cache", [], var_cache]; -+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib]; -+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log]; -+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run]; -+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool]; -+ -+ self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/usr/lib/systemd/system", "/lib/systemd/system" ] -+ -+ self.DEFAULT_TYPES = (\ -+( self.generate_daemon_types, self.generate_daemon_rules), \ -+( self.generate_dbusd_types, self.generate_dbusd_rules), \ -+( self.generate_inetd_types, self.generate_inetd_rules), \ -+( self.generate_userapp_types, self.generate_userapp_rules), \ -+( self.generate_cgi_types, self.generate_cgi_rules), \ -+( self.generate_x_login_user_types, self.generate_x_login_user_rules), \ -+( self.generate_min_login_user_types, self.generate_login_user_rules), \ -+( self.generate_login_user_types, self.generate_login_user_rules), \ -+( self.generate_admin_user_types, self.generate_login_user_rules), \ -+( self.generate_existing_user_types, self.generate_existing_user_rules), \ -+( self.generate_root_user_types, self.generate_root_user_rules), \ -+( self.generate_sandbox_types, self.generate_sandbox_rules)) -+ if name == "": -+ raise ValueError(_("You must enter a name for your confined process/user")) -+ if not name.isalnum(): -+ raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) -+ -+ if type == CGI: -+ self.name = "httpd_%s_script" % name -+ else: -+ self.name = name -+ -+ self.file_name = name -+ -+ self.capabilities = [] -+ self.processes = [] -+ self.type = type -+ self.initscript = "" -+ self.program = "" -+ self.in_tcp = [False, False, False, []] -+ self.in_udp = [False, False, False, []] -+ self.out_tcp = [False, False, False, []] -+ self.out_udp = [False, False, False, []] -+ self.use_resolve = False -+ self.use_tmp = False -+ self.use_uid = False -+ self.use_syslog = False -+ self.use_kerberos = False -+ self.manage_krb5_rcache = False -+ self.use_pam = False -+ self.use_dbus = False -+ self.use_audit = False -+ self.use_etc = True -+ self.use_localization = True -+ self.use_fd = True -+ self.use_terminal = False -+ self.use_mail = False -+ self.booleans = {} -+ self.files = {} -+ self.dirs = {} -+ self.found_tcp_ports=[] -+ self.found_udp_ports=[] -+ self.need_tcp_type=False -+ self.need_udp_type=False -+ self.admin_domains = [] -+ self.transition_domains = [] -+ self.transition_users = [] -+ self.roles = [] -+ -+ def __isnetset(self, l): -+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0 -+ -+ def set_admin_domains(self, admin_domains): -+ self.admin_domains = admin_domains -+ -+ def set_admin_roles(self, roles): -+ self.roles = roles -+ -+ def set_transition_domains(self, transition_domains): -+ self.transition_domains = transition_domains -+ -+ def set_transition_users(self, transition_users): -+ self.transition_users = transition_users -+ -+ def use_in_udp(self): -+ return self.__isnetset(self.in_udp) -+ -+ def use_out_udp(self): -+ return self.__isnetset(self.out_udp) -+ -+ def use_udp(self): -+ return self.use_in_udp() or self.use_out_udp() -+ -+ def use_in_tcp(self): -+ return self.__isnetset(self.in_tcp) -+ -+ def use_out_tcp(self): -+ return self.__isnetset(self.out_tcp) -+ -+ def use_tcp(self): -+ return self.use_in_tcp() or self.use_out_tcp() -+ -+ def use_network(self): -+ return self.use_tcp() or self.use_udp() -+ -+ def find_port(self, port, protocol="tcp"): -+ for begin,end,p in self.ports.keys(): -+ if port >= begin and port <= end and protocol == p: -+ return self.ports[begin, end, protocol] -+ return None -+ -+ def set_program(self, program): -+ if self.type not in APPLICATIONS: -+ raise ValueError(_("User Role types can not be assigned executables.")) -+ -+ self.program = program -+ -+ def set_init_script(self, initscript): -+ if self.type != DAEMON: -+ raise ValueError(_("Only Daemon apps can use an init script..")) -+ -+ self.initscript = initscript -+ -+ def set_in_tcp(self, all, reserved, unreserved, ports): -+ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)] -+ -+ def set_in_udp(self, all, reserved, unreserved, ports): -+ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)] -+ -+ def set_out_tcp(self, all, ports): -+ self.out_tcp = [ all , False, False, verify_ports(ports) ] -+ -+ def set_out_udp(self, all, ports): -+ self.out_udp = [ all , False, False, verify_ports(ports) ] -+ -+ def set_use_resolve(self, val): -+ if val != True and val != False: -+ raise ValueError(_("use_resolve must be a boolean value ")) -+ -+ self.use_resolve = val -+ -+ def set_use_syslog(self, val): -+ if val != True and val != False: -+ raise ValueError(_("use_syslog must be a boolean value ")) -+ -+ self.use_syslog = val -+ -+ def set_use_kerberos(self, val): -+ if val != True and val != False: -+ raise ValueError(_("use_kerberos must be a boolean value ")) -+ -+ self.use_kerberos = val -+ -+ def set_manage_krb5_rcache(self, val): -+ if val != True and val != False: -+ raise ValueError(_("manage_krb5_rcache must be a boolean value ")) -+ -+ self.manage_krb5_rcache = val -+ -+ def set_use_pam(self, val): -+ self.use_pam = val == True -+ -+ def set_use_dbus(self, val): -+ self.use_dbus = val == True -+ -+ def set_use_audit(self, val): -+ self.use_audit = val == True -+ -+ def set_use_etc(self, val): -+ self.use_etc = val == True -+ -+ def set_use_localization(self, val): -+ self.use_localization = val == True -+ -+ def set_use_fd(self, val): -+ self.use_fd = val == True -+ -+ def set_use_terminal(self, val): -+ self.use_terminal = val == True -+ -+ def set_use_mail(self, val): -+ self.use_mail = val == True -+ -+ def set_use_tmp(self, val): -+ if self.type in USERS: -+ raise ValueError(_("USER Types automatically get a tmp type")) -+ -+ if val: -+ self.DEFAULT_DIRS["/tmp"][1].append("/tmp"); -+ else: -+ self.DEFAULT_DIRS["/tmp"][1]=[] -+ -+ def set_use_uid(self, val): -+ self.use_uid = val == True -+ -+ def generate_uid_rules(self): -+ if self.use_uid: -+ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules) -+ else: -+ return "" -+ -+ def generate_syslog_rules(self): -+ if self.use_syslog: -+ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules) -+ else: -+ return "" -+ -+ def generate_resolve_rules(self): -+ if self.use_resolve: -+ return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules) -+ else: -+ return "" -+ -+ def generate_kerberos_rules(self): -+ if self.use_kerberos: -+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules) -+ else: -+ return "" -+ -+ def generate_manage_krb5_rcache_rules(self): -+ if self.manage_krb5_rcache: -+ return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules) -+ else: -+ return "" -+ -+ def generate_pam_rules(self): -+ newte ="" -+ if self.use_pam: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules) -+ return newte -+ -+ def generate_audit_rules(self): -+ newte ="" -+ if self.use_audit: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules) -+ return newte -+ -+ def generate_etc_rules(self): -+ newte ="" -+ if self.use_etc: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_etc_rules) -+ return newte -+ -+ def generate_fd_rules(self): -+ newte ="" -+ if self.use_fd: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_fd_rules) -+ return newte -+ -+ def generate_localization_rules(self): -+ newte ="" -+ if self.use_localization: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_localization_rules) -+ return newte -+ -+ def generate_dbus_rules(self): -+ newte ="" -+ if self.type != DBUS and self.use_dbus: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules) -+ return newte -+ -+ def generate_mail_rules(self): -+ newte ="" -+ if self.use_mail: -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules) -+ return newte -+ -+ def generate_network_action(self, protocol, action, port_name): -+ line = "" -+ method = "corenet_%s_%s_%s" % (protocol, action, port_name) -+ if method in methods: -+ line = "%s(%s_t)\n" % (method, self.name) -+ else: -+ line = """ -+gen_require(` -+ type %s_t; -+') -+allow %s_t %s_t:%s_socket name_%s; -+""" % (port_name, self.name, port_name, protocol, action) -+ return line -+ -+ def generate_network_types(self): -+ for i in self.in_tcp[PORTS]: -+ rec = self.find_port(int(i), "tcp") -+ if rec == None: -+ self.need_tcp_type = True; -+ else: -+ port_name = rec[0][:-2] -+ line = self.generate_network_action("tcp", "bind", port_name) -+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name) -+ if line not in self.found_tcp_ports: -+ self.found_tcp_ports.append(line) -+ -+ for i in self.out_tcp[PORTS]: -+ rec = self.find_port(int(i), "tcp") -+ if rec == None: -+ self.need_tcp_type = True; -+ else: -+ port_name = rec[0][:-2] -+ line = self.generate_network_action("tcp", "connect", port_name) -+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name) -+ if line not in self.found_tcp_ports: -+ self.found_tcp_ports.append(line) -+ -+ for i in self.in_udp[PORTS]: -+ rec = self.find_port(int(i),"udp") -+ if rec == None: -+ self.need_udp_type = True; -+ else: -+ port_name = rec[0][:-2] -+ line = self.generate_network_action("udp", "bind", port_name) -+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name) -+ if line not in self.found_udp_ports: -+ self.found_udp_ports.append(line) -+ -+ if self.need_udp_type == True or self.need_tcp_type == True: -+ return re.sub("TEMPLATETYPE", self.name, network.te_port_types) -+ return "" -+ -+ def __find_path(self, file): -+ for d in self.DEFAULT_DIRS: -+ if file.find(d) == 0: -+ self.DEFAULT_DIRS[d][1].append(file) -+ return self.DEFAULT_DIRS[d] -+ self.DEFAULT_DIRS["rw"][1].append(file) -+ return self.DEFAULT_DIRS["rw"] -+ -+ def add_capability(self, capability): -+ if capability not in self.capabilities: -+ self.capabilities.append(capability) -+ -+ def add_process(self, process): -+ if process not in self.processes: -+ self.processes.append(process) -+ -+ def add_boolean(self, name, description): -+ self.booleans[name] = description -+ -+ def add_file(self, file): -+ self.files[file] = self.__find_path(file) -+ -+ def add_dir(self, file): -+ self.dirs[file] = self.__find_path(file) -+ -+ def generate_capabilities(self): -+ newte = "" -+ self.capabilities.sort() -+ if len(self.capabilities) > 0: -+ newte = "allow %s_t self:capability { %s };\n" % (self.name, " ".join(self.capabilities)) -+ return newte -+ -+ def generate_process(self): -+ newte = "" -+ self.processes.sort() -+ if len(self.processes) > 0: -+ newte = "allow %s_t self:process { %s };\n" % (self.name, " ".join(self.processes)) -+ return newte -+ -+ -+ def generate_network_rules(self): -+ newte = "" -+ if self.use_network(): -+ newte = "\n" -+ -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_network) -+ -+ if self.use_tcp(): -+ newte += "\n" -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp) -+ -+ if self.use_in_tcp(): -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp) -+ -+ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp) -+ -+ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp) -+ -+ -+ if self.in_tcp[ALL]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp) -+ if self.in_tcp[RESERVED]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp) -+ if self.in_tcp[UNRESERVED]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp) -+ -+ if self.out_tcp[ALL]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp) -+ if self.out_tcp[RESERVED]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp) -+ if self.out_tcp[UNRESERVED]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp) -+ -+ for i in self.found_tcp_ports: -+ newte += i -+ -+ if self.use_udp(): -+ newte += "\n" -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp) -+ -+ if self.need_udp_type: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp) -+ if self.use_in_udp(): -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp) -+ if self.in_udp[ALL]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp) -+ if self.in_udp[RESERVED]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp) -+ if self.in_udp[UNRESERVED]: -+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp) -+ -+ for i in self.found_udp_ports: -+ newte += i -+ return newte -+ -+ def generate_transition_rules(self): -+ newte = "" -+ for app in self.transition_domains: -+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules) -+ newte += re.sub("APPLICATION", app, tmp) -+ -+ if self.type == USER: -+ for u in self.transition_users: -+ temp = re.sub("TEMPLATETYPE", self.name, executable.te_run_rules) -+ newte += re.sub("USER", u.split("_u")[0], temp) -+ -+ return newte -+ -+ def generate_admin_rules(self): -+ newte = "" -+ if self.type == RUSER: -+ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules) -+ -+ for app in self.admin_domains: -+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules) -+ newte += re.sub("APPLICATION", app, tmp) -+ -+ all_roles = [] -+ try: -+ all_roles = get_all_roles() -+ except ValueError, e: -+ print "Can not get all roles, must be root for this information" -+ except RuntimeError, e: -+ print "Can not get all roles", e -+ -+ for u in self.transition_users: -+ role = u.split("_u")[0] -+ -+ if (role + "_r") in all_roles: -+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules) -+ newte += re.sub("USER", role, tmp) -+ -+ return newte -+ -+ def generate_dbus_if(self): -+ newif = "" -+ if self.use_dbus: -+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules) -+ return newif -+ -+ def generate_sandbox_if(self): -+ newif = "" -+ if self.type != SANDBOX: -+ return newif -+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_sandbox_rules) -+ return newif -+ -+ -+ def generate_admin_if(self): -+ newif = "" -+ newtypes = "" -+ if self.initscript != "": -+ newtypes += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin_types) -+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin) -+ for d in self.DEFAULT_KEYS: -+ if len(self.DEFAULT_DIRS[d][1]) > 0: -+ newtypes += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_types) -+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules) -+ -+ if newif != "": -+ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin) -+ ret += newtypes -+ -+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_middle_admin) -+ ret += newif -+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin) -+ return ret -+ -+ return "" -+ -+ def generate_cgi_types(self): -+ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types) -+ -+ def generate_sandbox_types(self): -+ return re.sub("TEMPLATETYPE", self.file_name, executable.te_sandbox_types) -+ -+ def generate_userapp_types(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types) -+ -+ def generate_inetd_types(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types) -+ -+ def generate_dbusd_types(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_types) -+ -+ def generate_min_login_user_types(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types) -+ -+ def generate_login_user_types(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types) -+ -+ def generate_admin_user_types(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types) -+ -+ def generate_existing_user_types(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types) -+ -+ def generate_x_login_user_types(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types) -+ -+ def generate_root_user_types(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types) -+ -+ def generate_daemon_types(self): -+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types) -+ if self.initscript != "": -+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types) -+ return newte -+ -+ def generate_tmp_types(self): -+ if self.use_tmp: -+ return re.sub("TEMPLATETYPE", self.name, tmp.te_types) -+ else: -+ return "" -+ -+ def generate_booleans(self): -+ newte = "" -+ for b in self.booleans: -+ tmp = re.sub("BOOLEAN", b, boolean.te_boolean) -+ newte += re.sub("DESCRIPTION", self.booleans[b], tmp) -+ return newte -+ -+ def generate_boolean_rules(self): -+ newte = "" -+ for b in self.booleans: -+ newte += re.sub("BOOLEAN", b, boolean.te_rules) -+ return newte -+ -+ def generate_sandbox_te(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_types) -+ -+ def generate_cgi_te(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types) -+ -+ def generate_daemon_rules(self): -+ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules) -+ -+ return newif -+ -+ def generate_login_user_rules(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules) -+ -+ def generate_existing_user_rules(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules) -+ -+ def generate_x_login_user_rules(self): -+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules) -+ -+ def generate_root_user_rules(self): -+ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules) -+ return newte -+ -+ def generate_userapp_rules(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules) -+ -+ def generate_inetd_rules(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules) -+ -+ def generate_dbusd_rules(self): -+ return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_rules) -+ -+ def generate_tmp_rules(self): -+ if self.use_tmp: -+ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules) -+ else: -+ return "" -+ -+ def generate_cgi_rules(self): -+ newte = "" -+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules) -+ return newte -+ -+ def generate_sandbox_rules(self): -+ newte = "" -+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_rules) -+ return newte -+ -+ def generate_user_if(self): -+ newif ="" -+ if self.use_terminal or self.type == USER: -+ newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules) -+ -+ if self.type in ( TUSER, XUSER, AUSER, LUSER): -+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules) -+ return newif -+ -+ def generate_if(self): -+ newif = "" -+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules) -+ if self.program != "": -+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules) -+ if self.initscript != "": -+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules) -+ -+ for d in self.DEFAULT_KEYS: -+ if len(self.DEFAULT_DIRS[d][1]) > 0: -+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules) -+ for i in self.DEFAULT_DIRS[d][1]: -+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): -+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules) -+ break -+ newif += self.generate_user_if() -+ newif += self.generate_dbus_if() -+ newif += self.generate_admin_if() -+ newif += self.generate_sandbox_if() -+ -+ return newif -+ -+ def generate_default_types(self): -+ return self.DEFAULT_TYPES[self.type][0]() -+ -+ def generate_default_rules(self): -+ return self.DEFAULT_TYPES[self.type][1]() -+ -+ def generate_roles_rules(self): -+ newte = "" -+ if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER): -+ roles = "" -+ if len(self.roles) > 0: -+ newte += re.sub("TEMPLATETYPE", self.name, user.te_sudo_rules) -+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules) -+ for role in self.roles: -+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules) -+ newte += re.sub("ROLE", role, tmp) -+ return newte -+ -+ def generate_te(self): -+ newte = self.generate_default_types() -+ for d in self.DEFAULT_KEYS: -+ if len(self.DEFAULT_DIRS[d][1]) > 0: -+ # CGI scripts already have a rw_t -+ if self.type != CGI or d != "rw": -+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) -+ -+ newte +=""" -+######################################## -+# -+# %s local policy -+# -+""" % self.name -+ newte += self.generate_capabilities() -+ newte += self.generate_process() -+ newte += self.generate_network_types() -+ newte += self.generate_tmp_types() -+ newte += self.generate_booleans() -+ newte += self.generate_default_rules() -+ newte += self.generate_boolean_rules() -+ -+ for d in self.DEFAULT_KEYS: -+ if len(self.DEFAULT_DIRS[d][1]) > 0: -+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules) -+ for i in self.DEFAULT_DIRS[d][1]: -+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): -+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules) -+ break -+ -+ newte += self.generate_tmp_rules() -+ newte += self.generate_network_rules() -+ newte += self.generate_fd_rules() -+ newte += self.generate_etc_rules() -+ newte += self.generate_pam_rules() -+ newte += self.generate_uid_rules() -+ newte += self.generate_audit_rules() -+ newte += self.generate_syslog_rules() -+ newte += self.generate_localization_rules() -+ newte += self.generate_resolve_rules() -+ newte += self.generate_roles_rules() -+ newte += self.generate_mail_rules() -+ newte += self.generate_transition_rules() -+ newte += self.generate_admin_rules() -+ newte += self.generate_dbus_rules() -+ newte += self.generate_kerberos_rules() -+ newte += self.generate_manage_krb5_rcache_rules() -+ -+ return newte -+ -+ def generate_fc(self): -+ newfc = "" -+ fclist = [] -+ if self.type in USERS + [ SANDBOX ]: -+ return re.sub("EXECUTABLE", self.program, executable.fc_user) -+ if self.program == "": -+ raise ValueError(_("You must enter the executable path for your confined process")) -+ -+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program) -+ fclist.append(re.sub("TEMPLATETYPE", self.name, t1)) -+ -+ if self.initscript != "": -+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript) -+ fclist.append(re.sub("TEMPLATETYPE", self.name, t1)) -+ -+ for i in self.files.keys(): -+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): -+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file) -+ else: -+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file) -+ t2 = re.sub("FILENAME", i, t1) -+ fclist.append(re.sub("FILETYPE", self.files[i][0], t2)) -+ -+ for i in self.dirs.keys(): -+ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir) -+ t2 = re.sub("FILENAME", i, t1) -+ fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2)) -+ -+ fclist.sort() -+ newfc="\n".join(fclist) -+ return newfc -+ -+ def generate_user_sh(self): -+ newsh = "" -+ if self.type not in ( TUSER, XUSER, AUSER, LUSER, EUSER): -+ return newsh -+ -+ roles = "" -+ for role in self.roles: -+ roles += " %s_r" % role -+ if roles != "": -+ roles += " system_r" -+ if self.type == EUSER: -+ tmp = re.sub("TEMPLATETYPE", self.name, script.eusers) -+ else: -+ tmp = re.sub("TEMPLATETYPE", self.name, script.users) -+ newsh += re.sub("ROLES", roles, tmp) -+ -+ if self.type == RUSER: -+ for u in self.transition_users: -+ tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans) -+ newsh += re.sub("USER", u, tmp) -+ -+ if self.type == LUSER: -+ newsh += re.sub("TEMPLATETYPE", self.name, script.min_login_user_default_context) -+ else: -+ newsh += re.sub("TEMPLATETYPE", self.name, script.x_login_user_default_context) -+ -+ -+ return newsh -+ -+ def generate_sh(self): -+ temp = re.sub("TEMPLATETYPE", self.file_name, script.compile) -+ if self.type == EUSER: -+ newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp) -+ else: -+ newsh = re.sub("TEMPLATEFILE", self.file_name, temp) -+ if self.program != "": -+ newsh += re.sub("FILENAME", self.program, script.restorecon) -+ if self.initscript != "": -+ newsh += re.sub("FILENAME", self.initscript, script.restorecon) -+ -+ for i in self.files.keys(): -+ newsh += re.sub("FILENAME", i, script.restorecon) -+ -+ for i in self.dirs.keys(): -+ newsh += re.sub("FILENAME", i, script.restorecon) -+ -+ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]: -+ if self.find_port(i,"tcp") == None: -+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports) -+ newsh += re.sub("TEMPLATETYPE", self.name, t1) -+ -+ for i in self.in_udp[PORTS]: -+ if self.find_port(i,"udp") == None: -+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports) -+ newsh += re.sub("TEMPLATETYPE", self.name, t1) -+ -+ newsh += self.generate_user_sh() -+ -+ return newsh -+ -+ def write_te(self, out_dir): -+ if self.type == EUSER: -+ tefile = "%s/my%s.te" % (out_dir, self.file_name) -+ else: -+ tefile = "%s/%s.te" % (out_dir, self.file_name) -+ fd = open(tefile, "w") -+ fd.write(self.generate_te()) -+ fd.close() -+ return tefile -+ -+ def write_sh(self, out_dir): -+ if self.type == EUSER: -+ shfile = "%s/my%s.sh" % (out_dir, self.file_name) -+ else: -+ shfile = "%s/%s.sh" % (out_dir, self.file_name) -+ fd = open(shfile, "w") -+ fd.write(self.generate_sh()) -+ fd.close() -+ os.chmod(shfile, 0750) -+ return shfile -+ -+ def write_if(self, out_dir): -+ if self.type == EUSER: -+ iffile = "%s/my%s.if" % (out_dir, self.file_name) -+ else: -+ iffile = "%s/%s.if" % (out_dir, self.file_name) -+ fd = open(iffile, "w") -+ fd.write(self.generate_if()) -+ fd.close() -+ return iffile -+ -+ def write_fc(self,out_dir): -+ if self.type == EUSER: -+ fcfile = "%s/my%s.fc" % (out_dir, self.file_name) -+ else: -+ fcfile = "%s/%s.fc" % (out_dir, self.file_name) -+ fd = open(fcfile, "w") -+ fd.write(self.generate_fc()) -+ fd.close() -+ return fcfile -+ -+ def gen_writeable(self): -+ fd = os.popen("rpm -qlf %s" % self.program) -+ for f in fd.read().split(): -+ for b in self.DEFAULT_DIRS: -+ if b == "/etc": -+ continue -+ if f.startswith(b): -+ if os.path.isfile(f): -+ self.add_file(f) -+ else: -+ self.add_dir(f) -+ fd.close() -+ if os.path.isfile("/var/run/%s.pid" % self.name): -+ self.add_file("/var/run/%s.pid" % self.name) -+ -+ if os.path.isfile("/etc/rc.d/init.d/%s" % self.name): -+ self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name) -+ -+ def gen_symbols(self): -+ if self.type not in APPLICATIONS: -+ return -+ -+ fd = os.popen("nm -D %s | grep U" % self.program) -+ for s in fd.read().split(): -+ for b in self.symbols: -+ if s.startswith(b): -+ exec "self.%s" % self.symbols[b] -+ fd.close() -+ -+ def generate(self, out_dir = "."): -+ self.write_te(out_dir) -+ self.write_if(out_dir) -+ self.write_fc(out_dir) -+ self.write_sh(out_dir) -+ out = "Created the following files in:\n%s/\n" % out_dir -+ out += "%s.te # %s\n" % (self.file_name, _("Type Enforcement file")) -+ out += "%s.if # %s\n" % (self.file_name, _("Interface file")) -+ out += "%s.fc # %s\n" % (self.file_name, _("File Contexts file")) -+ out += "%s.sh # %s\n" % (self.file_name, _("Setup Script")) -+ return out -+ -+def errorExit(error): -+ sys.stderr.write("%s: " % sys.argv[0]) -+ sys.stderr.write("%s\n" % error) -+ sys.stderr.flush() -+ sys.exit(1) -+ -+def test(): -+ import tempfile -+ -+ tmpdir = tempfile.mkdtemp(prefix="polgen_") -+ -+ mypolicy = policy("myrwho", DAEMON) -+ mypolicy.set_program("/usr/sbin/myrwhod") -+ mypolicy.set_init_script("/etc/init.d/myrwhod") -+ mypolicy.add_dir("/etc/nasd") -+ mypolicy.set_in_tcp(1, 0, 0, "513") -+ mypolicy.set_use_uid(True) -+ mypolicy.set_use_tmp(True) -+ mypolicy.set_use_syslog(True) -+ mypolicy.set_use_pam(True) -+ mypolicy.add_dir("/var/run/myrwho") -+ mypolicy.add_dir("/var/lib/myrwho") -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("mywhois", USER) -+ mypolicy.set_program("/usr/bin/jwhois") -+ mypolicy.set_out_tcp(0, "43,63,4321") -+ mypolicy.set_out_udp(0, "43,63,4321") -+ mypolicy.add_dir("/var/cache/jwhois") -+ mypolicy.set_transition_users(["staff_u"]) -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("mytuser", TUSER) -+ mypolicy.set_admin_roles(["mydbadm"]) -+ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications") -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("mycgi", CGI) -+ mypolicy.set_program("/var/www/cgi-bin/cgi") -+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000") -+ mypolicy.set_in_udp(1, 0, 0, "1513") -+ mypolicy.set_use_uid(True) -+ mypolicy.set_use_tmp(False) -+ mypolicy.set_use_syslog(True) -+ mypolicy.set_use_pam(True) -+ mypolicy.set_out_tcp(0,"8000") -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("myinetd", INETD) -+ mypolicy.set_program("/usr/bin/mytest") -+ mypolicy.set_in_tcp(1, 0, 0, "513") -+ mypolicy.set_in_udp(1, 0, 0, "1513") -+ mypolicy.set_use_uid(True) -+ mypolicy.set_use_tmp(True) -+ mypolicy.set_use_syslog(True) -+ mypolicy.set_use_pam(True) -+ mypolicy.add_file("/var/lib/mysql/mysql.sock") -+ mypolicy.add_file("/var/run/rpcbind.sock") -+ mypolicy.add_file("/var/run/daemon.pub") -+ mypolicy.add_file("/var/log/daemon.log") -+ mypolicy.add_dir("/var/lib/daemon") -+ mypolicy.add_dir("/etc/daemon") -+ mypolicy.add_dir("/etc/daemon/special") -+ mypolicy.set_use_uid(True) -+ mypolicy.set_use_syslog(True) -+ mypolicy.set_use_pam(True) -+ mypolicy.set_use_audit(True) -+ mypolicy.set_use_dbus(True) -+ mypolicy.set_use_terminal(True) -+ mypolicy.set_use_mail(True) -+ mypolicy.set_out_tcp(0,"8000") -+ print mypolicy.generate(tmpdir) -+ -+ -+ mypolicy = policy("mydbus", DBUS) -+ mypolicy.set_program("/usr/libexec/mydbus") -+ mypolicy.set_in_tcp(1, 0, 0, "513") -+ mypolicy.set_in_udp(1, 0, 0, "1513") -+ mypolicy.set_use_uid(True) -+ mypolicy.set_use_tmp(True) -+ mypolicy.set_use_syslog(True) -+ mypolicy.set_use_pam(True) -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("myxuser", XUSER) -+ mypolicy.set_in_tcp(1, 1, 1, "28920") -+ mypolicy.set_in_udp(0, 0, 1, "1513") -+ mypolicy.set_transition_domains(["mozilla"]) -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("myuser", USER) -+ mypolicy.set_program("/usr/bin/myuser") -+ mypolicy.set_in_tcp(1, 0, 0, "513") -+ mypolicy.set_in_udp(1, 0, 0, "1513") -+ mypolicy.set_use_uid(True) -+ mypolicy.set_use_tmp(True) -+ mypolicy.set_use_syslog(True) -+ mypolicy.set_use_pam(True) -+ mypolicy.add_file("/var/lib/myuser/myuser.sock") -+ mypolicy.set_out_tcp(0,"8000") -+ mypolicy.set_transition_users(["unconfined_u", "staff_u"]) -+ print mypolicy.generate(tmpdir) -+ -+ mypolicy = policy("mysandbox", SANDBOX) -+ mypolicy.set_out_udp(0, "993") -+ print mypolicy.generate("/tmp") -+ -+ mypolicy = policy("mydbadm", RUSER) -+ mypolicy.set_admin_domains(["postgresql", "mysql"]) -+ print mypolicy.generate(tmpdir) -+ os.chdir(tmpdir) -+ rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile") -+ print output -+ sys.exit(os.WEXITSTATUS(rc)) -+ -+import os, sys, getopt, socket, random, fcntl -+ -+def usage(msg): -+ print _(""" -+%s -+ -+sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ] -+valid Types: -+""") % msg -+ keys=poltype.keys() -+ for i in keys: -+ print "\t%s\t%s" % (i, poltype[i]) -+ sys.exit(-1) -+ -+if __name__ == '__main__': -+ setype = DAEMON -+ name = None -+ try: -+ gopts, cmds = getopt.getopt(sys.argv[1:], "ht:mn:", -+ ["type=", -+ "mount", -+ "test", -+ "name=", -+ "help"]) -+ for o, a in gopts: -+ if o == "-t" or o == "--type": -+ try: -+ if int(a) not in poltype: -+ usage ("invalid type %s" % a ) -+ except: -+ usage ("invalid type %s" % a ) -+ -+ setype = int(a) -+ -+ if o == "-m" or o == "--mount": -+ mount_ind = True -+ -+ if o == "-n" or o == "--name": -+ name = a -+ -+ if o == "-h" or o == "--help": -+ usage("") -+ -+ if o == "--test": -+ test() -+ sys.exit(0) -+ -+ except getopt.error, error: -+ usage(_("Options Error %s ") % error.msg) -+ -+ if len(cmds) == 0: -+ usage(_("Executable or Name required")) -+ -+ try: -+ if not name: -+ name = os.path.basename(cmds[0]).replace("-","_") -+ cmd = cmds[0] -+ mypolicy = policy(name, setype) -+ if setype not in USERS + [ SANDBOX ]: -+ mypolicy.set_program(cmd) -+ -+ if setype in APPLICATIONS: -+ mypolicy.gen_writeable() -+ mypolicy.gen_symbols() -+ print mypolicy.generate() -+ sys.exit(0) -+ except ValueError, e: -+ usage(e) -diff -up policycoreutils-2.1.11/gui/portsPage.py.gui policycoreutils-2.1.11/gui/portsPage.py ---- policycoreutils-2.1.11/gui/portsPage.py.gui 2012-04-05 10:13:37.910837250 -0400 -+++ policycoreutils-2.1.11/gui/portsPage.py 2012-04-05 10:13:37.910837250 -0400 -@@ -0,0 +1,259 @@ -+## portsPage.py - show selinux mappings -+## Copyright (C) 2006 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import seobject -+import commands -+from semanagePage import *; -+ -+## -+## I18N -+## -+PROGNAME = "policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+TYPE_COL = 0 -+PROTOCOL_COL = 1 -+MLS_COL = 2 -+PORT_COL = 3 -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class portsPage(semanagePage): -+ def __init__(self, xml): -+ semanagePage.__init__(self, xml, "ports", _("Network Port")) -+ xml.signal_connect("on_group_clicked", self.on_group_clicked) -+ self.group = False -+ self.ports_filter = xml.get_widget("portsFilterEntry") -+ self.ports_filter.connect("focus_out_event", self.filter_changed) -+ self.ports_filter.connect("activate", self.filter_changed) -+ self.ports_name_entry = xml.get_widget("portsNameEntry") -+ self.ports_protocol_combo = xml.get_widget("portsProtocolCombo") -+ self.ports_number_entry = xml.get_widget("portsNumberEntry") -+ self.ports_mls_entry = xml.get_widget("portsMLSEntry") -+ self.ports_add_button = xml.get_widget("portsAddButton") -+ self.ports_properties_button = xml.get_widget("portsPropertiesButton") -+ self.ports_delete_button = xml.get_widget("portsDeleteButton") -+ liststore = self.ports_protocol_combo.get_model() -+ iter = liststore.get_iter_first() -+ self.ports_protocol_combo.set_active_iter(iter) -+ self.init_store() -+ self.edit = True -+ self.load() -+ -+ def filter_changed(self, *arg): -+ filter = arg[0].get_text() -+ if filter != self.filter: -+ if self.edit: -+ self.load(filter) -+ else: -+ self.group_load(filter) -+ -+ def init_store(self): -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING , gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ -+ self.view.set_search_equal_func(self.search) -+ col = gtk.TreeViewColumn(_("SELinux Port\nType"), gtk.CellRendererText(), text = TYPE_COL) -+ col.set_sort_column_id(TYPE_COL) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.store.set_sort_column_id(TYPE_COL, gtk.SORT_ASCENDING) -+ -+ col = gtk.TreeViewColumn(_("Protocol"), gtk.CellRendererText(), text = PROTOCOL_COL) -+ col.set_sort_column_id(PROTOCOL_COL) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ self.mls_col = gtk.TreeViewColumn(_("MLS/MCS\nLevel"), gtk.CellRendererText(), text = MLS_COL) -+ self.mls_col.set_resizable(True) -+ self.mls_col.set_sort_column_id(MLS_COL) -+ self.view.append_column(self.mls_col) -+ -+ col = gtk.TreeViewColumn(_("Port"), gtk.CellRendererText(), text = PORT_COL) -+ col.set_sort_column_id(PORT_COL) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.store.set_sort_func(PORT_COL,self.sort_int, "") -+ -+ def sort_int(self, treemodel, iter1, iter2, user_data): -+ try: -+ p1 = int(treemodel.get_value(iter1,PORT_COL).split('-')[0]) -+ p2 = int(treemodel.get_value(iter2,PORT_COL).split('-')[0]) -+ if p1 > p2: -+ return 1 -+ if p1 == p2: -+ return 0 -+ return -1 -+ except: -+ return 0 -+ -+ def load(self,filter = ""): -+ self.filter=filter -+ self.port = seobject.portRecords() -+ dict = self.port.get_all(self.local) -+ keys = dict.keys() -+ keys.sort() -+ self.store.clear() -+ for k in keys: -+ if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(k[2], filter) or self.match(dict[k][1], filter) or self.match(dict[k][1], filter)): -+ continue -+ iter = self.store.append() -+ if k[0] == k[1]: -+ self.store.set_value(iter, PORT_COL, k[0]) -+ else: -+ rec = "%s-%s" % k[:2] -+ self.store.set_value(iter, PORT_COL, rec) -+ self.store.set_value(iter, TYPE_COL, dict[k][0]) -+ self.store.set_value(iter, PROTOCOL_COL, k[2]) -+ self.store.set_value(iter, MLS_COL, dict[k][1]) -+ self.view.get_selection().select_path ((0,)) -+ -+ def group_load(self, filter = ""): -+ self.filter=filter -+ self.port = seobject.portRecords() -+ dict = self.port.get_all_by_type(self.local) -+ keys = dict.keys() -+ keys.sort() -+ self.store.clear() -+ for k in keys: -+ ports_string = ", ".join(dict[k]) -+ if not (self.match(ports_string, filter) or self.match(k[0], filter) or self.match(k[1], filter) ): -+ continue -+ iter = self.store.append() -+ self.store.set_value(iter, TYPE_COL, k[0]) -+ self.store.set_value(iter, PROTOCOL_COL, k[1]) -+ self.store.set_value(iter, PORT_COL, ports_string) -+ self.store.set_value(iter, MLS_COL, "") -+ self.view.get_selection().select_path ((0,)) -+ -+ def propertiesDialog(self): -+ if self.edit: -+ semanagePage.propertiesDialog(self) -+ -+ def dialogInit(self): -+ store, iter = self.view.get_selection().get_selected() -+ self.ports_number_entry.set_text(store.get_value(iter, PORT_COL)) -+ self.ports_number_entry.set_sensitive(False) -+ self.ports_protocol_combo.set_sensitive(False) -+ self.ports_name_entry.set_text(store.get_value(iter, TYPE_COL)) -+ self.ports_mls_entry.set_text(store.get_value(iter, MLS_COL)) -+ protocol = store.get_value(iter, PROTOCOL_COL) -+ liststore = self.ports_protocol_combo.get_model() -+ iter = liststore.get_iter_first() -+ while iter != None and liststore.get_value(iter,0) != protocol: -+ iter = liststore.iter_next(iter) -+ if iter != None: -+ self.ports_protocol_combo.set_active_iter(iter) -+ -+ def dialogClear(self): -+ self.ports_number_entry.set_text("") -+ self.ports_number_entry.set_sensitive(True) -+ self.ports_protocol_combo.set_sensitive(True) -+ self.ports_name_entry.set_text("") -+ self.ports_mls_entry.set_text("s0") -+ -+ def delete(self): -+ store, iter = self.view.get_selection().get_selected() -+ port = store.get_value(iter, PORT_COL) -+ protocol = store.get_value(iter, 1) -+ try: -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage port -d -p %s %s" % (protocol, port)) -+ self.ready() -+ if rc != 0: -+ return self.error(out) -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ except ValueError, e: -+ self.error(e.args[0]) -+ -+ def add(self): -+ target = self.ports_name_entry.get_text().strip() -+ mls = self.ports_mls_entry.get_text().strip() -+ port_number = self.ports_number_entry.get_text().strip() -+ if port_number == "": -+ port_number = "1" -+ for i in port_number.split("-"): -+ if not i.isdigit(): -+ self.error(_("Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 ") % port_number ) -+ return False -+ list_model = self.ports_protocol_combo.get_model() -+ iter = self.ports_protocol_combo.get_active_iter() -+ protocol = list_model.get_value(iter,0) -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage port -a -p %s -r %s -t %s %s" % (protocol, mls, target, port_number)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ iter = self.store.append() -+ -+ self.store.set_value(iter, TYPE_COL, target) -+ self.store.set_value(iter, PORT_COL, port_number) -+ self.store.set_value(iter, PROTOCOL_COL, protocol) -+ self.store.set_value(iter, MLS_COL, mls) -+ -+ def modify(self): -+ target = self.ports_name_entry.get_text().strip() -+ mls = self.ports_mls_entry.get_text().strip() -+ port_number = self.ports_number_entry.get_text().strip() -+ list_model = self.ports_protocol_combo.get_model() -+ iter = self.ports_protocol_combo.get_active_iter() -+ protocol = list_model.get_value(iter,0) -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage port -m -p %s -r %s -t %s %s" % (protocol, mls, target, port_number)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ store, iter = self.view.get_selection().get_selected() -+ self.store.set_value(iter, TYPE_COL, target) -+ self.store.set_value(iter, PORT_COL, port_number) -+ self.store.set_value(iter, PROTOCOL_COL, protocol) -+ self.store.set_value(iter, MLS_COL, mls) -+ -+ def on_group_clicked(self, button): -+ self.ports_add_button.set_sensitive(self.group) -+ self.ports_properties_button.set_sensitive(self.group) -+ self.ports_delete_button.set_sensitive(self.group) -+ self.mls_col.set_visible(self.group) -+ -+ self.group = not self.group -+ if self.group: -+ button.set_label(_("List View")) -+ self.group_load(self.filter) -+ else: -+ button.set_label(_("Group View")) -+ self.load(self.filter) -+ -+ return True -+ -diff -up policycoreutils-2.1.11/gui/selinux.tbl.gui policycoreutils-2.1.11/gui/selinux.tbl ---- policycoreutils-2.1.11/gui/selinux.tbl.gui 2012-04-05 10:13:37.911837252 -0400 -+++ policycoreutils-2.1.11/gui/selinux.tbl 2012-04-05 10:13:37.911837252 -0400 -@@ -0,0 +1,234 @@ -+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") -+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") -+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys") -+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user account to execute files in home directory or /tmp") -+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user account to execute files in home directory or /tmp") -+allow_java_execstack _("Memory Protection") _("Allow java executable stack") -+allow_mount_anyfile _("Mount") _("Allow mount to mount any file") -+allow_mounton_anydir _("Mount") _("Allow mount to mount any directory") -+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack") -+allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign") -+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user account to execute files in home directory or /tmp") -+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user account to execute files in home directory or /tmp") -+allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user account to execute files in home directory or /tmp") -+allow_unlabeled_packets _("Network Configuration") _("Allow unlabeled packets to flow on the network") -+allow_user_exec_content _("User Privs") _("Allow user SELinux user account to execute files in home directory or /tmp") -+allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem") -+allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket") -+allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket") -+allow_write_xshm _("XServer") _("Allow clients to write to X shared memory") -+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user account to execute files in home directory or /tmp") -+allow_ypbind _("NIS") _("Allow daemons to run with NIS") -+browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain") -+browser_confine_sysadm _("Web Applications") _("Transition sysadm SELinux user to Web Browser Domain") -+browser_confine_user _("Web Applications") _("Transition user SELinux user to Web Browser Domain") -+browser_confine_xguest _("Web Applications") _("Transition xguest SELinux user to Web Browser Domain") -+browser_write_staff_data _("Web Applications") _("Allow staff Web Browsers to write to home directories") -+browser_write_sysadm_data _("Web Applications") _("Allow staff Web Browsers to write to home directories") -+browser_write_user_data _("Web Applications") _("Allow staff Web Browsers to write to home directories") -+browser_write_xguest_data _("Web Applications") _("Allow staff Web Browsers to write to home directories") -+amanda_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amanda") -+amavis_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amavis") -+apmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for apmd daemon") -+arpwatch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for arpwatch daemon") -+auditd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for auditd daemon") -+automount_disable_trans _("Mount") _("Disable SELinux protection for automount daemon") -+avahi_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for avahi") -+bluetooth_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for bluetooth daemon") -+canna_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for canna daemon") -+cardmgr_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cardmgr daemon") -+ccs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Cluster Server") -+cdrecord_read_content _("User Privs") _("Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files") -+ciped_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ciped daemon") -+clamd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamd daemon") -+clamscan_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamscan") -+clvmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clvmd") -+comsat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for comsat daemon") -+courier_authdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") -+courier_pcp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") -+courier_pop_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") -+courier_sqwebmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") -+courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon") -+cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon") -+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon") -+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon") -+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd back end server") -+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon") -+cupsd_lpd_disable_trans _("Printing") _("Disable SELinux protection for cupsd_lpd") -+cvs_disable_trans _("CVS") _("Disable SELinux protection for cvs daemon") -+cyrus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cyrus daemon") -+dbskkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbskkd daemon") -+dbusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbusd daemon") -+dccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccd") -+dccifd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccifd") -+dccm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccm") -+ddt_client_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ddt daemon") -+devfsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for devfsd daemon") -+dhcpc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpc daemon") -+dhcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpd daemon") -+dictd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dictd daemon") -+direct_sysadm_daemon _("Admin") _("Allow sysadm_t to directly start daemons") -+disable_evolution_trans _("Web Applications") _("Disable SELinux protection for Evolution") -+disable_games_trans _("Games") _("Disable SELinux protection for games") -+disable_mozilla_trans _("Web Applications") _("Disable SELinux protection for the web browsers") -+disable_thunderbird_trans _("Web Applications") _("Disable SELinux protection for Thunderbird") -+distccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for distccd daemon") -+dmesg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dmesg daemon") -+dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon") -+dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon") -+entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon") -+fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail") -+fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon") -+freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon") -+fsdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fsdaemon daemon") -+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon") -+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon") -+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Hal daemon") -+hide_broken_symptoms _("Compatibility") _("Do not audit things that we know to be broken but which are not security risks") -+hostname_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hostname daemon") -+hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon") -+howl_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for howl daemon") -+hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon") -+httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs") -+httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec") -+hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon") -+i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon") -+imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon") -+inetd_child_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd child daemons") -+inetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd daemon") -+innd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for innd daemon") -+iptables_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iptables daemon") -+ircd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ircd daemon") -+irqbalance_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for irqbalance daemon") -+iscsid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iscsi daemon") -+jabberd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for jabberd daemon") -+kadmind_disable_trans _("Kerberos") _("Disable SELinux protection for kadmind daemon") -+klogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for klogd daemon") -+krb5kdc_disable_trans _("Kerberos") _("Disable SELinux protection for krb5kdc daemon") -+ktalkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ktalk daemons") -+kudzu_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for kudzu daemon") -+locate_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for locate daemon") -+lpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lpd daemon") -+lrrd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lrrd daemon") -+lvm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lvm daemon") -+mailman_mail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mailman") -+mail_read_content _("Web Applications") _("Allow evolution and thunderbird to read user files") -+mdadm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mdadm daemon") -+monopd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for monopd daemon") -+mozilla_read_content _("Web Applications") _("Allow the mozilla browser to read user files") -+mrtg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mrtg daemon") -+mysqld_disable_trans _("Databases") _("Disable SELinux protection for mysqld daemon") -+nagios_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nagios daemon") -+named_disable_trans _("Name Service") _("Disable SELinux protection for named daemon") -+nessusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nessusd daemon") -+NetworkManager_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for NetworkManager") -+nfsd_disable_trans _("NFS") _("Disable SELinux protection for nfsd daemon") -+nmbd_disable_trans _("Samba") _("Disable SELinux protection for nmbd daemon") -+nrpe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nrpe daemon") -+nscd_disable_trans _("Name Service") _("Disable SELinux protection for nscd daemon") -+nsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nsd daemon") -+ntpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ntpd daemon") -+oddjob_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob") -+oddjob_mkhomedir_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob_mkhomedir") -+openvpn_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for openvpn daemon") -+pam_console_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pam daemon") -+pegasus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pegasus") -+perdition_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for perdition daemon") -+portmap_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portmap daemon") -+portslave_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portslave daemon") -+postfix_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for postfix") -+postgresql_disable_trans _("Databases") _("Disable SELinux protection for postgresql daemon") -+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user") -+pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp") -+prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon") -+privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon") -+ptal_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ptal daemon") -+pxe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pxe daemon") -+pyzord_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pyzord") -+quota_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for quota daemon") -+radiusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radiusd daemon") -+radvd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radvd daemon") -+rdisc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rdisc") -+readahead_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for readahead") -+read_default_t _("Admin") _("Allow programs to read files in non-standard locations (default_t)") -+restorecond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for restorecond") -+rhgb_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rhgb daemon") -+ricci_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci") -+ricci_modclusterd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci_modclusterd") -+rlogind_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rlogind daemon") -+rpcd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rpcd daemon") -+rshd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rshd") -+rsync_disable_trans _("rsync") _("Disable SELinux protection for rsync daemon") -+run_ssh_inetd _("SSH") _("Allow ssh to run from inetd instead of as a daemon") -+samba_share_nfs _("Samba") _("Allow Samba to share nfs directories") -+allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow") -+allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable") -+saslauthd_disable_trans _("SASL authentication server") _("Disable SELinux protection for saslauthd daemon") -+scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon") -+secure_mode _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected") -+secure_mode_insmod _("Admin") _("Do not allow any processes to load kernel modules") -+secure_mode_policyload _("Admin") _("Do not allow any processes to modify kernel SELinux policy") -+sendmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sendmail daemon") -+setrans_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setrans") -+setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroubleshoot daemon") -+slapd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slapd daemon") -+slrnpull_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slrnpull daemon") -+smbd_disable_trans _("Samba") _("Disable SELinux protection for smbd daemon") -+snmpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snmpd daemon") -+snort_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snort daemon") -+soundd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for soundd daemon") -+sound_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sound daemon") -+spamd_disable_trans _("Spam Protection") _("Disable SELinux protection for spamd daemon") -+spamd_enable_home_dirs _("Spam Protection") _("Allow spamd to access home directories") -+spamassassin_can_network _("Spam Protection") _("Allow Spam Assassin daemon network access") -+speedmgmt_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for speedmgmt daemon") -+squid_connect_any _("Squid") _("Allow squid daemon to connect to the network") -+squid_disable_trans _("Squid") _("Disable SELinux protection for squid daemon") -+ssh_keygen_disable_trans _("SSH") _("Disable SELinux protection for ssh daemon") -+ssh_sysadm_login _("SSH") _("Allow ssh logins as sysadm_r:sysadm_t") -+staff_read_sysadm_file _("Admin") _("Allow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)") -+stunnel_disable_trans _("Universal SSL tunnel") _("Disable SELinux protection for stunnel daemon") -+stunnel_is_daemon _("Universal SSL tunnel") _("Allow stunnel daemon to run as standalone, outside of xinetd") -+swat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for swat daemon") -+sxid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sxid daemon") -+syslogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for syslogd daemon") -+system_crond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for system cron jobs") -+tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tcp daemon") -+telnetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for telnet daemon") -+tftpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tftpd daemon") -+transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon") -+udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon") -+uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon") -+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined") -+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined") -+unlimitedRPM _("Admin") _("Allow rpm to run unconfined") -+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined") -+updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon") -+uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon") -+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so") -+user_can_mount _("Mount") _("Allow users to execute the mount command") -+user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)") -+user_dmesg _("User Privs") _("Allow users to run the dmesg command") -+user_net_control _("User Privs") _("Allow users to control network interfaces (also needs USERCTL=true)") -+user_ping _("User Privs") _("Allow normal user to execute ping") -+user_rw_noexattrfile _("User Privs") _("Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)") -+user_rw_usb _("User Privs") _("Allow users to rw usb devices") -+user_tcp_server _("User Privs") _("Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols") -+user_ttyfile_stat _("User Privs") _("Allow user to stat ttyfiles") -+uucpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uucpd daemon") -+vmware_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for vmware daemon") -+watchdog_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for watchdog daemon") -+winbind_disable_trans _("Samba") _("Disable SELinux protection for winbind daemon") -+xdm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xdm daemon") -+xdm_sysadm_login _("XServer") _("Allow xdm logins as sysadm_r:sysadm_t") -+xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon") -+xen_use_raw_disk _("XEN") _("Allow xen to read/write physical disk devices") -+xfs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xfs daemon") -+xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen control") -+ypbind_disable_trans _("NIS") _("Disable SELinux protection for ypbind daemon") -+yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon") -+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon") -+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon") -+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories") -+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories") -+ -diff -up policycoreutils-2.1.11/gui/semanagePage.py.gui policycoreutils-2.1.11/gui/semanagePage.py ---- policycoreutils-2.1.11/gui/semanagePage.py.gui 2012-04-05 10:13:37.911837252 -0400 -+++ policycoreutils-2.1.11/gui/semanagePage.py 2012-04-05 10:13:37.911837252 -0400 -@@ -0,0 +1,168 @@ -+## semanagePage.py - show selinux mappings -+## Copyright (C) 2006 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import seobject -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+def idle_func(): -+ while gtk.events_pending(): -+ gtk.main_iteration() -+ -+class semanagePage: -+ def __init__(self, xml, name, description): -+ self.xml = xml -+ self.window = self.xml.get_widget("mainWindow").get_root_window() -+ self.busy_cursor = gtk.gdk.Cursor(gtk.gdk.WATCH) -+ self.ready_cursor = gtk.gdk.Cursor(gtk.gdk.LEFT_PTR) -+ -+ self.local = False -+ self.view = xml.get_widget("%sView" % name) -+ self.dialog = xml.get_widget("%sDialog" % name) -+ self.filter_entry = xml.get_widget("%sFilterEntry" % name ) -+ self.filter_entry.connect("focus_out_event", self.filter_changed) -+ self.filter_entry.connect("activate", self.filter_changed) -+ -+ self.view.connect("row_activated", self.rowActivated) -+ self.view.get_selection().connect("changed", self.itemSelected) -+ self.description = description; -+ -+ def wait(self): -+ self.window.set_cursor(self.busy_cursor) -+ idle_func() -+ -+ def ready(self): -+ self.window.set_cursor(self.ready_cursor) -+ idle_func() -+ -+ def get_description(self): -+ return self.description -+ -+ def itemSelected(self, args): -+ return -+ -+ def filter_changed(self, *arg): -+ filter = arg[0].get_text() -+ if filter != self.filter: -+ self.load(filter) -+ -+ def search(self, model, col, key, i): -+ sort_col = self.store.get_sort_column_id()[0] -+ val = model.get_value(i,sort_col) -+ if val.lower().startswith(key.lower()): -+ return False -+ return True -+ -+ def match(self, target, filter): -+ try: -+ f=filter.lower() -+ t=target.lower() -+ if t.find(f) >= 0: -+ return True -+ except: -+ pass -+ return False -+ -+ def rowActivated(self, view, row, Column): -+ self.propertiesDialog() -+ -+ def verify(self, message, title="" ): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, -+ gtk.BUTTONS_YES_NO, -+ message) -+ dlg.set_title(title) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ rc = dlg.run() -+ dlg.destroy() -+ return rc -+ -+ def error(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, -+ gtk.BUTTONS_CLOSE, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def deleteDialog(self): -+ store, iter = self.view.get_selection().get_selected() -+ if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(iter, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES: -+ self.delete() -+ -+ def use_menus(self): -+ return True -+ -+ def addDialog(self): -+ self.dialogClear() -+ self.dialog.set_title(_("Add %s" % self.description)) -+ self.dialog.set_position(gtk.WIN_POS_MOUSE) -+ -+ while self.dialog.run() == gtk.RESPONSE_OK: -+ try: -+ if self.add() == False: -+ continue -+ break; -+ except ValueError, e: -+ self.error(e.args[0]) -+ self.dialog.hide() -+ -+ def propertiesDialog(self): -+ self.dialogInit() -+ self.dialog.set_title(_("Modify %s" % self.description)) -+ self.dialog.set_position(gtk.WIN_POS_MOUSE) -+ while self.dialog.run() == gtk.RESPONSE_OK: -+ try: -+ if self.modify() == False: -+ continue -+ break; -+ except ValueError, e: -+ self.error(e.args[0]) -+ self.dialog.hide() -+ -+ def on_local_clicked(self, button): -+ self.local = not self.local -+ if self.local: -+ button.set_label(_("all")) -+ else: -+ button.set_label(_("Customized")) -+ -+ self.load(self.filter) -+ return True -+ -diff -up policycoreutils-2.1.11/gui/statusPage.py.gui policycoreutils-2.1.11/gui/statusPage.py ---- policycoreutils-2.1.11/gui/statusPage.py.gui 2012-04-05 10:13:37.911837252 -0400 -+++ policycoreutils-2.1.11/gui/statusPage.py 2012-04-05 10:13:37.911837252 -0400 -@@ -0,0 +1,190 @@ -+# statusPage.py - show selinux status -+## Copyright (C) 2006-2009 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import tempfile -+ -+INSTALLPATH = '/usr/share/system-config-selinux' -+sys.path.append(INSTALLPATH) -+ -+import commands -+ENFORCING = 1 -+PERMISSIVE = 0 -+DISABLED = -1 -+modearray = ( "disabled", "permissive", "enforcing" ) -+ -+SELINUXDIR = "/etc/selinux/" -+RELABELFILE = "/.autorelabel" -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+import selinux -+try: -+ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class statusPage: -+ def __init__(self, xml): -+ self.xml = xml -+ self.needRelabel = False -+ -+ self.type = selinux.selinux_getpolicytype() -+ # Bring in widgets from glade file. -+ self.typeHBox = xml.get_widget("typeHBox") -+ self.selinuxTypeOptionMenu = xml.get_widget("selinuxTypeOptionMenu") -+ self.typeLabel = xml.get_widget("typeLabel") -+ self.enabledOptionMenu = xml.get_widget("enabledOptionMenu") -+ self.currentOptionMenu = xml.get_widget("currentOptionMenu") -+ self.relabel_checkbutton = xml.get_widget("relabelCheckbutton") -+ self.relabel_checkbutton.set_active(self.is_relabel()) -+ self.relabel_checkbutton.connect("toggled", self.on_relabel_toggle) -+ if self.get_current_mode() == ENFORCING or self.get_current_mode() == PERMISSIVE: -+ self.currentOptionMenu.append_text(_("Permissive")) -+ self.currentOptionMenu.append_text(_("Enforcing")) -+ self.currentOptionMenu.set_active(self.get_current_mode()) -+ self.currentOptionMenu.connect("changed", self.set_current_mode) -+ self.currentOptionMenu.set_sensitive(True) -+ else: -+ self.currentOptionMenu.append_text(_("Disabled")) -+ self.currentOptionMenu.set_active(0) -+ self.currentOptionMenu.set_sensitive(False) -+ -+ if self.read_selinux_config() == None: -+ self.selinuxsupport = False -+ else: -+ self.enabledOptionMenu.connect("changed", self.enabled_changed) -+ # -+ # This line must come after read_selinux_config -+ # -+ self.selinuxTypeOptionMenu.connect("changed", self.typemenu_changed) -+ -+ self.typeLabel.set_mnemonic_widget(self.selinuxTypeOptionMenu) -+ -+ def use_menus(self): -+ return False -+ -+ def get_description(self): -+ return _("Status") -+ -+ def get_current_mode(self): -+ if selinux.is_selinux_enabled(): -+ if selinux.security_getenforce() > 0: -+ return ENFORCING -+ else: -+ return PERMISSIVE -+ else: -+ return DISABLED -+ -+ def set_current_mode(self,menu): -+ selinux.security_setenforce(menu.get_active() == 1) -+ -+ def is_relabel(self): -+ return os.access(RELABELFILE, os.F_OK) != 0 -+ -+ def on_relabel_toggle(self,button): -+ if button.get_active(): -+ fd = open(RELABELFILE,"w") -+ fd.close() -+ else: -+ if os.access(RELABELFILE, os.F_OK) != 0: -+ os.unlink(RELABELFILE) -+ -+ def verify(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, -+ gtk.BUTTONS_YES_NO, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ rc = dlg.run() -+ dlg.destroy() -+ return rc -+ -+ def typemenu_changed(self, menu): -+ type = self.get_type() -+ enabled = self.enabledOptionMenu.get_active() -+ if self.initialtype != type: -+ if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: -+ menu.set_active(self.typeHistory) -+ return None -+ -+ self.relabel_checkbutton.set_active(True) -+ -+ self.write_selinux_config(modearray[enabled], type ) -+ self.typeHistory = menu.get_active() -+ -+ def enabled_changed(self, combo): -+ enabled = combo.get_active() -+ type = self.get_type() -+ -+ if self.initEnabled != DISABLED and enabled == DISABLED: -+ if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot Do you wish to continue?")) == gtk.RESPONSE_NO: -+ combo.set_active(self.enabled) -+ return None -+ -+ if self.initEnabled == DISABLED and enabled < 2: -+ if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO: -+ combo.set_active(self.enabled) -+ return None -+ self.relabel_checkbutton.set_active(True) -+ -+ self.write_selinux_config(modearray[enabled], type ) -+ self.enabled = enabled -+ -+ def write_selinux_config(self, enforcing, type): -+ import commands -+ commands.getstatusoutput("/usr/sbin/lokkit --selinuxtype=%s --selinux=%s" % (type, enforcing)) -+ -+ def read_selinux_config(self): -+ self.initialtype = selinux.selinux_getpolicytype()[1] -+ self.initEnabled = selinux.selinux_getenforcemode()[1] -+ self.enabled = self.initEnabled -+ self.enabledOptionMenu.set_active(self.enabled + 1 ) -+ -+ self.types = [] -+ -+ n = 0 -+ current = n -+ -+ for i in os.listdir(SELINUXDIR): -+ if os.path.isdir(SELINUXDIR+i) and os.path.isdir(SELINUXDIR+i+"/policy"): -+ self.types.append(i) -+ self.selinuxTypeOptionMenu.append_text(i) -+ if i == self.initialtype: -+ current = n -+ n = n+1 -+ self.selinuxTypeOptionMenu.set_active(current) -+ self.typeHistory = current -+ -+ return 0 -+ -+ def get_type(self): -+ return self.types[self.selinuxTypeOptionMenu.get_active()] -+ -+ -diff -up policycoreutils-2.1.11/gui/system-config-selinux.glade.gui policycoreutils-2.1.11/gui/system-config-selinux.glade ---- policycoreutils-2.1.11/gui/system-config-selinux.glade.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/system-config-selinux.glade 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,3024 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ 5 -+ False -+ system-config-selinux -+ Copyright (c)2006 Red Hat, Inc. -+Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com> -+ False -+ Daniel Walsh <dwalsh@redhat.com> -+ -+ translator-credits -+ system-config-selinux.png -+ -+ -+ -+ Add SELinux Login Mapping -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ True -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-ok -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ 3 -+ 2 -+ False -+ 4 -+ 6 -+ -+ -+ -+ True -+ Login Name -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ SELinux User -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ MLS/MCS Range -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ -+ True -+ False -+ True -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ fill -+ fill -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ 5 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ -+ -+ Add SELinux Network Ports -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ True -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-ok -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ 4 -+ 2 -+ False -+ 4 -+ 6 -+ -+ -+ -+ True -+ Port Number -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Protocol -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ SELinux Type -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ -+ True -+ tcp -+udp -+ False -+ True -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ fill -+ fill -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ -+ True -+ MLS/MCS -+Level -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 3 -+ 4 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 3 -+ 4 -+ -+ -+ -+ -+ -+ 5 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ -+ -+ Add SELinux Login Mapping -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ True -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-ok -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ 4 -+ 2 -+ False -+ 4 -+ 6 -+ -+ -+ -+ True -+ File Specification -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ File Type -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ SELinux Type -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ -+ True -+ all files -+regular file -+directory -+character device -+block device -+socket -+symbolic link -+named pipe -+ -+ False -+ True -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ fill -+ fill -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ -+ True -+ MLS -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 3 -+ 4 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 3 -+ 4 -+ -+ -+ -+ -+ -+ 5 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ -+ -+ Add SELinux User -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_DIALOG -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ True -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_BUTTONBOX_END -+ -+ -+ -+ True -+ True -+ True -+ gtk-cancel -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -6 -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ gtk-ok -+ True -+ GTK_RELIEF_NORMAL -+ True -+ -5 -+ -+ -+ -+ -+ 0 -+ False -+ True -+ GTK_PACK_END -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ 3 -+ 2 -+ False -+ 4 -+ 6 -+ -+ -+ -+ True -+ SELinux User -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ MLS/MCS Range -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ -+ True -+ SELinux Roles -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ * -+ False -+ -+ -+ 1 -+ 2 -+ 0 -+ 1 -+ -+ -+ -+ -+ -+ 5 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ -+ -+ 800 -+ 500 -+ SELinux Administration -+ GTK_WINDOW_TOPLEVEL -+ GTK_WIN_POS_NONE -+ False -+ True -+ False -+ system-config-selinux.png -+ True -+ False -+ False -+ GDK_WINDOW_TYPE_HINT_NORMAL -+ GDK_GRAVITY_NORTH_WEST -+ True -+ False -+ True -+ -+ -+ -+ True -+ True -+ -+ -+ -+ True -+ GTK_SHADOW_NONE -+ -+ -+ -+ True -+ GTK_PACK_DIRECTION_LTR -+ GTK_PACK_DIRECTION_LTR -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_FILE_TREE -+ -+ -+ -+ -+ -+ -+ True -+ Add -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-add -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ _Properties -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-properties -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ _Delete -+ True -+ -+ -+ -+ -+ -+ True -+ gtk-delete -+ 1 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ -+ -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_EXIT_ITEM -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_HELP_TREE -+ -+ -+ -+ -+ -+ -+ True -+ GNOMEUIINFO_MENU_ABOUT_ITEM -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ BONOBO_DOCK_TOP -+ 0 -+ 0 -+ 0 -+ BONOBO_DOCK_ITEM_BEH_EXCLUSIVE|BONOBO_DOCK_ITEM_BEH_NEVER_VERTICAL|BONOBO_DOCK_ITEM_BEH_LOCKED -+ -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ 5 -+ True -+ 0 -+ 0.5 -+ GTK_SHADOW_NONE -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 1 -+ 1 -+ 0 -+ 0 -+ 12 -+ 0 -+ -+ -+ -+ True -+ Select Management Object -+ True -+ False -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ True -+ <b>Select:</b> -+ False -+ True -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ label_item -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ False -+ True -+ GTK_POS_TOP -+ False -+ False -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ 4 -+ 2 -+ False -+ 5 -+ 5 -+ -+ -+ -+ True -+ System Default Enforcing Mode -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ Disabled -+Permissive -+Enforcing -+ -+ False -+ True -+ -+ -+ 1 -+ 2 -+ 0 -+ 1 -+ fill -+ -+ -+ -+ -+ -+ True -+ Current Enforcing Mode -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 1 -+ 2 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ -+ False -+ True -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ fill -+ fill -+ -+ -+ -+ -+ -+ True -+ System Default Policy Type: -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ 1 -+ 2 -+ 3 -+ fill -+ -+ -+ -+ -+ -+ -+ True -+ -+ False -+ True -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ fill -+ fill -+ -+ -+ -+ -+ -+ True -+ Select if you wish to relabel then entire file system on next reboot. Relabeling can take a very long time, depending on the size of the system. If you are changing policy types or going from disabled to enforcing, a relabel is required. -+ True -+ GTK_RELIEF_NORMAL -+ True -+ False -+ False -+ True -+ -+ -+ -+ True -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ 0 -+ -+ -+ -+ True -+ False -+ 2 -+ -+ -+ -+ True -+ gtk-refresh -+ 4 -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Relabel on next reboot. -+ True -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ -+ -+ -+ 0 -+ 2 -+ 3 -+ 4 -+ fill -+ fill -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label37 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ True -+ True -+ -+ -+ -+ True -+ Revert boolean setting to system default -+ gtk-revert-to-saved -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Toggle between Customized and All Booleans -+ Customized -+ True -+ gtk-find -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Run booleans lockdown wizard -+ Lockdown... -+ True -+ gtk-print-error -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 10 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Boolean -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label50 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ True -+ True -+ -+ -+ -+ True -+ Add File Context -+ gtk-add -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Modify File Context -+ gtk-properties -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Delete File Context -+ gtk-delete -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Toggle between all and customized file context -+ Customized -+ True -+ gtk-find -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ File Labeling -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label38 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ True -+ True -+ -+ -+ -+ True -+ Add SELinux User Mapping -+ gtk-add -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Modify SELinux User Mapping -+ gtk-properties -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Delete SELinux User Mapping -+ gtk-delete -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 5 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ User Mapping -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label39 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ True -+ True -+ -+ -+ -+ True -+ Add User -+ gtk-add -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Modify User -+ gtk-properties -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Delete User -+ gtk-delete -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 5 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ SELinux User -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label41 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ False -+ True -+ -+ -+ -+ True -+ Add Network Port -+ gtk-add -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Edit Network Port -+ gtk-properties -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Delete Network Port -+ gtk-delete -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ False -+ -+ -+ -+ 32 -+ True -+ -+ -+ -+ -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Toggle between Customized and All Ports -+ Group View -+ True -+ gtk-indent -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Toggle between Customized and All Ports -+ Customized -+ True -+ gtk-find -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 5 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Network Port -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label42 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ True -+ True -+ -+ -+ -+ True -+ Generate new policy module -+ gtk-new -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Load policy module -+ gtk-add -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Remove loadable policy module -+ gtk-remove -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ False -+ -+ -+ -+ 10 -+ True -+ -+ -+ -+ -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ Enable/Disable additional audit rules, that are normally not reported in the log files. -+ Enable Audit -+ True -+ gtk-zoom-in -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 5 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Policy Module -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label44 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ GTK_ORIENTATION_HORIZONTAL -+ GTK_TOOLBAR_BOTH -+ True -+ True -+ -+ -+ -+ True -+ Change process mode to permissive. -+ Permissive -+ True -+ gtk-dialog-warning -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ Change process mode to enforcing -+ Enforcing -+ True -+ gtk-dialog-error -+ True -+ True -+ False -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ 0 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ -+ -+ -+ True -+ Filter -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ 10 -+ False -+ False -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ True -+ 0 -+ -+ True -+ -+ False -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ 5 -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ GTK_POLICY_ALWAYS -+ GTK_POLICY_ALWAYS -+ GTK_SHADOW_NONE -+ GTK_CORNER_TOP_LEFT -+ -+ -+ -+ True -+ Process Domain -+ True -+ True -+ False -+ False -+ True -+ False -+ False -+ False -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ False -+ True -+ -+ -+ -+ -+ -+ True -+ label59 -+ False -+ False -+ GTK_JUSTIFY_LEFT -+ False -+ False -+ 0.5 -+ 0.5 -+ 0 -+ 0 -+ PANGO_ELLIPSIZE_NONE -+ -1 -+ False -+ 0 -+ -+ -+ tab -+ -+ -+ -+ -+ True -+ True -+ -+ -+ -+ -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -+ True -+ True -+ True -+ -+ -+ 0 -+ True -+ True -+ -+ -+ -+ -+ -diff -up policycoreutils-2.1.11/gui/system-config-selinux.gladep.gui policycoreutils-2.1.11/gui/system-config-selinux.gladep ---- policycoreutils-2.1.11/gui/system-config-selinux.gladep.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/system-config-selinux.gladep 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,7 @@ -+ -+ -+ -+ -+ -+ -+ -diff -up policycoreutils-2.1.11/gui/system-config-selinux.py.gui policycoreutils-2.1.11/gui/system-config-selinux.py ---- policycoreutils-2.1.11/gui/system-config-selinux.py.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/system-config-selinux.py 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,187 @@ -+#!/usr/bin/python -Es -+# -+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux -+# -+# Dan Walsh -+# -+# Copyright 2006-2009 Red Hat, Inc. -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+import signal -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import gnome -+import sys -+import statusPage -+import booleansPage -+import loginsPage -+import usersPage -+import portsPage -+import modulesPage -+import domainsPage -+import fcontextPage -+import selinux -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+gnome.program_init("SELinux Management Tool", "5") -+ -+version = "1.0" -+ -+sys.path.append('/usr/share/system-config-selinux') -+ -+ -+ -+## -+## Pull in the Glade file -+## -+if os.access("system-config-selinux.glade", os.F_OK): -+ xml = gtk.glade.XML ("system-config-selinux.glade", domain=PROGNAME) -+else: -+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/system-config-selinux.glade", domain=PROGNAME) -+ -+class childWindow: -+ def __init__(self): -+ self.tabs=[] -+ self.xml = xml -+ xml.signal_connect("on_quit_activate", self.destroy) -+ xml.signal_connect("on_delete_clicked", self.delete) -+ xml.signal_connect("on_add_clicked", self.add) -+ xml.signal_connect("on_properties_clicked", self.properties) -+ xml.signal_connect("on_local_clicked", self.on_local_clicked) -+ self.add_page(statusPage.statusPage(xml)) -+ if selinux.is_selinux_enabled() > 0: -+ try: -+ self.add_page(booleansPage.booleansPage(xml)) -+ self.add_page(fcontextPage.fcontextPage(xml)) -+ self.add_page(loginsPage.loginsPage(xml)) -+ self.add_page(usersPage.usersPage(xml)) -+ self.add_page(portsPage.portsPage(xml)) -+ self.add_page(modulesPage.modulesPage(xml)) # modules -+ self.add_page(domainsPage.domainsPage(xml)) # domains -+ except ValueError, e: -+ self.error(e.message) -+ -+ xml.signal_connect("on_quit_activate", self.destroy) -+ xml.signal_connect("on_policy_activate", self.policy) -+ xml.signal_connect("on_logging_activate", self.logging) -+ xml.signal_connect("on_about_activate", self.on_about_activate) -+ -+ self.add_menu = xml.get_widget("add_menu_item") -+ self.properties_menu = xml.get_widget("properties_menu_item") -+ self.delete_menu = xml.get_widget("delete_menu_item") -+ -+ def error(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, -+ gtk.BUTTONS_CLOSE, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def add_page(self, page): -+ self.tabs.append(page) -+ -+ def policy(self, args): -+ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/semanagegui.py") -+ def logging(self, args): -+ os.spawnl(os.P_NOWAIT, "/usr/bin/seaudit") -+ -+ def delete(self, args): -+ self.tabs[self.notebook.get_current_page()].deleteDialog() -+ -+ def add(self, args): -+ self.tabs[self.notebook.get_current_page()].addDialog() -+ -+ def properties(self, args): -+ self.tabs[self.notebook.get_current_page()].propertiesDialog() -+ -+ def on_local_clicked(self, button): -+ self.tabs[self.notebook.get_current_page()].on_local_clicked(button) -+ -+ def on_about_activate(self, args): -+ dlg = xml.get_widget ("aboutWindow") -+ dlg.run () -+ dlg.hide () -+ -+ def destroy(self, args): -+ gtk.main_quit() -+ -+ def use_menus(self, use_menus): -+ self.add_menu.set_sensitive(use_menus) -+ self.properties_menu.set_sensitive(use_menus) -+ self.delete_menu.set_sensitive(use_menus) -+ -+ def itemSelected(self, selection): -+ store, rows = selection.get_selected_rows() -+ if store != None and len(rows) > 0: -+ self.notebook.set_current_page(rows[0][0]) -+ self.use_menus(self.tabs[rows[0][0]].use_menus()) -+ else: -+ self.notebook.set_current_page(0) -+ self.use_menus(self.tabs[0].use_menus()) -+ -+ -+ def setupScreen(self): -+ # Bring in widgets from glade file. -+ self.mainWindow = self.xml.get_widget("mainWindow") -+ self.notebook = self.xml.get_widget("notebook") -+ self.view = self.xml.get_widget("selectView") -+ self.view.get_selection().connect("changed", self.itemSelected) -+ self.store = gtk.ListStore(gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ for page in self.tabs: -+ iter = self.store.append() -+ self.store.set_value(iter, 0, page.get_description()) -+ self.view.get_selection().select_path ((0,)) -+ -+ def stand_alone(self): -+ desktopName = _("Configue SELinux") -+ -+ self.setupScreen() -+ -+ self.mainWindow.connect("destroy", self.destroy) -+ -+ self.mainWindow.show_all() -+ gtk.main() -+ -+if __name__ == "__main__": -+ signal.signal (signal.SIGINT, signal.SIG_DFL) -+ -+ app = childWindow() -+ app.stand_alone() -diff -up policycoreutils-2.1.11/gui/templates/boolean.py.gui policycoreutils-2.1.11/gui/templates/boolean.py ---- policycoreutils-2.1.11/gui/templates/boolean.py.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/templates/boolean.py 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,40 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### boolean Template File ########################### -+ -+te_boolean=""" -+## -+##

-+## DESCRIPTION -+##

-+## -+gen_tunable(BOOLEAN, false) -+""" -+ -+te_rules=""" -+tunable_policy(`BOOLEAN',` -+#TRUE -+',` -+#FALSE -+') -+""" -+ -diff -up policycoreutils-2.1.11/gui/templates/etc_rw.py.gui policycoreutils-2.1.11/gui/templates/etc_rw.py ---- policycoreutils-2.1.11/gui/templates/etc_rw.py.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/templates/etc_rw.py 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,112 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### etc_rw Template File ############################# -+ -+########################### Type Enforcement File ############################# -+te_types=""" -+type TEMPLATETYPE_etc_rw_t; -+files_type(TEMPLATETYPE_etc_rw_t) -+""" -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) -+files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file }) -+""" -+ -+########################### Interface File ############################# -+if_rules=""" -+######################################## -+## -+## Search TEMPLATETYPE conf directories. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_search_conf',` -+ gen_require(` -+ type TEMPLATETYPE_etc_rw_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_etc_rw_t:dir search_dir_perms; -+ files_search_etc($1) -+') -+ -+######################################## -+## -+## Read TEMPLATETYPE conf files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_conf_files',` -+ gen_require(` -+ type TEMPLATETYPE_etc_rw_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms; -+ allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms; -+ files_search_etc($1) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE conf files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_conf_files',` -+ gen_require(` -+ type TEMPLATETYPE_etc_rw_t; -+ ') -+ -+ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) -+ files_search_etc($1) -+') -+ -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_etc_rw_t;""" -+ -+if_admin_rules=""" -+ files_search_etc($1) -+ admin_pattern($1, TEMPLATETYPE_etc_rw_t) -+""" -+ -+########################### File Context ################################## -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) -+""" -+ -+fc_dir="""\ -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/executable.py.gui policycoreutils-2.1.11/gui/templates/executable.py ---- policycoreutils-2.1.11/gui/templates/executable.py.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/templates/executable.py 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,445 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### Type Enforcement File ############################# -+te_daemon_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+type TEMPLATETYPE_t; -+type TEMPLATETYPE_exec_t; -+init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -+ -+permissive TEMPLATETYPE_t; -+""" -+ -+te_initscript_types=""" -+type TEMPLATETYPE_initrc_exec_t; -+init_script_file(TEMPLATETYPE_initrc_exec_t) -+""" -+ -+te_dbusd_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+type TEMPLATETYPE_t; -+type TEMPLATETYPE_exec_t; -+dbus_system_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -+ -+permissive TEMPLATETYPE_t; -+""" -+ -+te_inetd_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+type TEMPLATETYPE_t; -+type TEMPLATETYPE_exec_t; -+inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -+ -+permissive TEMPLATETYPE_t; -+""" -+ -+te_userapp_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+type TEMPLATETYPE_t; -+type TEMPLATETYPE_exec_t; -+application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -+role system_r types TEMPLATETYPE_t; -+ -+permissive TEMPLATETYPE_t; -+""" -+ -+te_sandbox_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+sandbox_x_domain_template(TEMPLATETYPE) -+ -+permissive TEMPLATETYPE_t; -+permissive TEMPLATETYPE_client_t; -+ -+""" -+ -+te_cgi_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+apache_content_template(TEMPLATETYPE) -+ -+permissive httpd_TEMPLATETYPE_script_t; -+""" -+ -+te_daemon_rules="""\ -+allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms; -+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; -+""" -+ -+te_inetd_rules=""" -+""" -+ -+te_dbusd_rules=""" -+""" -+ -+te_userapp_rules=""" -+allow TEMPLATETYPE_t self:fifo_file manage_fifo_file_perms; -+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; -+""" -+ -+te_cgi_rules=""" -+""" -+ -+te_sandbox_rules=""" -+""" -+ -+te_uid_rules=""" -+auth_use_nsswitch(TEMPLATETYPE_t) -+""" -+ -+te_syslog_rules=""" -+logging_send_syslog_msg(TEMPLATETYPE_t) -+""" -+ -+te_resolve_rules=""" -+sysnet_dns_name_resolve(TEMPLATETYPE_t) -+""" -+ -+te_pam_rules=""" -+auth_domtrans_chk_passwd(TEMPLATETYPE_t) -+""" -+ -+te_mail_rules=""" -+mta_send_mail(TEMPLATETYPE_t) -+""" -+ -+te_dbus_rules=""" -+optional_policy(` -+ dbus_system_bus_client(TEMPLATETYPE_t) -+ dbus_connect_system_bus(TEMPLATETYPE_t) -+') -+""" -+ -+te_kerberos_rules=""" -+optional_policy(` -+ kerberos_use(TEMPLATETYPE_t) -+') -+""" -+ -+te_manage_krb5_rcache_rules=""" -+optional_policy(` -+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) -+ kerberos_manage_host_rcache(TEMPLATETYPE_t) -+') -+""" -+ -+te_audit_rules=""" -+logging_send_audit_msgs(TEMPLATETYPE_t) -+""" -+ -+te_run_rules=""" -+optional_policy(` -+ gen_require(` -+ type USER_t; -+ role USER_r; -+ ') -+ -+ TEMPLATETYPE_run(USER_t, USER_r) -+') -+""" -+ -+te_fd_rules=""" -+domain_use_interactive_fds(TEMPLATETYPE_t) -+""" -+ -+te_etc_rules=""" -+files_read_etc_files(TEMPLATETYPE_t) -+""" -+ -+te_localization_rules=""" -+miscfiles_read_localization(TEMPLATETYPE_t) -+""" -+ -+########################### Interface File ############################# -+ -+if_heading_rules=""" -+## policy for TEMPLATETYPE""" -+ -+if_program_rules=""" -+ -+######################################## -+## -+## Transition to TEMPLATETYPE. -+## -+## -+## -+## Domain allowed to transition. -+## -+## -+# -+interface(`TEMPLATETYPE_domtrans',` -+ gen_require(` -+ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; -+ ') -+ -+ corecmd_search_bin($1) -+ domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t) -+') -+""" -+ -+if_user_program_rules=""" -+######################################## -+## -+## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and -+## allow the specified role the TEMPLATETYPE domain. -+## -+## -+## -+## Domain allowed to transition -+## -+## -+## -+## -+## The role to be allowed the TEMPLATETYPE domain. -+## -+## -+# -+interface(`TEMPLATETYPE_run',` -+ gen_require(` -+ type TEMPLATETYPE_t; -+ ') -+ -+ TEMPLATETYPE_domtrans($1) -+ role $2 types TEMPLATETYPE_t; -+') -+ -+######################################## -+## -+## Role access for TEMPLATETYPE -+## -+## -+## -+## Role allowed access -+## -+## -+## -+## -+## User domain for the role -+## -+## -+# -+interface(`TEMPLATETYPE_role',` -+ gen_require(` -+ type TEMPLATETYPE_t; -+ ') -+ -+ role $1 types TEMPLATETYPE_t; -+ -+ TEMPLATETYPE_domtrans($2) -+ -+ ps_process_pattern($2, TEMPLATETYPE_t) -+ allow $2 TEMPLATETYPE_t:process signal; -+') -+""" -+ -+if_sandbox_rules=""" -+######################################## -+## -+## Execute sandbox in the TEMPLATETYPE_t domain, and -+## allow the specified role the TEMPLATETYPE_t domain. -+## -+## -+## -+## Domain allowed to transition. -+## -+## -+## -+## -+## The role to be allowed the TEMPLATETYPE_t domain. -+## -+## -+# -+interface(`TEMPLATETYPE_transition',` -+ gen_require(` -+ type TEMPLATETYPE_t; -+ type TEMPLATETYPE_client_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_t:process { signal_perms transition }; -+ dontaudit $1 TEMPLATETYPE_t:process { noatsecure siginh rlimitinh }; -+ role $2 types TEMPLATETYPE_t; -+ role $2 types TEMPLATETYPE_client_t; -+ -+ allow TEMPLATETYPE_t $1:process { sigchld signull }; -+ allow TEMPLATETYPE_t $1:fifo_file rw_inherited_fifo_file_perms; -+ allow TEMPLATETYPE_client_t $1:process { sigchld signull }; -+ allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms; -+') -+""" -+ -+if_role_change_rules=""" -+######################################## -+## -+## Change to the TEMPLATETYPE role. -+## -+## -+## -+## Role allowed access. -+## -+## -+## -+# -+interface(`TEMPLATETYPE_role_change',` -+ gen_require(` -+ role TEMPLATETYPE_r; -+ ') -+ -+ allow $1 TEMPLATETYPE_r; -+') -+""" -+ -+if_initscript_rules=""" -+######################################## -+## -+## Execute TEMPLATETYPE server in the TEMPLATETYPE domain. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_initrc_domtrans',` -+ gen_require(` -+ type TEMPLATETYPE_initrc_exec_t; -+ ') -+ -+ init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t) -+') -+""" -+ -+if_dbus_rules=""" -+######################################## -+## -+## Send and receive messages from -+## TEMPLATETYPE over dbus. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_dbus_chat',` -+ gen_require(` -+ type TEMPLATETYPE_t; -+ class dbus send_msg; -+ ') -+ -+ allow $1 TEMPLATETYPE_t:dbus send_msg; -+ allow TEMPLATETYPE_t $1:dbus send_msg; -+') -+""" -+ -+if_begin_admin=""" -+######################################## -+## -+## All of the rules required to administrate -+## an TEMPLATETYPE environment -+## -+## -+## -+## Domain allowed access. -+## -+## -+## -+## -+## Role allowed access. -+## -+## -+## -+# -+interface(`TEMPLATETYPE_admin',` -+ gen_require(` -+ type TEMPLATETYPE_t;""" -+ -+if_middle_admin=""" -+ ') -+ -+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms }; -+ ps_process_pattern($1, TEMPLATETYPE_t) -+""" -+ -+if_initscript_admin_types=""" -+ type TEMPLATETYPE_initrc_exec_t;""" -+ -+if_initscript_admin=""" -+ TEMPLATETYPE_initrc_domtrans($1) -+ domain_system_change_exemption($1) -+ role_transition $2 TEMPLATETYPE_initrc_exec_t system_r; -+ allow $2 system_r; -+""" -+ -+if_end_admin="""\ -+ optional_policy(` -+ systemd_passwd_agent_exec($1) -+ systemd_read_fifo_file_passwd_run($1) -+ ') -+') -+""" -+ -+########################### File Context ################################## -+fc_program="""\ -+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0) -+""" -+ -+fc_user="""\ -+# Users do not have file context, leave blank -+""" -+ -+fc_initscript="""\ -+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/__init__.py.gui policycoreutils-2.1.11/gui/templates/__init__.py ---- policycoreutils-2.1.11/gui/templates/__init__.py.gui 2012-04-05 10:13:37.913837254 -0400 -+++ policycoreutils-2.1.11/gui/templates/__init__.py 2012-04-05 10:13:37.913837254 -0400 -@@ -0,0 +1,18 @@ -+# -+# Copyright (C) 2007-2012 Red Hat -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+ -diff -up policycoreutils-2.1.11/gui/templates/network.py.gui policycoreutils-2.1.11/gui/templates/network.py ---- policycoreutils-2.1.11/gui/templates/network.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/network.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,102 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### Type Enforcement File ############################# -+te_port_types=""" -+type TEMPLATETYPE_port_t; -+corenet_port(TEMPLATETYPE_port_t) -+""" -+ -+te_network="""\ -+sysnet_dns_name_resolve(TEMPLATETYPE_t) -+corenet_all_recvfrom_unlabeled(TEMPLATETYPE_t) -+""" -+ -+te_tcp="""\ -+allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms; -+corenet_tcp_sendrecv_generic_if(TEMPLATETYPE_t) -+corenet_tcp_sendrecv_generic_node(TEMPLATETYPE_t) -+corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_tcp="""\ -+corenet_tcp_bind_generic_node(TEMPLATETYPE_t) -+""" -+ -+te_in_need_port_tcp="""\ -+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_bind; -+""" -+ -+te_out_need_port_tcp="""\ -+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_connect; -+""" -+ -+te_udp="""\ -+allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen }; -+corenet_udp_sendrecv_generic_if(TEMPLATETYPE_t) -+corenet_udp_sendrecv_generic_node(TEMPLATETYPE_t) -+corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_udp="""\ -+corenet_udp_bind_generic_node(TEMPLATETYPE_t) -+""" -+ -+te_in_need_port_udp="""\ -+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind; -+""" -+ -+te_out_all_ports_tcp="""\ -+corenet_tcp_connect_all_ports(TEMPLATETYPE_t) -+""" -+ -+te_out_reserved_ports_tcp="""\ -+corenet_tcp_connect_all_rpc_ports(TEMPLATETYPE_t) -+""" -+ -+te_out_unreserved_ports_tcp="""\ -+corenet_tcp_connect_all_unreserved_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_all_ports_tcp="""\ -+corenet_tcp_bind_all_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_reserved_ports_tcp="""\ -+corenet_tcp_bind_all_rpc_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_unreserved_ports_tcp="""\ -+corenet_tcp_bind_all_unreserved_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_all_ports_udp="""\ -+corenet_udp_bind_all_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_reserved_ports_udp="""\ -+corenet_udp_bind_all_rpc_ports(TEMPLATETYPE_t) -+""" -+ -+te_in_unreserved_ports_udp="""\ -+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) -+""" -+ -diff -up policycoreutils-2.1.11/gui/templates/rw.py.gui policycoreutils-2.1.11/gui/templates/rw.py ---- policycoreutils-2.1.11/gui/templates/rw.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/rw.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,129 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+ -+########################### tmp Template File ############################# -+te_types=""" -+type TEMPLATETYPE_rw_t; -+files_type(TEMPLATETYPE_rw_t) -+""" -+ -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -+""" -+ -+########################### Interface File ############################# -+if_rules=""" -+######################################## -+## -+## Search TEMPLATETYPE rw directories. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_search_rw_dir',` -+ gen_require(` -+ type TEMPLATETYPE_rw_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms; -+ files_search_rw($1) -+') -+ -+######################################## -+## -+## Read TEMPLATETYPE rw files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_rw_files',` -+ gen_require(` -+ type TEMPLATETYPE_rw_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_rw_t:file read_file_perms; -+ allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; -+ files_search_rw($1) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE rw files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_rw_files',` -+ gen_require(` -+ type TEMPLATETYPE_rw_t; -+ ') -+ -+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -+') -+ -+######################################## -+## -+## Create, read, write, and delete -+## TEMPLATETYPE rw dirs. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_rw_dirs',` -+ gen_require(` -+ type TEMPLATETYPE_rw_t; -+ ') -+ -+ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -+') -+ -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_rw_t;""" -+ -+if_admin_rules=""" -+ files_search_etc($1) -+ admin_pattern($1, TEMPLATETYPE_rw_t) -+""" -+ -+########################### File Context ################################## -+fc_file=""" -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) -+""" -+ -+fc_dir=""" -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/script.py.gui policycoreutils-2.1.11/gui/templates/script.py ---- policycoreutils-2.1.11/gui/templates/script.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/script.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,126 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+ -+########################### tmp Template File ############################# -+compile="""\ -+#!/bin/sh -e -+ -+DIRNAME=`dirname $0` -+cd $DIRNAME -+USAGE="$0 [ --update ]" -+if [ `id -u` != 0 ]; then -+echo 'You must be root to run this script' -+exit 1 -+fi -+ -+if [ $# -eq 1 ]; then -+ if [ "$1" = "--update" ] ; then -+ time=`ls -l --time-style="+%x %X" TEMPLATEFILE.te | awk '{ printf "%s %s", $6, $7 }'` -+ rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE` -+ if [ x"$rules" != "x" ] ; then -+ echo "Found avc's to update policy with" -+ echo -e "$rules" | audit2allow -R -+ echo "Do you want these changes added to policy [y/n]?" -+ read ANS -+ if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then -+ echo "Updating policy" -+ echo -e "$rules" | audit2allow -R >> TEMPLATEFILE.te -+ # Fall though and rebuild policy -+ else -+ exit 0 -+ fi -+ else -+ echo "No new avcs found" -+ exit 0 -+ fi -+ else -+ echo -e $USAGE -+ exit 1 -+ fi -+elif [ $# -ge 2 ] ; then -+ echo -e $USAGE -+ exit 1 -+fi -+ -+echo "Building and Loading Policy" -+set -x -+make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit -+/usr/sbin/semodule -i TEMPLATEFILE.pp -+ -+""" -+ -+restorecon="""\ -+# Fixing the file context on FILENAME -+/sbin/restorecon -F -R -v FILENAME -+""" -+ -+tcp_ports="""\ -+# Adding SELinux tcp port to port PORTNUM -+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM -+""" -+ -+udp_ports="""\ -+# Adding SELinux udp port to port PORTNUM -+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM -+""" -+ -+users="""\ -+# Adding SELinux user TEMPLATETYPE_u -+/usr/sbin/semanage user -a -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u -+""" -+ -+eusers="""\ -+# Adding roles to SELinux user TEMPLATETYPE_u -+/usr/sbin/semanage user -m -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u -+""" -+ -+admin_trans="""\ -+# Adding roles to SELinux user USER -+/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER -+""" -+ -+min_login_user_default_context="""\ -+if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then -+cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF -+TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t -+_EOF -+fi -+""" -+ -+x_login_user_default_context="""\ -+if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then -+cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF -+TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t -+_EOF -+fi -+""" -diff -up policycoreutils-2.1.11/gui/templates/semodule.py.gui policycoreutils-2.1.11/gui/templates/semodule.py ---- policycoreutils-2.1.11/gui/templates/semodule.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/semodule.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,41 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+ -+########################### tmp Template File ############################# -+compile=""" -+#!/bin/sh -+make -f /usr/share/selinux/devel/Makefile -+semodule -i TEMPLATETYPE.pp -+""" -+ -+restorecon=""" -+restorecon -R -v FILENAME -+""" -+ -+tcp_ports=""" -+semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM -+""" -+ -+udp_ports=""" -+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM -+""" -+ -diff -up policycoreutils-2.1.11/gui/templates/tmp.py.gui policycoreutils-2.1.11/gui/templates/tmp.py ---- policycoreutils-2.1.11/gui/templates/tmp.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/tmp.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,102 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### tmp Template File ############################# -+ -+te_types=""" -+type TEMPLATETYPE_tmp_t; -+files_tmp_file(TEMPLATETYPE_tmp_t) -+""" -+ -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file }) -+""" -+ -+if_rules=""" -+######################################## -+## -+## Do not audit attempts to read, -+## TEMPLATETYPE tmp files -+## -+## -+## -+## Domain to not audit. -+## -+## -+# -+interface(`TEMPLATETYPE_dontaudit_read_tmp_files',` -+ gen_require(` -+ type TEMPLATETYPE_tmp_t; -+ ') -+ -+ dontaudit $1 TEMPLATETYPE_tmp_t:file read_file_perms; -+') -+ -+######################################## -+## -+## Read TEMPLATETYPE tmp files -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_tmp_files',` -+ gen_require(` -+ type TEMPLATETYPE_tmp_t; -+ ') -+ -+ files_search_tmp($1) -+ allow $1 TEMPLATETYPE_tmp_t:file read_file_perms; -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE tmp files -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_tmp',` -+ gen_require(` -+ type TEMPLATETYPE_tmp_t; -+ ') -+ -+ files_search_tmp($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+') -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_tmp_t;""" -+ -+if_admin_rules=""" -+ files_search_tmp($1) -+ admin_pattern($1, TEMPLATETYPE_tmp_t) -+""" -diff -up policycoreutils-2.1.11/gui/templates/unit_file.py.gui policycoreutils-2.1.11/gui/templates/unit_file.py ---- policycoreutils-2.1.11/gui/templates/unit_file.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/unit_file.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,72 @@ -+# Copyright (C) 2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### unit Template File ############################# -+ -+########################### Type Enforcement File ############################# -+te_types=""" -+type TEMPLATETYPE_unit_file_t; -+systemd_unit_file(TEMPLATETYPE_unit_file_t) -+""" -+ -+te_rules="" -+ -+########################### Interface File ############################# -+if_rules="""\ -+######################################## -+## -+## Execute TEMPLATETYPE server in the TEMPLATETYPE domain. -+## -+## -+## -+## Domain allowed to transition. -+## -+## -+# -+interface(`TEMPLATETYPE_systemctl',` -+ gen_require(` -+ type TEMPLATETYPE_t; -+ type TEMPLATETYPE_unit_file_t; -+ ') -+ -+ systemd_exec_systemctl($1) -+ systemd_read_fifo_file_password_run($1) -+ allow $1 TEMPLATETYPE_unit_file_t:file read_file_perms; -+ allow $1 TEMPLATETYPE_unit_file_t:service manage_service_perms; -+ -+ ps_process_pattern($1, TEMPLATETYPE_t) -+') -+ -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_unit_file_t;""" -+ -+if_admin_rules=""" -+ TEMPLATETYPE_systemctl($1) -+ admin_pattern($1, TEMPLATETYPE_unit_file_t) -+ allow $1 TEMPLATETYPE_unit_file_t:service all_service_perms; -+""" -+ -+########################### File Context ################################## -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_unit_file_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/user.py.gui policycoreutils-2.1.11/gui/templates/user.py ---- policycoreutils-2.1.11/gui/templates/user.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/user.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,204 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### Type Enforcement File ############################# -+ -+te_login_user_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+userdom_unpriv_user_template(TEMPLATETYPE) -+""" -+ -+te_admin_user_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+userdom_admin_user_template(TEMPLATETYPE) -+""" -+ -+te_min_login_user_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+userdom_restricted_user_template(TEMPLATETYPE) -+""" -+ -+te_x_login_user_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+userdom_restricted_xwindows_user_template(TEMPLATETYPE) -+""" -+ -+te_existing_user_types="""\ -+policy_module(myTEMPLATETYPE, 1.0.0) -+ -+gen_require(` -+ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; -+ role TEMPLATETYPE_r; -+') -+ -+""" -+ -+te_root_user_types="""\ -+policy_module(TEMPLATETYPE, 1.0.0) -+ -+######################################## -+# -+# Declarations -+# -+ -+userdom_base_user_template(TEMPLATETYPE) -+""" -+ -+te_login_user_rules="""\ -+ -+######################################## -+# -+# TEMPLATETYPE local policy -+# -+ -+""" -+ -+te_existing_user_rules="""\ -+ -+######################################## -+# -+# TEMPLATETYPE customized policy -+# -+ -+""" -+ -+te_x_login_user_rules="""\ -+ -+######################################## -+# -+# TEMPLATETYPE local policy -+# -+""" -+ -+te_root_user_rules="""\ -+ -+######################################## -+# -+# TEMPLATETYPE local policy -+# -+""" -+ -+te_transition_rules=""" -+optional_policy(` -+ APPLICATION_role(TEMPLATETYPE_r, TEMPLATETYPE_t) -+') -+""" -+ -+te_user_trans_rules=""" -+optional_policy(` -+ gen_require(` -+ role USER_r; -+ ') -+ -+ TEMPLATETYPE_role_change(USER_r) -+') -+""" -+ -+te_admin_rules=""" -+allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice }; -+files_dontaudit_search_all_dirs(TEMPLATETYPE_t) -+ -+selinux_get_enforce_mode(TEMPLATETYPE_t) -+seutil_domtrans_setfiles(TEMPLATETYPE_t) -+seutil_search_default_contexts(TEMPLATETYPE_t) -+ -+logging_send_syslog_msg(TEMPLATETYPE_t) -+ -+kernel_read_system_state(TEMPLATETYPE_t) -+ -+domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t) -+domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t) -+ -+userdom_dontaudit_search_admin_dir(TEMPLATETYPE_t) -+userdom_dontaudit_search_user_home_dirs(TEMPLATETYPE_t) -+ -+bool TEMPLATETYPE_read_user_files false; -+bool TEMPLATETYPE_manage_user_files false; -+ -+if (TEMPLATETYPE_read_user_files) { -+ userdom_read_user_home_content_files(TEMPLATETYPE_t) -+ userdom_read_user_tmp_files(TEMPLATETYPE_t) -+} -+ -+if (TEMPLATETYPE_manage_user_files) { -+ userdom_manage_user_home_content(TEMPLATETYPE_t) -+ userdom_manage_user_tmp_files(TEMPLATETYPE_t) -+} -+ -+""" -+ -+te_admin_trans_rules=""" -+gen_require(` -+ role USER_r; -+') -+ -+allow USER_r TEMPLATETYPE_r; -+""" -+ -+te_admin_domain_rules=""" -+optional_policy(` -+ APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r) -+') -+""" -+ -+te_roles_rules=""" -+optional_policy(` -+ gen_require(` -+ role ROLE_r; -+ ') -+ -+ allow TEMPLATETYPE_r ROLE_r; -+') -+""" -+ -+te_sudo_rules=""" -+optional_policy(` -+ sudo_role_template(TEMPLATETYPE, TEMPLATETYPE_r, TEMPLATETYPE_t) -+') -+""" -+ -+te_newrole_rules=""" -+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r) -+""" -diff -up policycoreutils-2.1.11/gui/templates/var_cache.py.gui policycoreutils-2.1.11/gui/templates/var_cache.py ---- policycoreutils-2.1.11/gui/templates/var_cache.py.gui 2012-04-05 10:13:37.914837256 -0400 -+++ policycoreutils-2.1.11/gui/templates/var_cache.py 2012-04-05 10:13:37.914837256 -0400 -@@ -0,0 +1,132 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### cache Template File ############################# -+ -+########################### Type Enforcement File ############################# -+te_types=""" -+type TEMPLATETYPE_cache_t; -+files_type(TEMPLATETYPE_cache_t) -+""" -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -+files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, { dir file }) -+""" -+ -+########################### Interface File ############################# -+if_rules=""" -+######################################## -+## -+## Search TEMPLATETYPE cache directories. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_search_cache',` -+ gen_require(` -+ type TEMPLATETYPE_cache_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_cache_t:dir search_dir_perms; -+ files_search_var($1) -+') -+ -+######################################## -+## -+## Read TEMPLATETYPE cache files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_cache_files',` -+ gen_require(` -+ type TEMPLATETYPE_cache_t; -+ ') -+ -+ files_search_var($1) -+ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t) -+') -+ -+######################################## -+## -+## Create, read, write, and delete -+## TEMPLATETYPE cache files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_cache_files',` -+ gen_require(` -+ type TEMPLATETYPE_cache_t; -+ ') -+ -+ files_search_var($1) -+ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE cache dirs. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_cache_dirs',` -+ gen_require(` -+ type TEMPLATETYPE_cache_t; -+ ') -+ -+ files_search_var($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -+') -+ -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_cache_t;""" -+ -+if_admin_rules=""" -+ files_search_var($1) -+ admin_pattern($1, TEMPLATETYPE_cache_t) -+""" -+ -+########################### File Context ################################## -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) -+""" -+ -+fc_dir="""\ -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/var_lib.py.gui policycoreutils-2.1.11/gui/templates/var_lib.py ---- policycoreutils-2.1.11/gui/templates/var_lib.py.gui 2012-04-05 10:13:37.915837258 -0400 -+++ policycoreutils-2.1.11/gui/templates/var_lib.py 2012-04-05 10:13:37.915837258 -0400 -@@ -0,0 +1,160 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### var_lib Template File ############################# -+ -+########################### Type Enforcement File ############################# -+te_types=""" -+type TEMPLATETYPE_var_lib_t; -+files_type(TEMPLATETYPE_var_lib_t) -+""" -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file }) -+""" -+ -+te_stream_rules="""\ -+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_sock_file_perms; -+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file) -+""" -+ -+ -+########################### Interface File ############################# -+if_rules=""" -+######################################## -+## -+## Search TEMPLATETYPE lib directories. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_search_lib',` -+ gen_require(` -+ type TEMPLATETYPE_var_lib_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms; -+ files_search_var_lib($1) -+') -+ -+######################################## -+## -+## Read TEMPLATETYPE lib files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_lib_files',` -+ gen_require(` -+ type TEMPLATETYPE_var_lib_t; -+ ') -+ -+ files_search_var_lib($1) -+ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE lib files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_lib_files',` -+ gen_require(` -+ type TEMPLATETYPE_var_lib_t; -+ ') -+ -+ files_search_var_lib($1) -+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE lib directories. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_lib_dirs',` -+ gen_require(` -+ type TEMPLATETYPE_var_lib_t; -+ ') -+ -+ files_search_var_lib($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+') -+ -+""" -+ -+if_stream_rules=""" -+######################################## -+## -+## Connect to TEMPLATETYPE over a unix stream socket. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_stream_connect',` -+ gen_require(` -+ type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t; -+ ') -+ -+ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+') -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_var_lib_t;""" -+ -+if_admin_rules=""" -+ files_search_var_lib($1) -+ admin_pattern($1, TEMPLATETYPE_var_lib_t) -+""" -+ -+########################### File Context ################################## -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) -+""" -+ -+fc_sock_file="""\ -+FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) -+""" -+ -+fc_dir="""\ -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/var_log.py.gui policycoreutils-2.1.11/gui/templates/var_log.py ---- policycoreutils-2.1.11/gui/templates/var_log.py.gui 2012-04-05 10:13:37.915837258 -0400 -+++ policycoreutils-2.1.11/gui/templates/var_log.py 2012-04-05 10:13:37.915837258 -0400 -@@ -0,0 +1,114 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### var_log Template File ############################# -+ -+########################### Type Enforcement File ############################# -+te_types=""" -+type TEMPLATETYPE_log_t; -+logging_log_file(TEMPLATETYPE_log_t) -+""" -+ -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file }) -+""" -+ -+########################### Interface File ############################# -+if_rules="""\ -+######################################## -+## -+## Read TEMPLATETYPE's log files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+## -+# -+interface(`TEMPLATETYPE_read_log',` -+ gen_require(` -+ type TEMPLATETYPE_log_t; -+ ') -+ -+ logging_search_logs($1) -+ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+') -+ -+######################################## -+## -+## Append to TEMPLATETYPE log files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_append_log',` -+ gen_require(` -+ type TEMPLATETYPE_log_t; -+ ') -+ -+ logging_search_logs($1) -+ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE log files -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_log',` -+ gen_require(` -+ type TEMPLATETYPE_log_t; -+ ') -+ -+ logging_search_logs($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+') -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_log_t;""" -+ -+if_admin_rules=""" -+ logging_search_logs($1) -+ admin_pattern($1, TEMPLATETYPE_log_t) -+""" -+ -+########################### File Context ################################## -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) -+""" -+ -+fc_dir="""\ -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/var_run.py.gui policycoreutils-2.1.11/gui/templates/var_run.py ---- policycoreutils-2.1.11/gui/templates/var_run.py.gui 2012-04-05 10:13:37.915837258 -0400 -+++ policycoreutils-2.1.11/gui/templates/var_run.py 2012-04-05 10:13:37.915837258 -0400 -@@ -0,0 +1,101 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### var_run Template File ############################# -+ -+te_types=""" -+type TEMPLATETYPE_var_run_t; -+files_pid_file(TEMPLATETYPE_var_run_t) -+""" -+ -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) -+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file }) -+""" -+ -+te_stream_rules=""" -+allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_sock_file_perms; -+files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file) -+""" -+ -+if_rules="""\ -+######################################## -+## -+## Read TEMPLATETYPE PID files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_pid_files',` -+ gen_require(` -+ type TEMPLATETYPE_var_run_t; -+ ') -+ -+ files_search_pids($1) -+ allow $1 TEMPLATETYPE_var_run_t:file read_file_perms; -+') -+ -+""" -+ -+if_stream_rules="""\ -+######################################## -+## -+## Connect to TEMPLATETYPE over a unix stream socket. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_stream_connect',` -+ gen_require(` -+ type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t; -+ ') -+ -+ files_search_pids($1) -+ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t) -+') -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_var_run_t;""" -+ -+if_admin_rules=""" -+ files_search_pids($1) -+ admin_pattern($1, TEMPLATETYPE_var_run_t) -+""" -+ -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) -+""" -+ -+fc_sock_file="""\ -+FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) -+""" -+ -+fc_dir="""\ -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/templates/var_spool.py.gui policycoreutils-2.1.11/gui/templates/var_spool.py ---- policycoreutils-2.1.11/gui/templates/var_spool.py.gui 2012-04-05 10:13:37.915837258 -0400 -+++ policycoreutils-2.1.11/gui/templates/var_spool.py 2012-04-05 10:13:37.915837258 -0400 -@@ -0,0 +1,131 @@ -+# Copyright (C) 2007-2012 Red Hat -+# see file 'COPYING' for use and warranty information -+# -+# policygentool is a tool for the initial generation of SELinux policy -+# -+# This program is free software; you can redistribute it and/or -+# modify it under the terms of the GNU General Public License as -+# published by the Free Software Foundation; either version 2 of -+# the License, or (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -+# 02111-1307 USA -+# -+# -+########################### var_spool Template File ############################# -+ -+########################### Type Enforcement File ############################# -+te_types=""" -+type TEMPLATETYPE_spool_t; -+files_type(TEMPLATETYPE_spool_t) -+""" -+te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -+files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file }) -+""" -+ -+########################### Interface File ############################# -+if_rules=""" -+######################################## -+## -+## Search TEMPLATETYPE spool directories. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_search_spool',` -+ gen_require(` -+ type TEMPLATETYPE_spool_t; -+ ') -+ -+ allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms; -+ files_search_spool($1) -+') -+ -+######################################## -+## -+## Read TEMPLATETYPE spool files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_read_spool_files',` -+ gen_require(` -+ type TEMPLATETYPE_spool_t; -+ ') -+ -+ files_search_spool($1) -+ read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE spool files. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_spool_files',` -+ gen_require(` -+ type TEMPLATETYPE_spool_t; -+ ') -+ -+ files_search_spool($1) -+ manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -+') -+ -+######################################## -+## -+## Manage TEMPLATETYPE spool dirs. -+## -+## -+## -+## Domain allowed access. -+## -+## -+# -+interface(`TEMPLATETYPE_manage_spool_dirs',` -+ gen_require(` -+ type TEMPLATETYPE_spool_t; -+ ') -+ -+ files_search_spool($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -+') -+ -+""" -+ -+if_admin_types=""" -+ type TEMPLATETYPE_spool_t;""" -+ -+if_admin_rules=""" -+ files_search_spool($1) -+ admin_pattern($1, TEMPLATETYPE_spool_t) -+""" -+ -+########################### File Context ################################## -+fc_file="""\ -+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) -+""" -+ -+fc_dir="""\ -+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) -+""" -diff -up policycoreutils-2.1.11/gui/usersPage.py.gui policycoreutils-2.1.11/gui/usersPage.py ---- policycoreutils-2.1.11/gui/usersPage.py.gui 2012-04-05 10:13:37.915837258 -0400 -+++ policycoreutils-2.1.11/gui/usersPage.py 2012-04-05 10:13:37.915837258 -0400 -@@ -0,0 +1,150 @@ -+## usersPage.py - show selinux mappings -+## Copyright (C) 2006,2007,2008 Red Hat, Inc. -+ -+## This program is free software; you can redistribute it and/or modify -+## it under the terms of the GNU General Public License as published by -+## the Free Software Foundation; either version 2 of the License, or -+## (at your option) any later version. -+ -+## This program is distributed in the hope that it will be useful, -+## but WITHOUT ANY WARRANTY; without even the implied warranty of -+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+## GNU General Public License for more details. -+ -+## You should have received a copy of the GNU General Public License -+## along with this program; if not, write to the Free Software -+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+## Author: Dan Walsh -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import sys -+import commands -+import seobject -+from semanagePage import *; -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1) -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+class usersPage(semanagePage): -+ def __init__(self, xml): -+ semanagePage.__init__(self, xml, "users", _("SELinux User")) -+ -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING) -+ self.view.set_model(self.store) -+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ -+ col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 0) -+ col.set_sort_column_id(0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 1) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ col = gtk.TreeViewColumn(_("SELinux Roles"), gtk.CellRendererText(), text = 2) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ -+ self.load() -+ self.selinuxUserEntry = xml.get_widget("selinuxUserEntry") -+ self.mlsRangeEntry = xml.get_widget("mlsRangeEntry") -+ self.selinuxRolesEntry = xml.get_widget("selinuxRolesEntry") -+ -+ def load(self, filter = ""): -+ self.filter=filter -+ self.user = seobject.seluserRecords() -+ dict = self.user.get_all() -+ keys = dict.keys() -+ keys.sort() -+ self.store.clear() -+ for k in keys: -+ range = seobject.translate(dict[k][2]) -+ if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter) or self.match(dict[k][3], filter)): -+ continue -+ -+ iter = self.store.append() -+ self.store.set_value(iter, 0, k) -+ self.store.set_value(iter, 1, range) -+ self.store.set_value(iter, 2, dict[k][3]) -+ self.view.get_selection().select_path ((0,)) -+ -+ def delete(self): -+ if semanagePage.delete(self) == gtk.RESPONSE_NO: -+ return None -+ -+ def dialogInit(self): -+ store, iter = self.view.get_selection().get_selected() -+ self.selinuxUserEntry.set_text(store.get_value(iter, 0)) -+ self.selinuxUserEntry.set_sensitive(False) -+ self.mlsRangeEntry.set_text(store.get_value(iter, 1)) -+ self.selinuxRolesEntry.set_text(store.get_value(iter, 2)) -+ -+ def dialogClear(self): -+ self.selinuxUserEntry.set_text("") -+ self.selinuxUserEntry.set_sensitive(True) -+ self.mlsRangeEntry.set_text("s0") -+ self.selinuxRolesEntry.set_text("") -+ -+ def add(self): -+ user = self.selinuxUserEntry.get_text() -+ range = self.mlsRangeEntry.get_text() -+ roles = self.selinuxRolesEntry.get_text() -+ -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage user -a -R '%s' -r %s %s" % (roles, range, user)) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ iter = self.store.append() -+ self.store.set_value(iter, 0, user) -+ self.store.set_value(iter, 1, range) -+ self.store.set_value(iter, 2, roles) -+ -+ def modify(self): -+ user = self.selinuxUserEntry.get_text() -+ range = self.mlsRangeEntry.get_text() -+ roles = self.selinuxRolesEntry.get_text() -+ -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage user -m -R '%s' -r %s %s" % (roles, range, user)) -+ self.ready() -+ -+ if rc != 0: -+ self.error(out) -+ return False -+ self.load(self.filter) -+ -+ def delete(self): -+ store, iter = self.view.get_selection().get_selected() -+ try: -+ user=store.get_value(iter, 0) -+ if user == "root" or user == "user_u": -+ raise ValueError(_("SELinux user '%s' is required") % user) -+ -+ self.wait() -+ (rc, out) = commands.getstatusoutput("semanage user -d %s" % user) -+ self.ready() -+ if rc != 0: -+ self.error(out) -+ return False -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ except ValueError, e: -+ self.error(e.args[0]) -+ diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 8a940b1..0a0451f 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,40 +1,42 @@ -diff --git a/policycoreutils/.gitignore b/policycoreutils/.gitignore -index 9e2d86b..50f8b82 100644 ---- a/policycoreutils/.gitignore -+++ b/policycoreutils/.gitignore -@@ -14,4 +14,3 @@ sestatus/sestatus - setfiles/restorecon - setfiles/setfiles - setsebool/setsebool --.tx -diff --git a/policycoreutils/.tx/config b/policycoreutils/.tx/config -new file mode 100644 -index 0000000..07643e9 ---- /dev/null -+++ b/policycoreutils/.tx/config -@@ -0,0 +1,8 @@ -+[main] -+host = https://www.transifex.net -+ -+[policycoreutils.policycoreutils] -+file_filter = po/.po -+source_file = po/policycoreutils.pot -+source_lang = en -+type = PO diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile -index 77d8c80..a65a53f 100644 +index 3980799..6624804 100644 --- a/policycoreutils/Makefile +++ b/policycoreutils/Makefile @@ -1,4 +1,4 @@ --SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui -+SUBDIRS = sepolicy setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui +-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui ++SUBDIRS = sepolicy setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) +diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile +index 88635d4..41d37b0 100644 +--- a/policycoreutils/audit2allow/Makefile ++++ b/policycoreutils/audit2allow/Makefile +@@ -10,9 +10,11 @@ all: ; + install: all + -mkdir -p $(BINDIR) + install -m 755 audit2allow $(BINDIR) ++ (cd $(BINDIR); ln audit2allow audit2why) + install -m 755 sepolgen-ifgen $(BINDIR) + -mkdir -p $(MANDIR)/man1 + install -m 644 audit2allow.1 $(MANDIR)/man1/ ++ install -m 644 audit2why.1 $(MANDIR)/man1/ + + clean: + rm -f *~ diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow -index 8e0c396..18467c6 100644 +index 8e0c396..9bd66f5 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow +@@ -18,7 +18,7 @@ + # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + # + +-import sys ++import sys, os + + import sepolgen.audit as audit + import sepolgen.policygen as policygen @@ -29,6 +29,8 @@ import sepolgen.defaults as defaults import sepolgen.module as module from sepolgen.sepolgeni18n import _ @@ -44,6 +46,23 @@ index 8e0c396..18467c6 100644 class AuditToPolicy: VERSION = "%prog .1" +@@ -80,8 +82,7 @@ class AuditToPolicy: + parser.add_option("--interface-info", dest="interface_info", help="file name of interface information") + parser.add_option("--debug", dest="debug", action="store_true", default=False, + help="leave generated modules for -M") +- +- parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False, ++ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0])=="audit2why"), + help="Translates SELinux audit messages into a description of why the access was denied") + + options, args = parser.parse_args() +diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1 +new file mode 100644 +index 0000000..a9e8893 +--- /dev/null ++++ b/policycoreutils/audit2allow/audit2why.1 +@@ -0,0 +1 @@ ++.so man1/audit2allow.1 diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen index ef4bec3..9b313ec 100644 --- a/policycoreutils/audit2allow/sepolgen-ifgen @@ -70,9840 +89,342 @@ index ef4bec3..9b313ec 100644 if not policy_path: sys.stderr.write("No installed policy to check\n") return None +diff --git a/policycoreutils/audit2why/Makefile b/policycoreutils/audit2why/Makefile +deleted file mode 100644 +index 63eb8b3..0000000 +--- a/policycoreutils/audit2why/Makefile ++++ /dev/null +@@ -1,18 +0,0 @@ +-# Installation directories. +-PREFIX ?= $(DESTDIR)/usr +-BINDIR ?= $(PREFIX)/bin +-MANDIR ?= $(PREFIX)/share/man +- +-TARGETS=audit2why +- +-all: $(TARGETS) +- +-install: all +- -mkdir -p $(BINDIR) +- install -m 755 $(TARGETS) $(BINDIR) +- -mkdir -p $(MANDIR)/man1 +- install -m 644 audit2why.1 $(MANDIR)/man1/ +- +-clean: +- +-relabel: +diff --git a/policycoreutils/audit2why/audit2why b/policycoreutils/audit2why/audit2why +deleted file mode 100644 +index 21a72aa..0000000 +--- a/policycoreutils/audit2why/audit2why ++++ /dev/null +@@ -1,2 +0,0 @@ +-#!/bin/sh +-/usr/bin/audit2allow -w $* +diff --git a/policycoreutils/audit2why/audit2why.1 b/policycoreutils/audit2why/audit2why.1 +deleted file mode 100644 +index a9e8893..0000000 +--- a/policycoreutils/audit2why/audit2why.1 ++++ /dev/null +@@ -1 +0,0 @@ +-.so man1/audit2allow.1 diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile -index 1464971..b5abbb9 100644 +index b5abbb9..1148b36 100644 --- a/policycoreutils/gui/Makefile +++ b/policycoreutils/gui/Makefile -@@ -18,17 +18,15 @@ statusPage.py \ +@@ -1,7 +1,10 @@ + # Installation directories. + PREFIX ?= ${DESTDIR}/usr ++SYSCONFDIR ?= ${DESTDIR}/etc + BINDIR ?= $(PREFIX)/bin + SHAREDIR ?= $(PREFIX)/share/system-config-selinux ++DATADIR ?= $(PREFIX)/share ++PAMDIR ?= $(SYSCONFDIR)/pam.d + + TARGETS= \ + booleansPage.py \ +@@ -16,6 +19,7 @@ portsPage.py \ + semanagePage.py \ + statusPage.py \ system-config-selinux.glade \ ++system-config-selinux.png \ usersPage.py --all: $(TARGETS) system-config-selinux.py polgengui.py templates polgen.py -+all: $(TARGETS) system-config-selinux.py polgengui.py - + all: $(TARGETS) system-config-selinux.py polgengui.py +@@ -23,10 +27,21 @@ all: $(TARGETS) system-config-selinux.py polgengui.py install: all -- -mkdir -p $(SHAREDIR)/templates -+ -mkdir -p $(SHAREDIR) + -mkdir -p $(SHAREDIR) -mkdir -p $(BINDIR) ++ -mkdir -p $(DATADIR)/pixmaps ++ -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps ++ -mkdir -p $(SYSCONFDIR) ++ -mkdir -p $(PAMDIR) ++ -mkdir -p $(SYSCONFDIR)/security/console.apps/system-config-selinux install -m 755 system-config-selinux.py $(SHAREDIR) install -m 755 polgengui.py $(SHAREDIR) -- install -m 755 polgen.py $(SHAREDIR) -- (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen) -+ install -m 755 sepolgen $(BINDIR) + install -m 755 sepolgen $(BINDIR) install -m 644 $(TARGETS) $(SHAREDIR) -- install -m 644 templates/*.py $(SHAREDIR)/templates/ ++ install -m 644 system-config-selinux.png $(DATADIR)/pixmaps ++ install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps ++ install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux ++ install -m 644 *.desktop $(DATADIR)/system-config-selinux ++ install -m 644 system-config-selinux.pam $(PAMDIR)/system-config-selinux ++ install -m 644 system-config-selinux.console $(SYSCONFDIR)/security/console.apps/system-config-selinux clean: -diff --git a/policycoreutils/gui/domainsPage.py b/policycoreutils/gui/domainsPage.py -index 03451b6..6af1e9a 100644 ---- a/policycoreutils/gui/domainsPage.py -+++ b/policycoreutils/gui/domainsPage.py -@@ -26,7 +26,7 @@ import sys - import seobject - import selinux - from semanagePage import *; --import polgen -+from sepolicy import get_all_entrypoint_domains - - ## - ## I18N -@@ -68,7 +68,7 @@ class domainsPage(semanagePage): - self.permissive_button = xml.get_widget("permissiveButton") - self.enforcing_button = xml.get_widget("enforcingButton") - -- self.domains=polgen.get_all_domains() -+ self.domains=get_all_entrypoint_domains() - self.load() - - def get_modules(self): -diff --git a/policycoreutils/gui/modulesPage.py b/policycoreutils/gui/modulesPage.py -index ee40fd3..9ff0766 100644 ---- a/policycoreutils/gui/modulesPage.py -+++ b/policycoreutils/gui/modulesPage.py -@@ -26,6 +26,7 @@ import sys - import seobject - import selinux - from semanagePage import *; -+from subprocess import Popen, PIPE - - ## - ## I18N -@@ -88,7 +89,7 @@ class modulesPage(semanagePage): - self.filter=filter - self.store.clear() - try: -- fd=os.popen("semodule -l") -+ fd = Popen("semodule -l", shell=True, stdout=PIPE).stdout - l = fd.readlines() - fd.close() - for i in l: -@@ -105,7 +106,7 @@ class modulesPage(semanagePage): - - def new_module(self, args): - try: -- os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/polgengui.py") -+ Popen(["/usr/share/system-config-selinux/polgengui.py"]) - except ValueError, e: - self.error(e.args[0]) - -diff --git a/policycoreutils/gui/polgen.glade b/policycoreutils/gui/polgen.glade -index 55bad9d..37c1472 100644 ---- a/policycoreutils/gui/polgen.glade -+++ b/policycoreutils/gui/polgen.glade -@@ -1,3432 +1,2468 @@ -- -- -- -+ - -- -- -- -- 5 -- GTK_FILE_CHOOSER_ACTION_OPEN -- True -- True -- True -- False -- GTK_WINDOW_TOPLEVEL -- GTK_WIN_POS_MOUSE -- False -- True -- False -- True -- False -- False -- GDK_WINDOW_TYPE_HINT_DIALOG -- GDK_GRAVITY_NORTH_WEST -- True -- False -- -- -- -- True -- False -- 24 -- -- -- -- True -- GTK_BUTTONBOX_END -- -- -- -- True -- True -- True -- gtk-cancel -- True -- GTK_RELIEF_NORMAL -- True -- -6 -- -- -- -- -- -- True -- True -- True -- True -- gtk-add -- True -- GTK_RELIEF_NORMAL -- True -- -5 -- -- -- -- -- 0 -- False -- True -- GTK_PACK_END -- -- -- -- -- -- -- -- 5 -- False -- Polgen -- Red Hat 2007 -- GPL -- False -- www.redhat.com -- Daniel Walsh <dwalsh@redhat.com> -- translator-credits -- -- -- -- True -- SELinux Policy Generation Tool -- GTK_WINDOW_TOPLEVEL -- GTK_WIN_POS_NONE -- False -- True -- False -- True -- False -- False -- GDK_WINDOW_TYPE_HINT_NORMAL -- GDK_GRAVITY_NORTH_WEST -- True -- False -- -- -- -- True -- False -- 18 -- -- -- -- True -- False -- True -- GTK_POS_LEFT -- False -- False -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select the policy type for the application or user role you want to confine:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- False -- 0 -- -- -- -- True -- False -- 12 -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>Applications</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d -- True -- Standard Init Daemon -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d -- True -- DBUS System Daemon -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- Internet Services Daemon are daemons started by xinetd -- True -- Internet Services Daemon (inetd) -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- Web Applications/Script (CGI) CGI scripts started by the web server (apache) -- True -- Web Application/Script (CGI) -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- User Application are any application that you would like to confine that is started by a user -- True -- User Application -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- User Application are any application that you would like to confine that is started by a user -- True -- Sandbox -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- 0 -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- False -- True -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>Login Users</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- Modify an existing login user record. -- True -- Existing User Roles -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo. -- True -- Minimal Terminal User Role -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su -- True -- Minimal X Windows User Role -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- User with full networking, no setuid applications without transition, no sudo, no su. -- True -- User Role -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles -- True -- Admin User Role -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- 0 -- True -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- False -- True -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>Root Users</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly. -- True -- Root Admin User Role -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- init_radiobutton -- -- -- 0 -- False -- False -- -- -- -- -- 0 -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- True -- True -- -- -- -- -- -- True -- label104 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Enter name of application or user role:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- 3 -- 3 -- False -- 6 -- 12 -- -- -- -- True -- Name -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- 1 -- 0 -- 1 -- fill -- -- -- -- -- -- -- True -- Enter complete path for executable to be confined. -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 1 -- 2 -- 1 -- 2 -- -- -- -- -- -- -- True -- True -- ... -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- 2 -- 3 -- 1 -- 2 -- fill -- -- -- -- -- -- -- True -- Enter unique name for the confined application or user role. -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 1 -- 3 -- 0 -- 1 -- -- -- -- -- -- -- True -- Executable -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- 1 -- 1 -- 2 -- fill -- -- -- -- -- -- -- True -- Init script -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- 1 -- 2 -- 3 -- fill -- -- -- -- -- -- -- True -- Enter complete path to init script used to start the confined application. -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 1 -- 2 -- 2 -- 3 -- -- -- -- -- -- -- True -- True -- ... -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- 2 -- 3 -- 2 -- 3 -- fill -- -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label105 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select existing role to modify:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- True -- GTK_POLICY_AUTOMATIC -- GTK_POLICY_AUTOMATIC -- GTK_SHADOW_IN -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Select the user roles that will transiton to the %s domain. -- True -- False -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label106 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select roles that %s will transition to:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- True -- GTK_POLICY_ALWAYS -- GTK_POLICY_ALWAYS -- GTK_SHADOW_NONE -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Select applications domains that %s will transition to. -- True -- False -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label107 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select the user_roles that will transition to %s:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- True -- GTK_POLICY_ALWAYS -- GTK_POLICY_ALWAYS -- GTK_SHADOW_NONE -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Select the user roles that will transiton to this applications domains. -- True -- False -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label108 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select domains that %s will administer:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- True -- GTK_POLICY_ALWAYS -- GTK_POLICY_ALWAYS -- GTK_SHADOW_NONE -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Select the domains that you would like this user administer. -- True -- False -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label109 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select additional roles for %s:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- True -- GTK_POLICY_ALWAYS -- GTK_POLICY_ALWAYS -- GTK_SHADOW_NONE -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Select the domains that you would like this user administer. -- True -- False -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label111 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Enter network ports that %s binds on:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>TCP Ports</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- False -- 12 -- -- -- -- True -- Allows %s to bind to any udp port -- True -- All -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- -- True -- Allow %s to call bindresvport with 0. Binding to port 600-1024 -- True -- 600-1024 -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- -- True -- Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 -- True -- Unreserved Ports (>1024) -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- -- True -- False -- 12 -- -- -- -- True -- Select Ports -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- Allows %s to bind to any udp ports > 1024 -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>UDP Ports</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- False -- 12 -- -- -- -- True -- Allows %s to bind to any udp port -- True -- All -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- -- True -- Allow %s to call bindresvport with 0. Binding to port 600-1024 -- True -- 600-1024 -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- -- True -- Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 -- True -- Unreserved Ports (>1024) -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- -- True -- False -- 12 -- -- -- -- True -- Select Ports -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- Allows %s to bind to any udp ports > 1024 -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label113 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select network ports that %s connects to:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>TCP Ports</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 12 -- -- -- -- Allows %s to connect to any tcp port -- True -- True -- All -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- -- True -- Select Ports -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660 -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- <b>UDP Ports</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 12 -- -- -- -- Allows %s to connect to any udp port -- True -- True -- All -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 10 -- False -- False -- -- -- -- -- -- True -- Select Ports -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660 -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label114 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Select common application traits for %s:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- False -- 6 -- -- -- -- True -- True -- Writes syslog messages -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Create/Manipulate temporary files in /tmp -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Uses Pam for authentication -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Uses nsswitch or getpw* calls -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Uses dbus -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Sends audit messages -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Interacts with the terminal -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- Sends email -- True -- GTK_RELIEF_NORMAL -- True -- False -- False -- True -- -- -- 0 -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label115 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Add files/directories that %s manages</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- False -- 12 -- -- -- -- True -- False -- 6 -- -- -- -- True -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- True -- 0.5 -- 0.5 -- 0 -- 0 -- 0 -- 0 -- 0 -- 0 -- -- -- -- True -- False -- 2 -- -- -- -- True -- gtk-add -- 4 -- 0.5 -- 0.5 -- 0 -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- Add File -- True -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- True -- 0.5 -- 0.5 -- 0 -- 0 -- 0 -- 0 -- 0 -- 0 -- -- -- -- True -- False -- 2 -- -- -- -- True -- gtk-add -- 4 -- 0.5 -- 0.5 -- 0 -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- Add Directory -- True -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- gtk-delete -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- 0 -- False -- False -- -- -- -- -- 4 -- False -- False -- -- -- -- -- -- True -- True -- GTK_POLICY_AUTOMATIC -- GTK_POLICY_AUTOMATIC -- GTK_SHADOW_IN -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ... -- True -- False -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- label116 -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Add booleans from the %s policy:</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- False -- 12 -- -- -- -- True -- False -- 6 -- -- -- -- True -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- True -- 0.5 -- 0.5 -- 0 -- 0 -- 0 -- 0 -- 0 -- 0 -- -- -- -- True -- False -- 2 -- -- -- -- True -- gtk-add -- 4 -- 0.5 -- 0.5 -- 0 -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- Add Boolean -- True -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- True -- gtk-delete -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- 0 -- False -- False -- -- -- -- -- 4 -- False -- True -- -- -- -- -- -- True -- True -- GTK_POLICY_AUTOMATIC -- GTK_POLICY_AUTOMATIC -- GTK_SHADOW_IN -- GTK_CORNER_TOP_LEFT -- -- -- -- True -- Add/Remove booleans used by the %s domain -- True -- True -- False -- False -- True -- False -- False -- False -- -- -- -- -- 0 -- True -- True -- -- -- -- -- 0 -- True -- True -- -- -- -- -- False -- True -- -- -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- -- True -- False -- 0 -- -- -- -- True -- <b>Which directory you will generate the %s policy?</b> -- False -- True -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- False -- False -- -- -- -- -- -- True -- False -- 12 -- -- -- -- True -- Policy Directory -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 5 -- False -- False -- -- -- -- -- -- True -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 0 -- True -- True -- -- -- -- -- -- True -- True -- ... -- True -- GTK_RELIEF_NORMAL -- True -- -- -- 0 -- False -- False -- -- -- -- -- 12 -- False -- False -- -- -- -- -- False -- True -- -- -- -- -- -- True -- -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0.5 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- tab -- -- -- -- -- 0 -- True -- True -- -- -- -- -- -- True -- GTK_BUTTONBOX_END -- 0 -- -- -- -- True -- True -- True -- gtk-cancel -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- -- -- True -- True -- True -- gtk-go-back -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- -- -- True -- True -- True -- gtk-media-forward -- True -- GTK_RELIEF_NORMAL -- True -- -- -- -- -- -- 5 -- False -- False -- -- -- -- -- -- -- -- 12 -- Add Booleans Dialog -- GTK_WINDOW_TOPLEVEL -- GTK_WIN_POS_MOUSE -- False -- 400 -- True -- False -- True -- False -- False -- GDK_WINDOW_TYPE_HINT_DIALOG -- GDK_GRAVITY_NORTH_WEST -- True -- False -- False -- -- -- -- True -- False -- 6 -- -- -- -- True -- GTK_BUTTONBOX_END -- -- -- -- True -- True -- True -- gtk-cancel -- True -- GTK_RELIEF_NORMAL -- True -- -6 -- -- -- -- -- -- True -- True -- True -- gtk-add -- True -- GTK_RELIEF_NORMAL -- True -- -5 -- -- -- -- -- 0 -- False -- True -- GTK_PACK_END -- -- -- -- -- -- True -- 2 -- 2 -- False -- 6 -- 12 -- -- -- -- True -- Boolean Name -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- 1 -- 0 -- 1 -- fill -- -- -- -- -- -- -- True -- Description -- False -- False -- GTK_JUSTIFY_LEFT -- False -- False -- 0 -- 0.5 -- 0 -- 0 -- PANGO_ELLIPSIZE_NONE -- -1 -- False -- 0 -- -- -- 0 -- 1 -- 1 -- 2 -- fill -- -- -- -- -- -- -- True -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 1 -- 2 -- 0 -- 1 -- -- -- -- -- -- -- True -- True -- True -- True -- 0 -- -- True -- -- False -- -- -- 1 -- 2 -- 1 -- 2 -- -- -- -- -- -- 0 -- True -- True -- -- -- -- -- -- -+ -+ -+ -+ False -+ 5 -+ normal -+ Red Hat 2007 -+ www.redhat.com -+ GPL -+ Daniel Walsh <dwalsh@redhat.com> -+ translator-credits -+ -+ -+ False -+ -+ -+ False -+ -+ -+ False -+ True -+ end -+ 0 -+ -+ -+ -+ -+ -+ -+ False -+ 12 -+ Add Booleans Dialog -+ mouse -+ 400 -+ dialog -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ end -+ -+ -+ gtk-cancel -+ -6 -+ True -+ True -+ True -+ False -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ gtk-add -+ -5 -+ True -+ True -+ True -+ False -+ True -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ False -+ True -+ end -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 2 -+ 2 -+ 12 -+ 6 -+ -+ -+ True -+ False -+ 0 -+ Boolean Name -+ -+ -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ Description -+ -+ -+ 1 -+ 2 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ -+ False -+ False -+ True -+ True -+ -+ -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ True -+ True -+ -+ False -+ False -+ True -+ True -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ -+ -+ False -+ 5 -+ mouse -+ dialog -+ True -+ True -+ -+ -+ True -+ False -+ 24 -+ -+ -+ True -+ False -+ end -+ -+ -+ gtk-cancel -+ -6 -+ True -+ True -+ True -+ False -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ gtk-add -+ -5 -+ True -+ True -+ True -+ True -+ False -+ True -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ False -+ True -+ end -+ 0 -+ -+ -+ -+ -+ -+ -+ True -+ False -+ SELinux Policy Generation Tool -+ -+ -+ True -+ False -+ 18 -+ -+ -+ True -+ False -+ left -+ False -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select the policy type for the application or user role you want to confine:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 12 -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>Applications</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ Standard Init Daemon -+ True -+ True -+ False -+ Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d -+ True -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ DBUS System Daemon -+ True -+ True -+ False -+ Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ Internet Services Daemon (inetd) -+ True -+ True -+ False -+ Internet Services Daemon are daemons started by xinetd -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 2 -+ -+ -+ -+ -+ Web Application/Script (CGI) -+ True -+ True -+ False -+ Web Applications/Script (CGI) CGI scripts started by the web server (apache) -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 3 -+ -+ -+ -+ -+ User Application -+ True -+ True -+ False -+ User Application are any application that you would like to confine that is started by a user -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 4 -+ -+ -+ -+ -+ Sandbox -+ True -+ True -+ False -+ User Application are any application that you would like to confine that is started by a user -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 5 -+ -+ -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ False -+ True -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>Login Users</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ Existing User Roles -+ True -+ True -+ False -+ Modify an existing login user record. -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ Minimal Terminal User Role -+ True -+ True -+ False -+ This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo. -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ Minimal X Windows User Role -+ True -+ True -+ False -+ This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 2 -+ -+ -+ -+ -+ User Role -+ True -+ True -+ False -+ User with full networking, no setuid applications without transition, no sudo, no su. -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 3 -+ -+ -+ -+ -+ Admin User Role -+ True -+ True -+ False -+ User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 4 -+ -+ -+ -+ -+ True -+ False -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ False -+ True -+ 1 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>Root Users</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ Root Admin User Role -+ True -+ True -+ False -+ Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly. -+ True -+ True -+ init_radiobutton -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 2 -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ -+ -+ -+ -+ True -+ False -+ Main Tab -+ -+ -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Enter name of application or user role:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 3 -+ 3 -+ 12 -+ 6 -+ -+ -+ True -+ False -+ 0 -+ Name -+ -+ -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ Enter complete path for executable to be confined. -+ -+ False -+ False -+ True -+ True -+ -+ -+ 1 -+ 2 -+ 1 -+ 2 -+ -+ -+ -+ -+ -+ ... -+ True -+ True -+ False -+ True -+ -+ -+ -+ 2 -+ 3 -+ 1 -+ 2 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ Enter unique name for the confined application or user role. -+ -+ False -+ False -+ True -+ True -+ -+ -+ 1 -+ 3 -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ Executable -+ -+ -+ 1 -+ 2 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ False -+ 0 -+ Init script -+ -+ -+ 2 -+ 3 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ Enter complete path to init script used to start the confined application. -+ -+ False -+ False -+ True -+ True -+ -+ -+ 1 -+ 2 -+ 2 -+ 3 -+ -+ -+ -+ -+ -+ ... -+ True -+ True -+ False -+ True -+ -+ -+ -+ 2 -+ 3 -+ 2 -+ 3 -+ GTK_FILL -+ -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 1 -+ -+ -+ -+ -+ True -+ False -+ Name Tab -+ -+ -+ 1 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select existing role to modify:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ automatic -+ automatic -+ in -+ -+ -+ True -+ True -+ Select the user roles that will transiton to the %s domain. -+ False -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 2 -+ -+ -+ -+ -+ True -+ False -+ role tab -+ -+ -+ 2 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select roles that %s will transition to:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ -+ -+ True -+ True -+ Select applications domains that %s will transition to. -+ False -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 3 -+ -+ -+ -+ -+ True -+ False -+ transition -+role tab -+ -+ -+ 3 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select the user_roles that will transition to %s:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ -+ -+ True -+ True -+ Select the user roles that will transiton to this applications domains. -+ False -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 4 -+ -+ -+ -+ -+ True -+ False -+ User Tab -+ -+ -+ 4 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select domains that %s will administer:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ -+ -+ True -+ True -+ Select the domains that you would like this user administer. -+ False -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 5 -+ -+ -+ -+ -+ True -+ False -+ Admin Tab -+ -+ -+ 5 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select additional roles for %s:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ -+ -+ True -+ True -+ Select the domains that you would like this user administer. -+ False -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 6 -+ -+ -+ -+ -+ True -+ False -+ Roles Tab -+ -+ -+ 6 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Enter network ports that %s binds on:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>TCP Ports</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 12 -+ -+ -+ All -+ True -+ True -+ False -+ Allows %s to bind to any udp port -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 0 -+ -+ -+ -+ -+ 600-1024 -+ True -+ True -+ False -+ Allow %s to call bindresvport with 0. Binding to port 600-1024 -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 1 -+ -+ -+ -+ -+ Unreserved Ports (>1024) -+ True -+ True -+ False -+ Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 2 -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ True -+ False -+ 0 -+ Select Ports -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ Allows %s to bind to any udp ports > 1024 -+ -+ False -+ False -+ True -+ True -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>UDP Ports</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 12 -+ -+ -+ All -+ True -+ True -+ False -+ Allows %s to bind to any udp port -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 0 -+ -+ -+ -+ -+ 600-1024 -+ True -+ True -+ False -+ Allow %s to call bindresvport with 0. Binding to port 600-1024 -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 1 -+ -+ -+ -+ -+ Unreserved Ports (>1024) -+ True -+ True -+ False -+ Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 2 -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ True -+ False -+ 0 -+ Select Ports -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ Allows %s to bind to any udp ports > 1024 -+ -+ False -+ False -+ True -+ True -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 2 -+ -+ -+ -+ -+ 7 -+ -+ -+ -+ -+ True -+ False -+ Network -+Bind tab -+ -+ -+ 7 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select network ports that %s connects to:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>TCP Ports</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ All -+ True -+ True -+ False -+ Allows %s to connect to any tcp port -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 0 -+ Select Ports -+ -+ -+ False -+ False -+ 5 -+ 1 -+ -+ -+ -+ -+ True -+ True -+ Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660 -+ -+ False -+ False -+ True -+ True -+ -+ -+ True -+ True -+ 2 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ False -+ 0 -+ <b>UDP Ports</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ All -+ True -+ True -+ False -+ Allows %s to connect to any udp port -+ True -+ True -+ -+ -+ False -+ False -+ 10 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 0 -+ Select Ports -+ -+ -+ False -+ False -+ 5 -+ 1 -+ -+ -+ -+ -+ True -+ True -+ Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660 -+ -+ False -+ False -+ True -+ True -+ -+ -+ True -+ True -+ 2 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 2 -+ -+ -+ -+ -+ 8 -+ -+ -+ -+ -+ True -+ False -+ Network -+Connect Tab -+ -+ -+ 8 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Select common application traits for %s:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 6 -+ -+ -+ Writes syslog messages -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ Create/Manipulate temporary files in /tmp -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ Uses Pam for authentication -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 2 -+ -+ -+ -+ -+ Uses nsswitch or getpw* calls -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 3 -+ -+ -+ -+ -+ Uses dbus -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 4 -+ -+ -+ -+ -+ Sends audit messages -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 5 -+ -+ -+ -+ -+ Interacts with the terminal -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 6 -+ -+ -+ -+ -+ Sends email -+ True -+ True -+ False -+ True -+ True -+ -+ -+ False -+ False -+ 7 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 9 -+ -+ -+ -+ -+ True -+ False -+ Common -+Tab -+ -+ -+ 9 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Add files/directories that %s manages</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ True -+ False -+ -+ -+ -+ True -+ False -+ 0 -+ 0 -+ -+ -+ True -+ False -+ 2 -+ -+ -+ True -+ False -+ gtk-add -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ Add File -+ True -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ True -+ False -+ -+ -+ -+ True -+ False -+ 0 -+ 0 -+ -+ -+ True -+ False -+ 2 -+ -+ -+ True -+ False -+ gtk-add -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ Add Directory -+ True -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ -+ -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ gtk-delete -+ True -+ True -+ False -+ True -+ -+ -+ -+ -+ False -+ False -+ 2 -+ -+ -+ -+ -+ False -+ False -+ 4 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ automatic -+ automatic -+ in -+ -+ -+ True -+ True -+ Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ... -+ False -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 10 -+ -+ -+ -+ -+ True -+ False -+ Add Tab -+ -+ -+ 10 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Add booleans from the %s policy:</b> -+ True -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ True -+ False -+ 6 -+ -+ -+ True -+ True -+ False -+ -+ -+ -+ True -+ False -+ 0 -+ 0 -+ -+ -+ True -+ False -+ 2 -+ -+ -+ True -+ False -+ gtk-add -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ Add Boolean -+ True -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ gtk-delete -+ True -+ True -+ False -+ True -+ -+ -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ False -+ True -+ 4 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ automatic -+ automatic -+ in -+ -+ -+ True -+ True -+ Add/Remove booleans used by the %s domain -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ 11 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ 11 -+ False -+ tab -+ -+ -+ -+ -+ True -+ False -+ -+ -+ True -+ False -+ 0 -+ <b>Which directory you will generate the %s policy?</b> -+ True -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ True -+ False -+ 12 -+ -+ -+ True -+ False -+ Policy Directory -+ -+ -+ False -+ False -+ 5 -+ 0 -+ -+ -+ -+ -+ True -+ True -+ -+ False -+ False -+ True -+ True -+ -+ -+ True -+ True -+ 1 -+ -+ -+ -+ -+ ... -+ True -+ True -+ False -+ True -+ -+ -+ False -+ False -+ 2 -+ -+ -+ -+ -+ False -+ False -+ 12 -+ 1 -+ -+ -+ -+ -+ 12 -+ -+ -+ -+ -+ True -+ False -+ -+ -+ 12 -+ False -+ tab -+ -+ -+ -+ -+ True -+ True -+ 0 -+ -+ -+ -+ -+ True -+ False -+ end -+ -+ -+ gtk-cancel -+ True -+ True -+ True -+ False -+ True -+ -+ -+ -+ False -+ False -+ 0 -+ -+ -+ -+ -+ gtk-go-back -+ True -+ True -+ True -+ False -+ True -+ -+ -+ -+ False -+ False -+ 1 -+ -+ -+ -+ -+ gtk-go-forward -+ True -+ True -+ True -+ False -+ True -+ -+ -+ -+ False -+ False -+ 2 -+ -+ -+ -+ -+ False -+ False -+ 5 -+ 1 -+ -+ -+ -+ -+ - -diff --git a/policycoreutils/gui/polgen.py b/policycoreutils/gui/polgen.py -deleted file mode 100644 -index 51fb8d7..0000000 ---- a/policycoreutils/gui/polgen.py -+++ /dev/null -@@ -1,1372 +0,0 @@ --#!/usr/bin/python -Es --# --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --import os, sys, stat --import re --import commands --import setools -- --from templates import executable --from templates import boolean --from templates import etc_rw --from templates import unit_file --from templates import var_cache --from templates import var_spool --from templates import var_lib --from templates import var_log --from templates import var_run --from templates import tmp --from templates import rw --from templates import network --from templates import script --from templates import user --import sepolgen.interfaces as interfaces --import sepolgen.defaults as defaults -- --## --## I18N --## --PROGNAME="policycoreutils" -- --import gettext --gettext.bindtextdomain(PROGNAME, "/usr/share/locale") --gettext.textdomain(PROGNAME) --try: -- gettext.install(PROGNAME, -- localedir="/usr/share/locale", -- unicode=False, -- codeset = 'utf-8') --except IOError: -- import __builtin__ -- __builtin__.__dict__['_'] = unicode -- --methods = [] --fn = defaults.interface_info() --try: -- fd = open(fn) -- # List of per_role_template interfaces -- ifs = interfaces.InterfaceSet() -- ifs.from_file(fd) -- methods = ifs.interfaces.keys() -- fd.close() --except: -- sys.stderr.write("could not open interface info [%s]\n" % fn) -- sys.exit(1) -- --all_types = None --def get_all_types(): -- global all_types -- if all_types == None: -- all_types = map(lambda x: x['name'], setools.seinfo(setools.TYPE)) -- return all_types -- --def get_all_ports(): -- dict = {} -- for p in setools.seinfo(setools.PORT): -- if p['type'] == "reserved_port_t" or \ -- p['type'] == "port_t" or \ -- p['type'] == "hi_reserved_port_t": -- continue -- dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range']) -- return dict -- --def get_all_roles(): -- roles = map(lambda x: x['name'], setools.seinfo(setools.ROLE)) -- roles.remove("object_r") -- roles.sort() -- return roles -- --def get_all_attributes(): -- attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE)) -- attributes.sort() -- return attributes -- --def get_all_domains(): -- all_domains = [] -- types=get_all_types() -- types.sort() -- for i in types: -- m = re.findall("(.*)%s" % "_exec_t$", i) -- if len(m) > 0: -- if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains: -- all_domains.append(m[0]) -- return all_domains -- --def get_all_modules(): -- try: -- all_modules = [] -- rc, output=commands.getstatusoutput("semodule -l 2>/dev/null") -- if rc == 0: -- l = output.split("\n") -- for i in l: -- all_modules.append(i.split()[0]) -- except: -- pass -- -- return all_modules -- --def get_all_users(): -- users = map(lambda x: x['name'], setools.seinfo(setools.USER)) -- users.remove("system_u") -- users.remove("root") -- users.sort() -- return users -- --ALL = 0 --RESERVED = 1 --UNRESERVED = 2 --PORTS = 3 --ADMIN_TRANSITION_INTERFACE = "_admin$" --USER_TRANSITION_INTERFACE = "_role$" -- --DAEMON = 0 --DBUS = 1 --INETD = 2 --CGI = 3 --USER = 4 --SANDBOX = 5 --TUSER = 6 --XUSER = 7 --LUSER = 8 --AUSER = 9 --RUSER = 10 --EUSER = 11 -- --poltype={} --poltype[DAEMON] = _("Standard Init Daemon") --poltype[DBUS] = _("DBUS System Daemon") --poltype[INETD] = _("Internet Services Daemon") --poltype[CGI] = _("Web Application/Script (CGI)") --poltype[USER] = _("User Application") --poltype[SANDBOX] = _("Sandbox") --poltype[TUSER] = _("Minimal Terminal User Role") --poltype[XUSER] = _("Minimal X Windows User Role") --poltype[LUSER] = _("User Role") --poltype[AUSER] = _("Admin User Role") --poltype[RUSER] = _("Root Admin User Role") -- --APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ] --USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER] -- --def verify_ports(ports): -- if ports == "": -- return [] -- max_port=2**16 -- try: -- temp = [] -- for a in ports.split(","): -- r = a.split("-") -- if len(r) > 2: -- raise ValueError -- if len(r) == 1: -- begin = int (r[0]) -- end = int (r[0]) -- else: -- begin = int (r[0]) -- end = int (r[1]) -- -- if begin > end: -- raise ValueError -- -- for p in range(begin, end + 1): -- if p < 1 or p > max_port: -- raise ValueError -- temp.append(p) -- return temp -- except ValueError: -- raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port )) -- --class policy: -- -- def __init__(self, name, type): -- self.ports = [] -- try: -- self.ports = get_all_ports() -- except ValueError, e: -- print "Can not get port types, must be root for this information" -- except RuntimeError, e: -- print "Can not get port types", e -- -- self.symbols = {} -- self.symbols["openlog"] = "set_use_kerberos(True)" -- self.symbols["openlog"] = "set_use_kerb_rcache(True)" -- self.symbols["openlog"] = "set_use_syslog(True)" -- self.symbols["gethostby"] = "set_use_resolve(True)" -- self.symbols["getaddrinfo"] = "set_use_resolve(True)" -- self.symbols["getnameinfo"] = "set_use_resolve(True)" -- self.symbols["krb"] = "set_use_kerberos(True)" -- self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)" -- self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)" -- self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)" -- self.symbols["__syslog_chk"] = "set_use_syslog(True)" -- self.symbols["getpwnam"] = "set_use_uid(True)" -- self.symbols["getpwuid"] = "set_use_uid(True)" -- self.symbols["dbus_"] = "set_use_dbus(True)" -- self.symbols["pam_"] = "set_use_pam(True)" -- self.symbols["pam_"] = "set_use_audit(True)" -- self.symbols["fork"] = "add_process('fork')" -- self.symbols["transition"] = "add_process('transition')" -- self.symbols["sigchld"] = "add_process('sigchld')" -- self.symbols["sigkill"] = "add_process('sigkill')" -- self.symbols["sigstop"] = "add_process('sigstop')" -- self.symbols["signull"] = "add_process('signull')" -- self.symbols["signal"] = "add_process('signal')" -- self.symbols["ptrace"] = "add_process('ptrace')" -- self.symbols["getsched"] = "add_process('getsched')" -- self.symbols["setsched"] = "add_process('setsched')" -- self.symbols["getsession"] = "add_process('getsession')" -- self.symbols["getpgid"] = "add_process('getpgid')" -- self.symbols["setpgid"] = "add_process('setpgid')" -- self.symbols["getcap"] = "add_process('getcap')" -- self.symbols["setcap"] = "add_process('setcap')" -- self.symbols["share"] = "add_process('share')" -- self.symbols["getattr"] = "add_process('getattr')" -- self.symbols["setexec"] = "add_process('setexec')" -- self.symbols["setfscreate"] = "add_process('setfscreate')" -- self.symbols["noatsecure"] = "add_process('noatsecure')" -- self.symbols["siginh"] = "add_process('siginh')" -- self.symbols["setrlimit"] = "add_process('setrlimit')" -- self.symbols["rlimitinh"] = "add_process('rlimitinh')" -- self.symbols["dyntransition"] = "add_process('dyntransition')" -- self.symbols["setcurrent"] = "add_process('setcurrent')" -- self.symbols["execmem"] = "add_process('execmem')" -- self.symbols["execstack"] = "add_process('execstack')" -- self.symbols["execheap"] = "add_process('execheap')" -- self.symbols["setkeycreate"] = "add_process('setkeycreate')" -- self.symbols["setsockcreate"] = "add_process('setsockcreate')" -- -- self.symbols["chown"] = "add_capability('chown')" -- self.symbols["dac_override"] = "add_capability('dac_override')" -- self.symbols["dac_read_search"] = "add_capability('dac_read_search')" -- self.symbols["fowner"] = "add_capability('fowner')" -- self.symbols["fsetid"] = "add_capability('fsetid')" -- self.symbols["kill"] = "add_capability('kill')" -- self.symbols["setgid"] = "add_capability('setgid')" -- self.symbols["setresuid"] = "add_capability('setuid')" -- self.symbols["setuid"] = "add_capability('setuid')" -- self.symbols["setpcap"] = "add_capability('setpcap')" -- self.symbols["linux_immutable"] = "add_capability('linux_immutable')" -- self.symbols["net_bind_service"] = "add_capability('net_bind_service')" -- self.symbols["net_broadcast"] = "add_capability('net_broadcast')" -- self.symbols["net_admin"] = "add_capability('net_admin')" -- self.symbols["net_raw"] = "add_capability('net_raw')" -- self.symbols["ipc_lock"] = "add_capability('ipc_lock')" -- self.symbols["ipc_owner"] = "add_capability('ipc_owner')" -- self.symbols["sys_module"] = "add_capability('sys_module')" -- self.symbols["sys_rawio"] = "add_capability('sys_rawio')" -- self.symbols["chroot"] = "add_capability('sys_chroot')" -- self.symbols["sys_chroot"] = "add_capability('sys_chroot')" -- self.symbols["sys_ptrace"] = "add_capability('sys_ptrace')" -- self.symbols["sys_pacct"] = "add_capability('sys_pacct')" -- self.symbols["mount"] = "add_capability('sys_admin')" -- self.symbols["unshare"] = "add_capability('sys_admin')" -- self.symbols["sys_admin"] = "add_capability('sys_admin')" -- self.symbols["sys_boot"] = "add_capability('sys_boot')" -- self.symbols["sys_nice"] = "add_capability('sys_nice')" -- self.symbols["sys_resource"] = "add_capability('sys_resource')" -- self.symbols["sys_time"] = "add_capability('sys_time')" -- self.symbols["sys_tty_config"] = "add_capability('sys_tty_config')" -- self.symbols["mknod"] = "add_capability('mknod')" -- self.symbols["lease"] = "add_capability('lease')" -- self.symbols["audit_write"] = "add_capability('audit_write')" -- self.symbols["audit_control"] = "add_capability('audit_control')" -- self.symbols["setfcap"] = "add_capability('setfcap')" -- -- self.DEFAULT_DIRS = {} -- self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw]; -- self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp]; -- self.DEFAULT_DIRS["rw"] = ["rw", [], rw]; -- self.DEFAULT_DIRS["/usr/lib/systemd/system"] = ["unit_file", [], unit_file]; -- self.DEFAULT_DIRS["/lib/systemd/system"] = ["unit_file", [], unit_file]; -- self.DEFAULT_DIRS["/etc/systemd/system"] = ["unit_file", [], unit_file]; -- self.DEFAULT_DIRS["/var/cache"] = ["var_cache", [], var_cache]; -- self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib]; -- self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log]; -- self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run]; -- self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool]; -- -- self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/usr/lib/systemd/system", "/lib/systemd/system" ] -- -- self.DEFAULT_TYPES = (\ --( self.generate_daemon_types, self.generate_daemon_rules), \ --( self.generate_dbusd_types, self.generate_dbusd_rules), \ --( self.generate_inetd_types, self.generate_inetd_rules), \ --( self.generate_cgi_types, self.generate_cgi_rules), \ --( self.generate_sandbox_types, self.generate_sandbox_rules), \ --( self.generate_userapp_types, self.generate_userapp_rules), \ --( self.generate_existing_user_types, self.generate_existing_user_rules), \ --( self.generate_min_login_user_types, self.generate_login_user_rules), \ --( self.generate_x_login_user_types, self.generate_x_login_user_rules), \ --( self.generate_login_user_types, self.generate_login_user_rules), \ --( self.generate_admin_user_types, self.generate_login_user_rules), \ --( self.generate_root_user_types, self.generate_root_user_rules)) -- if name == "": -- raise ValueError(_("You must enter a name for your confined process/user")) -- if not name.isalnum(): -- raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) -- -- if type == CGI: -- self.name = "httpd_%s_script" % name -- else: -- self.name = name -- -- self.file_name = name -- -- self.capabilities = [] -- self.processes = [] -- self.type = type -- self.initscript = "" -- self.program = "" -- self.in_tcp = [False, False, False, []] -- self.in_udp = [False, False, False, []] -- self.out_tcp = [False, False, False, []] -- self.out_udp = [False, False, False, []] -- self.use_resolve = False -- self.use_tmp = False -- self.use_uid = False -- self.use_syslog = False -- self.use_kerberos = False -- self.manage_krb5_rcache = False -- self.use_pam = False -- self.use_dbus = False -- self.use_audit = False -- self.use_etc = True -- self.use_localization = True -- self.use_fd = True -- self.use_terminal = False -- self.use_mail = False -- self.booleans = {} -- self.files = {} -- self.dirs = {} -- self.found_tcp_ports=[] -- self.found_udp_ports=[] -- self.need_tcp_type=False -- self.need_udp_type=False -- self.admin_domains = [] -- self.transition_domains = [] -- self.transition_users = [] -- self.roles = [] -- -- def __isnetset(self, l): -- return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0 -- -- def set_admin_domains(self, admin_domains): -- self.admin_domains = admin_domains -- -- def set_admin_roles(self, roles): -- self.roles = roles -- -- def set_transition_domains(self, transition_domains): -- self.transition_domains = transition_domains -- -- def set_transition_users(self, transition_users): -- self.transition_users = transition_users -- -- def use_in_udp(self): -- return self.__isnetset(self.in_udp) -- -- def use_out_udp(self): -- return self.__isnetset(self.out_udp) -- -- def use_udp(self): -- return self.use_in_udp() or self.use_out_udp() -- -- def use_in_tcp(self): -- return self.__isnetset(self.in_tcp) -- -- def use_out_tcp(self): -- return self.__isnetset(self.out_tcp) -- -- def use_tcp(self): -- return self.use_in_tcp() or self.use_out_tcp() -- -- def use_network(self): -- return self.use_tcp() or self.use_udp() -- -- def find_port(self, port, protocol="tcp"): -- for begin,end,p in self.ports.keys(): -- if port >= begin and port <= end and protocol == p: -- return self.ports[begin, end, protocol] -- return None -- -- def set_program(self, program): -- if self.type not in APPLICATIONS: -- raise ValueError(_("User Role types can not be assigned executables.")) -- -- self.program = program -- -- def set_init_script(self, initscript): -- if self.type != DAEMON: -- raise ValueError(_("Only Daemon apps can use an init script..")) -- -- self.initscript = initscript -- -- def set_in_tcp(self, all, reserved, unreserved, ports): -- self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)] -- -- def set_in_udp(self, all, reserved, unreserved, ports): -- self.in_udp = [ all, reserved, unreserved, verify_ports(ports)] -- -- def set_out_tcp(self, all, ports): -- self.out_tcp = [ all , False, False, verify_ports(ports) ] -- -- def set_out_udp(self, all, ports): -- self.out_udp = [ all , False, False, verify_ports(ports) ] -- -- def set_use_resolve(self, val): -- if val != True and val != False: -- raise ValueError(_("use_resolve must be a boolean value ")) -- -- self.use_resolve = val -- -- def set_use_syslog(self, val): -- if val != True and val != False: -- raise ValueError(_("use_syslog must be a boolean value ")) -- -- self.use_syslog = val -- -- def set_use_kerberos(self, val): -- if val != True and val != False: -- raise ValueError(_("use_kerberos must be a boolean value ")) -- -- self.use_kerberos = val -- -- def set_manage_krb5_rcache(self, val): -- if val != True and val != False: -- raise ValueError(_("manage_krb5_rcache must be a boolean value ")) -- -- self.manage_krb5_rcache = val -- -- def set_use_pam(self, val): -- self.use_pam = val == True -- -- def set_use_dbus(self, val): -- self.use_dbus = val == True -- -- def set_use_audit(self, val): -- self.use_audit = val == True -- -- def set_use_etc(self, val): -- self.use_etc = val == True -- -- def set_use_localization(self, val): -- self.use_localization = val == True -- -- def set_use_fd(self, val): -- self.use_fd = val == True -- -- def set_use_terminal(self, val): -- self.use_terminal = val == True -- -- def set_use_mail(self, val): -- self.use_mail = val == True -- -- def set_use_tmp(self, val): -- if self.type in USERS: -- raise ValueError(_("USER Types automatically get a tmp type")) -- -- if val: -- self.DEFAULT_DIRS["/tmp"][1].append("/tmp"); -- else: -- self.DEFAULT_DIRS["/tmp"][1]=[] -- -- def set_use_uid(self, val): -- self.use_uid = val == True -- -- def generate_uid_rules(self): -- if self.use_uid: -- return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules) -- else: -- return "" -- -- def generate_syslog_rules(self): -- if self.use_syslog: -- return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules) -- else: -- return "" -- -- def generate_resolve_rules(self): -- if self.use_resolve: -- return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules) -- else: -- return "" -- -- def generate_kerberos_rules(self): -- if self.use_kerberos: -- return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules) -- else: -- return "" -- -- def generate_manage_krb5_rcache_rules(self): -- if self.manage_krb5_rcache: -- return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules) -- else: -- return "" -- -- def generate_pam_rules(self): -- newte ="" -- if self.use_pam: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules) -- return newte -- -- def generate_audit_rules(self): -- newte ="" -- if self.use_audit: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules) -- return newte -- -- def generate_etc_rules(self): -- newte ="" -- if self.use_etc: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_etc_rules) -- return newte -- -- def generate_fd_rules(self): -- newte ="" -- if self.use_fd: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_fd_rules) -- return newte -- -- def generate_localization_rules(self): -- newte ="" -- if self.use_localization: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_localization_rules) -- return newte -- -- def generate_dbus_rules(self): -- newte ="" -- if self.type != DBUS and self.use_dbus: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules) -- return newte -- -- def generate_mail_rules(self): -- newte ="" -- if self.use_mail: -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules) -- return newte -- -- def generate_network_action(self, protocol, action, port_name): -- line = "" -- method = "corenet_%s_%s_%s" % (protocol, action, port_name) -- if method in methods: -- line = "%s(%s_t)\n" % (method, self.name) -- else: -- line = """ --gen_require(` -- type %s_t; --') --allow %s_t %s_t:%s_socket name_%s; --""" % (port_name, self.name, port_name, protocol, action) -- return line -- -- def generate_network_types(self): -- for i in self.in_tcp[PORTS]: -- rec = self.find_port(int(i), "tcp") -- if rec == None: -- self.need_tcp_type = True; -- else: -- port_name = rec[0][:-2] -- line = self.generate_network_action("tcp", "bind", port_name) --# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name) -- if line not in self.found_tcp_ports: -- self.found_tcp_ports.append(line) -- -- for i in self.out_tcp[PORTS]: -- rec = self.find_port(int(i), "tcp") -- if rec == None: -- self.need_tcp_type = True; -- else: -- port_name = rec[0][:-2] -- line = self.generate_network_action("tcp", "connect", port_name) --# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name) -- if line not in self.found_tcp_ports: -- self.found_tcp_ports.append(line) -- -- for i in self.in_udp[PORTS]: -- rec = self.find_port(int(i),"udp") -- if rec == None: -- self.need_udp_type = True; -- else: -- port_name = rec[0][:-2] -- line = self.generate_network_action("udp", "bind", port_name) --# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name) -- if line not in self.found_udp_ports: -- self.found_udp_ports.append(line) -- -- if self.need_udp_type == True or self.need_tcp_type == True: -- return re.sub("TEMPLATETYPE", self.name, network.te_port_types) -- return "" -- -- def __find_path(self, file): -- for d in self.DEFAULT_DIRS: -- if file.find(d) == 0: -- self.DEFAULT_DIRS[d][1].append(file) -- return self.DEFAULT_DIRS[d] -- self.DEFAULT_DIRS["rw"][1].append(file) -- return self.DEFAULT_DIRS["rw"] -- -- def add_capability(self, capability): -- if capability not in self.capabilities: -- self.capabilities.append(capability) -- -- def add_process(self, process): -- if process not in self.processes: -- self.processes.append(process) -- -- def add_boolean(self, name, description): -- self.booleans[name] = description -- -- def add_file(self, file): -- self.files[file] = self.__find_path(file) -- -- def add_dir(self, file): -- self.dirs[file] = self.__find_path(file) -- -- def generate_capabilities(self): -- newte = "" -- self.capabilities.sort() -- if len(self.capabilities) > 0: -- newte = "allow %s_t self:capability { %s };\n" % (self.name, " ".join(self.capabilities)) -- return newte -- -- def generate_process(self): -- newte = "" -- self.processes.sort() -- if len(self.processes) > 0: -- newte = "allow %s_t self:process { %s };\n" % (self.name, " ".join(self.processes)) -- return newte -- -- -- def generate_network_rules(self): -- newte = "" -- if self.use_network(): -- newte = "\n" -- -- newte += re.sub("TEMPLATETYPE", self.name, network.te_network) -- -- if self.use_tcp(): -- newte += "\n" -- newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp) -- -- if self.use_in_tcp(): -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp) -- -- if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp) -- -- if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp) -- -- -- if self.in_tcp[ALL]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp) -- if self.in_tcp[RESERVED]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp) -- if self.in_tcp[UNRESERVED]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp) -- -- if self.out_tcp[ALL]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp) -- if self.out_tcp[RESERVED]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp) -- if self.out_tcp[UNRESERVED]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp) -- -- for i in self.found_tcp_ports: -- newte += i -- -- if self.use_udp(): -- newte += "\n" -- newte += re.sub("TEMPLATETYPE", self.name, network.te_udp) -- -- if self.need_udp_type: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp) -- if self.use_in_udp(): -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp) -- if self.in_udp[ALL]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp) -- if self.in_udp[RESERVED]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp) -- if self.in_udp[UNRESERVED]: -- newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp) -- -- for i in self.found_udp_ports: -- newte += i -- return newte -- -- def generate_transition_rules(self): -- newte = "" -- for app in self.transition_domains: -- tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules) -- newte += re.sub("APPLICATION", app, tmp) -- -- if self.type == USER: -- for u in self.transition_users: -- temp = re.sub("TEMPLATETYPE", self.name, executable.te_run_rules) -- newte += re.sub("USER", u.split("_u")[0], temp) -- -- return newte -- -- def generate_admin_rules(self): -- newte = "" -- if self.type == RUSER: -- newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules) -- -- for app in self.admin_domains: -- tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules) -- newte += re.sub("APPLICATION", app, tmp) -- -- all_roles = [] -- try: -- all_roles = get_all_roles() -- except ValueError, e: -- print "Can not get all roles, must be root for this information" -- except RuntimeError, e: -- print "Can not get all roles", e -- -- for u in self.transition_users: -- role = u.split("_u")[0] -- -- if (role + "_r") in all_roles: -- tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules) -- newte += re.sub("USER", role, tmp) -- -- return newte -- -- def generate_dbus_if(self): -- newif = "" -- if self.use_dbus: -- newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules) -- return newif -- -- def generate_sandbox_if(self): -- newif = "" -- if self.type != SANDBOX: -- return newif -- newif = re.sub("TEMPLATETYPE", self.name, executable.if_sandbox_rules) -- return newif -- -- -- def generate_admin_if(self): -- newif = "" -- newtypes = "" -- if self.initscript != "": -- newtypes += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin_types) -- newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin) -- for d in self.DEFAULT_KEYS: -- if len(self.DEFAULT_DIRS[d][1]) > 0: -- newtypes += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_types) -- newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules) -- -- if newif != "": -- ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin) -- ret += newtypes -- -- ret += re.sub("TEMPLATETYPE", self.name, executable.if_middle_admin) -- ret += newif -- ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin) -- return ret -- -- return "" -- -- def generate_cgi_types(self): -- return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types) -- -- def generate_sandbox_types(self): -- return re.sub("TEMPLATETYPE", self.file_name, executable.te_sandbox_types) -- -- def generate_userapp_types(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types) -- -- def generate_inetd_types(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types) -- -- def generate_dbusd_types(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_types) -- -- def generate_min_login_user_types(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types) -- -- def generate_login_user_types(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types) -- -- def generate_admin_user_types(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types) -- -- def generate_existing_user_types(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types) -- -- def generate_x_login_user_types(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types) -- -- def generate_root_user_types(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types) -- -- def generate_daemon_types(self): -- newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types) -- if self.initscript != "": -- newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types) -- return newte -- -- def generate_tmp_types(self): -- if self.use_tmp: -- return re.sub("TEMPLATETYPE", self.name, tmp.te_types) -- else: -- return "" -- -- def generate_booleans(self): -- newte = "" -- for b in self.booleans: -- tmp = re.sub("BOOLEAN", b, boolean.te_boolean) -- newte += re.sub("DESCRIPTION", self.booleans[b], tmp) -- return newte -- -- def generate_boolean_rules(self): -- newte = "" -- for b in self.booleans: -- newte += re.sub("BOOLEAN", b, boolean.te_rules) -- return newte -- -- def generate_sandbox_te(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_types) -- -- def generate_cgi_te(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types) -- -- def generate_daemon_rules(self): -- newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules) -- -- return newif -- -- def generate_login_user_rules(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules) -- -- def generate_existing_user_rules(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules) -- -- def generate_x_login_user_rules(self): -- return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules) -- -- def generate_root_user_rules(self): -- newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules) -- return newte -- -- def generate_userapp_rules(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules) -- -- def generate_inetd_rules(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules) -- -- def generate_dbusd_rules(self): -- return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_rules) -- -- def generate_tmp_rules(self): -- if self.use_tmp: -- return re.sub("TEMPLATETYPE", self.name, tmp.te_rules) -- else: -- return "" -- -- def generate_cgi_rules(self): -- newte = "" -- newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules) -- return newte -- -- def generate_sandbox_rules(self): -- newte = "" -- newte += re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_rules) -- return newte -- -- def generate_user_if(self): -- newif ="" -- if self.use_terminal or self.type == USER: -- newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules) -- -- if self.type in ( TUSER, XUSER, AUSER, LUSER): -- newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules) -- return newif -- -- def generate_if(self): -- newif = "" -- newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules) -- if self.program != "": -- newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules) -- if self.initscript != "": -- newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules) -- -- for d in self.DEFAULT_KEYS: -- if len(self.DEFAULT_DIRS[d][1]) > 0: -- newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules) -- for i in self.DEFAULT_DIRS[d][1]: -- if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): -- newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules) -- break -- newif += self.generate_user_if() -- newif += self.generate_dbus_if() -- newif += self.generate_admin_if() -- newif += self.generate_sandbox_if() -- -- return newif -- -- def generate_default_types(self): -- return self.DEFAULT_TYPES[self.type][0]() -- -- def generate_default_rules(self): -- return self.DEFAULT_TYPES[self.type][1]() -- -- def generate_roles_rules(self): -- newte = "" -- if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER): -- roles = "" -- if len(self.roles) > 0: -- newte += re.sub("TEMPLATETYPE", self.name, user.te_sudo_rules) -- newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules) -- for role in self.roles: -- tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules) -- newte += re.sub("ROLE", role, tmp) -- return newte -- -- def generate_te(self): -- newte = self.generate_default_types() -- for d in self.DEFAULT_KEYS: -- if len(self.DEFAULT_DIRS[d][1]) > 0: -- # CGI scripts already have a rw_t -- if self.type != CGI or d != "rw": -- newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) -- -- newte +=""" --######################################## --# --# %s local policy --# --""" % self.name -- newte += self.generate_capabilities() -- newte += self.generate_process() -- newte += self.generate_network_types() -- newte += self.generate_tmp_types() -- newte += self.generate_booleans() -- newte += self.generate_default_rules() -- newte += self.generate_boolean_rules() -- -- for d in self.DEFAULT_KEYS: -- if len(self.DEFAULT_DIRS[d][1]) > 0: -- newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules) -- for i in self.DEFAULT_DIRS[d][1]: -- if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): -- newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules) -- break -- -- newte += self.generate_tmp_rules() -- newte += self.generate_network_rules() -- newte += self.generate_fd_rules() -- newte += self.generate_etc_rules() -- newte += self.generate_pam_rules() -- newte += self.generate_uid_rules() -- newte += self.generate_audit_rules() -- newte += self.generate_syslog_rules() -- newte += self.generate_localization_rules() -- newte += self.generate_resolve_rules() -- newte += self.generate_roles_rules() -- newte += self.generate_mail_rules() -- newte += self.generate_transition_rules() -- newte += self.generate_admin_rules() -- newte += self.generate_dbus_rules() -- newte += self.generate_kerberos_rules() -- newte += self.generate_manage_krb5_rcache_rules() -- -- return newte -- -- def generate_fc(self): -- newfc = "" -- fclist = [] -- if self.type in USERS + [ SANDBOX ]: -- return re.sub("EXECUTABLE", self.program, executable.fc_user) -- if self.program == "": -- raise ValueError(_("You must enter the executable path for your confined process")) -- -- t1 = re.sub("EXECUTABLE", self.program, executable.fc_program) -- fclist.append(re.sub("TEMPLATETYPE", self.name, t1)) -- -- if self.initscript != "": -- t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript) -- fclist.append(re.sub("TEMPLATETYPE", self.name, t1)) -- -- for i in self.files.keys(): -- if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): -- t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file) -- else: -- t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file) -- t2 = re.sub("FILENAME", i, t1) -- fclist.append(re.sub("FILETYPE", self.files[i][0], t2)) -- -- for i in self.dirs.keys(): -- t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir) -- t2 = re.sub("FILENAME", i, t1) -- fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2)) -- -- fclist.sort() -- newfc="\n".join(fclist) -- return newfc -- -- def generate_user_sh(self): -- newsh = "" -- if self.type not in ( TUSER, XUSER, AUSER, LUSER, EUSER): -- return newsh -- -- roles = "" -- for role in self.roles: -- roles += " %s_r" % role -- if roles != "": -- roles += " system_r" -- if self.type == EUSER: -- tmp = re.sub("TEMPLATETYPE", self.name, script.eusers) -- else: -- tmp = re.sub("TEMPLATETYPE", self.name, script.users) -- newsh += re.sub("ROLES", roles, tmp) -- -- if self.type == RUSER: -- for u in self.transition_users: -- tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans) -- newsh += re.sub("USER", u, tmp) -- -- if self.type == LUSER: -- newsh += re.sub("TEMPLATETYPE", self.name, script.min_login_user_default_context) -- else: -- newsh += re.sub("TEMPLATETYPE", self.name, script.x_login_user_default_context) -- -- -- return newsh -- -- def generate_sh(self): -- temp = re.sub("TEMPLATETYPE", self.file_name, script.compile) -- if self.type == EUSER: -- newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp) -- else: -- newsh = re.sub("TEMPLATEFILE", self.file_name, temp) -- if self.program != "": -- newsh += re.sub("FILENAME", self.program, script.restorecon) -- if self.initscript != "": -- newsh += re.sub("FILENAME", self.initscript, script.restorecon) -- -- for i in self.files.keys(): -- newsh += re.sub("FILENAME", i, script.restorecon) -- -- for i in self.dirs.keys(): -- newsh += re.sub("FILENAME", i, script.restorecon) -- -- for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]: -- if self.find_port(i,"tcp") == None: -- t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports) -- newsh += re.sub("TEMPLATETYPE", self.name, t1) -- -- for i in self.in_udp[PORTS]: -- if self.find_port(i,"udp") == None: -- t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports) -- newsh += re.sub("TEMPLATETYPE", self.name, t1) -- -- newsh += self.generate_user_sh() -- -- return newsh -- -- def write_te(self, out_dir): -- if self.type == EUSER: -- tefile = "%s/my%s.te" % (out_dir, self.file_name) -- else: -- tefile = "%s/%s.te" % (out_dir, self.file_name) -- fd = open(tefile, "w") -- fd.write(self.generate_te()) -- fd.close() -- return tefile -- -- def write_sh(self, out_dir): -- if self.type == EUSER: -- shfile = "%s/my%s.sh" % (out_dir, self.file_name) -- else: -- shfile = "%s/%s.sh" % (out_dir, self.file_name) -- fd = open(shfile, "w") -- fd.write(self.generate_sh()) -- fd.close() -- os.chmod(shfile, 0750) -- return shfile -- -- def write_if(self, out_dir): -- if self.type == EUSER: -- iffile = "%s/my%s.if" % (out_dir, self.file_name) -- else: -- iffile = "%s/%s.if" % (out_dir, self.file_name) -- fd = open(iffile, "w") -- fd.write(self.generate_if()) -- fd.close() -- return iffile -- -- def write_fc(self,out_dir): -- if self.type == EUSER: -- fcfile = "%s/my%s.fc" % (out_dir, self.file_name) -- else: -- fcfile = "%s/%s.fc" % (out_dir, self.file_name) -- fd = open(fcfile, "w") -- fd.write(self.generate_fc()) -- fd.close() -- return fcfile -- -- def gen_writeable(self): -- fd = os.popen("rpm -qlf %s" % self.program) -- for f in fd.read().split(): -- for b in self.DEFAULT_DIRS: -- if b == "/etc": -- continue -- if f.startswith(b): -- if os.path.isfile(f): -- self.add_file(f) -- else: -- self.add_dir(f) -- fd.close() -- -- # some packages have own systemd subpackage -- # tor-systemd for example -- binary_name = self.program.split("/")[-1] -- rc, output = commands.getstatusoutput("rpm -q %s-systemd" % binary_name) -- if rc == 0: -- fd = os.popen("rpm -ql %s-systemd" % binary_name) -- for f in fd.read().split(): -- for b in self.DEFAULT_DIRS: -- if f.startswith(b): -- if os.path.isfile(f): -- self.add_file(f) -- else: -- self.add_dir(f) -- fd.close() -- -- if os.path.isfile("/var/run/%s.pid" % self.name): -- self.add_file("/var/run/%s.pid" % self.name) -- -- if os.path.isfile("/etc/rc.d/init.d/%s" % self.name): -- self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name) -- -- def gen_symbols(self): -- if self.type not in APPLICATIONS: -- return -- -- fd = os.popen("nm -D %s | grep U" % self.program) -- for s in fd.read().split(): -- for b in self.symbols: -- if s.startswith(b): -- exec "self.%s" % self.symbols[b] -- fd.close() -- -- def generate(self, out_dir = "."): -- self.write_te(out_dir) -- self.write_if(out_dir) -- self.write_fc(out_dir) -- self.write_sh(out_dir) -- out = "Created the following files in:\n%s/\n" % out_dir -- out += "%s.te # %s\n" % (self.file_name, _("Type Enforcement file")) -- out += "%s.if # %s\n" % (self.file_name, _("Interface file")) -- out += "%s.fc # %s\n" % (self.file_name, _("File Contexts file")) -- out += "%s.sh # %s\n" % (self.file_name, _("Setup Script")) -- return out -- --def errorExit(error): -- sys.stderr.write("%s: " % sys.argv[0]) -- sys.stderr.write("%s\n" % error) -- sys.stderr.flush() -- sys.exit(1) -- --def test(): -- import tempfile -- -- tmpdir = tempfile.mkdtemp(prefix="polgen_") -- -- mypolicy = policy("myrwho", DAEMON) -- mypolicy.set_program("/usr/sbin/myrwhod") -- mypolicy.set_init_script("/etc/init.d/myrwhod") -- mypolicy.add_dir("/etc/nasd") -- mypolicy.set_in_tcp(1, 0, 0, "513") -- mypolicy.set_use_uid(True) -- mypolicy.set_use_tmp(True) -- mypolicy.set_use_syslog(True) -- mypolicy.set_use_pam(True) -- mypolicy.add_dir("/var/run/myrwho") -- mypolicy.add_dir("/var/lib/myrwho") -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("mywhois", USER) -- mypolicy.set_program("/usr/bin/jwhois") -- mypolicy.set_out_tcp(0, "43,63,4321") -- mypolicy.set_out_udp(0, "43,63,4321") -- mypolicy.add_dir("/var/cache/jwhois") -- mypolicy.set_transition_users(["staff_u"]) -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("mytuser", TUSER) -- mypolicy.set_admin_roles(["mydbadm"]) -- mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications") -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("mycgi", CGI) -- mypolicy.set_program("/var/www/cgi-bin/cgi") -- mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000") -- mypolicy.set_in_udp(1, 0, 0, "1513") -- mypolicy.set_use_uid(True) -- mypolicy.set_use_tmp(False) -- mypolicy.set_use_syslog(True) -- mypolicy.set_use_pam(True) -- mypolicy.set_out_tcp(0,"8000") -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("myinetd", INETD) -- mypolicy.set_program("/usr/bin/mytest") -- mypolicy.set_in_tcp(1, 0, 0, "513") -- mypolicy.set_in_udp(1, 0, 0, "1513") -- mypolicy.set_use_uid(True) -- mypolicy.set_use_tmp(True) -- mypolicy.set_use_syslog(True) -- mypolicy.set_use_pam(True) -- mypolicy.add_file("/var/lib/mysql/mysql.sock") -- mypolicy.add_file("/var/run/rpcbind.sock") -- mypolicy.add_file("/var/run/daemon.pub") -- mypolicy.add_file("/var/log/daemon.log") -- mypolicy.add_dir("/var/lib/daemon") -- mypolicy.add_dir("/etc/daemon") -- mypolicy.add_dir("/etc/daemon/special") -- mypolicy.set_use_uid(True) -- mypolicy.set_use_syslog(True) -- mypolicy.set_use_pam(True) -- mypolicy.set_use_audit(True) -- mypolicy.set_use_dbus(True) -- mypolicy.set_use_terminal(True) -- mypolicy.set_use_mail(True) -- mypolicy.set_out_tcp(0,"8000") -- print mypolicy.generate(tmpdir) -- -- -- mypolicy = policy("mydbus", DBUS) -- mypolicy.set_program("/usr/libexec/mydbus") -- mypolicy.set_in_tcp(1, 0, 0, "513") -- mypolicy.set_in_udp(1, 0, 0, "1513") -- mypolicy.set_use_uid(True) -- mypolicy.set_use_tmp(True) -- mypolicy.set_use_syslog(True) -- mypolicy.set_use_pam(True) -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("myxuser", XUSER) -- mypolicy.set_in_tcp(1, 1, 1, "28920") -- mypolicy.set_in_udp(0, 0, 1, "1513") -- mypolicy.set_transition_domains(["mozilla"]) -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("myuser", USER) -- mypolicy.set_program("/usr/bin/myuser") -- mypolicy.set_in_tcp(1, 0, 0, "513") -- mypolicy.set_in_udp(1, 0, 0, "1513") -- mypolicy.set_use_uid(True) -- mypolicy.set_use_tmp(True) -- mypolicy.set_use_syslog(True) -- mypolicy.set_use_pam(True) -- mypolicy.add_file("/var/lib/myuser/myuser.sock") -- mypolicy.set_out_tcp(0,"8000") -- mypolicy.set_transition_users(["unconfined_u", "staff_u"]) -- print mypolicy.generate(tmpdir) -- -- mypolicy = policy("mysandbox", SANDBOX) -- mypolicy.set_out_udp(0, "993") -- print mypolicy.generate("/tmp") -- -- mypolicy = policy("mydbadm", RUSER) -- mypolicy.set_admin_domains(["postgresql", "mysql"]) -- print mypolicy.generate(tmpdir) -- os.chdir(tmpdir) -- rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile") -- print output -- sys.exit(os.WEXITSTATUS(rc)) -- --import os, sys, getopt, socket, random, fcntl -- --def usage(msg): -- print _(""" --%s -- --sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ] --valid Types: --""") % msg -- keys=poltype.keys() -- for i in keys: -- print "\t%s\t%s" % (i, poltype[i]) -- sys.exit(-1) -- --if __name__ == '__main__': -- setype = DAEMON -- name = None -- try: -- gopts, cmds = getopt.getopt(sys.argv[1:], "ht:mn:", -- ["type=", -- "mount", -- "test", -- "name=", -- "help"]) -- for o, a in gopts: -- if o == "-t" or o == "--type": -- try: -- if int(a) not in poltype: -- usage ("invalid type %s" % a ) -- except: -- usage ("invalid type %s" % a ) -- -- setype = int(a) -- -- if o == "-m" or o == "--mount": -- mount_ind = True -- -- if o == "-n" or o == "--name": -- name = a -- -- if o == "-h" or o == "--help": -- usage("") -- -- if o == "--test": -- test() -- sys.exit(0) -- -- except getopt.error, error: -- usage(_("Options Error %s ") % error.msg) -- -- if len(cmds) == 0: -- usage(_("Executable or Name required")) -- -- try: -- cmd = os.path.realpath(cmds[0]) -- if not name: -- name = os.path.basename(cmd).replace("-","_") -- -- print("Generating Policy for %s named %s" % (cmd, name)) -- mypolicy = policy(name, setype) -- if setype not in USERS + [ SANDBOX ]: -- mypolicy.set_program(cmd) -- -- if setype in APPLICATIONS: -- mypolicy.gen_writeable() -- mypolicy.gen_symbols() -- print mypolicy.generate() -- sys.exit(0) -- except ValueError, e: -- usage(e) -diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py -index 0460a33..1c16f7b 100644 ---- a/policycoreutils/gui/polgengui.py -+++ b/policycoreutils/gui/polgengui.py -@@ -4,7 +4,7 @@ - # - # Dan Walsh - # --# Copyright (C) 2007-2011 Red Hat -+# Copyright (C) 2007-2012 Red Hat - # - # This program is free software; you can redistribute it and/or modify - # it under the terms of the GNU General Public License as published by -@@ -28,9 +28,25 @@ import os - import gobject - import gnome - import sys --import polgen -+from sepolicy import generate -+import sepolicy.interface -+import commands -+ - import re - -+def get_all_modules(): -+ try: -+ all_modules = [] -+ rc, output=commands.getstatusoutput("semodule -l 2>/dev/null") -+ if rc == 0: -+ l = output.split("\n") -+ for i in l: -+ all_modules.append(i.split()[0]) -+ except: -+ pass -+ -+ return all_modules -+ - - ## - ## I18N -@@ -169,10 +185,10 @@ class childWindow: - self.tooltip_dict[label] = label.get_tooltip_text() - - try: -- self.all_types = polgen.get_all_types() -- self.all_modules = polgen.get_all_modules() -- self.all_roles = polgen.get_all_roles() -- self.all_users = polgen.get_all_users() -+ self.all_types = generate.get_all_types() -+ self.all_modules = get_all_modules() -+ self.all_roles = generate.get_all_roles() -+ self.all_users = generate.get_all_users() - except RuntimeError, e: - self.all_types = [] - self.all_modules = [] -@@ -200,16 +216,16 @@ class childWindow: - self.boolean_description_entry = xml.get_widget ("boolean_description_entry") - - self.pages={} -- for i in polgen.USERS: -+ for i in generate.USERS: - self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -- self.pages[polgen.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -- self.pages[polgen.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -- self.pages[polgen.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] -- self.pages[polgen.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[generate.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[generate.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[generate.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] -+ self.pages[generate.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] - -- for i in polgen.APPLICATIONS: -+ for i in generate.APPLICATIONS: - self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] -- self.pages[polgen.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] -+ self.pages[generate.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] - - self.current_page = 0 - self.back_button.set_sensitive(0) -@@ -304,22 +320,17 @@ class childWindow: - col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) - self.admin_treeview.append_column(col) - -- for i in polgen.methods: -- m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i) -- if len(m) > 0: -- if "%s_exec_t" % m[0] in self.all_types: -- iter = self.transition_store.append() -- self.transition_store.set_value(iter, 0, m[0]) -- continue - -- m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i) -- if len(m) > 0: -- iter = self.admin_store.append() -- self.admin_store.set_value(iter, 0, m[0]) -- continue -+ for u in sepolicy.interface.get_user(): -+ iter = self.transition_store.append() -+ self.transition_store.set_value(iter, 0, u) -+ -+ for a in sepolicy.interface.get_admin(): -+ iter = self.admin_store.append() -+ self.admin_store.set_value(iter, 0, a) - - def confine_application(self): -- return self.get_type() in polgen.APPLICATIONS -+ return self.get_type() in generate.APPLICATIONS - - def forward(self, arg): - type = self.get_type() -@@ -416,41 +427,41 @@ class childWindow: - - def get_type(self): - if self.sandbox_radiobutton.get_active(): -- return polgen.SANDBOX -+ return generate.SANDBOX - if self.cgi_radiobutton.get_active(): -- return polgen.CGI -+ return generate.CGI - if self.user_radiobutton.get_active(): -- return polgen.USER -+ return generate.USER - if self.init_radiobutton.get_active(): -- return polgen.DAEMON -+ return generate.DAEMON - if self.dbus_radiobutton.get_active(): -- return polgen.DBUS -+ return generate.DBUS - if self.inetd_radiobutton.get_active(): -- return polgen.INETD -+ return generate.INETD - if self.login_user_radiobutton.get_active(): -- return polgen.LUSER -+ return generate.LUSER - if self.admin_user_radiobutton.get_active(): -- return polgen.AUSER -+ return generate.AUSER - if self.xwindows_user_radiobutton.get_active(): -- return polgen.XUSER -+ return generate.XUSER - if self.terminal_user_radiobutton.get_active(): -- return polgen.TUSER -+ return generate.TUSER - if self.root_user_radiobutton.get_active(): -- return polgen.RUSER -+ return generate.RUSER - if self.existing_user_radiobutton.get_active(): -- return polgen.EUSER -+ return generate.EUSER - - def generate_policy(self, *args): - outputdir = self.output_entry.get_text() - try: -- my_policy=polgen.policy(self.get_name(), self.get_type()) -+ my_policy=generate.policy(self.get_name(), self.get_type()) - - iter= self.boolean_store.get_iter_first() - while(iter): - my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) - iter= self.boolean_store.iter_next(iter) - -- if self.get_type() in polgen.APPLICATIONS: -+ if self.get_type() in generate.APPLICATIONS: - my_policy.set_program(self.exec_entry.get_text()) - my_policy.gen_symbols() - -@@ -463,14 +474,14 @@ class childWindow: - my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1) - my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1) - my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) -- if self.get_type() is polgen.DAEMON: -+ if self.get_type() is generate.DAEMON: - my_policy.set_init_script(self.init_script_entry.get_text()) -- if self.get_type() == polgen.USER: -+ if self.get_type() == generate.USER: - selected = [] - self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) - my_policy.set_transition_users(selected) - else: -- if self.get_type() == polgen.RUSER: -+ if self.get_type() == generate.RUSER: - selected = [] - self.admin_treeview.get_selection().selected_foreach(foreach, selected) - my_policy.set_admin_domains(selected) -@@ -667,16 +678,16 @@ class childWindow: - - def on_in_net_page_next(self, *args): - try: -- polgen.verify_ports(self.in_tcp_entry.get_text()) -- polgen.verify_ports(self.in_udp_entry.get_text()) -+ generate.verify_ports(self.in_tcp_entry.get_text()) -+ generate.verify_ports(self.in_udp_entry.get_text()) - except ValueError, e: - self.error(e.message) - return True - - def on_out_net_page_next(self, *args): - try: -- polgen.verify_ports(self.out_tcp_entry.get_text()) -- polgen.verify_ports(self.out_udp_entry.get_text()) -+ generate.verify_ports(self.out_tcp_entry.get_text()) -+ generate.verify_ports(self.out_udp_entry.get_text()) - except ValueError, e: - self.error(e.message) - return True -@@ -712,7 +723,7 @@ class childWindow: - if exe == "": - self.error(_("You must enter a executable")) - return True -- policy=polgen.policy(name, self.get_type()) -+ policy=generate.policy(name, self.get_type()) - policy.set_program(exe) - policy.gen_writeable() - policy.gen_symbols() -diff --git a/policycoreutils/gui/sepolgen b/policycoreutils/gui/sepolgen +diff --git a/policycoreutils/gui/selinux-polgengui.desktop b/policycoreutils/gui/selinux-polgengui.desktop new file mode 100644 -index 0000000..2f0c1cc +index 0000000..0c2f399 --- /dev/null -+++ b/policycoreutils/gui/sepolgen -@@ -0,0 +1,2 @@ -+#!/bin/sh -+sepolicy generate $* -diff --git a/policycoreutils/gui/statusPage.py b/policycoreutils/gui/statusPage.py -index e561de1..02685f2 100644 ---- a/policycoreutils/gui/statusPage.py -+++ b/policycoreutils/gui/statusPage.py -@@ -158,12 +158,30 @@ class statusPage: - self.enabled = enabled ++++ b/policycoreutils/gui/selinux-polgengui.desktop +@@ -0,0 +1,67 @@ ++[Desktop Entry] ++Name=SELinux Policy Generation Tool ++Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী ++Name[ca]=Eina de generació de polítiques del SELinux ++Name[da]=Regelsætgenereringsværktøj til SELinux ++Name[de]=Tool zur Erstellung von SELinux-Richtlinien ++Name[es]=Generador de Políticas de SELinux ++Name[fi]=SELinux-käytäntöjen generointityökalu ++Name[fr]=Outil de génération de stratégies SELinux ++Name[gu]=SELinux પોલિસી બનાવટ સાધન ++Name[hi]=SELinux पॉलिसी जनन औजार ++Name[it]=Tool di generazione della policy di SELinux ++Name[ja]=SELinux ポリシー生成ツール ++Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ ++Name[ko]=SELinux 정책 생성 도구 ++Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം ++Name[mr]=SELinux करार निर्माण साधन ++Name[nl]=SELinux tactiek generatie gereedschap ++Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ ++Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ ++Name[pl]=Narzędzie tworzenia polityki SELinuksa ++Name[pt]=Ferramenta de Geração de Políticas SELinux ++Name[pt_BR]=Ferramenta de criação de políticas do SELinux ++Name[ru]=Средство создания политики SELinux ++Name[sv]=Genereringsverktyg för SELinuxpolicy ++Name[ta]=SELinux பாலிசி உற்பத்தி கருவி ++Name[te]=SELinux నిర్వహణ ++Name[uk]=Утиліта генерації правил SELinux ++Name[zh_CN]=SELinux 策略生成工具 ++Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool) ++Comment=Generate SELinux policy modules ++Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন ++Comment[ca]=Genera els mòduls de les polítiques de SELinux ++Comment[da]=Generér SELinux-regelsætmodul ++Comment[de]=Tool zur Erstellung von SELinux-Richtlinien ++Comment[es]=Generar módulos de política de SELinux ++Comment[fi]=Generoi SELinuxin käytäntömoduuleja ++Comment[fr]=Génére des modules de stratégie SELinux ++Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો ++Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें ++Comment[it]=Genera moduli della politica di SELinux ++Comment[ja]=新しいポリシーモジュールの作成 ++Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು ++Comment[ko]=SELinux 정책 모듈 생성 ++Comment[ml]=SELinux യ പോളിസി ഘങ്ങള്‍ തയ്യാറാക്കുക ++Comment[mr]=SELinux करार घटके निर्माण करा ++Comment[nl]=Maak een SELinux tactiek module aan ++Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ ++Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ ++Comment[pl]=Tworzenie nowych modułów polityki SELinuksa ++Comment[pt]=Gerar módulos de políticas SELinux ++Comment[pt_BR]=Gerar módulos de política do SELinux ++Comment[ru]=Генерация модулей политики SELinux ++Comment[sv]=Generera SELinux-policymoduler ++Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும் ++Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము ++Comment[uk]=Створення модулів контролю доступу SELinux ++Comment[zh_CN]=生成 SELinux 策略模块 ++Comment[zh_TW]=產生 SELinux 政策模組 ++StartupNotify=true ++Icon=system-config-selinux ++Exec=/usr/bin/selinux-polgengui ++Type=Application ++Terminal=false ++Categories=System;Security; ++X-Desktop-File-Install-Version=0.2 ++Keywords=policy;security;selinux;avc;permission;mac; +diff --git a/policycoreutils/gui/system-config-selinux.console b/policycoreutils/gui/system-config-selinux.console +new file mode 100644 +index 0000000..42b48a3 +--- /dev/null ++++ b/policycoreutils/gui/system-config-selinux.console +@@ -0,0 +1,3 @@ ++USER=root ++PROGRAM=/usr/share/system-config-selinux/system-config-selinux.py ++SESSION=true +diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop +new file mode 100644 +index 0000000..8822ce2 +--- /dev/null ++++ b/policycoreutils/gui/system-config-selinux.desktop +@@ -0,0 +1,67 @@ ++[Desktop Entry] ++Name=SELinux Management ++Name[bn_IN]=SELinux পরিচালনা ++Name[da]=Håndtering af SELinux ++Name[de]=SELinux-Management ++Name[ca]=Gestió de SELinux ++Name[es]=Administración de SELinux ++Name[fi]=SELinuxin ylläpito ++Name[fr]=Gestion de SELinux ++Name[gu]=SELinux સંચાલન ++Name[hi]=SELinux प्रबंधन ++Name[jp]=SELinux 管理 ++Name[it]=Gestione di SELinux ++Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ ++Name[ko]=SELinux 관리 ++Name[ml]=SELinux മാനേജ്മെന്റ് ++Name[mr]=SELinux मॅनेजमेंट ++Name[nl]=SELinux beheer ++Name[or]=SELinux ପରିଚାଳନା ++Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ ++Name[pl]=Zarządzanie SELinuksem ++Name[pt_BR]=Gerenciamento do SELinux ++Name[pt]=Gestão de SELinux ++Name[ru]=Управление SELinux ++Name[sv]=SELinux-hantering ++Name[ta]=SELinux மேலாண்மை ++Name[te]=SELinux నిర్వహణ ++Name[uk]=Керування SELinux ++Name[zh_CN]=SELinux 管理 ++Name[zh_TW]=SELinux 管理 ++Comment=Configure SELinux in a graphical setting ++Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন ++Comment[ca]=Configura SELinuc an mode de preferències gràfiques ++Comment[da]=Konfigurér SELinux i et grafisk miljø ++Comment[de]=SELinux in einer grafischen Einstellung konfigurieren ++Comment[es]=Defina SELinux en una configuración de interfaz gráfica ++Comment[fi]=Tee SELinuxin asetukset graafisesti ++Comment[fr]=Configure SELinux dans un environnement graphique ++Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો ++Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें ++Comment[it]=Configura SELinux in una impostazione grafica ++Comment[jp]=グラフィカルな設定画面で SELinux を設定する ++Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정 ++Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ ++Comment[ml]=ഒരു ഗ്രാഫിക്കല്‍ സജ്ജീകരണത്തില്‍ SELinux ക്രമീകരിയ്ക്കുക ++Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा ++Comment[nl]=Configureer SELinux in een grafische omgeving ++Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ ++Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ ++Comment[pl]=Konfiguracja SELinuksa w trybie graficznym ++Comment[pt]=Configurar o SELinux num ambiente gráfico ++Comment[pt_BR]=Configure o SELinux em uma configuração gráfica ++Comment[ru]=Настройка SELinux в графическом режиме ++Comment[sv]=Konfigurera SELinux i en grafisk miljö ++Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும் ++Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము ++Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом ++Comment[zh_CN]=在图形设置中配置 SELinux ++Comment[zh_TW]=在圖形話設定中配置 SELinux ++StartupNotify=true ++Icon=system-config-selinux ++Exec=/usr/bin/system-config-selinux ++Type=Application ++Terminal=false ++Categories=System;Security; ++X-Desktop-File-Install-Version=0.2 ++Keywords=policy;security;selinux;avc;permission;mac; +diff --git a/policycoreutils/gui/system-config-selinux.pam b/policycoreutils/gui/system-config-selinux.pam +new file mode 100644 +index 0000000..6a8c230 +--- /dev/null ++++ b/policycoreutils/gui/system-config-selinux.pam +@@ -0,0 +1,8 @@ ++#%PAM-1.0 ++auth sufficient pam_rootok.so ++auth sufficient pam_timestamp.so ++auth include system-auth ++session required pam_permit.so ++session optional pam_xauth.so ++session optional pam_timestamp.so ++account required pam_permit.so +diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui/system-config-selinux.png +new file mode 100644 +index 0000000..68ffcb7 +Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ +diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c +index 8fbf2d0..3753ef4 100644 +--- a/policycoreutils/newrole/newrole.c ++++ b/policycoreutils/newrole/newrole.c +@@ -680,7 +680,7 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, + security_context_t * tty_context, + security_context_t * new_tty_context) + { +- int fd; ++ int fd, rc; + int enforcing = security_getenforce(); + security_context_t tty_con = NULL; + security_context_t new_tty_con = NULL; +@@ -699,7 +699,13 @@ static int relabel_tty(const char *ttyn, security_context_t new_context, + fprintf(stderr, _("Error! Could not open %s.\n"), ttyn); + return fd; + } +- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ /* this craziness is to make sure we cann't block on open and deadlock */ ++ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ if (rc) { ++ fprintf(stderr, _("Error! Could not clear O_NONBLOCK on %s\n"), ttyn); ++ close(fd); ++ return rc; ++ } - def write_selinux_config(self, enforcing, type): -- import commands -- commands.getstatusoutput("/usr/sbin/lokkit --selinuxtype=%s --selinux=%s" % (type, enforcing)) -+ path = selinux.selinux_path() + "config" -+ backup_path = path + ".bck" -+ fd = open(path) -+ lines = fd.readlines() -+ fd.close() -+ fd = open(backup_path, "w") -+ for l in lines: -+ if l.startswith("SELINUX="): -+ fd.write("SELINUX=%s\n" % enforcing) -+ continue -+ if l.startswith("SELINUXTYPE="): -+ fd.write("SELINUXTYPE=%s\n" % type) -+ continue -+ fd.write(l) -+ fd.close() -+ os.rename(backup_path, path) + if (fgetfilecon(fd, &tty_con) < 0) { + fprintf(stderr, _("%s! Could not get current context " +@@ -1010,9 +1016,9 @@ int main(int argc, char *argv[]) + int fd; + pid_t childPid = 0; + char *shell_argv0 = NULL; ++ int rc; - def read_selinux_config(self): - self.initialtype = selinux.selinux_getpolicytype()[1] -- self.initEnabled = selinux.selinux_getenforcemode()[1] -+ try: -+ self.initEnabled = selinux.selinux_getenforcemode()[1] -+ except: -+ self.initEnabled = False -+ pass - self.enabled = self.initEnabled - self.enabledOptionMenu.set_active(self.enabled + 1 ) + #ifdef USE_PAM +- int rc; + int pam_status; /* pam return code */ + pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */ -diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py -index 85e8b7f..bc3027e 100644 ---- a/policycoreutils/gui/system-config-selinux.py -+++ b/policycoreutils/gui/system-config-selinux.py -@@ -22,12 +22,18 @@ - # - import signal - import string --import gtk -+import sys -+try: -+ import gtk -+except RuntimeError, e: -+ print "system-config-selinux:", e -+ print "This is a graphical application and requires DISPLAY to be set." -+ sys.exit (1) +@@ -1226,15 +1232,23 @@ int main(int argc, char *argv[]) + fd = open(ttyn, O_RDONLY | O_NONBLOCK); + if (fd != 0) + goto err_close_pam; +- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ if (rc) ++ goto err_close_pam; + - import gtk.glade - import os - import gobject - import gnome --import sys - import statusPage - import booleansPage - import loginsPage -diff --git a/policycoreutils/gui/templates/__init__.py b/policycoreutils/gui/templates/__init__.py -deleted file mode 100644 -index 156a0bd..0000000 ---- a/policycoreutils/gui/templates/__init__.py -+++ /dev/null -@@ -1,17 +0,0 @@ --# --# Copyright (C) 2007-2012 Red Hat --# --# This program is free software; you can redistribute it and/or modify --# it under the terms of the GNU General Public License as published by --# the Free Software Foundation; either version 2 of the License, or --# (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. --# -diff --git a/policycoreutils/gui/templates/boolean.py b/policycoreutils/gui/templates/boolean.py -deleted file mode 100644 -index f57d927..0000000 ---- a/policycoreutils/gui/templates/boolean.py -+++ /dev/null -@@ -1,39 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### boolean Template File ########################### -- --te_boolean=""" --## --##

--## DESCRIPTION --##

--## --gen_tunable(BOOLEAN, false) --""" -- --te_rules=""" --tunable_policy(`BOOLEAN',` --#TRUE --',` --#FALSE --') --""" -diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py -deleted file mode 100644 -index 0d3dbfe..0000000 ---- a/policycoreutils/gui/templates/etc_rw.py -+++ /dev/null -@@ -1,112 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### etc_rw Template File ############################# -- --########################### Type Enforcement File ############################# --te_types=""" --type TEMPLATETYPE_etc_rw_t; --files_type(TEMPLATETYPE_etc_rw_t) --""" --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) --files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file }) --""" -- --########################### Interface File ############################# --if_rules=""" --######################################## --## --## Search TEMPLATETYPE conf directories. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_search_conf',` -- gen_require(` -- type TEMPLATETYPE_etc_rw_t; -- ') -- -- allow $1 TEMPLATETYPE_etc_rw_t:dir search_dir_perms; -- files_search_etc($1) --') -- --######################################## --## --## Read TEMPLATETYPE conf files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_conf_files',` -- gen_require(` -- type TEMPLATETYPE_etc_rw_t; -- ') -- -- allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms; -- allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms; -- files_search_etc($1) --') -- --######################################## --## --## Manage TEMPLATETYPE conf files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_conf_files',` -- gen_require(` -- type TEMPLATETYPE_etc_rw_t; -- ') -- -- manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) -- files_search_etc($1) --') -- --""" -- --if_admin_types=""" -- type TEMPLATETYPE_etc_rw_t;""" -- --if_admin_rules=""" -- files_search_etc($1) -- admin_pattern($1, TEMPLATETYPE_etc_rw_t) --""" -- --########################### File Context ################################## --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) --""" -- --fc_dir="""\ --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) --""" -diff --git a/policycoreutils/gui/templates/executable.py b/policycoreutils/gui/templates/executable.py -deleted file mode 100644 -index 5b39d77..0000000 ---- a/policycoreutils/gui/templates/executable.py -+++ /dev/null -@@ -1,445 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### Type Enforcement File ############################# --te_daemon_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --type TEMPLATETYPE_t; --type TEMPLATETYPE_exec_t; --init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -- --permissive TEMPLATETYPE_t; --""" -- --te_initscript_types=""" --type TEMPLATETYPE_initrc_exec_t; --init_script_file(TEMPLATETYPE_initrc_exec_t) --""" -- --te_dbusd_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --type TEMPLATETYPE_t; --type TEMPLATETYPE_exec_t; --dbus_system_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -- --permissive TEMPLATETYPE_t; --""" -- --te_inetd_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --type TEMPLATETYPE_t; --type TEMPLATETYPE_exec_t; --inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -- --permissive TEMPLATETYPE_t; --""" -- --te_userapp_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --type TEMPLATETYPE_t; --type TEMPLATETYPE_exec_t; --application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) --role system_r types TEMPLATETYPE_t; -- --permissive TEMPLATETYPE_t; --""" -- --te_sandbox_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --sandbox_x_domain_template(TEMPLATETYPE) -- --permissive TEMPLATETYPE_t; --permissive TEMPLATETYPE_client_t; -- --""" -- --te_cgi_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --apache_content_template(TEMPLATETYPE) -- --permissive httpd_TEMPLATETYPE_script_t; --""" -- --te_daemon_rules="""\ --allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms; --allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; --""" -- --te_inetd_rules=""" --""" -- --te_dbusd_rules=""" --""" -- --te_userapp_rules=""" --allow TEMPLATETYPE_t self:fifo_file manage_fifo_file_perms; --allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; --""" -- --te_cgi_rules=""" --""" -- --te_sandbox_rules=""" --""" -- --te_uid_rules=""" --auth_use_nsswitch(TEMPLATETYPE_t) --""" -- --te_syslog_rules=""" --logging_send_syslog_msg(TEMPLATETYPE_t) --""" -- --te_resolve_rules=""" --sysnet_dns_name_resolve(TEMPLATETYPE_t) --""" -- --te_pam_rules=""" --auth_domtrans_chk_passwd(TEMPLATETYPE_t) --""" -- --te_mail_rules=""" --mta_send_mail(TEMPLATETYPE_t) --""" -- --te_dbus_rules=""" --optional_policy(` -- dbus_system_bus_client(TEMPLATETYPE_t) -- dbus_connect_system_bus(TEMPLATETYPE_t) --') --""" -- --te_kerberos_rules=""" --optional_policy(` -- kerberos_use(TEMPLATETYPE_t) --') --""" -- --te_manage_krb5_rcache_rules=""" --optional_policy(` -- kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) -- kerberos_manage_host_rcache(TEMPLATETYPE_t) --') --""" -- --te_audit_rules=""" --logging_send_audit_msgs(TEMPLATETYPE_t) --""" -- --te_run_rules=""" --optional_policy(` -- gen_require(` -- type USER_t; -- role USER_r; -- ') -- -- TEMPLATETYPE_run(USER_t, USER_r) --') --""" -- --te_fd_rules=""" --domain_use_interactive_fds(TEMPLATETYPE_t) --""" -- --te_etc_rules=""" --files_read_etc_files(TEMPLATETYPE_t) --""" -- --te_localization_rules=""" --miscfiles_read_localization(TEMPLATETYPE_t) --""" -- --########################### Interface File ############################# -- --if_heading_rules=""" --## policy for TEMPLATETYPE""" -- --if_program_rules=""" -- --######################################## --## --## Transition to TEMPLATETYPE. --## --## --## --## Domain allowed to transition. --## --## --# --interface(`TEMPLATETYPE_domtrans',` -- gen_require(` -- type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; -- ') -- -- corecmd_search_bin($1) -- domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t) --') --""" -- --if_user_program_rules=""" --######################################## --## --## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and --## allow the specified role the TEMPLATETYPE domain. --## --## --## --## Domain allowed to transition --## --## --## --## --## The role to be allowed the TEMPLATETYPE domain. --## --## --# --interface(`TEMPLATETYPE_run',` -- gen_require(` -- type TEMPLATETYPE_t; -- ') -- -- TEMPLATETYPE_domtrans($1) -- role $2 types TEMPLATETYPE_t; --') -- --######################################## --## --## Role access for TEMPLATETYPE --## --## --## --## Role allowed access --## --## --## --## --## User domain for the role --## --## --# --interface(`TEMPLATETYPE_role',` -- gen_require(` -- type TEMPLATETYPE_t; -- ') -- -- role $1 types TEMPLATETYPE_t; -- -- TEMPLATETYPE_domtrans($2) -- -- ps_process_pattern($2, TEMPLATETYPE_t) -- allow $2 TEMPLATETYPE_t:process signal; --') --""" -- --if_sandbox_rules=""" --######################################## --## --## Execute sandbox in the TEMPLATETYPE_t domain, and --## allow the specified role the TEMPLATETYPE_t domain. --## --## --## --## Domain allowed to transition. --## --## --## --## --## The role to be allowed the TEMPLATETYPE_t domain. --## --## --# --interface(`TEMPLATETYPE_transition',` -- gen_require(` -- type TEMPLATETYPE_t; -- type TEMPLATETYPE_client_t; -- ') -- -- allow $1 TEMPLATETYPE_t:process { signal_perms transition }; -- dontaudit $1 TEMPLATETYPE_t:process { noatsecure siginh rlimitinh }; -- role $2 types TEMPLATETYPE_t; -- role $2 types TEMPLATETYPE_client_t; -- -- allow TEMPLATETYPE_t $1:process { sigchld signull }; -- allow TEMPLATETYPE_t $1:fifo_file rw_inherited_fifo_file_perms; -- allow TEMPLATETYPE_client_t $1:process { sigchld signull }; -- allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms; --') --""" -- --if_role_change_rules=""" --######################################## --## --## Change to the TEMPLATETYPE role. --## --## --## --## Role allowed access. --## --## --## --# --interface(`TEMPLATETYPE_role_change',` -- gen_require(` -- role TEMPLATETYPE_r; -- ') -- -- allow $1 TEMPLATETYPE_r; --') --""" -- --if_initscript_rules=""" --######################################## --## --## Execute TEMPLATETYPE server in the TEMPLATETYPE domain. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_initrc_domtrans',` -- gen_require(` -- type TEMPLATETYPE_initrc_exec_t; -- ') -- -- init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t) --') --""" -- --if_dbus_rules=""" --######################################## --## --## Send and receive messages from --## TEMPLATETYPE over dbus. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_dbus_chat',` -- gen_require(` -- type TEMPLATETYPE_t; -- class dbus send_msg; -- ') -- -- allow $1 TEMPLATETYPE_t:dbus send_msg; -- allow TEMPLATETYPE_t $1:dbus send_msg; --') --""" -- --if_begin_admin=""" --######################################## --## --## All of the rules required to administrate --## an TEMPLATETYPE environment --## --## --## --## Domain allowed access. --## --## --## --## --## Role allowed access. --## --## --## --# --interface(`TEMPLATETYPE_admin',` -- gen_require(` -- type TEMPLATETYPE_t;""" -- --if_middle_admin=""" -- ') -- -- allow $1 TEMPLATETYPE_t:process { ptrace signal_perms }; -- ps_process_pattern($1, TEMPLATETYPE_t) --""" -- --if_initscript_admin_types=""" -- type TEMPLATETYPE_initrc_exec_t;""" -- --if_initscript_admin=""" -- TEMPLATETYPE_initrc_domtrans($1) -- domain_system_change_exemption($1) -- role_transition $2 TEMPLATETYPE_initrc_exec_t system_r; -- allow $2 system_r; --""" -- --if_end_admin="""\ -- optional_policy(` -- systemd_passwd_agent_exec($1) -- systemd_read_fifo_file_passwd_run($1) -- ') --') --""" -- --########################### File Context ################################## --fc_program="""\ --EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0) --""" -- --fc_user="""\ --# Users do not have file context, leave blank --""" -- --fc_initscript="""\ --EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0) --""" -diff --git a/policycoreutils/gui/templates/network.py b/policycoreutils/gui/templates/network.py -deleted file mode 100644 -index 679d0a5..0000000 ---- a/policycoreutils/gui/templates/network.py -+++ /dev/null -@@ -1,101 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### Type Enforcement File ############################# --te_port_types=""" --type TEMPLATETYPE_port_t; --corenet_port(TEMPLATETYPE_port_t) --""" -- --te_network="""\ --sysnet_dns_name_resolve(TEMPLATETYPE_t) --corenet_all_recvfrom_unlabeled(TEMPLATETYPE_t) --""" -- --te_tcp="""\ --allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms; --corenet_tcp_sendrecv_generic_if(TEMPLATETYPE_t) --corenet_tcp_sendrecv_generic_node(TEMPLATETYPE_t) --corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t) --""" -- --te_in_tcp="""\ --corenet_tcp_bind_generic_node(TEMPLATETYPE_t) --""" -- --te_in_need_port_tcp="""\ --allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_bind; --""" -- --te_out_need_port_tcp="""\ --allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_connect; --""" -- --te_udp="""\ --allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen }; --corenet_udp_sendrecv_generic_if(TEMPLATETYPE_t) --corenet_udp_sendrecv_generic_node(TEMPLATETYPE_t) --corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t) --""" -- --te_in_udp="""\ --corenet_udp_bind_generic_node(TEMPLATETYPE_t) --""" -- --te_in_need_port_udp="""\ --allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind; --""" -- --te_out_all_ports_tcp="""\ --corenet_tcp_connect_all_ports(TEMPLATETYPE_t) --""" -- --te_out_reserved_ports_tcp="""\ --corenet_tcp_connect_all_rpc_ports(TEMPLATETYPE_t) --""" -- --te_out_unreserved_ports_tcp="""\ --corenet_tcp_connect_all_unreserved_ports(TEMPLATETYPE_t) --""" -- --te_in_all_ports_tcp="""\ --corenet_tcp_bind_all_ports(TEMPLATETYPE_t) --""" -- --te_in_reserved_ports_tcp="""\ --corenet_tcp_bind_all_rpc_ports(TEMPLATETYPE_t) --""" -- --te_in_unreserved_ports_tcp="""\ --corenet_tcp_bind_all_unreserved_ports(TEMPLATETYPE_t) --""" -- --te_in_all_ports_udp="""\ --corenet_udp_bind_all_ports(TEMPLATETYPE_t) --""" -- --te_in_reserved_ports_udp="""\ --corenet_udp_bind_all_rpc_ports(TEMPLATETYPE_t) --""" -- --te_in_unreserved_ports_udp="""\ --corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) --""" -diff --git a/policycoreutils/gui/templates/rw.py b/policycoreutils/gui/templates/rw.py -deleted file mode 100644 -index 5dfc42f..0000000 ---- a/policycoreutils/gui/templates/rw.py -+++ /dev/null -@@ -1,129 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# -- --########################### tmp Template File ############################# --te_types=""" --type TEMPLATETYPE_rw_t; --files_type(TEMPLATETYPE_rw_t) --""" -- --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) --""" -- --########################### Interface File ############################# --if_rules=""" --######################################## --## --## Search TEMPLATETYPE rw directories. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_search_rw_dir',` -- gen_require(` -- type TEMPLATETYPE_rw_t; -- ') -- -- allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms; -- files_search_rw($1) --') -- --######################################## --## --## Read TEMPLATETYPE rw files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_rw_files',` -- gen_require(` -- type TEMPLATETYPE_rw_t; -- ') -- -- allow $1 TEMPLATETYPE_rw_t:file read_file_perms; -- allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; -- files_search_rw($1) --') -- --######################################## --## --## Manage TEMPLATETYPE rw files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_rw_files',` -- gen_require(` -- type TEMPLATETYPE_rw_t; -- ') -- -- manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) --') -- --######################################## --## --## Create, read, write, and delete --## TEMPLATETYPE rw dirs. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_rw_dirs',` -- gen_require(` -- type TEMPLATETYPE_rw_t; -- ') -- -- manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) --') -- --""" -- --if_admin_types=""" -- type TEMPLATETYPE_rw_t;""" -- --if_admin_rules=""" -- files_search_etc($1) -- admin_pattern($1, TEMPLATETYPE_rw_t) --""" -- --########################### File Context ################################## --fc_file=""" --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) --""" -- --fc_dir=""" --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) --""" -diff --git a/policycoreutils/gui/templates/script.py b/policycoreutils/gui/templates/script.py -deleted file mode 100644 -index 79240ec..0000000 ---- a/policycoreutils/gui/templates/script.py -+++ /dev/null -@@ -1,126 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# -- --########################### tmp Template File ############################# --compile="""\ --#!/bin/sh -e -- --DIRNAME=`dirname $0` --cd $DIRNAME --USAGE="$0 [ --update ]" --if [ `id -u` != 0 ]; then --echo 'You must be root to run this script' --exit 1 --fi -- --if [ $# -eq 1 ]; then -- if [ "$1" = "--update" ] ; then -- time=`ls -l --time-style="+%x %X" TEMPLATEFILE.te | awk '{ printf "%s %s", $6, $7 }'` -- rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE` -- if [ x"$rules" != "x" ] ; then -- echo "Found avc's to update policy with" -- echo -e "$rules" | audit2allow -R -- echo "Do you want these changes added to policy [y/n]?" -- read ANS -- if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then -- echo "Updating policy" -- echo -e "$rules" | audit2allow -R >> TEMPLATEFILE.te -- # Fall though and rebuild policy -- else -- exit 0 -- fi -- else -- echo "No new avcs found" -- exit 0 -- fi -- else -- echo -e $USAGE -- exit 1 -- fi --elif [ $# -ge 2 ] ; then -- echo -e $USAGE -- exit 1 --fi -- --echo "Building and Loading Policy" --set -x --make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit --/usr/sbin/semodule -i TEMPLATEFILE.pp -- --""" -- --restorecon="""\ --# Fixing the file context on FILENAME --/sbin/restorecon -F -R -v FILENAME --""" -- --tcp_ports="""\ --# Adding SELinux tcp port to port PORTNUM --/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM --""" -- --udp_ports="""\ --# Adding SELinux udp port to port PORTNUM --/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM --""" -- --users="""\ --# Adding SELinux user TEMPLATETYPE_u --/usr/sbin/semanage user -a -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u --""" -- --eusers="""\ --# Adding roles to SELinux user TEMPLATETYPE_u --/usr/sbin/semanage user -m -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u --""" -- --admin_trans="""\ --# Adding roles to SELinux user USER --/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER --""" -- --min_login_user_default_context="""\ --if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then --cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF --TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t --_EOF --fi --""" -- --x_login_user_default_context="""\ --if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then --cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF --TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t --system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t --_EOF --fi --""" -diff --git a/policycoreutils/gui/templates/semodule.py b/policycoreutils/gui/templates/semodule.py -deleted file mode 100644 -index f77e50e..0000000 ---- a/policycoreutils/gui/templates/semodule.py -+++ /dev/null -@@ -1,40 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# -- --########################### tmp Template File ############################# --compile=""" --#!/bin/sh --make -f /usr/share/selinux/devel/Makefile --semodule -i TEMPLATETYPE.pp --""" -- --restorecon=""" --restorecon -R -v FILENAME --""" -- --tcp_ports=""" --semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM --""" -- --udp_ports=""" --semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM --""" -diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py -deleted file mode 100644 -index d2adaa4..0000000 ---- a/policycoreutils/gui/templates/tmp.py -+++ /dev/null -@@ -1,102 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### tmp Template File ############################# -- --te_types=""" --type TEMPLATETYPE_tmp_t; --files_tmp_file(TEMPLATETYPE_tmp_t) --""" -- --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) --files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file }) --""" -- --if_rules=""" --######################################## --## --## Do not audit attempts to read, --## TEMPLATETYPE tmp files --## --## --## --## Domain to not audit. --## --## --# --interface(`TEMPLATETYPE_dontaudit_read_tmp_files',` -- gen_require(` -- type TEMPLATETYPE_tmp_t; -- ') -- -- dontaudit $1 TEMPLATETYPE_tmp_t:file read_file_perms; --') -- --######################################## --## --## Read TEMPLATETYPE tmp files --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_tmp_files',` -- gen_require(` -- type TEMPLATETYPE_tmp_t; -- ') -- -- files_search_tmp($1) -- allow $1 TEMPLATETYPE_tmp_t:file read_file_perms; --') -- --######################################## --## --## Manage TEMPLATETYPE tmp files --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_tmp',` -- gen_require(` -- type TEMPLATETYPE_tmp_t; -- ') -- -- files_search_tmp($1) -- manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -- manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -- manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) --') --""" -- --if_admin_types=""" -- type TEMPLATETYPE_tmp_t;""" -- --if_admin_rules=""" -- files_search_tmp($1) -- admin_pattern($1, TEMPLATETYPE_tmp_t) --""" -diff --git a/policycoreutils/gui/templates/unit_file.py b/policycoreutils/gui/templates/unit_file.py -deleted file mode 100644 -index 60e5844..0000000 ---- a/policycoreutils/gui/templates/unit_file.py -+++ /dev/null -@@ -1,72 +0,0 @@ --# Copyright (C) 2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### unit Template File ############################# -- --########################### Type Enforcement File ############################# --te_types=""" --type TEMPLATETYPE_unit_file_t; --systemd_unit_file(TEMPLATETYPE_unit_file_t) --""" -- --te_rules="" -- --########################### Interface File ############################# --if_rules="""\ --######################################## --## --## Execute TEMPLATETYPE server in the TEMPLATETYPE domain. --## --## --## --## Domain allowed to transition. --## --## --# --interface(`TEMPLATETYPE_systemctl',` -- gen_require(` -- type TEMPLATETYPE_t; -- type TEMPLATETYPE_unit_file_t; -- ') -- -- systemd_exec_systemctl($1) -- systemd_read_fifo_file_password_run($1) -- allow $1 TEMPLATETYPE_unit_file_t:file read_file_perms; -- allow $1 TEMPLATETYPE_unit_file_t:service manage_service_perms; -- -- ps_process_pattern($1, TEMPLATETYPE_t) --') -- --""" -- --if_admin_types=""" -- type TEMPLATETYPE_unit_file_t;""" -- --if_admin_rules=""" -- TEMPLATETYPE_systemctl($1) -- admin_pattern($1, TEMPLATETYPE_unit_file_t) -- allow $1 TEMPLATETYPE_unit_file_t:service all_service_perms; --""" -- --########################### File Context ################################## --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_unit_file_t,s0) --""" -diff --git a/policycoreutils/gui/templates/user.py b/policycoreutils/gui/templates/user.py -deleted file mode 100644 -index 398c6f2..0000000 ---- a/policycoreutils/gui/templates/user.py -+++ /dev/null -@@ -1,204 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### Type Enforcement File ############################# -- --te_login_user_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --userdom_unpriv_user_template(TEMPLATETYPE) --""" -- --te_admin_user_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --userdom_admin_user_template(TEMPLATETYPE) --""" -- --te_min_login_user_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --userdom_restricted_user_template(TEMPLATETYPE) --""" -- --te_x_login_user_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --userdom_restricted_xwindows_user_template(TEMPLATETYPE) --""" -- --te_existing_user_types="""\ --policy_module(myTEMPLATETYPE, 1.0.0) -- --gen_require(` -- type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; -- role TEMPLATETYPE_r; --') -- --""" -- --te_root_user_types="""\ --policy_module(TEMPLATETYPE, 1.0.0) -- --######################################## --# --# Declarations --# -- --userdom_base_user_template(TEMPLATETYPE) --""" -- --te_login_user_rules="""\ -- --######################################## --# --# TEMPLATETYPE local policy --# -- --""" -- --te_existing_user_rules="""\ -- --######################################## --# --# TEMPLATETYPE customized policy --# -- --""" -- --te_x_login_user_rules="""\ -- --######################################## --# --# TEMPLATETYPE local policy --# --""" -- --te_root_user_rules="""\ -- --######################################## --# --# TEMPLATETYPE local policy --# --""" -- --te_transition_rules=""" --optional_policy(` -- APPLICATION_role(TEMPLATETYPE_r, TEMPLATETYPE_t) --') --""" -- --te_user_trans_rules=""" --optional_policy(` -- gen_require(` -- role USER_r; -- ') -- -- TEMPLATETYPE_role_change(USER_r) --') --""" -- --te_admin_rules=""" --allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice }; --files_dontaudit_search_all_dirs(TEMPLATETYPE_t) -- --selinux_get_enforce_mode(TEMPLATETYPE_t) --seutil_domtrans_setfiles(TEMPLATETYPE_t) --seutil_search_default_contexts(TEMPLATETYPE_t) -- --logging_send_syslog_msg(TEMPLATETYPE_t) -- --kernel_read_system_state(TEMPLATETYPE_t) -- --domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t) --domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t) -- --userdom_dontaudit_search_admin_dir(TEMPLATETYPE_t) --userdom_dontaudit_search_user_home_dirs(TEMPLATETYPE_t) -- --bool TEMPLATETYPE_read_user_files false; --bool TEMPLATETYPE_manage_user_files false; -- --if (TEMPLATETYPE_read_user_files) { -- userdom_read_user_home_content_files(TEMPLATETYPE_t) -- userdom_read_user_tmp_files(TEMPLATETYPE_t) --} -- --if (TEMPLATETYPE_manage_user_files) { -- userdom_manage_user_home_content(TEMPLATETYPE_t) -- userdom_manage_user_tmp_files(TEMPLATETYPE_t) --} -- --""" -- --te_admin_trans_rules=""" --gen_require(` -- role USER_r; --') -- --allow USER_r TEMPLATETYPE_r; --""" -- --te_admin_domain_rules=""" --optional_policy(` -- APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r) --') --""" -- --te_roles_rules=""" --optional_policy(` -- gen_require(` -- role ROLE_r; -- ') -- -- allow TEMPLATETYPE_r ROLE_r; --') --""" -- --te_sudo_rules=""" --optional_policy(` -- sudo_role_template(TEMPLATETYPE, TEMPLATETYPE_r, TEMPLATETYPE_t) --') --""" -- --te_newrole_rules=""" --seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r) --""" -diff --git a/policycoreutils/gui/templates/var_cache.py b/policycoreutils/gui/templates/var_cache.py -deleted file mode 100644 -index 8efc1d9..0000000 ---- a/policycoreutils/gui/templates/var_cache.py -+++ /dev/null -@@ -1,132 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### cache Template File ############################# -- --########################### Type Enforcement File ############################# --te_types=""" --type TEMPLATETYPE_cache_t; --files_type(TEMPLATETYPE_cache_t) --""" --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) --manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) --files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, { dir file }) --""" -- --########################### Interface File ############################# --if_rules=""" --######################################## --## --## Search TEMPLATETYPE cache directories. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_search_cache',` -- gen_require(` -- type TEMPLATETYPE_cache_t; -- ') -- -- allow $1 TEMPLATETYPE_cache_t:dir search_dir_perms; -- files_search_var($1) --') -- --######################################## --## --## Read TEMPLATETYPE cache files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_cache_files',` -- gen_require(` -- type TEMPLATETYPE_cache_t; -- ') -- -- files_search_var($1) -- read_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) --') -- --######################################## --## --## Create, read, write, and delete --## TEMPLATETYPE cache files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_cache_files',` -- gen_require(` -- type TEMPLATETYPE_cache_t; -- ') -- -- files_search_var($1) -- manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) --') -- --######################################## --## --## Manage TEMPLATETYPE cache dirs. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_cache_dirs',` -- gen_require(` -- type TEMPLATETYPE_cache_t; -- ') -- -- files_search_var($1) -- manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) --') -- --""" -- --if_admin_types=""" -- type TEMPLATETYPE_cache_t;""" -- --if_admin_rules=""" -- files_search_var($1) -- admin_pattern($1, TEMPLATETYPE_cache_t) --""" -- --########################### File Context ################################## --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) --""" -- --fc_dir="""\ --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) --""" -diff --git a/policycoreutils/gui/templates/var_lib.py b/policycoreutils/gui/templates/var_lib.py -deleted file mode 100644 -index 8bde8c6..0000000 ---- a/policycoreutils/gui/templates/var_lib.py -+++ /dev/null -@@ -1,160 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### var_lib Template File ############################# -- --########################### Type Enforcement File ############################# --te_types=""" --type TEMPLATETYPE_var_lib_t; --files_type(TEMPLATETYPE_var_lib_t) --""" --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) --files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file }) --""" -- --te_stream_rules="""\ --allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_sock_file_perms; --files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file) --""" -- -- --########################### Interface File ############################# --if_rules=""" --######################################## --## --## Search TEMPLATETYPE lib directories. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_search_lib',` -- gen_require(` -- type TEMPLATETYPE_var_lib_t; -- ') -- -- allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms; -- files_search_var_lib($1) --') -- --######################################## --## --## Read TEMPLATETYPE lib files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_lib_files',` -- gen_require(` -- type TEMPLATETYPE_var_lib_t; -- ') -- -- files_search_var_lib($1) -- read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) --') -- --######################################## --## --## Manage TEMPLATETYPE lib files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_lib_files',` -- gen_require(` -- type TEMPLATETYPE_var_lib_t; -- ') -- -- files_search_var_lib($1) -- manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) --') -- --######################################## --## --## Manage TEMPLATETYPE lib directories. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_lib_dirs',` -- gen_require(` -- type TEMPLATETYPE_var_lib_t; -- ') -- -- files_search_var_lib($1) -- manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) --') -- --""" -- --if_stream_rules=""" --######################################## --## --## Connect to TEMPLATETYPE over a unix stream socket. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_stream_connect',` -- gen_require(` -- type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t; -- ') -- -- stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) --') --""" -- --if_admin_types=""" -- type TEMPLATETYPE_var_lib_t;""" -- --if_admin_rules=""" -- files_search_var_lib($1) -- admin_pattern($1, TEMPLATETYPE_var_lib_t) --""" -- --########################### File Context ################################## --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) --""" -- --fc_sock_file="""\ --FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) --""" -- --fc_dir="""\ --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) --""" -diff --git a/policycoreutils/gui/templates/var_log.py b/policycoreutils/gui/templates/var_log.py -deleted file mode 100644 -index b57b93d..0000000 ---- a/policycoreutils/gui/templates/var_log.py -+++ /dev/null -@@ -1,114 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### var_log Template File ############################# -- --########################### Type Enforcement File ############################# --te_types=""" --type TEMPLATETYPE_log_t; --logging_log_file(TEMPLATETYPE_log_t) --""" -- --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) --logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file }) --""" -- --########################### Interface File ############################# --if_rules="""\ --######################################## --## --## Read TEMPLATETYPE's log files. --## --## --## --## Domain allowed access. --## --## --## --# --interface(`TEMPLATETYPE_read_log',` -- gen_require(` -- type TEMPLATETYPE_log_t; -- ') -- -- logging_search_logs($1) -- read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) --') -- --######################################## --## --## Append to TEMPLATETYPE log files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_append_log',` -- gen_require(` -- type TEMPLATETYPE_log_t; -- ') -- -- logging_search_logs($1) -- append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) --') -- --######################################## --## --## Manage TEMPLATETYPE log files --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_log',` -- gen_require(` -- type TEMPLATETYPE_log_t; -- ') -- -- logging_search_logs($1) -- manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -- manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -- manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) --') --""" -- --if_admin_types=""" -- type TEMPLATETYPE_log_t;""" -- --if_admin_rules=""" -- logging_search_logs($1) -- admin_pattern($1, TEMPLATETYPE_log_t) --""" -- --########################### File Context ################################## --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) --""" -- --fc_dir="""\ --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) --""" -diff --git a/policycoreutils/gui/templates/var_run.py b/policycoreutils/gui/templates/var_run.py -deleted file mode 100644 -index 916f44c..0000000 ---- a/policycoreutils/gui/templates/var_run.py -+++ /dev/null -@@ -1,101 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### var_run Template File ############################# -- --te_types=""" --type TEMPLATETYPE_var_run_t; --files_pid_file(TEMPLATETYPE_var_run_t) --""" -- --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) --files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file }) --""" -- --te_stream_rules=""" --allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_sock_file_perms; --files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file) --""" -- --if_rules="""\ --######################################## --## --## Read TEMPLATETYPE PID files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_pid_files',` -- gen_require(` -- type TEMPLATETYPE_var_run_t; -- ') -- -- files_search_pids($1) -- allow $1 TEMPLATETYPE_var_run_t:file read_file_perms; --') -- --""" -- --if_stream_rules="""\ --######################################## --## --## Connect to TEMPLATETYPE over a unix stream socket. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_stream_connect',` -- gen_require(` -- type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t; -- ') -- -- files_search_pids($1) -- stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t) --') --""" -- --if_admin_types=""" -- type TEMPLATETYPE_var_run_t;""" -- --if_admin_rules=""" -- files_search_pids($1) -- admin_pattern($1, TEMPLATETYPE_var_run_t) --""" -- --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) --""" -- --fc_sock_file="""\ --FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) --""" -- --fc_dir="""\ --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) --""" -diff --git a/policycoreutils/gui/templates/var_spool.py b/policycoreutils/gui/templates/var_spool.py -deleted file mode 100644 -index 8055a9e..0000000 ---- a/policycoreutils/gui/templates/var_spool.py -+++ /dev/null -@@ -1,131 +0,0 @@ --# Copyright (C) 2007-2012 Red Hat --# see file 'COPYING' for use and warranty information --# --# policygentool is a tool for the initial generation of SELinux policy --# --# This program is free software; you can redistribute it and/or --# modify it under the terms of the GNU General Public License as --# published by the Free Software Foundation; either version 2 of --# the License, or (at your option) any later version. --# --# This program is distributed in the hope that it will be useful, --# but WITHOUT ANY WARRANTY; without even the implied warranty of --# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --# GNU General Public License for more details. --# --# You should have received a copy of the GNU General Public License --# along with this program; if not, write to the Free Software --# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA --# 02111-1307 USA --# --# --########################### var_spool Template File ############################# -- --########################### Type Enforcement File ############################# --te_types=""" --type TEMPLATETYPE_spool_t; --files_type(TEMPLATETYPE_spool_t) --""" --te_rules=""" --manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) --manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) --manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) --files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file }) --""" -- --########################### Interface File ############################# --if_rules=""" --######################################## --## --## Search TEMPLATETYPE spool directories. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_search_spool',` -- gen_require(` -- type TEMPLATETYPE_spool_t; -- ') -- -- allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms; -- files_search_spool($1) --') -- --######################################## --## --## Read TEMPLATETYPE spool files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_read_spool_files',` -- gen_require(` -- type TEMPLATETYPE_spool_t; -- ') -- -- files_search_spool($1) -- read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) --') -- --######################################## --## --## Manage TEMPLATETYPE spool files. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_spool_files',` -- gen_require(` -- type TEMPLATETYPE_spool_t; -- ') -- -- files_search_spool($1) -- manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) --') -- --######################################## --## --## Manage TEMPLATETYPE spool dirs. --## --## --## --## Domain allowed access. --## --## --# --interface(`TEMPLATETYPE_manage_spool_dirs',` -- gen_require(` -- type TEMPLATETYPE_spool_t; -- ') -- -- files_search_spool($1) -- manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) --') -- --""" -- --if_admin_types=""" -- type TEMPLATETYPE_spool_t;""" -- --if_admin_rules=""" -- files_search_spool($1) -- admin_pattern($1, TEMPLATETYPE_spool_t) --""" -- --########################### File Context ################################## --fc_file="""\ --FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) --""" -- --fc_dir="""\ --FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) --""" -diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile -index 5da2e0d..7c5bab0 100644 ---- a/policycoreutils/load_policy/Makefile -+++ b/policycoreutils/load_policy/Makefile -@@ -19,7 +19,7 @@ install: all - test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 - install -m 644 load_policy.8 $(MANDIR)/man8/ - -mkdir -p $(USRSBINDIR) -- -ln -sf /sbin/load_policy $(USRSBINDIR)/load_policy -+ -ln -sf $(SBINDIR)/load_policy $(USRSBINDIR)/load_policy + fd = open(ttyn, O_RDWR | O_NONBLOCK); + if (fd != 1) + goto err_close_pam; +- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ if (rc) ++ goto err_close_pam; ++ + fd = open(ttyn, O_RDWR | O_NONBLOCK); + if (fd != 2) + goto err_close_pam; +- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK); ++ if (rc) ++ goto err_close_pam; - clean: - -rm -f $(TARGETS) *.o + } + /* diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile -index 5278a6e..9c1486e 100644 +index a377996..9c1486e 100644 --- a/policycoreutils/po/Makefile +++ b/policycoreutils/po/Makefile -@@ -53,33 +53,44 @@ POTFILES = \ - ../gui/modulesPage.py \ - ../gui/polgen.glade \ - ../gui/polgengui.py \ -- ../gui/polgen.py \ - ../gui/portsPage.py \ -- ../gui/selinux.tbl \ - ../gui/semanagePage.py \ - ../gui/statusPage.py \ - ../gui/system-config-selinux.glade \ - ../gui/system-config-selinux.py \ - ../gui/usersPage.py \ -- ../gui/templates/executable.py \ -- ../gui/templates/__init__.py \ -- ../gui/templates/network.py \ -- ../gui/templates/rw.py \ -- ../gui/templates/script.py \ -- ../gui/templates/semodule.py \ -- ../gui/templates/tmp.py \ -- ../gui/templates/user.py \ -- ../gui/templates/var_lib.py \ -- ../gui/templates/var_log.py \ -- ../gui/templates/var_run.py \ -- ../gui/templates/var_spool.py \ -- ../secon/secon.c -+ ../secon/secon.c \ -+ ../sepolicy/info.c \ -+ ../sepolicy/search.c \ -+ ../sepolicy/sepolicy.py \ -+ ../sepolicy/sepolicy/communicate.py \ -+ ../sepolicy/sepolicy/__init__.py \ -+ ../sepolicy/sepolicy/network.py \ -+ ../sepolicy/sepolicy/generate.py \ -+ ../sepolicy/sepolicy/manpage.py \ -+ ../sepolicy/sepolicy/transition.py \ -+ ../sepolicy/sepolicy/templates/executable.py \ -+ ../sepolicy/sepolicy/templates/__init__.py \ -+ ../sepolicy/sepolicy/templates/network.py \ -+ ../sepolicy/sepolicy/templates/rw.py \ -+ ../sepolicy/sepolicy/templates/script.py \ -+ ../sepolicy/sepolicy/templates/semodule.py \ -+ ../sepolicy/sepolicy/templates/tmp.py \ -+ ../sepolicy/sepolicy/templates/user.py \ -+ ../sepolicy/sepolicy/templates/var_lib.py \ -+ ../sepolicy/sepolicy/templates/var_log.py \ -+ ../sepolicy/sepolicy/templates/var_run.py \ -+ ../sepolicy/sepolicy/templates/var_spool.py \ +@@ -81,12 +81,16 @@ POTFILES = \ + ../sepolicy/sepolicy/templates/var_log.py \ + ../sepolicy/sepolicy/templates/var_run.py \ + ../sepolicy/sepolicy/templates/var_spool.py \ + booleans.py #default:: clean --all:: update-po $(MOFILES) -+all:: $(MOFILES) + all:: $(MOFILES) -$(POTFILE): $(POTFILES) +booleans.py: @@ -9913,7 +434,7 @@ index 5278a6e..9c1486e 100644 $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ rm -f $(NLSPACKAGE).po; \ -@@ -88,6 +99,7 @@ $(POTFILE): $(POTFILES) +@@ -95,6 +99,7 @@ $(POTFILE): $(POTFILES) fi; \ update-po: Makefile $(POTFILE) refresh-po @@ -9921,327456 +442,172 @@ index 5278a6e..9c1486e 100644 refresh-po: Makefile for cat in $(POFILES); do \ -diff --git a/policycoreutils/po/POTFILES.in b/policycoreutils/po/POTFILES.in -index aab1a4e..75117f4 100644 ---- a/policycoreutils/po/POTFILES.in -+++ b/policycoreutils/po/POTFILES.in -@@ -27,7 +27,6 @@ gui/mappingsPage.py - gui/modulesPage.py - gui/polgen.glade - gui/polgengui.py --gui/polgen.py - gui/portsPage.py - gui/selinux.tbl - gui/semanagePage.py -@@ -35,16 +34,25 @@ gui/statusPage.py - gui/system-config-selinux.glade - gui/system-config-selinux.py - gui/usersPage.py --gui/templates/executable.py --gui/templates/__init__.py --gui/templates/network.py --gui/templates/rw.py --gui/templates/script.py --gui/templates/semodule.py --gui/templates/tmp.py --gui/templates/user.py --gui/templates/var_lib.py --gui/templates/var_log.py --gui/templates/var_run.py --gui/templates/var_spool.py - secon/secon.c -+sepolicy/info.c -+sepolicy/search.c -+sepolicy/sepolicy.py -+sepolicy/sepolicy/communicate.py -+sepolicy/sepolicy/__init__.py -+sepolicy/sepolicy/network.py -+sepolicy/sepolicy/generate.py -+sepolicy/sepolicy/manpage.py -+sepolicy/sepolicy/transition.py -+sepolicy/sepolicy/templates/executable.py -+sepolicy/sepolicy/templates/__init__.py -+sepolicy/sepolicy/templates/network.py -+sepolicy/sepolicy/templates/rw.py -+sepolicy/sepolicy/templates/script.py -+sepolicy/sepolicy/templates/semodule.py -+sepolicy/sepolicy/templates/tmp.py -+sepolicy/sepolicy/templates/user.py -+sepolicy/sepolicy/templates/var_lib.py -+sepolicy/sepolicy/templates/var_log.py -+sepolicy/sepolicy/templates/var_run.py -+sepolicy/sepolicy/templates/var_spool.py -diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po -index a4478db..961d921 100644 ---- a/policycoreutils/po/af.po -+++ b/policycoreutils/po/af.po -@@ -8,7 +8,7 @@ msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" --"POT-Creation-Date: 2012-05-25 07:28-0400\n" -+"POT-Creation-Date: 2013-01-04 12:01-0500\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -24,7 +24,7 @@ msgid "" - " are the arguments to that script." - msgstr "" - --#: ../run_init/run_init.c:126 ../newrole/newrole.c:1124 -+#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 - #, c-format - msgid "failed to initialize PAM\n" - msgstr "" -@@ -73,353 +73,359 @@ msgstr "" - msgid "authentication failed.\n" - msgstr "" - --#: ../run_init/run_init.c:405 ../newrole/newrole.c:1258 -+#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 - #, c-format - msgid "Could not set exec context to %s.\n" - msgstr "" - --#: ../audit2allow/audit2allow:230 -+#: ../audit2allow/audit2allow:232 - msgid "******************** IMPORTANT ***********************\n" - msgstr "" - --#: ../audit2allow/audit2allow:231 -+#: ../audit2allow/audit2allow:233 - msgid "To make this policy package active, execute:" - msgstr "" - --#: ../semanage/seobject.py:143 ../semanage/seobject.py:147 --msgid "global" --msgstr "" -- --#: ../semanage/seobject.py:225 -+#: ../semanage/seobject.py:194 - msgid "Could not create semanage handle" - msgstr "" - --#: ../semanage/seobject.py:233 -+#: ../semanage/seobject.py:202 - msgid "SELinux policy is not managed or store cannot be accessed." - msgstr "" - --#: ../semanage/seobject.py:238 -+#: ../semanage/seobject.py:207 - msgid "Cannot read policy store." - msgstr "" - --#: ../semanage/seobject.py:243 -+#: ../semanage/seobject.py:212 - msgid "Could not establish semanage connection" - msgstr "" - --#: ../semanage/seobject.py:248 -+#: ../semanage/seobject.py:217 - msgid "Could not test MLS enabled status" - msgstr "" - --#: ../semanage/seobject.py:254 ../semanage/seobject.py:269 -+#: ../semanage/seobject.py:223 ../semanage/seobject.py:238 - msgid "Not yet implemented" - msgstr "" - --#: ../semanage/seobject.py:258 -+#: ../semanage/seobject.py:227 - msgid "Semanage transaction already in progress" - msgstr "" - --#: ../semanage/seobject.py:267 -+#: ../semanage/seobject.py:236 - msgid "Could not start semanage transaction" - msgstr "" - --#: ../semanage/seobject.py:278 -+#: ../semanage/seobject.py:248 - msgid "Could not commit semanage transaction" - msgstr "" - --#: ../semanage/seobject.py:283 -+#: ../semanage/seobject.py:253 - msgid "Semanage transaction not in progress" - msgstr "" - --#: ../semanage/seobject.py:295 ../semanage/seobject.py:375 -+#: ../semanage/seobject.py:265 ../semanage/seobject.py:345 - msgid "Could not list SELinux modules" - msgstr "" - --#: ../semanage/seobject.py:308 -+#: ../semanage/seobject.py:278 - msgid "Modules Name" - msgstr "" - --#: ../semanage/seobject.py:308 ../gui/modulesPage.py:62 -+#: ../semanage/seobject.py:278 ../gui/modulesPage.py:63 - msgid "Version" - msgstr "" - --#: ../semanage/seobject.py:311 ../gui/statusPage.py:75 -+#: ../semanage/seobject.py:281 ../gui/statusPage.py:75 - msgid "Disabled" - msgstr "" - --#: ../semanage/seobject.py:326 -+#: ../semanage/seobject.py:296 - #, python-format - msgid "Could not disable module %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:337 -+#: ../semanage/seobject.py:307 - #, python-format - msgid "Could not enable module %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:352 -+#: ../semanage/seobject.py:322 - #, python-format - msgid "Could not remove module %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:362 -+#: ../semanage/seobject.py:332 - msgid "dontaudit requires either 'on' or 'off'" - msgstr "" - --#: ../semanage/seobject.py:391 -+#: ../semanage/seobject.py:360 - msgid "Builtin Permissive Types" - msgstr "" - --#: ../semanage/seobject.py:401 -+#: ../semanage/seobject.py:370 - msgid "Customized Permissive Types" - msgstr "" - --#: ../semanage/seobject.py:442 -+#: ../semanage/seobject.py:412 - #, python-format - msgid "Could not set permissive domain %s (module installation failed)" - msgstr "" - --#: ../semanage/seobject.py:448 -+#: ../semanage/seobject.py:418 - #, python-format - msgid "Could not remove permissive domain %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:483 ../semanage/seobject.py:557 --#: ../semanage/seobject.py:603 ../semanage/seobject.py:700 --#: ../semanage/seobject.py:730 ../semanage/seobject.py:797 --#: ../semanage/seobject.py:854 ../semanage/seobject.py:1101 --#: ../semanage/seobject.py:1790 ../semanage/seobject.py:1853 --#: ../semanage/seobject.py:1872 ../semanage/seobject.py:1993 --#: ../semanage/seobject.py:2045 -+#: ../semanage/seobject.py:453 ../semanage/seobject.py:527 -+#: ../semanage/seobject.py:573 ../semanage/seobject.py:695 -+#: ../semanage/seobject.py:725 ../semanage/seobject.py:792 -+#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104 -+#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883 -+#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025 -+#: ../semanage/seobject.py:2076 - #, python-format - msgid "Could not create a key for %s" - msgstr "" - --#: ../semanage/seobject.py:487 ../semanage/seobject.py:561 --#: ../semanage/seobject.py:607 ../semanage/seobject.py:613 -+#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 -+#: ../semanage/seobject.py:577 ../semanage/seobject.py:583 - #, python-format - msgid "Could not check if login mapping for %s is defined" - msgstr "" - --#: ../semanage/seobject.py:496 -+#: ../semanage/seobject.py:466 - #, python-format - msgid "Linux Group %s does not exist" - msgstr "" - --#: ../semanage/seobject.py:501 -+#: ../semanage/seobject.py:471 - #, python-format - msgid "Linux User %s does not exist" - msgstr "" - --#: ../semanage/seobject.py:505 -+#: ../semanage/seobject.py:475 - #, python-format - msgid "Could not create login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:509 ../semanage/seobject.py:745 -+#: ../semanage/seobject.py:479 ../semanage/seobject.py:740 - #, python-format - msgid "Could not set name for %s" - msgstr "" - --#: ../semanage/seobject.py:514 ../semanage/seobject.py:755 -+#: ../semanage/seobject.py:484 ../semanage/seobject.py:750 - #, python-format - msgid "Could not set MLS range for %s" - msgstr "" - --#: ../semanage/seobject.py:518 -+#: ../semanage/seobject.py:488 - #, python-format - msgid "Could not set SELinux user for %s" - msgstr "" - --#: ../semanage/seobject.py:522 -+#: ../semanage/seobject.py:492 - #, python-format - msgid "Could not add login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:540 -+#: ../semanage/seobject.py:510 - msgid "Requires seuser or serange" - msgstr "" - --#: ../semanage/seobject.py:563 ../semanage/seobject.py:609 -+#: ../semanage/seobject.py:533 ../semanage/seobject.py:579 - #, python-format - msgid "Login mapping for %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:567 -+#: ../semanage/seobject.py:537 - #, python-format - msgid "Could not query seuser for %s" - msgstr "" - --#: ../semanage/seobject.py:581 -+#: ../semanage/seobject.py:551 - #, python-format - msgid "Could not modify login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:615 -+#: ../semanage/seobject.py:585 - #, python-format - msgid "Login mapping for %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:619 -+#: ../semanage/seobject.py:589 - #, python-format - msgid "Could not delete login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:641 ../semanage/seobject.py:659 --#: ../semanage/seobject.py:897 -+#: ../semanage/seobject.py:611 ../semanage/seobject.py:644 -+#: ../semanage/seobject.py:892 - msgid "Could not list login mappings" - msgstr "" - --#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 -+#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 - #: ../gui/system-config-selinux.glade:100 - msgid "Login Name" - msgstr "" - --#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 --#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 -+#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 -+#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 - #: ../gui/system-config-selinux.glade:128 - #: ../gui/system-config-selinux.glade:915 - #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 - msgid "SELinux User" - msgstr "" - --#: ../semanage/seobject.py:684 ../gui/system-config-selinux.glade:156 -+#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156 - #: ../gui/system-config-selinux.glade:943 - msgid "MLS/MCS Range" - msgstr "" - --#: ../semanage/seobject.py:703 ../semanage/seobject.py:734 --#: ../semanage/seobject.py:801 ../semanage/seobject.py:858 --#: ../semanage/seobject.py:864 -+#: ../semanage/seobject.py:672 -+msgid "Service" -+msgstr "" -+ -+#: ../semanage/seobject.py:698 ../semanage/seobject.py:729 -+#: ../semanage/seobject.py:796 ../semanage/seobject.py:853 -+#: ../semanage/seobject.py:859 - #, python-format - msgid "Could not check if SELinux user %s is defined" - msgstr "" - --#: ../semanage/seobject.py:706 ../semanage/seobject.py:807 --#: ../semanage/seobject.py:870 -+#: ../semanage/seobject.py:701 ../semanage/seobject.py:802 -+#: ../semanage/seobject.py:865 - #, python-format - msgid "Could not query user for %s" - msgstr "" - --#: ../semanage/seobject.py:726 -+#: ../semanage/seobject.py:721 - #, python-format - msgid "You must add at least one role for %s" - msgstr "" - --#: ../semanage/seobject.py:741 -+#: ../semanage/seobject.py:736 - #, python-format - msgid "Could not create SELinux user for %s" - msgstr "" - --#: ../semanage/seobject.py:750 -+#: ../semanage/seobject.py:745 - #, python-format - msgid "Could not add role %s for %s" - msgstr "" - --#: ../semanage/seobject.py:759 -+#: ../semanage/seobject.py:754 - #, python-format - msgid "Could not set MLS level for %s" - msgstr "" - --#: ../semanage/seobject.py:762 -+#: ../semanage/seobject.py:757 - #, python-format - msgid "Could not add prefix %s for %s" - msgstr "" - --#: ../semanage/seobject.py:765 -+#: ../semanage/seobject.py:760 - #, python-format - msgid "Could not extract key for %s" - msgstr "" - --#: ../semanage/seobject.py:769 -+#: ../semanage/seobject.py:764 - #, python-format - msgid "Could not add SELinux user %s" - msgstr "" - --#: ../semanage/seobject.py:791 -+#: ../semanage/seobject.py:786 - msgid "Requires prefix, roles, level or range" - msgstr "" - --#: ../semanage/seobject.py:793 -+#: ../semanage/seobject.py:788 - msgid "Requires prefix or roles" - msgstr "" - --#: ../semanage/seobject.py:803 ../semanage/seobject.py:860 -+#: ../semanage/seobject.py:798 ../semanage/seobject.py:855 - #, python-format - msgid "SELinux user %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:832 -+#: ../semanage/seobject.py:827 - #, python-format - msgid "Could not modify SELinux user %s" - msgstr "" - --#: ../semanage/seobject.py:866 -+#: ../semanage/seobject.py:861 - #, python-format - msgid "SELinux user %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:877 -+#: ../semanage/seobject.py:872 - #, python-format - msgid "Could not delete SELinux user %s" - msgstr "" - --#: ../semanage/seobject.py:915 -+#: ../semanage/seobject.py:910 - msgid "Could not list SELinux users" - msgstr "" - --#: ../semanage/seobject.py:921 -+#: ../semanage/seobject.py:916 - #, python-format - msgid "Could not list roles for user %s" - msgstr "" - --#: ../semanage/seobject.py:946 -+#: ../semanage/seobject.py:941 - msgid "Labeling" - msgstr "" - --#: ../semanage/seobject.py:946 -+#: ../semanage/seobject.py:941 - msgid "MLS/" - msgstr "" - --#: ../semanage/seobject.py:947 -+#: ../semanage/seobject.py:942 - msgid "Prefix" - msgstr "" - --#: ../semanage/seobject.py:947 -+#: ../semanage/seobject.py:942 - msgid "MCS Level" - msgstr "" - --#: ../semanage/seobject.py:947 -+#: ../semanage/seobject.py:942 - msgid "MCS Range" - msgstr "" - --#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 -+#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 - #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 - msgid "SELinux Roles" - msgstr "" - --#: ../semanage/seobject.py:967 -+#: ../semanage/seobject.py:964 - msgid "Protocol udp or tcp is required" - msgstr "" - --#: ../semanage/seobject.py:969 -+#: ../semanage/seobject.py:966 - msgid "Port is required" - msgstr "" - --#: ../semanage/seobject.py:979 -+#: ../semanage/seobject.py:976 - msgid "Invalid Port" - msgstr "" - --#: ../semanage/seobject.py:983 -+#: ../semanage/seobject.py:980 - #, python-format - msgid "Could not create a key for %s/%s" - msgstr "" - --#: ../semanage/seobject.py:994 -+#: ../semanage/seobject.py:991 - msgid "Type is required" - msgstr "" - --#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1059 --#: ../semanage/seobject.py:1114 ../semanage/seobject.py:1120 -+#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056 -+#: ../semanage/seobject.py:1814 -+#, python-format -+msgid "Type %s is invalid, must be a port type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062 -+#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123 - #, python-format - msgid "Could not check if port %s/%s is defined" - msgstr "" -@@ -469,8 +475,8 @@ msgstr "" - msgid "Could not add port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1316 --#: ../semanage/seobject.py:1512 -+#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324 -+#: ../semanage/seobject.py:1523 - msgid "Requires setype or serange" - msgstr "" - -@@ -478,463 +484,472 @@ msgstr "" - msgid "Requires setype" - msgstr "" - --#: ../semanage/seobject.py:1061 ../semanage/seobject.py:1116 -+#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119 - #, python-format - msgid "Port %s/%s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1065 -+#: ../semanage/seobject.py:1068 - #, python-format - msgid "Could not query port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1076 -+#: ../semanage/seobject.py:1079 - #, python-format - msgid "Could not modify port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1089 -+#: ../semanage/seobject.py:1092 - msgid "Could not list the ports" - msgstr "" - --#: ../semanage/seobject.py:1105 -+#: ../semanage/seobject.py:1108 - #, python-format - msgid "Could not delete the port %s" - msgstr "" - --#: ../semanage/seobject.py:1122 -+#: ../semanage/seobject.py:1125 - #, python-format - msgid "Port %s/%s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1126 -+#: ../semanage/seobject.py:1129 - #, python-format - msgid "Could not delete port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1142 ../semanage/seobject.py:1164 -+#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167 - msgid "Could not list ports" - msgstr "" - --#: ../semanage/seobject.py:1203 -+#: ../semanage/seobject.py:1206 - msgid "SELinux Port Type" - msgstr "" - --#: ../semanage/seobject.py:1203 -+#: ../semanage/seobject.py:1206 - msgid "Proto" - msgstr "" - --#: ../semanage/seobject.py:1203 ../gui/system-config-selinux.glade:335 -+#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335 - msgid "Port Number" - msgstr "" - --#: ../semanage/seobject.py:1222 -+#: ../semanage/seobject.py:1227 - msgid "Node Address is required" - msgstr "" - --#: ../semanage/seobject.py:1237 -+#: ../semanage/seobject.py:1242 - msgid "Unknown or missing protocol" - msgstr "" - --#: ../semanage/seobject.py:1251 ../semanage/seobject.py:1450 --#: ../semanage/seobject.py:1728 --msgid "SELinux Type is required" -+#: ../semanage/seobject.py:1256 -+msgid "SELinux node type is required" - msgstr "" - --#: ../semanage/seobject.py:1255 ../semanage/seobject.py:1320 --#: ../semanage/seobject.py:1356 ../semanage/seobject.py:1454 --#: ../semanage/seobject.py:1516 ../semanage/seobject.py:1550 --#: ../semanage/seobject.py:1732 -+#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327 -+#, python-format -+msgid "Type %s is invalid, must be a node type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331 -+#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465 -+#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561 -+#: ../semanage/seobject.py:1759 - #, python-format - msgid "Could not create key for %s" - msgstr "" - --#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1324 --#: ../semanage/seobject.py:1360 ../semanage/seobject.py:1366 -+#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335 -+#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377 - #, python-format - msgid "Could not check if addr %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1266 -+#: ../semanage/seobject.py:1274 - #, python-format - msgid "Could not create addr for %s" - msgstr "" - --#: ../semanage/seobject.py:1272 ../semanage/seobject.py:1470 --#: ../semanage/seobject.py:1690 -+#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481 -+#: ../semanage/seobject.py:1714 - #, python-format - msgid "Could not create context for %s" - msgstr "" - --#: ../semanage/seobject.py:1276 -+#: ../semanage/seobject.py:1284 - #, python-format - msgid "Could not set mask for %s" - msgstr "" - --#: ../semanage/seobject.py:1280 -+#: ../semanage/seobject.py:1288 - #, python-format - msgid "Could not set user in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1284 -+#: ../semanage/seobject.py:1292 - #, python-format - msgid "Could not set role in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1288 -+#: ../semanage/seobject.py:1296 - #, python-format - msgid "Could not set type in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1293 -+#: ../semanage/seobject.py:1301 - #, python-format - msgid "Could not set mls fields in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1297 -+#: ../semanage/seobject.py:1305 - #, python-format - msgid "Could not set addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1301 -+#: ../semanage/seobject.py:1309 - #, python-format - msgid "Could not add addr %s" - msgstr "" - --#: ../semanage/seobject.py:1326 ../semanage/seobject.py:1362 -+#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373 - #, python-format - msgid "Addr %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1330 -+#: ../semanage/seobject.py:1341 - #, python-format - msgid "Could not query addr %s" - msgstr "" - --#: ../semanage/seobject.py:1340 -+#: ../semanage/seobject.py:1351 - #, python-format - msgid "Could not modify addr %s" - msgstr "" - --#: ../semanage/seobject.py:1368 -+#: ../semanage/seobject.py:1379 - #, python-format - msgid "Addr %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1372 -+#: ../semanage/seobject.py:1383 - #, python-format - msgid "Could not delete addr %s" - msgstr "" - --#: ../semanage/seobject.py:1384 -+#: ../semanage/seobject.py:1395 - msgid "Could not deleteall node mappings" - msgstr "" - --#: ../semanage/seobject.py:1398 -+#: ../semanage/seobject.py:1409 - msgid "Could not list addrs" - msgstr "" - --#: ../semanage/seobject.py:1458 ../semanage/seobject.py:1520 --#: ../semanage/seobject.py:1554 ../semanage/seobject.py:1560 -+#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752 -+msgid "SELinux Type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531 -+#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571 - #, python-format - msgid "Could not check if interface %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1465 -+#: ../semanage/seobject.py:1476 - #, python-format - msgid "Could not create interface for %s" - msgstr "" - --#: ../semanage/seobject.py:1474 -+#: ../semanage/seobject.py:1485 - #, python-format - msgid "Could not set user in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1478 -+#: ../semanage/seobject.py:1489 - #, python-format - msgid "Could not set role in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1482 -+#: ../semanage/seobject.py:1493 - #, python-format - msgid "Could not set type in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1487 -+#: ../semanage/seobject.py:1498 - #, python-format - msgid "Could not set mls fields in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1491 -+#: ../semanage/seobject.py:1502 - #, python-format - msgid "Could not set interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1495 -+#: ../semanage/seobject.py:1506 - #, python-format - msgid "Could not set message context for %s" - msgstr "" - --#: ../semanage/seobject.py:1499 -+#: ../semanage/seobject.py:1510 - #, python-format - msgid "Could not add interface %s" - msgstr "" - --#: ../semanage/seobject.py:1522 ../semanage/seobject.py:1556 -+#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567 - #, python-format - msgid "Interface %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1526 -+#: ../semanage/seobject.py:1537 - #, python-format - msgid "Could not query interface %s" - msgstr "" - --#: ../semanage/seobject.py:1537 -+#: ../semanage/seobject.py:1548 - #, python-format - msgid "Could not modify interface %s" - msgstr "" - --#: ../semanage/seobject.py:1562 -+#: ../semanage/seobject.py:1573 - #, python-format - msgid "Interface %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1566 -+#: ../semanage/seobject.py:1577 - #, python-format - msgid "Could not delete interface %s" - msgstr "" - --#: ../semanage/seobject.py:1578 -+#: ../semanage/seobject.py:1589 - msgid "Could not delete all interface mappings" - msgstr "" - --#: ../semanage/seobject.py:1592 -+#: ../semanage/seobject.py:1603 - msgid "Could not list interfaces" - msgstr "" - --#: ../semanage/seobject.py:1617 -+#: ../semanage/seobject.py:1628 - msgid "SELinux Interface" - msgstr "" - --#: ../semanage/seobject.py:1617 ../semanage/seobject.py:1944 -+#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974 - msgid "Context" - msgstr "" - --#: ../semanage/seobject.py:1667 -+#: ../semanage/seobject.py:1691 - #, python-format - msgid "Equivalence class for %s already exists" - msgstr "" - --#: ../semanage/seobject.py:1673 -+#: ../semanage/seobject.py:1697 - #, python-format - msgid "File spec %s conflicts with equivalency rule '%s %s'" - msgstr "" - --#: ../semanage/seobject.py:1682 -+#: ../semanage/seobject.py:1706 - #, python-format - msgid "Equivalence class for %s does not exists" - msgstr "" - --#: ../semanage/seobject.py:1696 -+#: ../semanage/seobject.py:1720 - #, python-format - msgid "Could not set user in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1700 -+#: ../semanage/seobject.py:1724 - #, python-format - msgid "Could not set role in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1705 ../semanage/seobject.py:1762 -+#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789 - #, python-format - msgid "Could not set mls fields in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1711 -+#: ../semanage/seobject.py:1735 - msgid "Invalid file specification" - msgstr "" - --#: ../semanage/seobject.py:1713 -+#: ../semanage/seobject.py:1737 - msgid "File specification can not include spaces" - msgstr "" - --#: ../semanage/seobject.py:1718 -+#: ../semanage/seobject.py:1742 - #, python-format - msgid "" - "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" - msgstr "" - --#: ../semanage/seobject.py:1736 ../semanage/seobject.py:1741 --#: ../semanage/seobject.py:1794 ../semanage/seobject.py:1876 --#: ../semanage/seobject.py:1880 -+#: ../semanage/seobject.py:1755 -+#, python-format -+msgid "Type %s is invalid, must be a file or device type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768 -+#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906 -+#: ../semanage/seobject.py:1910 - #, python-format - msgid "Could not check if file context for %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1749 -+#: ../semanage/seobject.py:1776 - #, python-format - msgid "Could not create file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1757 -+#: ../semanage/seobject.py:1784 - #, python-format - msgid "Could not set type in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1765 ../semanage/seobject.py:1822 --#: ../semanage/seobject.py:1826 -+#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852 -+#: ../semanage/seobject.py:1856 - #, python-format - msgid "Could not set file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1771 -+#: ../semanage/seobject.py:1798 - #, python-format - msgid "Could not add file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1785 -+#: ../semanage/seobject.py:1812 - msgid "Requires setype, serange or seuser" - msgstr "" - --#: ../semanage/seobject.py:1798 ../semanage/seobject.py:1884 -+#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914 - #, python-format - msgid "File context for %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1804 -+#: ../semanage/seobject.py:1834 - #, python-format - msgid "Could not query file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1830 -+#: ../semanage/seobject.py:1860 - #, python-format - msgid "Could not modify file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1843 -+#: ../semanage/seobject.py:1873 - msgid "Could not list the file contexts" - msgstr "" - --#: ../semanage/seobject.py:1857 -+#: ../semanage/seobject.py:1887 - #, python-format - msgid "Could not delete the file context %s" - msgstr "" - --#: ../semanage/seobject.py:1882 -+#: ../semanage/seobject.py:1912 - #, python-format - msgid "File context for %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1888 -+#: ../semanage/seobject.py:1918 - #, python-format - msgid "Could not delete file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1903 -+#: ../semanage/seobject.py:1933 - msgid "Could not list file contexts" - msgstr "" - --#: ../semanage/seobject.py:1907 -+#: ../semanage/seobject.py:1937 - msgid "Could not list local file contexts" - msgstr "" - --#: ../semanage/seobject.py:1944 -+#: ../semanage/seobject.py:1974 - msgid "SELinux fcontext" - msgstr "" - --#: ../semanage/seobject.py:1944 -+#: ../semanage/seobject.py:1974 - msgid "type" - msgstr "" - --#: ../semanage/seobject.py:1957 -+#: ../semanage/seobject.py:1987 - msgid "" - "\n" - "SELinux Distribution fcontext Equivalence \n" - msgstr "" - --#: ../semanage/seobject.py:1962 -+#: ../semanage/seobject.py:1992 - msgid "" - "\n" - "SELinux Local fcontext Equivalence \n" - msgstr "" - --#: ../semanage/seobject.py:1996 ../semanage/seobject.py:2048 --#: ../semanage/seobject.py:2054 -+#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079 -+#: ../semanage/seobject.py:2085 - #, python-format - msgid "Could not check if boolean %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1998 ../semanage/seobject.py:2050 -+#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081 - #, python-format - msgid "Boolean %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:2002 -+#: ../semanage/seobject.py:2034 - #, python-format - msgid "Could not query file context %s" - msgstr "" - --#: ../semanage/seobject.py:2007 -+#: ../semanage/seobject.py:2039 - #, python-format - msgid "You must specify one of the following values: %s" - msgstr "" - --#: ../semanage/seobject.py:2012 -+#: ../semanage/seobject.py:2044 - #, python-format - msgid "Could not set active value of boolean %s" - msgstr "" - --#: ../semanage/seobject.py:2015 -+#: ../semanage/seobject.py:2047 - #, python-format - msgid "Could not modify boolean %s" - msgstr "" - --#: ../semanage/seobject.py:2033 -+#: ../semanage/seobject.py:2063 - #, python-format - msgid "Bad format %s: Record %s" - msgstr "" - --#: ../semanage/seobject.py:2056 -+#: ../semanage/seobject.py:2087 - #, python-format - msgid "Boolean %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:2060 -+#: ../semanage/seobject.py:2091 - #, python-format - msgid "Could not delete boolean %s" - msgstr "" - --#: ../semanage/seobject.py:2072 ../semanage/seobject.py:2089 -+#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120 - msgid "Could not list booleans" - msgstr "" - --#: ../semanage/seobject.py:2112 --msgid "unknown" --msgstr "" -- --#: ../semanage/seobject.py:2125 -+#: ../semanage/seobject.py:2155 - msgid "off" - msgstr "" - --#: ../semanage/seobject.py:2125 -+#: ../semanage/seobject.py:2155 - msgid "on" - msgstr "" - --#: ../semanage/seobject.py:2139 -+#: ../semanage/seobject.py:2169 - msgid "SELinux boolean" - msgstr "" - --#: ../semanage/seobject.py:2139 -+#: ../semanage/seobject.py:2169 - msgid "State" - msgstr "" - --#: ../semanage/seobject.py:2139 -+#: ../semanage/seobject.py:2169 - msgid "Default" - msgstr "" - --#: ../semanage/seobject.py:2139 ../gui/polgen.glade:3355 --#: ../gui/polgengui.py:253 -+#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113 -+#: ../gui/polgengui.py:269 - msgid "Description" - msgstr "" - -@@ -998,7 +1013,7 @@ msgstr "" - msgid "Error sending audit message.\n" - msgstr "" - --#: ../newrole/newrole.c:692 ../newrole/newrole.c:1059 -+#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 - #, c-format - msgid "Could not determine enforcing mode.\n" - msgstr "" -@@ -1113,62 +1128,66 @@ msgstr "" - msgid "Unable to set SIGHUP handler\n" - msgstr "" - --#: ../newrole/newrole.c:1053 -+#: ../newrole/newrole.c:1036 -+msgid "Sorry, newrole failed to drop capabilities\n" -+msgstr "" -+ -+#: ../newrole/newrole.c:1052 - #, c-format - msgid "Sorry, newrole may be used only on a SELinux kernel.\n" - msgstr "" - --#: ../newrole/newrole.c:1070 -+#: ../newrole/newrole.c:1069 - #, c-format - msgid "failed to get old_context.\n" - msgstr "" - --#: ../newrole/newrole.c:1077 -+#: ../newrole/newrole.c:1076 - #, c-format - msgid "Warning! Could not retrieve tty information.\n" - msgstr "" - --#: ../newrole/newrole.c:1098 -+#: ../newrole/newrole.c:1097 - #, c-format - msgid "error on reading PAM service configuration.\n" - msgstr "" - --#: ../newrole/newrole.c:1133 -+#: ../newrole/newrole.c:1132 - #, c-format - msgid "newrole: incorrect password for %s\n" - msgstr "" - --#: ../newrole/newrole.c:1160 -+#: ../newrole/newrole.c:1159 - #, c-format - msgid "newrole: failure forking: %s" - msgstr "" - --#: ../newrole/newrole.c:1163 ../newrole/newrole.c:1186 -+#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 - #, c-format - msgid "Unable to restore tty label...\n" - msgstr "" - --#: ../newrole/newrole.c:1165 ../newrole/newrole.c:1192 -+#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 - #, c-format - msgid "Failed to close tty properly\n" - msgstr "" - --#: ../newrole/newrole.c:1224 -+#: ../newrole/newrole.c:1223 - #, c-format - msgid "Could not close descriptors.\n" - msgstr "" - --#: ../newrole/newrole.c:1251 -+#: ../newrole/newrole.c:1250 - #, c-format - msgid "Error allocating shell's argv0.\n" - msgstr "" - --#: ../newrole/newrole.c:1287 -+#: ../newrole/newrole.c:1286 - #, c-format - msgid "Unable to restore the environment, aborting\n" - msgstr "" - --#: ../newrole/newrole.c:1298 -+#: ../newrole/newrole.c:1297 - msgid "failed to exec shell\n" - msgstr "" - -@@ -1271,20 +1290,20 @@ msgstr "" - msgid "chcat -l +CompanyConfidential juser" - msgstr "" - --#: ../scripts/chcat:399 ../gui/polgen.py:1351 --#, c-format, python-format -+#: ../scripts/chcat:399 -+#, c-format - msgid "Options Error %s " - msgstr "" - --#: ../gui/booleansPage.py:195 ../gui/system-config-selinux.glade:1706 -+#: ../gui/booleansPage.py:194 ../gui/system-config-selinux.glade:1706 - msgid "Boolean" - msgstr "" - --#: ../gui/booleansPage.py:252 ../gui/semanagePage.py:162 -+#: ../gui/booleansPage.py:245 ../gui/semanagePage.py:162 - msgid "all" - msgstr "" - --#: ../gui/booleansPage.py:254 ../gui/semanagePage.py:164 -+#: ../gui/booleansPage.py:247 ../gui/semanagePage.py:164 - #: ../gui/system-config-selinux.glade:1615 - #: ../gui/system-config-selinux.glade:1820 - #: ../gui/system-config-selinux.glade:2437 -@@ -1340,577 +1359,464 @@ msgstr "" - msgid "Login '%s' is required" - msgstr "" - --#: ../gui/modulesPage.py:48 ../gui/system-config-selinux.glade:2753 -+#: ../gui/modulesPage.py:49 ../gui/system-config-selinux.glade:2753 - msgid "Policy Module" - msgstr "" - --#: ../gui/modulesPage.py:57 -+#: ../gui/modulesPage.py:58 - msgid "Module Name" - msgstr "" - --#: ../gui/modulesPage.py:134 -+#: ../gui/modulesPage.py:135 - msgid "Disable Audit" - msgstr "" - --#: ../gui/modulesPage.py:137 ../gui/system-config-selinux.glade:2662 -+#: ../gui/modulesPage.py:138 ../gui/system-config-selinux.glade:2662 - msgid "Enable Audit" - msgstr "" - --#: ../gui/modulesPage.py:162 -+#: ../gui/modulesPage.py:163 - msgid "Load Policy Module" - msgstr "" - --#: ../gui/polgen.glade:79 --msgid "Polgen" --msgstr "" -- --#: ../gui/polgen.glade:80 -+#: ../gui/polgen.glade:9 - msgid "Red Hat 2007" - msgstr "" - --#: ../gui/polgen.glade:81 -+#: ../gui/polgen.glade:11 - msgid "GPL" - msgstr "" - - #. TRANSLATORS: Replace this string with your names, one name per line. --#: ../gui/polgen.glade:85 ../gui/system-config-selinux.glade:17 -+#: ../gui/polgen.glade:13 ../gui/system-config-selinux.glade:17 - msgid "translator-credits" - msgstr "" - --#: ../gui/polgen.glade:90 -+#: ../gui/polgen.glade:34 -+msgid "Add Booleans Dialog" -+msgstr "" -+ -+#: ../gui/polgen.glade:101 -+msgid "Boolean Name" -+msgstr "" -+ -+#: ../gui/polgen.glade:230 - msgid "SELinux Policy Generation Tool" - msgstr "" - --#: ../gui/polgen.glade:128 -+#: ../gui/polgen.glade:251 - msgid "" - "Select the policy type for the application or user role you want to " - "confine:" - msgstr "" - --#: ../gui/polgen.glade:177 -+#: ../gui/polgen.glade:284 - msgid "Applications" - msgstr "" - --#: ../gui/polgen.glade:239 ../gui/polgen.glade:259 -+#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171 -+msgid "Standard Init Daemon" -+msgstr "" -+ -+#: ../gui/polgen.glade:320 ../gui/polgen.glade:336 - msgid "" - "Standard Init Daemon are daemons started on boot via init scripts. Usually " - "requires a script in /etc/rc.d/init.d" - msgstr "" - --#: ../gui/polgen.glade:241 ../gui/polgen.py:156 --msgid "Standard Init Daemon" -+#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172 -+msgid "DBUS System Daemon" - msgstr "" - --#: ../gui/polgen.glade:261 ../gui/polgen.py:157 --msgid "DBUS System Daemon" -+#: ../gui/polgen.glade:349 -+msgid "Internet Services Daemon (inetd)" - msgstr "" - --#: ../gui/polgen.glade:280 -+#: ../gui/polgen.glade:353 - msgid "Internet Services Daemon are daemons started by xinetd" - msgstr "" - --#: ../gui/polgen.glade:282 --msgid "Internet Services Daemon (inetd)" -+#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174 -+msgid "Web Application/Script (CGI)" - msgstr "" - --#: ../gui/polgen.glade:301 -+#: ../gui/polgen.glade:370 - msgid "" - "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" - msgstr "" - --#: ../gui/polgen.glade:303 ../gui/polgen.py:159 --msgid "Web Application/Script (CGI)" -+#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176 -+msgid "User Application" - msgstr "" - --#: ../gui/polgen.glade:322 ../gui/polgen.glade:343 -+#: ../gui/polgen.glade:387 ../gui/polgen.glade:404 - msgid "" - "User Application are any application that you would like to confine that is " - "started by a user" - msgstr "" - --#: ../gui/polgen.glade:324 ../gui/polgen.py:160 --msgid "User Application" --msgstr "" -- --#: ../gui/polgen.glade:345 ../gui/polgen.py:161 -+#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175 - msgid "Sandbox" - msgstr "" - --#: ../gui/polgen.glade:391 -+#: ../gui/polgen.glade:446 - msgid "Login Users" - msgstr "" - --#: ../gui/polgen.glade:453 -+#: ../gui/polgen.glade:478 -+msgid "Existing User Roles" -+msgstr "" -+ -+#: ../gui/polgen.glade:482 - msgid "Modify an existing login user record." - msgstr "" - --#: ../gui/polgen.glade:455 --msgid "Existing User Roles" -+#: ../gui/polgen.glade:495 -+msgid "Minimal Terminal User Role" - msgstr "" - --#: ../gui/polgen.glade:474 -+#: ../gui/polgen.glade:499 - msgid "" - "This user will login to a machine only via a terminal or remote login. By " - "default this user will have no setuid, no networking, no su, no sudo." - msgstr "" - --#: ../gui/polgen.glade:476 ../gui/polgen.py:162 --msgid "Minimal Terminal User Role" -+#: ../gui/polgen.glade:512 -+msgid "Minimal X Windows User Role" - msgstr "" - --#: ../gui/polgen.glade:495 -+#: ../gui/polgen.glade:516 - msgid "" - "This user can login to a machine via X or terminal. By default this user " - "will have no setuid, no networking, no sudo, no su" - msgstr "" - --#: ../gui/polgen.glade:497 ../gui/polgen.py:163 --msgid "Minimal X Windows User Role" -+#: ../gui/polgen.glade:529 -+msgid "User Role" - msgstr "" - --#: ../gui/polgen.glade:516 -+#: ../gui/polgen.glade:533 - msgid "" - "User with full networking, no setuid applications without transition, no " - "sudo, no su." - msgstr "" - --#: ../gui/polgen.glade:518 ../gui/polgen.py:164 --msgid "User Role" -+#: ../gui/polgen.glade:546 -+msgid "Admin User Role" - msgstr "" - --#: ../gui/polgen.glade:537 -+#: ../gui/polgen.glade:550 - msgid "" - "User with full networking, no setuid applications without transition, no su, " - "can sudo to Root Administration Roles" - msgstr "" - --#: ../gui/polgen.glade:539 ../gui/polgen.py:165 --msgid "Admin User Role" -+#: ../gui/polgen.glade:592 -+msgid "Root Users" - msgstr "" - --#: ../gui/polgen.glade:585 --msgid "Root Users" -+#: ../gui/polgen.glade:623 -+msgid "Root Admin User Role" - msgstr "" - --#: ../gui/polgen.glade:647 -+#: ../gui/polgen.glade:627 - msgid "" - "Select Root Administrator User Role, if this user will be used to administer " - "the machine while running as root. This user will not be able to login to " - "the system directly." - msgstr "" - --#: ../gui/polgen.glade:649 ../gui/polgen.py:166 --msgid "Root Admin User Role" --msgstr "" -- --#: ../gui/polgen.glade:716 --msgid "label104" --msgstr "" -- --#: ../gui/polgen.glade:745 -+#: ../gui/polgen.glade:705 - msgid "Enter name of application or user role:" - msgstr "" - --#: ../gui/polgen.glade:779 ../gui/polgengui.py:251 -+#: ../gui/polgen.glade:728 ../gui/polgengui.py:267 - msgid "Name" - msgstr "" - --#: ../gui/polgen.glade:807 -+#: ../gui/polgen.glade:739 - msgid "Enter complete path for executable to be confined." - msgstr "" - --#: ../gui/polgen.glade:830 ../gui/polgen.glade:950 ../gui/polgen.glade:3142 -+#: ../gui/polgen.glade:756 ../gui/polgen.glade:838 ../gui/polgen.glade:2361 - msgid "..." - msgstr "" - --#: ../gui/polgen.glade:849 -+#: ../gui/polgen.glade:776 - msgid "Enter unique name for the confined application or user role." - msgstr "" - --#: ../gui/polgen.glade:871 -+#: ../gui/polgen.glade:794 - msgid "Executable" - msgstr "" - --#: ../gui/polgen.glade:899 -+#: ../gui/polgen.glade:808 - msgid "Init script" - msgstr "" - --#: ../gui/polgen.glade:927 -+#: ../gui/polgen.glade:821 - msgid "" - "Enter complete path to init script used to start the confined application." - msgstr "" - --#: ../gui/polgen.glade:982 --msgid "label105" --msgstr "" -- --#: ../gui/polgen.glade:1011 -+#: ../gui/polgen.glade:887 - msgid "Select existing role to modify:" - msgstr "" - --#: ../gui/polgen.glade:1045 -+#: ../gui/polgen.glade:908 - msgid "Select the user roles that will transiton to the %s domain." - msgstr "" - --#: ../gui/polgen.glade:1073 --msgid "label106" -+#: ../gui/polgen.glade:928 -+msgid "role tab" - msgstr "" - --#: ../gui/polgen.glade:1102 -+#: ../gui/polgen.glade:945 - msgid "Select roles that %s will transition to:" - msgstr "" - --#: ../gui/polgen.glade:1136 -+#: ../gui/polgen.glade:963 - msgid "Select applications domains that %s will transition to." - msgstr "" - --#: ../gui/polgen.glade:1164 --msgid "label107" -+#: ../gui/polgen.glade:983 -+msgid "" -+"transition \n" -+"role tab" - msgstr "" - --#: ../gui/polgen.glade:1193 -+#: ../gui/polgen.glade:1001 - msgid "Select the user_roles that will transition to %s:" - msgstr "" - --#: ../gui/polgen.glade:1227 -+#: ../gui/polgen.glade:1019 - msgid "Select the user roles that will transiton to this applications domains." - msgstr "" - --#: ../gui/polgen.glade:1255 --msgid "label108" --msgstr "" -- --#: ../gui/polgen.glade:1284 -+#: ../gui/polgen.glade:1056 - msgid "Select domains that %s will administer:" - msgstr "" - --#: ../gui/polgen.glade:1318 ../gui/polgen.glade:1409 -+#: ../gui/polgen.glade:1074 ../gui/polgen.glade:1129 - msgid "Select the domains that you would like this user administer." - msgstr "" - --#: ../gui/polgen.glade:1346 --msgid "label109" --msgstr "" -- --#: ../gui/polgen.glade:1375 -+#: ../gui/polgen.glade:1111 - msgid "Select additional roles for %s:" - msgstr "" - --#: ../gui/polgen.glade:1437 --msgid "label111" --msgstr "" -- --#: ../gui/polgen.glade:1466 -+#: ../gui/polgen.glade:1166 - msgid "Enter network ports that %s binds on:" - msgstr "" - --#: ../gui/polgen.glade:1497 ../gui/polgen.glade:1997 -+#: ../gui/polgen.glade:1186 ../gui/polgen.glade:1557 - msgid "TCP Ports" - msgstr "" - --#: ../gui/polgen.glade:1565 ../gui/polgen.glade:1785 -+#: ../gui/polgen.glade:1223 ../gui/polgen.glade:1390 ../gui/polgen.glade:1589 -+#: ../gui/polgen.glade:1698 -+msgid "All" -+msgstr "" -+ -+#: ../gui/polgen.glade:1227 ../gui/polgen.glade:1394 - msgid "Allows %s to bind to any udp port" - msgstr "" - --#: ../gui/polgen.glade:1567 ../gui/polgen.glade:1787 ../gui/polgen.glade:2061 --#: ../gui/polgen.glade:2215 --msgid "All" -+#: ../gui/polgen.glade:1240 ../gui/polgen.glade:1407 -+msgid "600-1024" - msgstr "" - --#: ../gui/polgen.glade:1585 ../gui/polgen.glade:1805 -+#: ../gui/polgen.glade:1244 ../gui/polgen.glade:1411 - msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" - msgstr "" - --#: ../gui/polgen.glade:1587 ../gui/polgen.glade:1807 --msgid "600-1024" -+#: ../gui/polgen.glade:1257 ../gui/polgen.glade:1424 -+msgid "Unreserved Ports (>1024)" - msgstr "" - --#: ../gui/polgen.glade:1605 ../gui/polgen.glade:1825 -+#: ../gui/polgen.glade:1261 ../gui/polgen.glade:1428 - msgid "" - "Enter a comma separated list of udp ports or ranges of ports that %s binds " - "to. Example: 612, 650-660" - msgstr "" - --#: ../gui/polgen.glade:1607 ../gui/polgen.glade:1827 --msgid "Unreserved Ports (>1024)" --msgstr "" -- --#: ../gui/polgen.glade:1638 ../gui/polgen.glade:1858 ../gui/polgen.glade:2079 --#: ../gui/polgen.glade:2233 -+#: ../gui/polgen.glade:1289 ../gui/polgen.glade:1456 ../gui/polgen.glade:1609 -+#: ../gui/polgen.glade:1718 - msgid "Select Ports" - msgstr "" - --#: ../gui/polgen.glade:1663 ../gui/polgen.glade:1883 -+#: ../gui/polgen.glade:1302 ../gui/polgen.glade:1469 - msgid "Allows %s to bind to any udp ports > 1024" - msgstr "" - --#: ../gui/polgen.glade:1717 ../gui/polgen.glade:2151 -+#: ../gui/polgen.glade:1353 ../gui/polgen.glade:1666 - msgid "UDP Ports" - msgstr "" - --#: ../gui/polgen.glade:1937 --msgid "label113" -+#: ../gui/polgen.glade:1519 -+msgid "" -+"Network\n" -+"Bind tab" - msgstr "" - --#: ../gui/polgen.glade:1966 -+#: ../gui/polgen.glade:1537 - msgid "Select network ports that %s connects to:" - msgstr "" - --#: ../gui/polgen.glade:2058 -+#: ../gui/polgen.glade:1593 - msgid "Allows %s to connect to any tcp port" - msgstr "" - --#: ../gui/polgen.glade:2104 -+#: ../gui/polgen.glade:1622 - msgid "" - "Enter a comma separated list of tcp ports or ranges of ports that %s " - "connects to. Example: 612, 650-660" - msgstr "" - --#: ../gui/polgen.glade:2212 -+#: ../gui/polgen.glade:1702 - msgid "Allows %s to connect to any udp port" - msgstr "" - --#: ../gui/polgen.glade:2258 -+#: ../gui/polgen.glade:1731 - msgid "" - "Enter a comma separated list of udp ports or ranges of ports that %s " - "connects to. Example: 612, 650-660" - msgstr "" - --#: ../gui/polgen.glade:2305 --msgid "label114" --msgstr "" -- --#: ../gui/polgen.glade:2334 -+#: ../gui/polgen.glade:1792 - msgid "Select common application traits for %s:" - msgstr "" - --#: ../gui/polgen.glade:2366 -+#: ../gui/polgen.glade:1809 - msgid "Writes syslog messages\t" - msgstr "" - --#: ../gui/polgen.glade:2385 -+#: ../gui/polgen.glade:1824 - msgid "Create/Manipulate temporary files in /tmp" - msgstr "" - --#: ../gui/polgen.glade:2404 -+#: ../gui/polgen.glade:1839 - msgid "Uses Pam for authentication" - msgstr "" - --#: ../gui/polgen.glade:2423 -+#: ../gui/polgen.glade:1854 - msgid "Uses nsswitch or getpw* calls" - msgstr "" - --#: ../gui/polgen.glade:2442 -+#: ../gui/polgen.glade:1869 - msgid "Uses dbus" - msgstr "" - --#: ../gui/polgen.glade:2461 -+#: ../gui/polgen.glade:1884 - msgid "Sends audit messages" - msgstr "" - --#: ../gui/polgen.glade:2480 -+#: ../gui/polgen.glade:1899 - msgid "Interacts with the terminal" - msgstr "" - --#: ../gui/polgen.glade:2499 -+#: ../gui/polgen.glade:1914 - msgid "Sends email" - msgstr "" - --#: ../gui/polgen.glade:2530 --msgid "label115" --msgstr "" -- --#: ../gui/polgen.glade:2559 -+#: ../gui/polgen.glade:1961 - msgid "Add files/directories that %s manages" - msgstr "" - --#: ../gui/polgen.glade:2788 -+#: ../gui/polgen.glade:2122 - msgid "" - "Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " - "Files ..." - msgstr "" - --#: ../gui/polgen.glade:2823 --msgid "label116" --msgstr "" -- --#: ../gui/polgen.glade:2852 -+#: ../gui/polgen.glade:2166 - msgid "Add booleans from the %s policy:" - msgstr "" - --#: ../gui/polgen.glade:3002 -+#: ../gui/polgen.glade:2274 - msgid "Add/Remove booleans used by the %s domain" - msgstr "" - --#: ../gui/polgen.glade:3066 -+#: ../gui/polgen.glade:2316 - msgid "Which directory you will generate the %s policy?" - msgstr "" - --#: ../gui/polgen.glade:3097 -+#: ../gui/polgen.glade:2334 - msgid "Policy Directory" - msgstr "" - --#: ../gui/polgen.glade:3254 --msgid "Add Booleans Dialog" --msgstr "" -- --#: ../gui/polgen.glade:3327 --msgid "Boolean Name" --msgstr "" -- --#: ../gui/polgengui.py:261 -+#: ../gui/polgengui.py:277 - msgid "Role" - msgstr "" - --#: ../gui/polgengui.py:268 -+#: ../gui/polgengui.py:284 - msgid "Existing_User" - msgstr "" - --#: ../gui/polgengui.py:282 ../gui/polgengui.py:290 ../gui/polgengui.py:304 -+#: ../gui/polgengui.py:298 ../gui/polgengui.py:306 ../gui/polgengui.py:320 - msgid "Application" - msgstr "" - --#: ../gui/polgengui.py:352 -+#: ../gui/polgengui.py:363 - #, python-format - msgid "%s must be a directory" - msgstr "" - --#: ../gui/polgengui.py:412 ../gui/polgengui.py:693 -+#: ../gui/polgengui.py:423 ../gui/polgengui.py:704 - msgid "You must select a user" - msgstr "" - --#: ../gui/polgengui.py:542 -+#: ../gui/polgengui.py:553 - msgid "Select executable file to be confined." - msgstr "" - --#: ../gui/polgengui.py:553 -+#: ../gui/polgengui.py:564 - msgid "Select init script file to be confined." - msgstr "" - --#: ../gui/polgengui.py:563 -+#: ../gui/polgengui.py:574 - msgid "Select file(s) that confined application creates or writes" - msgstr "" - --#: ../gui/polgengui.py:570 -+#: ../gui/polgengui.py:581 - msgid "Select directory(s) that the confined application owns and writes into" - msgstr "" - --#: ../gui/polgengui.py:632 -+#: ../gui/polgengui.py:643 - msgid "Select directory to generate policy files in" - msgstr "" - --#: ../gui/polgengui.py:649 -+#: ../gui/polgengui.py:660 - #, python-format - msgid "" - "Type %s_t already defined in current policy.\n" - "Do you want to continue?" - msgstr "" - --#: ../gui/polgengui.py:649 ../gui/polgengui.py:653 -+#: ../gui/polgengui.py:660 ../gui/polgengui.py:664 - msgid "Verify Name" - msgstr "" - --#: ../gui/polgengui.py:653 -+#: ../gui/polgengui.py:664 - #, python-format - msgid "" - "Module %s.pp already loaded in current policy.\n" - "Do you want to continue?" - msgstr "" - --#: ../gui/polgengui.py:699 -+#: ../gui/polgengui.py:710 - msgid "" - "You must add a name made up of letters and numbers and containing no spaces." - msgstr "" - --#: ../gui/polgengui.py:713 -+#: ../gui/polgengui.py:724 - msgid "You must enter a executable" - msgstr "" - --#: ../gui/polgengui.py:738 ../gui/system-config-selinux.py:174 -+#: ../gui/polgengui.py:749 ../gui/system-config-selinux.py:180 - msgid "Configue SELinux" - msgstr "" - --#: ../gui/polgen.py:158 --msgid "Internet Services Daemon" --msgstr "" -- --#: ../gui/polgen.py:197 --#, python-format --msgid "Ports must be numbers or ranges of numbers from 1 to %d " --msgstr "" -- --#: ../gui/polgen.py:324 --msgid "You must enter a name for your confined process/user" --msgstr "" -- --#: ../gui/polgen.py:326 --msgid "" --"Name must be alpha numberic with no spaces. Consider using option \"-n " --"MODULENAME\"" --msgstr "" -- --#: ../gui/polgen.py:414 --msgid "User Role types can not be assigned executables." --msgstr "" -- --#: ../gui/polgen.py:420 --msgid "Only Daemon apps can use an init script.." --msgstr "" -- --#: ../gui/polgen.py:438 --msgid "use_resolve must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:444 --msgid "use_syslog must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:450 --msgid "use_kerberos must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:456 --msgid "manage_krb5_rcache must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:486 --msgid "USER Types automatically get a tmp type" --msgstr "" -- --#: ../gui/polgen.py:1004 --msgid "You must enter the executable path for your confined process" --msgstr "" -- --#: ../gui/polgen.py:1182 --msgid "Type Enforcement file" --msgstr "" -- --#: ../gui/polgen.py:1183 --msgid "Interface file" --msgstr "" -- --#: ../gui/polgen.py:1184 --msgid "File Contexts file" --msgstr "" -- --#: ../gui/polgen.py:1185 --msgid "Setup Script" --msgstr "" -- --#: ../gui/polgen.py:1306 --#, python-format --msgid "" --"\n" --"%s\n" --"\n" --"sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]\n" --"valid Types:\n" --msgstr "" -- --#: ../gui/polgen.py:1354 --msgid "Executable or Name required" --msgstr "" -- - #: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528 - msgid "Network Port" - msgstr "" -@@ -1948,1411 +1854,1620 @@ msgstr "" - msgid "Group View" - msgstr "" - --#: ../gui/selinux.tbl:1 ../gui/selinux.tbl:30 ../gui/selinux.tbl:31 --#: ../gui/selinux.tbl:32 ../gui/selinux.tbl:33 ../gui/selinux.tbl:34 --#: ../gui/selinux.tbl:36 ../gui/selinux.tbl:37 ../gui/selinux.tbl:38 --#: ../gui/selinux.tbl:39 ../gui/selinux.tbl:40 ../gui/selinux.tbl:42 --#: ../gui/selinux.tbl:43 ../gui/selinux.tbl:44 ../gui/selinux.tbl:45 --#: ../gui/selinux.tbl:46 ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 --#: ../gui/selinux.tbl:49 ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 --#: ../gui/selinux.tbl:52 ../gui/selinux.tbl:53 ../gui/selinux.tbl:59 --#: ../gui/selinux.tbl:60 ../gui/selinux.tbl:61 ../gui/selinux.tbl:62 --#: ../gui/selinux.tbl:63 ../gui/selinux.tbl:64 ../gui/selinux.tbl:65 --#: ../gui/selinux.tbl:66 ../gui/selinux.tbl:67 ../gui/selinux.tbl:68 --#: ../gui/selinux.tbl:69 ../gui/selinux.tbl:75 ../gui/selinux.tbl:76 --#: ../gui/selinux.tbl:77 ../gui/selinux.tbl:78 ../gui/selinux.tbl:79 --#: ../gui/selinux.tbl:80 ../gui/selinux.tbl:81 ../gui/selinux.tbl:82 --#: ../gui/selinux.tbl:83 ../gui/selinux.tbl:84 ../gui/selinux.tbl:86 --#: ../gui/selinux.tbl:88 ../gui/selinux.tbl:89 ../gui/selinux.tbl:90 --#: ../gui/selinux.tbl:92 ../gui/selinux.tbl:94 ../gui/selinux.tbl:95 --#: ../gui/selinux.tbl:96 ../gui/selinux.tbl:97 ../gui/selinux.tbl:98 --#: ../gui/selinux.tbl:99 ../gui/selinux.tbl:100 ../gui/selinux.tbl:101 --#: ../gui/selinux.tbl:102 ../gui/selinux.tbl:103 ../gui/selinux.tbl:104 --#: ../gui/selinux.tbl:106 ../gui/selinux.tbl:108 ../gui/selinux.tbl:109 --#: ../gui/selinux.tbl:110 ../gui/selinux.tbl:111 ../gui/selinux.tbl:112 --#: ../gui/selinux.tbl:113 ../gui/selinux.tbl:114 ../gui/selinux.tbl:116 --#: ../gui/selinux.tbl:117 ../gui/selinux.tbl:119 ../gui/selinux.tbl:121 --#: ../gui/selinux.tbl:123 ../gui/selinux.tbl:124 ../gui/selinux.tbl:127 --#: ../gui/selinux.tbl:129 ../gui/selinux.tbl:130 ../gui/selinux.tbl:131 --#: ../gui/selinux.tbl:132 ../gui/selinux.tbl:133 ../gui/selinux.tbl:134 --#: ../gui/selinux.tbl:135 ../gui/selinux.tbl:136 ../gui/selinux.tbl:137 --#: ../gui/selinux.tbl:138 ../gui/selinux.tbl:139 ../gui/selinux.tbl:142 --#: ../gui/selinux.tbl:143 ../gui/selinux.tbl:144 ../gui/selinux.tbl:145 --#: ../gui/selinux.tbl:146 ../gui/selinux.tbl:147 ../gui/selinux.tbl:148 --#: ../gui/selinux.tbl:149 ../gui/selinux.tbl:150 ../gui/selinux.tbl:151 --#: ../gui/selinux.tbl:152 ../gui/selinux.tbl:154 ../gui/selinux.tbl:155 --#: ../gui/selinux.tbl:156 ../gui/selinux.tbl:157 ../gui/selinux.tbl:158 --#: ../gui/selinux.tbl:159 ../gui/selinux.tbl:160 ../gui/selinux.tbl:167 --#: ../gui/selinux.tbl:171 ../gui/selinux.tbl:172 ../gui/selinux.tbl:173 --#: ../gui/selinux.tbl:174 ../gui/selinux.tbl:175 ../gui/selinux.tbl:177 --#: ../gui/selinux.tbl:178 ../gui/selinux.tbl:179 ../gui/selinux.tbl:180 --#: ../gui/selinux.tbl:184 ../gui/selinux.tbl:192 ../gui/selinux.tbl:193 --#: ../gui/selinux.tbl:194 ../gui/selinux.tbl:195 ../gui/selinux.tbl:196 --#: ../gui/selinux.tbl:197 ../gui/selinux.tbl:198 ../gui/selinux.tbl:199 --#: ../gui/selinux.tbl:200 ../gui/selinux.tbl:201 ../gui/selinux.tbl:206 --#: ../gui/selinux.tbl:207 ../gui/selinux.tbl:218 ../gui/selinux.tbl:219 --#: ../gui/selinux.tbl:220 ../gui/selinux.tbl:222 ../gui/selinux.tbl:224 --#: ../gui/selinux.tbl:226 ../gui/selinux.tbl:227 ../gui/selinux.tbl:230 --msgid "SELinux Service Protection" --msgstr "" -- --#: ../gui/selinux.tbl:1 --msgid "Disable SELinux protection for acct daemon" --msgstr "" -- --#: ../gui/selinux.tbl:2 ../gui/selinux.tbl:3 ../gui/selinux.tbl:70 --#: ../gui/selinux.tbl:153 ../gui/selinux.tbl:168 ../gui/selinux.tbl:169 --#: ../gui/selinux.tbl:170 ../gui/selinux.tbl:189 ../gui/selinux.tbl:202 --#: ../gui/selinux.tbl:203 ../gui/selinux.tbl:204 ../gui/selinux.tbl:205 --msgid "Admin" --msgstr "" -- --#: ../gui/selinux.tbl:2 --msgid "Allow all daemons to write corefiles to /" --msgstr "" -- --#: ../gui/selinux.tbl:3 --msgid "Allow all daemons the ability to use unallocated ttys" -+#: ../gui/semanagePage.py:126 -+#, python-format -+msgid "Are you sure you want to delete %s '%s'?" - msgstr "" - --#: ../gui/selinux.tbl:4 ../gui/selinux.tbl:5 ../gui/selinux.tbl:11 --#: ../gui/selinux.tbl:12 ../gui/selinux.tbl:13 ../gui/selinux.tbl:15 --#: ../gui/selinux.tbl:20 ../gui/selinux.tbl:41 ../gui/selinux.tbl:208 --#: ../gui/selinux.tbl:210 ../gui/selinux.tbl:211 ../gui/selinux.tbl:212 --#: ../gui/selinux.tbl:213 ../gui/selinux.tbl:214 ../gui/selinux.tbl:215 --#: ../gui/selinux.tbl:216 ../gui/selinux.tbl:217 --msgid "User Privs" -+#: ../gui/semanagePage.py:126 -+#, python-format -+msgid "Delete %s" - msgstr "" - --#: ../gui/selinux.tbl:4 --msgid "" --"Allow gadmin SELinux user account to execute files in home directory or /tmp" -+#: ../gui/semanagePage.py:134 -+#, python-format -+msgid "Add %s" - msgstr "" - --#: ../gui/selinux.tbl:5 --msgid "" --"Allow guest SELinux user account to execute files in home directory or /tmp" -+#: ../gui/semanagePage.py:148 -+#, python-format -+msgid "Modify %s" - msgstr "" - --#: ../gui/selinux.tbl:6 ../gui/selinux.tbl:9 ../gui/selinux.tbl:16 --msgid "Memory Protection" -+#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 -+msgid "Permissive" - msgstr "" - --#: ../gui/selinux.tbl:6 --msgid "Allow java executable stack" -+#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 -+msgid "Enforcing" - msgstr "" - --#: ../gui/selinux.tbl:7 ../gui/selinux.tbl:8 ../gui/selinux.tbl:35 --#: ../gui/selinux.tbl:209 --msgid "Mount" -+#: ../gui/statusPage.py:94 -+msgid "Status" - msgstr "" - --#: ../gui/selinux.tbl:7 --msgid "Allow mount to mount any file" -+#: ../gui/statusPage.py:133 -+msgid "" -+"Changing the policy type will cause a relabel of the entire file system on " -+"the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" - msgstr "" - --#: ../gui/selinux.tbl:8 --msgid "Allow mount to mount any directory" -+#: ../gui/statusPage.py:147 -+msgid "" -+"Changing to SELinux disabled requires a reboot. It is not recommended. If " -+"you later decide to turn SELinux back on, the system will be required to " -+"relabel. If you just want to see if SELinux is causing a problem on your " -+"system, you can go to permissive mode which will only log errors and not " -+"enforce SELinux policy. Permissive mode does not require a reboot Do you " -+"wish to continue?" - msgstr "" - --#: ../gui/selinux.tbl:9 --msgid "Allow mplayer executable stack" -+#: ../gui/statusPage.py:152 -+msgid "" -+"Changing to SELinux enabled will cause a relabel of the entire file system " -+"on the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" - msgstr "" - --#: ../gui/selinux.tbl:10 ../gui/selinux.tbl:162 ../gui/selinux.tbl:187 --#: ../gui/selinux.tbl:188 --msgid "SSH" -+#: ../gui/system-config-selinux.glade:11 -+msgid "system-config-selinux" - msgstr "" - --#: ../gui/selinux.tbl:10 --msgid "Allow ssh to run ssh-keysign" -+#: ../gui/system-config-selinux.glade:12 -+msgid "" -+"Copyright (c)2006 Red Hat, Inc.\n" -+"Copyright (c) 2006 Dan Walsh " - msgstr "" - --#: ../gui/selinux.tbl:11 --msgid "" --"Allow staff SELinux user account to execute files in home directory or /tmp" -+#: ../gui/system-config-selinux.glade:22 -+#: ../gui/system-config-selinux.glade:544 -+msgid "Add SELinux Login Mapping" - msgstr "" - --#: ../gui/selinux.tbl:12 --msgid "" --"Allow sysadm SELinux user account to execute files in home directory or /tmp" -+#: ../gui/system-config-selinux.glade:257 -+msgid "Add SELinux Network Ports" - msgstr "" - --#: ../gui/selinux.tbl:13 --msgid "" --"Allow unconfined SELinux user account to execute files in home directory or /" --"tmp" -+#: ../gui/system-config-selinux.glade:391 -+#: ../gui/system-config-selinux.glade:678 -+msgid "SELinux Type" - msgstr "" - --#: ../gui/selinux.tbl:14 --msgid "Network Configuration" -+#: ../gui/system-config-selinux.glade:622 -+msgid "File Specification" - msgstr "" - --#: ../gui/selinux.tbl:14 --msgid "Allow unlabeled packets to flow on the network" -+#: ../gui/system-config-selinux.glade:650 -+msgid "File Type" - msgstr "" - --#: ../gui/selinux.tbl:15 -+#: ../gui/system-config-selinux.glade:727 - msgid "" --"Allow user SELinux user account to execute files in home directory or /tmp" -+"all files\n" -+"regular file\n" -+"directory\n" -+"character device\n" -+"block device\n" -+"socket\n" -+"symbolic link\n" -+"named pipe\n" - msgstr "" - --#: ../gui/selinux.tbl:16 --msgid "Allow unconfined to dyntrans to unconfined_execmem" -+#: ../gui/system-config-selinux.glade:773 -+msgid "MLS" - msgstr "" - --#: ../gui/selinux.tbl:17 ../gui/selinux.tbl:18 ../gui/selinux.tbl:120 --#: ../gui/selinux.tbl:140 --msgid "Databases" -+#: ../gui/system-config-selinux.glade:837 -+msgid "Add SELinux User" - msgstr "" - --#: ../gui/selinux.tbl:17 --msgid "Allow user to connect to mysql socket" -+#: ../gui/system-config-selinux.glade:1079 -+msgid "SELinux Administration" - msgstr "" - --#: ../gui/selinux.tbl:18 --msgid "Allow user to connect to postgres socket" -+#: ../gui/system-config-selinux.glade:1122 -+msgid "Add" - msgstr "" - --#: ../gui/selinux.tbl:19 ../gui/selinux.tbl:165 ../gui/selinux.tbl:223 --msgid "XServer" --msgstr "" -+#: ../gui/system-config-selinux.glade:1144 -+msgid "_Properties" -+msgstr "" - --#: ../gui/selinux.tbl:19 --msgid "Allow clients to write to X shared memory" -+#: ../gui/system-config-selinux.glade:1166 -+msgid "_Delete" - msgstr "" - --#: ../gui/selinux.tbl:20 -+#: ../gui/system-config-selinux.glade:1256 -+msgid "Select Management Object" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1273 -+msgid "Select:" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1326 -+msgid "System Default Enforcing Mode" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1354 - msgid "" --"Allow xguest SELinux user account to execute files in home directory or /tmp" -+"Disabled\n" -+"Permissive\n" -+"Enforcing\n" - msgstr "" - --#: ../gui/selinux.tbl:21 ../gui/selinux.tbl:228 ../gui/selinux.tbl:229 --#: ../gui/selinux.tbl:231 --msgid "NIS" -+#: ../gui/system-config-selinux.glade:1373 -+msgid "Current Enforcing Mode" - msgstr "" - --#: ../gui/selinux.tbl:21 --msgid "Allow daemons to run with NIS" -+#: ../gui/system-config-selinux.glade:1418 -+msgid "System Default Policy Type: " - msgstr "" - --#: ../gui/selinux.tbl:22 ../gui/selinux.tbl:23 ../gui/selinux.tbl:24 --#: ../gui/selinux.tbl:25 ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 --#: ../gui/selinux.tbl:28 ../gui/selinux.tbl:29 ../gui/selinux.tbl:71 --#: ../gui/selinux.tbl:73 ../gui/selinux.tbl:74 ../gui/selinux.tbl:115 --#: ../gui/selinux.tbl:118 --msgid "Web Applications" -+#: ../gui/system-config-selinux.glade:1463 -+msgid "" -+"Select if you wish to relabel then entire file system on next reboot. " -+"Relabeling can take a very long time, depending on the size of the system. " -+"If you are changing policy types or going from disabled to enforcing, a " -+"relabel is required." - msgstr "" - --#: ../gui/selinux.tbl:22 --msgid "Transition staff SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1509 -+msgid "Relabel on next reboot." - msgstr "" - --#: ../gui/selinux.tbl:23 --msgid "Transition sysadm SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1561 -+msgid "label37" - msgstr "" - --#: ../gui/selinux.tbl:24 --msgid "Transition user SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1598 -+msgid "Revert boolean setting to system default" - msgstr "" - --#: ../gui/selinux.tbl:25 --msgid "Transition xguest SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1614 -+msgid "Toggle between Customized and All Booleans" - msgstr "" - --#: ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 ../gui/selinux.tbl:28 --#: ../gui/selinux.tbl:29 --msgid "Allow staff Web Browsers to write to home directories" -+#: ../gui/system-config-selinux.glade:1645 -+#: ../gui/system-config-selinux.glade:1850 -+#: ../gui/system-config-selinux.glade:2037 -+#: ../gui/system-config-selinux.glade:2224 -+#: ../gui/system-config-selinux.glade:2467 -+#: ../gui/system-config-selinux.glade:2692 -+#: ../gui/system-config-selinux.glade:2867 -+msgid "Filter" - msgstr "" - --#: ../gui/selinux.tbl:30 --msgid "Disable SELinux protection for amanda" -+#: ../gui/system-config-selinux.glade:1734 -+msgid "label50" - msgstr "" - --#: ../gui/selinux.tbl:31 --msgid "Disable SELinux protection for amavis" -+#: ../gui/system-config-selinux.glade:1771 -+msgid "Add File Context" - msgstr "" - --#: ../gui/selinux.tbl:32 --msgid "Disable SELinux protection for apmd daemon" -+#: ../gui/system-config-selinux.glade:1787 -+msgid "Modify File Context" - msgstr "" - --#: ../gui/selinux.tbl:33 --msgid "Disable SELinux protection for arpwatch daemon" -+#: ../gui/system-config-selinux.glade:1803 -+msgid "Delete File Context" - msgstr "" - --#: ../gui/selinux.tbl:34 --msgid "Disable SELinux protection for auditd daemon" -+#: ../gui/system-config-selinux.glade:1819 -+msgid "Toggle between all and customized file context" - msgstr "" - --#: ../gui/selinux.tbl:35 --msgid "Disable SELinux protection for automount daemon" -+#: ../gui/system-config-selinux.glade:1939 -+msgid "label38" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1976 -+msgid "Add SELinux User Mapping" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1992 -+msgid "Modify SELinux User Mapping" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2008 -+msgid "Delete SELinux User Mapping" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2126 -+msgid "label39" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2163 -+msgid "Add User" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2179 -+msgid "Modify User" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2195 -+msgid "Delete User" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2313 -+msgid "label41" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2350 -+msgid "Add Network Port" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2366 -+msgid "Edit Network Port" - msgstr "" - --#: ../gui/selinux.tbl:36 --msgid "Disable SELinux protection for avahi" -+#: ../gui/system-config-selinux.glade:2382 -+msgid "Delete Network Port" - msgstr "" - --#: ../gui/selinux.tbl:37 --msgid "Disable SELinux protection for bluetooth daemon" -+#: ../gui/system-config-selinux.glade:2418 -+#: ../gui/system-config-selinux.glade:2436 -+msgid "Toggle between Customized and All Ports" - msgstr "" - --#: ../gui/selinux.tbl:38 --msgid "Disable SELinux protection for canna daemon" -+#: ../gui/system-config-selinux.glade:2556 -+msgid "label42" - msgstr "" - --#: ../gui/selinux.tbl:39 --msgid "Disable SELinux protection for cardmgr daemon" -+#: ../gui/system-config-selinux.glade:2593 -+msgid "Generate new policy module" - msgstr "" - --#: ../gui/selinux.tbl:40 --msgid "Disable SELinux protection for Cluster Server" -+#: ../gui/system-config-selinux.glade:2609 -+msgid "Load policy module" - msgstr "" - --#: ../gui/selinux.tbl:41 -+#: ../gui/system-config-selinux.glade:2625 -+msgid "Remove loadable policy module" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2661 - msgid "" --"Allow cdrecord to read various content. nfs, samba, removable devices, user " --"temp and untrusted content files" -+"Enable/Disable additional audit rules, that are normally not reported in the " -+"log files." -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2781 -+msgid "label44" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2818 -+msgid "Change process mode to permissive." - msgstr "" - --#: ../gui/selinux.tbl:42 --msgid "Disable SELinux protection for ciped daemon" -+#: ../gui/system-config-selinux.glade:2836 -+msgid "Change process mode to enforcing" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2928 -+msgid "Process Domain" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2956 -+msgid "label59" -+msgstr "" -+ -+#: ../gui/usersPage.py:138 -+#, python-format -+msgid "SELinux user '%s' is required" - msgstr "" - --#: ../gui/selinux.tbl:43 --msgid "Disable SELinux protection for clamd daemon" -+#: ../sepolicy/sepolicy.py:202 -+msgid "Generate SELinux man pages" - msgstr "" - --#: ../gui/selinux.tbl:44 --msgid "Disable SELinux protection for clamscan" -+#: ../sepolicy/sepolicy.py:205 -+msgid "path in which the generated SELinux man pages will be stored" - msgstr "" - --#: ../gui/selinux.tbl:45 --msgid "Disable SELinux protection for clvmd" -+#: ../sepolicy/sepolicy.py:207 -+msgid "name of the OS for man pages" - msgstr "" - --#: ../gui/selinux.tbl:46 --msgid "Disable SELinux protection for comsat daemon" -+#: ../sepolicy/sepolicy.py:209 -+msgid "Generate HTML man pages structure for selected SELinux man page" - msgstr "" - --#: ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 ../gui/selinux.tbl:49 --#: ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 --msgid "Disable SELinux protection for courier daemon" -+#: ../sepolicy/sepolicy.py:213 -+msgid "All domains" - msgstr "" - --#: ../gui/selinux.tbl:52 --msgid "Disable SELinux protection for cpucontrol daemon" -+#: ../sepolicy/sepolicy.py:216 -+msgid "Domain name(s) of man pages to be created" - msgstr "" - --#: ../gui/selinux.tbl:53 --msgid "Disable SELinux protection for cpuspeed daemon" -+#: ../sepolicy/sepolicy.py:221 -+msgid "Query SELinux policy network information" - msgstr "" - --#: ../gui/selinux.tbl:54 --msgid "Cron" -+#: ../sepolicy/sepolicy.py:226 -+msgid "list all SELinux port types" - msgstr "" - --#: ../gui/selinux.tbl:54 --msgid "Disable SELinux protection for crond daemon" -+#: ../sepolicy/sepolicy.py:229 -+msgid "show SELinux type related to the port" - msgstr "" - --#: ../gui/selinux.tbl:55 ../gui/selinux.tbl:56 ../gui/selinux.tbl:57 --#: ../gui/selinux.tbl:91 --msgid "Printing" -+#: ../sepolicy/sepolicy.py:232 -+msgid "Show ports defined for this SELinux type" - msgstr "" - --#: ../gui/selinux.tbl:55 --msgid "Disable SELinux protection for cupsd back end server" -+#: ../sepolicy/sepolicy.py:235 -+msgid "show ports to which this domain can bind and/or connect" - msgstr "" - --#: ../gui/selinux.tbl:56 --msgid "Disable SELinux protection for cupsd daemon" -+#: ../sepolicy/sepolicy.py:250 -+msgid "query SELinux policy to see if domains can communicate with each other" - msgstr "" - --#: ../gui/selinux.tbl:57 --msgid "Disable SELinux protection for cupsd_lpd" -+#: ../sepolicy/sepolicy.py:253 -+msgid "Source Domain" - msgstr "" - --#: ../gui/selinux.tbl:58 --msgid "CVS" -+#: ../sepolicy/sepolicy.py:256 -+msgid "Target Domain" - msgstr "" - --#: ../gui/selinux.tbl:58 --msgid "Disable SELinux protection for cvs daemon" -+#: ../sepolicy/sepolicy.py:276 -+msgid "query SELinux Policy to see description of booleans" - msgstr "" - --#: ../gui/selinux.tbl:59 --msgid "Disable SELinux protection for cyrus daemon" -+#: ../sepolicy/sepolicy.py:280 -+msgid "get all booleans descriptions" - msgstr "" - --#: ../gui/selinux.tbl:60 --msgid "Disable SELinux protection for dbskkd daemon" -+#: ../sepolicy/sepolicy.py:282 -+msgid "boolean to get description" - msgstr "" - --#: ../gui/selinux.tbl:61 --msgid "Disable SELinux protection for dbusd daemon" -+#: ../sepolicy/sepolicy.py:301 -+msgid "" -+"query SELinux Policy to see how a source process domain can transition to " -+"the target process domain" - msgstr "" - --#: ../gui/selinux.tbl:62 --msgid "Disable SELinux protection for dccd" -+#: ../sepolicy/sepolicy.py:304 -+msgid "source process domain" - msgstr "" - --#: ../gui/selinux.tbl:63 --msgid "Disable SELinux protection for dccifd" -+#: ../sepolicy/sepolicy.py:307 -+msgid "target process domain" - msgstr "" - --#: ../gui/selinux.tbl:64 --msgid "Disable SELinux protection for dccm" -+#: ../sepolicy/sepolicy.py:327 -+msgid "Command required for this type of policy" - msgstr "" - --#: ../gui/selinux.tbl:65 --msgid "Disable SELinux protection for ddt daemon" -+#: ../sepolicy/sepolicy.py:347 -+msgid "List SELinux Policy interfaces" - msgstr "" - --#: ../gui/selinux.tbl:66 --msgid "Disable SELinux protection for devfsd daemon" -+#: ../sepolicy/sepolicy.py:362 -+msgid "Generate SELinux Policy module template" - msgstr "" - --#: ../gui/selinux.tbl:67 --msgid "Disable SELinux protection for dhcpc daemon" -+#: ../sepolicy/sepolicy.py:365 -+msgid "Enter domain type which you will be extending" - msgstr "" - --#: ../gui/selinux.tbl:68 --msgid "Disable SELinux protection for dhcpd daemon" -+#: ../sepolicy/sepolicy.py:368 -+msgid "Enter SELinux user(s) which will transition to this domain" - msgstr "" - --#: ../gui/selinux.tbl:69 --msgid "Disable SELinux protection for dictd daemon" -+#: ../sepolicy/sepolicy.py:371 -+msgid "Enter domain(s) that this confined admin will administrate" - msgstr "" - --#: ../gui/selinux.tbl:70 --msgid "Allow sysadm_t to directly start daemons" -+#: ../sepolicy/sepolicy.py:374 -+msgid "name of policy to generate" - msgstr "" - --#: ../gui/selinux.tbl:71 --msgid "Disable SELinux protection for Evolution" -+#: ../sepolicy/sepolicy.py:378 -+msgid "path in which the generated policy files will be stored" - msgstr "" - --#: ../gui/selinux.tbl:72 --msgid "Games" -+#: ../sepolicy/sepolicy.py:380 -+msgid "executable to confine" - msgstr "" - --#: ../gui/selinux.tbl:72 --msgid "Disable SELinux protection for games" -+#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387 -+#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393 -+#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399 -+#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405 -+#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411 -+#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417 -+#, python-format -+msgid "Generate Policy for %s" - msgstr "" - --#: ../gui/selinux.tbl:73 --msgid "Disable SELinux protection for the web browsers" -+#: ../sepolicy/sepolicy.py:422 -+msgid "commands" - msgstr "" - --#: ../gui/selinux.tbl:74 --msgid "Disable SELinux protection for Thunderbird" -+#: ../sepolicy/sepolicy.py:425 -+msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" - msgstr "" - --#: ../gui/selinux.tbl:75 --msgid "Disable SELinux protection for distccd daemon" -+#: ../sepolicy/sepolicy/__init__.py:48 -+msgid "No SELinux Policy installed" - msgstr "" - --#: ../gui/selinux.tbl:76 --msgid "Disable SELinux protection for dmesg daemon" -+#: ../sepolicy/sepolicy/__init__.py:54 -+#, python-format -+msgid "Failed to read %s policy file" - msgstr "" - --#: ../gui/selinux.tbl:77 --msgid "Disable SELinux protection for dnsmasq daemon" -+#: ../sepolicy/sepolicy/__init__.py:127 -+msgid "unknown" - msgstr "" - --#: ../gui/selinux.tbl:78 --msgid "Disable SELinux protection for dovecot daemon" -+#: ../sepolicy/sepolicy/generate.py:173 -+msgid "Internet Services Daemon" - msgstr "" - --#: ../gui/selinux.tbl:79 --msgid "Disable SELinux protection for entropyd daemon" -+#: ../sepolicy/sepolicy/generate.py:177 -+msgid "Existing Domain Type" - msgstr "" - --#: ../gui/selinux.tbl:80 --msgid "Disable SELinux protection for fetchmail" -+#: ../sepolicy/sepolicy/generate.py:178 -+msgid "Minimal Terminal Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:81 --msgid "Disable SELinux protection for fingerd daemon" -+#: ../sepolicy/sepolicy/generate.py:179 -+msgid "Minimal X Windows Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:82 --msgid "Disable SELinux protection for freshclam daemon" -+#: ../sepolicy/sepolicy/generate.py:180 -+msgid "Desktop Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:83 --msgid "Disable SELinux protection for fsdaemon daemon" -+#: ../sepolicy/sepolicy/generate.py:181 -+msgid "Administrator Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:84 --msgid "Disable SELinux protection for gpm daemon" -+#: ../sepolicy/sepolicy/generate.py:182 -+msgid "Confined Root Administrator Role" - msgstr "" - --#: ../gui/selinux.tbl:85 ../gui/selinux.tbl:125 --msgid "NFS" -+#: ../sepolicy/sepolicy/generate.py:187 -+msgid "Valid Types:\n" - msgstr "" - --#: ../gui/selinux.tbl:85 --msgid "Disable SELinux protection for gss daemon" -+#: ../sepolicy/sepolicy/generate.py:221 -+#, python-format -+msgid "Ports must be numbers or ranges of numbers from 1 to %d " - msgstr "" - --#: ../gui/selinux.tbl:86 --msgid "Disable SELinux protection for Hal daemon" -+#: ../sepolicy/sepolicy/generate.py:231 -+msgid "You must enter a valid policy type" - msgstr "" - --#: ../gui/selinux.tbl:87 --msgid "Compatibility" -+#: ../sepolicy/sepolicy/generate.py:234 -+#, python-format -+msgid "You must enter a name for your policy module for your %s." - msgstr "" - --#: ../gui/selinux.tbl:87 -+#: ../sepolicy/sepolicy/generate.py:355 - msgid "" --"Do not audit things that we know to be broken but which are not security " --"risks" -+"Name must be alpha numberic with no spaces. Consider using option \"-n " -+"MODULENAME\"" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:447 -+msgid "User Role types can not be assigned executables." - msgstr "" - --#: ../gui/selinux.tbl:88 --msgid "Disable SELinux protection for hostname daemon" -+#: ../sepolicy/sepolicy/generate.py:453 -+msgid "Only Daemon apps can use an init script.." - msgstr "" - --#: ../gui/selinux.tbl:89 --msgid "Disable SELinux protection for hotplug daemon" -+#: ../sepolicy/sepolicy/generate.py:471 -+msgid "use_resolve must be a boolean value " - msgstr "" - --#: ../gui/selinux.tbl:90 --msgid "Disable SELinux protection for howl daemon" -+#: ../sepolicy/sepolicy/generate.py:477 -+msgid "use_syslog must be a boolean value " - msgstr "" - --#: ../gui/selinux.tbl:91 --msgid "Disable SELinux protection for cups hplip daemon" -+#: ../sepolicy/sepolicy/generate.py:483 -+msgid "use_kerberos must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:489 -+msgid "manage_krb5_rcache must be a boolean value " - msgstr "" - --#: ../gui/selinux.tbl:92 --msgid "Disable SELinux protection for httpd rotatelogs" -+#: ../sepolicy/sepolicy/generate.py:519 -+msgid "USER Types automatically get a tmp type" - msgstr "" - --#: ../gui/selinux.tbl:93 ../gui/selinux.tbl:232 ../gui/selinux.tbl:233 --msgid "HTTPD Service" -+#: ../sepolicy/sepolicy/generate.py:857 -+#, python-format -+msgid "%s policy modules require existing domains" - msgstr "" - --#: ../gui/selinux.tbl:93 --msgid "Disable SELinux protection for http suexec" -+#: ../sepolicy/sepolicy/generate.py:1059 -+msgid "You must enter the executable path for your confined process" - msgstr "" - --#: ../gui/selinux.tbl:94 --msgid "Disable SELinux protection for hwclock daemon" -+#: ../sepolicy/sepolicy/generate.py:1321 -+msgid "Type Enforcement file" - msgstr "" - --#: ../gui/selinux.tbl:95 --msgid "Disable SELinux protection for i18n daemon" -+#: ../sepolicy/sepolicy/generate.py:1322 -+msgid "Interface file" - msgstr "" - --#: ../gui/selinux.tbl:96 --msgid "Disable SELinux protection for imazesrv daemon" -+#: ../sepolicy/sepolicy/generate.py:1323 -+msgid "File Contexts file" - msgstr "" - --#: ../gui/selinux.tbl:97 --msgid "Disable SELinux protection for inetd child daemons" -+#: ../sepolicy/sepolicy/generate.py:1324 -+msgid "Spec file" - msgstr "" - --#: ../gui/selinux.tbl:98 --msgid "Disable SELinux protection for inetd daemon" -+#: ../sepolicy/sepolicy/generate.py:1325 -+msgid "Setup Script" - msgstr "" - --#: ../gui/selinux.tbl:99 --msgid "Disable SELinux protection for innd daemon" -+#: booleans.py:1 -+msgid "" -+"Allow ABRT to modify public files used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:100 --msgid "Disable SELinux protection for iptables daemon" -+#: booleans.py:2 -+msgid "" -+"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" - msgstr "" - --#: ../gui/selinux.tbl:101 --msgid "Disable SELinux protection for ircd daemon" -+#: booleans.py:3 -+msgid "Allow amavis to use JIT compiler" - msgstr "" - --#: ../gui/selinux.tbl:102 --msgid "Disable SELinux protection for irqbalance daemon" -+#: booleans.py:4 -+msgid "Allow antivirus programs to read non security files on a system" - msgstr "" - --#: ../gui/selinux.tbl:103 --msgid "Disable SELinux protection for iscsi daemon" -+#: booleans.py:5 -+msgid "Allow auditadm to exec content" - msgstr "" - --#: ../gui/selinux.tbl:104 --msgid "Disable SELinux protection for jabberd daemon" -+#: booleans.py:6 -+msgid "" -+"Allow users to resolve user passwd entries directly from ldap rather then " -+"using a sssd server" - msgstr "" - --#: ../gui/selinux.tbl:105 ../gui/selinux.tbl:107 --msgid "Kerberos" -+#: booleans.py:7 -+msgid "Allow users to login using a radius server" - msgstr "" - --#: ../gui/selinux.tbl:105 --msgid "Disable SELinux protection for kadmind daemon" -+#: booleans.py:8 -+msgid "Allow users to login using a yubikey server" - msgstr "" - --#: ../gui/selinux.tbl:106 --msgid "Disable SELinux protection for klogd daemon" -+#: booleans.py:9 -+msgid "Allow awstats to purge Apache logs" - msgstr "" - --#: ../gui/selinux.tbl:107 --msgid "Disable SELinux protection for krb5kdc daemon" -+#: booleans.py:10 -+msgid "" -+"Allow cdrecord to read various content. nfs, samba, removable devices, user " -+"temp and untrusted content files" - msgstr "" - --#: ../gui/selinux.tbl:108 --msgid "Disable SELinux protection for ktalk daemons" -+#: booleans.py:11 -+msgid "Allow clamd to use JIT compiler" - msgstr "" - --#: ../gui/selinux.tbl:109 --msgid "Disable SELinux protection for kudzu daemon" -+#: booleans.py:12 -+msgid "Allow clamscan to non security files on a system" - msgstr "" - --#: ../gui/selinux.tbl:110 --msgid "Disable SELinux protection for locate daemon" -+#: booleans.py:13 -+msgid "Allow clamscan to read user content" - msgstr "" - --#: ../gui/selinux.tbl:111 --msgid "Disable SELinux protection for lpd daemon" -+#: booleans.py:14 -+msgid "" -+"Allow Cobbler to modify public files used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:112 --msgid "Disable SELinux protection for lrrd daemon" -+#: booleans.py:15 -+msgid "Allow Cobbler to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:113 --msgid "Disable SELinux protection for lvm daemon" -+#: booleans.py:16 -+msgid "Allow Cobbler to access cifs file systems." - msgstr "" - --#: ../gui/selinux.tbl:114 --msgid "Disable SELinux protection for mailman" -+#: booleans.py:17 -+msgid "Allow Cobbler to access nfs file systems." - msgstr "" - --#: ../gui/selinux.tbl:115 --msgid "Allow evolution and thunderbird to read user files" -+#: booleans.py:18 -+msgid "Allow collectd to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:116 --msgid "Disable SELinux protection for mdadm daemon" -+#: booleans.py:19 -+msgid "Allow codnor domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:117 --msgid "Disable SELinux protection for monopd daemon" -+#: booleans.py:20 -+msgid "" -+"Allow system cron jobs to relabel filesystem for restoring file contexts." - msgstr "" - --#: ../gui/selinux.tbl:118 --msgid "Allow the mozilla browser to read user files" -+#: booleans.py:21 -+msgid "Allow cvs daemon to read shadow" - msgstr "" - --#: ../gui/selinux.tbl:119 --msgid "Disable SELinux protection for mrtg daemon" -+#: booleans.py:22 -+msgid "Allow all daemons to write corefiles to /" - msgstr "" - --#: ../gui/selinux.tbl:120 --msgid "Disable SELinux protection for mysqld daemon" -+#: booleans.py:23 -+msgid "Allow all daemons to use tcp wrappers." - msgstr "" - --#: ../gui/selinux.tbl:121 --msgid "Disable SELinux protection for nagios daemon" -+#: booleans.py:24 -+msgid "Allow all daemons the ability to read/write terminals" - msgstr "" - --#: ../gui/selinux.tbl:122 ../gui/selinux.tbl:128 --msgid "Name Service" -+#: booleans.py:25 -+msgid "Allow dan to manage user files" - msgstr "" - --#: ../gui/selinux.tbl:122 --msgid "Disable SELinux protection for named daemon" -+#: booleans.py:26 -+msgid "Allow dan to read user files" - msgstr "" - --#: ../gui/selinux.tbl:123 --msgid "Disable SELinux protection for nessusd daemon" -+#: booleans.py:27 -+msgid "Allow dbadm to manage files in users home directories" - msgstr "" - --#: ../gui/selinux.tbl:124 --msgid "Disable SELinux protection for NetworkManager" -+#: booleans.py:28 -+msgid "Allow dbadm to read files in users home directories" - msgstr "" - --#: ../gui/selinux.tbl:125 --msgid "Disable SELinux protection for nfsd daemon" -+#: booleans.py:29 -+msgid "" -+"Deny user domains applications to map a memory region as both executable and " -+"writable, this is dangerous and the executable should be reported in bugzilla" - msgstr "" - --#: ../gui/selinux.tbl:126 ../gui/selinux.tbl:163 ../gui/selinux.tbl:176 --#: ../gui/selinux.tbl:221 --msgid "Samba" -+#: booleans.py:30 -+msgid "Allow sysadm to debug or ptrace all processes." - msgstr "" - --#: ../gui/selinux.tbl:126 --msgid "Disable SELinux protection for nmbd daemon" -+#: booleans.py:31 -+msgid "Allow dhcpc client applications to execute iptables commands" - msgstr "" - --#: ../gui/selinux.tbl:127 --msgid "Disable SELinux protection for nrpe daemon" -+#: booleans.py:32 -+msgid "Allow DHCP daemon to use LDAP backends" - msgstr "" - --#: ../gui/selinux.tbl:128 --msgid "Disable SELinux protection for nscd daemon" -+#: booleans.py:33 -+msgid "Allow all domains to use other domains file descriptors" - msgstr "" - --#: ../gui/selinux.tbl:129 --msgid "Disable SELinux protection for nsd daemon" -+#: booleans.py:34 -+msgid "Allow all domains to have the kernel load modules" - msgstr "" - --#: ../gui/selinux.tbl:130 --msgid "Disable SELinux protection for ntpd daemon" -+#: booleans.py:35 -+msgid "Allow the use of the audio devices as the source for the entropy feeds" - msgstr "" - --#: ../gui/selinux.tbl:131 --msgid "Disable SELinux protection for oddjob" -+#: booleans.py:36 -+msgid "Allow exim to connect to databases (postgres, mysql)" - msgstr "" - --#: ../gui/selinux.tbl:132 --msgid "Disable SELinux protection for oddjob_mkhomedir" -+#: booleans.py:37 -+msgid "Allow exim to create, read, write, and delete unprivileged user files." - msgstr "" - --#: ../gui/selinux.tbl:133 --msgid "Disable SELinux protection for openvpn daemon" -+#: booleans.py:38 -+msgid "Allow exim to read unprivileged user files." - msgstr "" - --#: ../gui/selinux.tbl:134 --msgid "Disable SELinux protection for pam daemon" -+#: booleans.py:39 -+msgid "Enable extra rules in the cron domain to support fcron." - msgstr "" - --#: ../gui/selinux.tbl:135 --msgid "Disable SELinux protection for pegasus" -+#: booleans.py:40 -+msgid "Allow fenced domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:136 --msgid "Disable SELinux protection for perdition daemon" -+#: booleans.py:41 -+msgid "Allow fenced domain to execute ssh." - msgstr "" - --#: ../gui/selinux.tbl:137 --msgid "Disable SELinux protection for portmap daemon" -+#: booleans.py:42 -+msgid "Allow all domains to execute in fips_mode" - msgstr "" - --#: ../gui/selinux.tbl:138 --msgid "Disable SELinux protection for portslave daemon" -+#: booleans.py:43 -+msgid "Allow ftp to read and write files in the user home directories" - msgstr "" - --#: ../gui/selinux.tbl:139 --msgid "Disable SELinux protection for postfix" -+#: booleans.py:44 -+msgid "" -+"Allow ftp servers to upload files, used for public file transfer services. " -+"Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/selinux.tbl:140 --msgid "Disable SELinux protection for postgresql daemon" -+#: booleans.py:45 -+msgid "Allow ftp servers to connect to all ports > 1023" - msgstr "" - --#: ../gui/selinux.tbl:141 --msgid "pppd" -+#: booleans.py:46 -+msgid "Allow ftp servers to connect to mysql database ports" - msgstr "" - --#: ../gui/selinux.tbl:141 --msgid "Allow pppd to be run for a regular user" -+#: booleans.py:47 -+msgid "" -+"Allow ftp servers to login to local users and read/write all files on the " -+"system, governed by DAC." - msgstr "" - --#: ../gui/selinux.tbl:142 --msgid "Disable SELinux protection for pptp" -+#: booleans.py:48 -+msgid "Allow ftp servers to use cifs used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:143 --msgid "Disable SELinux protection for prelink daemon" -+#: booleans.py:49 -+msgid "Allow ftp servers to use nfs used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:144 --msgid "Disable SELinux protection for privoxy daemon" -+#: booleans.py:50 -+msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" - msgstr "" - --#: ../gui/selinux.tbl:145 --msgid "Disable SELinux protection for ptal daemon" -+#: booleans.py:51 -+msgid "Determine whether Git CGI can search home directories." - msgstr "" - --#: ../gui/selinux.tbl:146 --msgid "Disable SELinux protection for pxe daemon" -+#: booleans.py:52 -+msgid "Determine whether Git CGI can access cifs file systems." - msgstr "" - --#: ../gui/selinux.tbl:147 --msgid "Disable SELinux protection for pyzord" -+#: booleans.py:53 -+msgid "Determine whether Git CGI can access nfs file systems." - msgstr "" - --#: ../gui/selinux.tbl:148 --msgid "Disable SELinux protection for quota daemon" -+#: booleans.py:54 -+msgid "" -+"Determine whether Git session daemon can bind TCP sockets to all unreserved " -+"ports." - msgstr "" - --#: ../gui/selinux.tbl:149 --msgid "Disable SELinux protection for radiusd daemon" -+#: booleans.py:55 -+msgid "" -+"Determine whether calling user domains can execute Git daemon in the " -+"git_session_t domain." - msgstr "" - --#: ../gui/selinux.tbl:150 --msgid "Disable SELinux protection for radvd daemon" -+#: booleans.py:56 -+msgid "Determine whether Git system daemon can search home directories." - msgstr "" - --#: ../gui/selinux.tbl:151 --msgid "Disable SELinux protection for rdisc" -+#: booleans.py:57 -+msgid "Determine whether Git system daemon can access cifs file systems." - msgstr "" - --#: ../gui/selinux.tbl:152 --msgid "Disable SELinux protection for readahead" -+#: booleans.py:58 -+msgid "Determine whether Git system daemon can access nfs file systems." - msgstr "" - --#: ../gui/selinux.tbl:153 --msgid "Allow programs to read files in non-standard locations (default_t)" -+#: booleans.py:59 -+msgid "Allow gitisis daemon to send mail" - msgstr "" - --#: ../gui/selinux.tbl:154 --msgid "Disable SELinux protection for restorecond" -+#: booleans.py:60 -+msgid "Enable reading of urandom for all domains." - msgstr "" - --#: ../gui/selinux.tbl:155 --msgid "Disable SELinux protection for rhgb daemon" -+#: booleans.py:61 -+msgid "" -+"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" -+"agent to manage user files." - msgstr "" - --#: ../gui/selinux.tbl:156 --msgid "Disable SELinux protection for ricci" -+#: booleans.py:62 -+msgid "" -+"Allow gpg web domain to modify public files used for public file transfer " -+"services." - msgstr "" - --#: ../gui/selinux.tbl:157 --msgid "Disable SELinux protection for ricci_modclusterd" -+#: booleans.py:63 -+msgid "Allow gssd to read temp directory. For access to kerberos tgt." - msgstr "" - --#: ../gui/selinux.tbl:158 --msgid "Disable SELinux protection for rlogind daemon" -+#: booleans.py:64 -+msgid "Allow guest to exec content" - msgstr "" - --#: ../gui/selinux.tbl:159 --msgid "Disable SELinux protection for rpcd daemon" -+#: booleans.py:65 -+msgid "" -+"Allow Apache to modify public files used for public file transfer services. " -+"Directories/Files must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/selinux.tbl:160 --msgid "Disable SELinux protection for rshd" -+#: booleans.py:66 -+msgid "Allow httpd to use built in scripting (usually php)" - msgstr "" - --#: ../gui/selinux.tbl:161 --msgid "rsync" -+#: booleans.py:67 -+msgid "Allow http daemon to check spam" - msgstr "" - --#: ../gui/selinux.tbl:161 --msgid "Disable SELinux protection for rsync daemon" -+#: booleans.py:68 -+msgid "" -+"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " -+"ports" - msgstr "" - --#: ../gui/selinux.tbl:162 --msgid "Allow ssh to run from inetd instead of as a daemon" -+#: booleans.py:69 -+msgid "Allow httpd to connect to the ldap port" - msgstr "" - --#: ../gui/selinux.tbl:163 --msgid "Allow Samba to share nfs directories" -+#: booleans.py:70 -+msgid "Allow http daemon to connect to zabbix" - msgstr "" - --#: ../gui/selinux.tbl:164 ../gui/selinux.tbl:166 --msgid "SASL authentication server" -+#: booleans.py:71 -+msgid "Allow HTTPD scripts and modules to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:164 --msgid "Allow sasl authentication server to read /etc/shadow" -+#: booleans.py:72 -+msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." - msgstr "" - --#: ../gui/selinux.tbl:165 -+#: booleans.py:73 - msgid "" --"Allow X-Windows server to map a memory region as both executable and writable" -+"Allow HTTPD scripts and modules to connect to databases over the network." -+msgstr "" -+ -+#: booleans.py:74 -+msgid "Allow httpd to connect to memcache server" - msgstr "" - --#: ../gui/selinux.tbl:166 --msgid "Disable SELinux protection for saslauthd daemon" -+#: booleans.py:75 -+msgid "Allow httpd to act as a relay" - msgstr "" - --#: ../gui/selinux.tbl:167 --msgid "Disable SELinux protection for scannerdaemon daemon" -+#: booleans.py:76 -+msgid "Allow http daemon to send mail" - msgstr "" - --#: ../gui/selinux.tbl:168 --msgid "Do not allow transition to sysadm_t, sudo and su effected" -+#: booleans.py:77 -+msgid "Allow Apache to communicate with avahi service via dbus" - msgstr "" - --#: ../gui/selinux.tbl:169 --msgid "Do not allow any processes to load kernel modules" -+#: booleans.py:78 -+msgid "Allow httpd cgi support" - msgstr "" - --#: ../gui/selinux.tbl:170 --msgid "Do not allow any processes to modify kernel SELinux policy" -+#: booleans.py:79 -+msgid "Allow httpd to act as a FTP server by listening on the ftp port." - msgstr "" - --#: ../gui/selinux.tbl:171 --msgid "Disable SELinux protection for sendmail daemon" -+#: booleans.py:80 -+msgid "Allow httpd to read home directories" - msgstr "" - --#: ../gui/selinux.tbl:172 --msgid "Disable SELinux protection for setrans" -+#: booleans.py:81 -+msgid "Allow httpd scripts and modules execmem/execstack" - msgstr "" - --#: ../gui/selinux.tbl:173 --msgid "Disable SELinux protection for setroubleshoot daemon" -+#: booleans.py:82 -+msgid "Allow HTTPD to connect to port 80 for graceful shutdown" - msgstr "" - --#: ../gui/selinux.tbl:174 --msgid "Disable SELinux protection for slapd daemon" -+#: booleans.py:83 -+msgid "Allow httpd processes to manage IPA content" - msgstr "" - --#: ../gui/selinux.tbl:175 --msgid "Disable SELinux protection for slrnpull daemon" -+#: booleans.py:84 -+msgid "Allow Apache to use mod_auth_ntlm_winbind" - msgstr "" - --#: ../gui/selinux.tbl:176 --msgid "Disable SELinux protection for smbd daemon" -+#: booleans.py:85 -+msgid "Allow Apache to use mod_auth_pam" - msgstr "" - --#: ../gui/selinux.tbl:177 --msgid "Disable SELinux protection for snmpd daemon" -+#: booleans.py:86 -+msgid "Allow httpd to read user content" - msgstr "" - --#: ../gui/selinux.tbl:178 --msgid "Disable SELinux protection for snort daemon" -+#: booleans.py:87 -+msgid "Allow Apache to run in stickshift mode, not transition to passenger" - msgstr "" - --#: ../gui/selinux.tbl:179 --msgid "Disable SELinux protection for soundd daemon" -+#: booleans.py:88 -+msgid "Allow httpd daemon to change its resource limits" - msgstr "" - --#: ../gui/selinux.tbl:180 --msgid "Disable SELinux protection for sound daemon" -+#: booleans.py:89 -+msgid "" -+"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." - msgstr "" - --#: ../gui/selinux.tbl:181 ../gui/selinux.tbl:182 ../gui/selinux.tbl:183 --msgid "Spam Protection" -+#: booleans.py:90 -+msgid "" -+"Allow apache scripts to write to public content, directories/files must be " -+"labeled public_rw_content_t." - msgstr "" - --#: ../gui/selinux.tbl:181 --msgid "Disable SELinux protection for spamd daemon" -+#: booleans.py:91 -+msgid "Allow Apache to execute tmp content." - msgstr "" - --#: ../gui/selinux.tbl:182 --msgid "Allow spamd to access home directories" -+#: booleans.py:92 -+msgid "" -+"Unify HTTPD to communicate with the terminal. Needed for entering the " -+"passphrase for certificates at the terminal." - msgstr "" - --#: ../gui/selinux.tbl:183 --msgid "Allow Spam Assassin daemon network access" -+#: booleans.py:93 -+msgid "Unify HTTPD handling of all content files." - msgstr "" - --#: ../gui/selinux.tbl:184 --msgid "Disable SELinux protection for speedmgmt daemon" -+#: booleans.py:94 -+msgid "Allow httpd to access cifs file systems" - msgstr "" - --#: ../gui/selinux.tbl:185 ../gui/selinux.tbl:186 --msgid "Squid" -+#: booleans.py:95 -+msgid "Allow httpd to access FUSE file systems" - msgstr "" - --#: ../gui/selinux.tbl:185 --msgid "Allow squid daemon to connect to the network" -+#: booleans.py:96 -+msgid "Allow httpd to run gpg" - msgstr "" - --#: ../gui/selinux.tbl:186 --msgid "Disable SELinux protection for squid daemon" -+#: booleans.py:97 -+msgid "Allow httpd to access nfs file systems" - msgstr "" - --#: ../gui/selinux.tbl:187 --msgid "Disable SELinux protection for ssh daemon" -+#: booleans.py:98 -+msgid "Allow httpd to communicate with oddjob to start up a service" - msgstr "" - --#: ../gui/selinux.tbl:188 --msgid "Allow ssh logins as sysadm_r:sysadm_t" -+#: booleans.py:99 -+msgid "Allow httpd to access openstack ports" -+msgstr "" -+ -+#: booleans.py:100 -+msgid "Allow Apache to query NS records" -+msgstr "" -+ -+#: booleans.py:101 -+msgid "Allow icecast to connect to all ports, not just sound ports." - msgstr "" - --#: ../gui/selinux.tbl:189 -+#: booleans.py:102 - msgid "" --"Allow staff_r users to search the sysadm home dir and read files (such as ~/." --"bashrc)" -+"Allow the Irssi IRC Client to connect to any port, and to bind to any " -+"unreserved port." - msgstr "" - --#: ../gui/selinux.tbl:190 ../gui/selinux.tbl:191 --msgid "Universal SSL tunnel" -+#: booleans.py:103 -+msgid "Allow confined applications to run with kerberos." - msgstr "" - --#: ../gui/selinux.tbl:190 --msgid "Disable SELinux protection for stunnel daemon" -+#: booleans.py:104 -+msgid "Allow syslogd daemon to send mail" - msgstr "" - --#: ../gui/selinux.tbl:191 --msgid "Allow stunnel daemon to run as standalone, outside of xinetd" -+#: booleans.py:105 -+msgid "Allow syslogd the ability to read/write terminals" - msgstr "" - --#: ../gui/selinux.tbl:192 --msgid "Disable SELinux protection for swat daemon" -+#: booleans.py:106 -+msgid "Allow logging in and using the system from /dev/console." - msgstr "" - --#: ../gui/selinux.tbl:193 --msgid "Disable SELinux protection for sxid daemon" -+#: booleans.py:107 -+msgid "" -+"Control the ability to mmap a low area of the address space, as configured " -+"by /proc/sys/kernel/mmap_min_addr." - msgstr "" - --#: ../gui/selinux.tbl:194 --msgid "Disable SELinux protection for syslogd daemon" -+#: booleans.py:108 -+msgid "Allow mock to read files in home directories." - msgstr "" - --#: ../gui/selinux.tbl:195 --msgid "Disable SELinux protection for system cron jobs" -+#: booleans.py:109 -+msgid "Allow the mount command to mount any directory or file." - msgstr "" - --#: ../gui/selinux.tbl:196 --msgid "Disable SELinux protection for tcp daemon" -+#: booleans.py:110 -+msgid "Allow mozilla plugin domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:197 --msgid "Disable SELinux protection for telnet daemon" -+#: booleans.py:111 -+msgid "" -+"Allow mozilla_plugins to create random content in the users home directory" - msgstr "" - --#: ../gui/selinux.tbl:198 --msgid "Disable SELinux protection for tftpd daemon" -+#: booleans.py:112 -+msgid "Allow confined web browsers to read home directory content" - msgstr "" - --#: ../gui/selinux.tbl:199 --msgid "Disable SELinux protection for transproxy daemon" -+#: booleans.py:113 -+msgid "Allow mplayer executable stack" - msgstr "" - --#: ../gui/selinux.tbl:200 --msgid "Disable SELinux protection for udev daemon" -+#: booleans.py:114 -+msgid "Allow mysqld to connect to all ports" - msgstr "" - --#: ../gui/selinux.tbl:201 --msgid "Disable SELinux protection for uml daemon" -+#: booleans.py:115 -+msgid "Allow BIND to bind apache port." - msgstr "" - --#: ../gui/selinux.tbl:202 -+#: booleans.py:116 - msgid "" --"Allow xinetd to run unconfined, including any services it starts that do not " --"have a domain transition explicitly defined" -+"Allow BIND to write the master zone files. Generally this is used for " -+"dynamic DNS or zone transfers." -+msgstr "" -+ -+#: booleans.py:117 -+msgid "Allow any files/directories to be exported read/only via NFS." -+msgstr "" -+ -+#: booleans.py:118 -+msgid "Allow any files/directories to be exported read/write via NFS." - msgstr "" - --#: ../gui/selinux.tbl:203 -+#: booleans.py:119 - msgid "" --"Allow rc scripts to run unconfined, including any daemon started by an rc " --"script that does not have a domain transition explicitly defined" -+"Allow nfs servers to modify public files used for public file transfer " -+"services. Files/Directories must be labeled public_content_rw_t." -+msgstr "" -+ -+#: booleans.py:120 -+msgid "Allow system to run with NIS" -+msgstr "" -+ -+#: booleans.py:121 -+msgid "Allow confined applications to use nscd shared memory." -+msgstr "" -+ -+#: booleans.py:122 -+msgid "Allow openshift to lockdown app" - msgstr "" - --#: ../gui/selinux.tbl:204 --msgid "Allow rpm to run unconfined" -+#: booleans.py:123 -+msgid "Allow openvpn to read home directories" - msgstr "" - --#: ../gui/selinux.tbl:205 --msgid "Allow privileged utilities like hotplug and insmod to run unconfined" -+#: booleans.py:124 -+msgid "Allow piranha-lvs domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:206 --msgid "Disable SELinux protection for updfstab daemon" -+#: booleans.py:125 -+msgid "Allow polipo to connect to all ports > 1023" - msgstr "" - --#: ../gui/selinux.tbl:207 --msgid "Disable SELinux protection for uptimed daemon" -+#: booleans.py:126 -+msgid "" -+"Determine whether Polipo session daemon can bind tcp sockets to all " -+"unreserved ports." - msgstr "" - --#: ../gui/selinux.tbl:208 -+#: booleans.py:127 - msgid "" --"Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only " --"staff_r can do so" -+"Determine whether calling user domains can execute Polipo daemon in the " -+"polipo_session_t domain." -+msgstr "" -+ -+#: booleans.py:128 -+msgid "Determine whether polipo can access cifs file systems." -+msgstr "" -+ -+#: booleans.py:129 -+msgid "Determine whether Polipo can access nfs file systems." -+msgstr "" -+ -+#: booleans.py:130 -+msgid "Enable polyinstantiated directory support." - msgstr "" - --#: ../gui/selinux.tbl:209 --msgid "Allow users to execute the mount command" -+#: booleans.py:131 -+msgid "Allow postfix_local domain full write access to mail_spool directories" - msgstr "" - --#: ../gui/selinux.tbl:210 --msgid "Allow regular users direct mouse access (only allow the X server)" -+#: booleans.py:132 -+msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" - msgstr "" - --#: ../gui/selinux.tbl:211 --msgid "Allow users to run the dmesg command" -+#: booleans.py:133 -+msgid "Allow transmit client label to foreign database" - msgstr "" - --#: ../gui/selinux.tbl:212 --msgid "Allow users to control network interfaces (also needs USERCTL=true)" -+#: booleans.py:134 -+msgid "Allow database admins to execute DML statement" - msgstr "" - --#: ../gui/selinux.tbl:213 --msgid "Allow normal user to execute ping" -+#: booleans.py:135 -+msgid "Allow unprivileged users to execute DDL statement" - msgstr "" - --#: ../gui/selinux.tbl:214 --msgid "Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)" -+#: booleans.py:136 -+msgid "Allow pppd to load kernel modules for certain modems" - msgstr "" - --#: ../gui/selinux.tbl:215 --msgid "Allow users to rw usb devices" -+#: booleans.py:137 -+msgid "Allow pppd to be run for a regular user" - msgstr "" - --#: ../gui/selinux.tbl:216 -+#: booleans.py:138 - msgid "" --"Allow users to run TCP servers (bind to ports and accept connection from the " --"same domain and outside users) disabling this forces FTP passive mode and " --"may change other protocols" -+"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." - msgstr "" - --#: ../gui/selinux.tbl:217 --msgid "Allow user to stat ttyfiles" -+#: booleans.py:139 -+msgid "Allow Puppet client to manage all file types." - msgstr "" - --#: ../gui/selinux.tbl:218 --msgid "Disable SELinux protection for uucpd daemon" -+#: booleans.py:140 -+msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" - msgstr "" - --#: ../gui/selinux.tbl:219 --msgid "Disable SELinux protection for vmware daemon" -+#: booleans.py:141 -+msgid "Allow racoon to read shadow" - msgstr "" - --#: ../gui/selinux.tbl:220 --msgid "Disable SELinux protection for watchdog daemon" -+#: booleans.py:142 -+msgid "Allow rgmanager domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:221 --msgid "Disable SELinux protection for winbind daemon" -+#: booleans.py:143 -+msgid "" -+"Allow rsync to modify public files used for public file transfer services. " -+"Files/Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/selinux.tbl:222 --msgid "Disable SELinux protection for xdm daemon" -+#: booleans.py:144 -+msgid "Allow rsync to run as a client" - msgstr "" - --#: ../gui/selinux.tbl:223 --msgid "Allow xdm logins as sysadm_r:sysadm_t" -+#: booleans.py:145 -+msgid "Allow rsync to export any files/directories read only." - msgstr "" - --#: ../gui/selinux.tbl:224 --msgid "Disable SELinux protection for xen daemon" -+#: booleans.py:146 -+msgid "Allow rsync servers to share cifs files systems" - msgstr "" - --#: ../gui/selinux.tbl:225 --msgid "XEN" -+#: booleans.py:147 -+msgid "Allow rsync servers to share nfs files systems" - msgstr "" - --#: ../gui/selinux.tbl:225 --msgid "Allow xen to read/write physical disk devices" -+#: booleans.py:148 -+msgid "Allow samba to create new home directories (e.g. via PAM)" - msgstr "" - --#: ../gui/selinux.tbl:226 --msgid "Disable SELinux protection for xfs daemon" -+#: booleans.py:149 -+msgid "" -+"Allow samba to act as the domain controller, add users, groups and change " -+"passwords." - msgstr "" - --#: ../gui/selinux.tbl:227 --msgid "Disable SELinux protection for xen control" -+#: booleans.py:150 -+msgid "Allow samba to share users home directories." - msgstr "" - --#: ../gui/selinux.tbl:228 --msgid "Disable SELinux protection for ypbind daemon" -+#: booleans.py:151 -+msgid "Allow samba to share any file/directory read only." - msgstr "" - --#: ../gui/selinux.tbl:229 --msgid "Disable SELinux protection for NIS Password Daemon" -+#: booleans.py:152 -+msgid "Allow samba to share any file/directory read/write." - msgstr "" - --#: ../gui/selinux.tbl:230 --msgid "Disable SELinux protection for ypserv daemon" -+#: booleans.py:153 -+msgid "Allow samba to act as a portmapper" - msgstr "" - --#: ../gui/selinux.tbl:231 --msgid "Disable SELinux protection for NIS Transfer Daemon" -+#: booleans.py:154 -+msgid "Allow samba to run unconfined scripts" - msgstr "" - --#: ../gui/selinux.tbl:232 --msgid "Allow SELinux webadm user to manage unprivileged users home directories" -+#: booleans.py:155 -+msgid "Allow samba to export ntfs/fusefs volumes." - msgstr "" - --#: ../gui/selinux.tbl:233 --msgid "Allow SELinux webadm user to read unprivileged users home directories" -+#: booleans.py:156 -+msgid "Allow samba to export NFS volumes." - msgstr "" - --#: ../gui/semanagePage.py:126 --#, python-format --msgid "Are you sure you want to delete %s '%s'?" -+#: booleans.py:157 -+msgid "Allow sanlock to read/write fuse files" - msgstr "" - --#: ../gui/semanagePage.py:126 --#, python-format --msgid "Delete %s" -+#: booleans.py:158 -+msgid "Allow sanlock to manage nfs files" - msgstr "" - --#: ../gui/semanagePage.py:134 --#, python-format --msgid "Add %s" -+#: booleans.py:159 -+msgid "Allow sanlock to manage cifs files" - msgstr "" - --#: ../gui/semanagePage.py:148 --#, python-format --msgid "Modify %s" -+#: booleans.py:160 -+msgid "Allow sasl to read shadow" - msgstr "" - --#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 --msgid "Permissive" -+#: booleans.py:161 -+msgid "Allow secadm to exec content" - msgstr "" - --#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 --msgid "Enforcing" -+#: booleans.py:162 -+msgid "" -+"disallow programs, such as newrole, from transitioning to administrative " -+"user domains." - msgstr "" - --#: ../gui/statusPage.py:94 --msgid "Status" -+#: booleans.py:163 -+msgid "Disable kernel module loading." - msgstr "" - --#: ../gui/statusPage.py:133 -+#: booleans.py:164 - msgid "" --"Changing the policy type will cause a relabel of the entire file system on " --"the next boot. Relabeling takes a long time depending on the size of the " --"file system. Do you wish to continue?" -+"Boolean to determine whether the system permits loading policy, setting " -+"enforcing mode, and changing boolean values. Set this to true and you have " -+"to reboot to set it back." - msgstr "" - --#: ../gui/statusPage.py:147 -+#: booleans.py:165 -+msgid "Allow regular users direct dri device access" -+msgstr "" -+ -+#: booleans.py:166 - msgid "" --"Changing to SELinux disabled requires a reboot. It is not recommended. If " --"you later decide to turn SELinux back on, the system will be required to " --"relabel. If you just want to see if SELinux is causing a problem on your " --"system, you can go to permissive mode which will only log errors and not " --"enforce SELinux policy. Permissive mode does not require a reboot Do you " --"wish to continue?" -+"Allow unconfined executables to make their heap memory executable. Doing " -+"this is a really bad idea. Probably indicates a badly coded executable, but " -+"could indicate an attack. This executable should be reported in bugzilla" - msgstr "" - --#: ../gui/statusPage.py:152 -+#: booleans.py:167 - msgid "" --"Changing to SELinux enabled will cause a relabel of the entire file system " --"on the next boot. Relabeling takes a long time depending on the size of the " --"file system. Do you wish to continue?" -+"Allow all unconfined executables to use libraries requiring text relocation " -+"that are not labeled textrel_shlib_t" - msgstr "" - --#: ../gui/system-config-selinux.glade:11 --msgid "system-config-selinux" -+#: booleans.py:168 -+msgid "" -+"Allow unconfined executables to make their stack executable. This should " -+"never, ever be necessary. Probably indicates a badly coded executable, but " -+"could indicate an attack. This executable should be reported in bugzilla" - msgstr "" - --#: ../gui/system-config-selinux.glade:12 -+#: booleans.py:169 -+msgid "Allow users to connect to the local mysql server" -+msgstr "" -+ -+#: booleans.py:170 - msgid "" --"Copyright (c)2006 Red Hat, Inc.\n" --"Copyright (c) 2006 Dan Walsh " -+"Allow confined users the ability to execute the ping and traceroute commands." - msgstr "" - --#: ../gui/system-config-selinux.glade:22 --#: ../gui/system-config-selinux.glade:544 --msgid "Add SELinux Login Mapping" -+#: booleans.py:171 -+msgid "Allow users to connect to PostgreSQL" - msgstr "" - --#: ../gui/system-config-selinux.glade:257 --msgid "Add SELinux Network Ports" -+#: booleans.py:172 -+msgid "" -+"Allow user to r/w files on filesystems that do not have extended attributes " -+"(FAT, CDROM, FLOPPY)" - msgstr "" - --#: ../gui/system-config-selinux.glade:391 --#: ../gui/system-config-selinux.glade:678 --msgid "SELinux Type" -+#: booleans.py:173 -+msgid "" -+"Allow users to run TCP servers (bind to ports and accept connection from the " -+"same domain and outside users) disabling this forces FTP passive mode and " -+"may change other protocols." - msgstr "" - --#: ../gui/system-config-selinux.glade:622 --msgid "File Specification" -+#: booleans.py:174 -+msgid "Allow user to use ssh chroot environment." - msgstr "" - --#: ../gui/system-config-selinux.glade:650 --msgid "File Type" -+#: booleans.py:175 -+msgid "Allow user music sharing" - msgstr "" - --#: ../gui/system-config-selinux.glade:727 -+#: booleans.py:176 - msgid "" --"all files\n" --"regular file\n" --"directory\n" --"character device\n" --"block device\n" --"socket\n" --"symbolic link\n" --"named pipe\n" -+"Allow anon internal-sftp to upload files, used for public file transfer " -+"services. Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/system-config-selinux.glade:773 --msgid "MLS" -+#: booleans.py:177 -+msgid "" -+"Allow sftp-internal to read and write files in the user home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:837 --msgid "Add SELinux User" -+#: booleans.py:178 -+msgid "" -+"Allow sftp-internal to login to local users and read/write all files on the " -+"system, governed by DAC." - msgstr "" - --#: ../gui/system-config-selinux.glade:1079 --msgid "SELinux Administration" -+#: booleans.py:179 -+msgid "" -+"Allow internal-sftp to read and write files in the user ssh home directories." - msgstr "" - --#: ../gui/system-config-selinux.glade:1122 --msgid "Add" -+#: booleans.py:180 -+msgid "Allow sge to connect to the network using any TCP port" - msgstr "" - --#: ../gui/system-config-selinux.glade:1144 --msgid "_Properties" -+#: booleans.py:181 -+msgid "Allow sge to access nfs file systems." - msgstr "" - --#: ../gui/system-config-selinux.glade:1166 --msgid "_Delete" -+#: booleans.py:182 -+msgid "" -+"Enable additional permissions needed to support devices on 3ware controllers." - msgstr "" - --#: ../gui/system-config-selinux.glade:1256 --msgid "Select Management Object" -+#: booleans.py:183 -+msgid "" -+"Allow samba to modify public files used for public file transfer services. " -+"Files/Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/system-config-selinux.glade:1273 --msgid "Select:" -+#: booleans.py:184 -+msgid "Allow user spamassassin clients to use the network." - msgstr "" - --#: ../gui/system-config-selinux.glade:1326 --msgid "System Default Enforcing Mode" -+#: booleans.py:185 -+msgid "Allow spamd to read/write user home directories." - msgstr "" - --#: ../gui/system-config-selinux.glade:1354 -+#: booleans.py:186 - msgid "" --"Disabled\n" --"Permissive\n" --"Enforcing\n" -+"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." - msgstr "" - --#: ../gui/system-config-selinux.glade:1373 --msgid "Current Enforcing Mode" -+#: booleans.py:187 -+msgid "Allow squid to run as a transparent proxy (TPROXY)" - msgstr "" - --#: ../gui/system-config-selinux.glade:1418 --msgid "System Default Policy Type: " -+#: booleans.py:188 -+msgid "" -+"Allow ssh with chroot env to read and write files in the user home " -+"directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1463 -+#: booleans.py:189 -+msgid "allow host key based authentication" -+msgstr "" -+ -+#: booleans.py:190 -+msgid "Allow ssh logins as sysadm_r:sysadm_t" -+msgstr "" -+ -+#: booleans.py:191 -+msgid "Allow staff to exec content" -+msgstr "" -+ -+#: booleans.py:192 -+msgid "allow staff user to create and transition to svirt domains." -+msgstr "" -+ -+#: booleans.py:193 -+msgid "Allow sysadm to exec content" -+msgstr "" -+ -+#: booleans.py:194 -+msgid "Allow the Telepathy connection managers to connect to any network port." -+msgstr "" -+ -+#: booleans.py:195 - msgid "" --"Select if you wish to relabel then entire file system on next reboot. " --"Relabeling can take a very long time, depending on the size of the system. " --"If you are changing policy types or going from disabled to enforcing, a " --"relabel is required." -+"Allow the Telepathy connection managers to connect to any generic TCP port." - msgstr "" - --#: ../gui/system-config-selinux.glade:1509 --msgid "Relabel on next reboot." -+#: booleans.py:196 -+msgid "" -+"Allow tftp to modify public files used for public file transfer services." - msgstr "" - --#: ../gui/system-config-selinux.glade:1561 --msgid "label37" -+#: booleans.py:197 -+msgid "Allow tftp to read and write files in the user home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1598 --msgid "Revert boolean setting to system default" -+#: booleans.py:198 -+msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." - msgstr "" - --#: ../gui/system-config-selinux.glade:1614 --msgid "Toggle between Customized and All Booleans" -+#: booleans.py:199 -+msgid "Allow tor to act as a relay" - msgstr "" - --#: ../gui/system-config-selinux.glade:1645 --#: ../gui/system-config-selinux.glade:1850 --#: ../gui/system-config-selinux.glade:2037 --#: ../gui/system-config-selinux.glade:2224 --#: ../gui/system-config-selinux.glade:2467 --#: ../gui/system-config-selinux.glade:2692 --#: ../gui/system-config-selinux.glade:2867 --msgid "Filter" -+#: booleans.py:200 -+msgid "" -+"allow unconfined users to transition to the chrome sandbox domains when " -+"running chrome-sandbox" - msgstr "" - --#: ../gui/system-config-selinux.glade:1734 --msgid "label50" -+#: booleans.py:201 -+msgid "Allow a user to login as an unconfined domain" - msgstr "" - --#: ../gui/system-config-selinux.glade:1771 --msgid "Add File Context" -+#: booleans.py:202 -+msgid "" -+"Allow unconfined users to transition to the Mozilla plugin domain when " -+"running xulrunner plugin-container." - msgstr "" - --#: ../gui/system-config-selinux.glade:1787 --msgid "Modify File Context" -+#: booleans.py:203 -+msgid "Allow video playing tools to run unconfined" - msgstr "" - --#: ../gui/system-config-selinux.glade:1803 --msgid "Delete File Context" -+#: booleans.py:204 -+msgid "Allow unprivledged user to create and transition to svirt domains." - msgstr "" - --#: ../gui/system-config-selinux.glade:1819 --msgid "Toggle between all and customized file context" -+#: booleans.py:205 -+msgid "Support ecryptfs home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1939 --msgid "label38" -+#: booleans.py:206 -+msgid "Support fusefs home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1976 --msgid "Add SELinux User Mapping" -+#: booleans.py:207 -+msgid "Use lpd server instead of cups" - msgstr "" - --#: ../gui/system-config-selinux.glade:1992 --msgid "Modify SELinux User Mapping" -+#: booleans.py:208 -+msgid "Support NFS home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:2008 --msgid "Delete SELinux User Mapping" -+#: booleans.py:209 -+msgid "Support SAMBA home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:2126 --msgid "label39" -+#: booleans.py:210 -+msgid "Allow user to exec content" - msgstr "" - --#: ../gui/system-config-selinux.glade:2163 --msgid "Add User" -+#: booleans.py:211 -+msgid "Allow varnishd to connect to all ports, not just HTTP." - msgstr "" - --#: ../gui/system-config-selinux.glade:2179 --msgid "Modify User" -+#: booleans.py:212 -+msgid "Ignore vbetool mmap_zero errors." - msgstr "" - --#: ../gui/system-config-selinux.glade:2195 --msgid "Delete User" -+#: booleans.py:213 -+msgid "" -+"Allow confined virtual guests to use serial/parallel communication ports" - msgstr "" - --#: ../gui/system-config-selinux.glade:2313 --msgid "label41" -+#: booleans.py:214 -+msgid "" -+"Allow confined virtual guests to use executable memory and executable stack" - msgstr "" - --#: ../gui/system-config-selinux.glade:2350 --msgid "Add Network Port" -+#: booleans.py:215 -+msgid "Allow confined virtual guests to read fuse files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2366 --msgid "Edit Network Port" -+#: booleans.py:216 -+msgid "Allow confined virtual guests to manage nfs files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2382 --msgid "Delete Network Port" -+#: booleans.py:217 -+msgid "Allow confined virtual guests to interact with rawip sockets" - msgstr "" - --#: ../gui/system-config-selinux.glade:2418 --#: ../gui/system-config-selinux.glade:2436 --msgid "Toggle between Customized and All Ports" -+#: booleans.py:218 -+msgid "Allow confined virtual guests to manage cifs files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2556 --msgid "label42" -+#: booleans.py:219 -+msgid "Allow confined virtual guests to interact with the sanlock" - msgstr "" - --#: ../gui/system-config-selinux.glade:2593 --msgid "Generate new policy module" -+#: booleans.py:220 -+msgid "Allow confined virtual guests to manage device configuration, (pci)" - msgstr "" - --#: ../gui/system-config-selinux.glade:2609 --msgid "Load policy module" -+#: booleans.py:221 -+msgid "Allow confined virtual guests to use usb devices" - msgstr "" - --#: ../gui/system-config-selinux.glade:2625 --msgid "Remove loadable policy module" -+#: booleans.py:222 -+msgid "Allow confined virtual guests to interact with the xserver" - msgstr "" - --#: ../gui/system-config-selinux.glade:2661 -+#: booleans.py:223 -+msgid "Allow webadm to manage files in users home directories" -+msgstr "" -+ -+#: booleans.py:224 -+msgid "Allow webadm to read files in users home directories" -+msgstr "" -+ -+#: booleans.py:225 -+msgid "Ignore wine mmap_zero errors." -+msgstr "" -+ -+#: booleans.py:226 -+msgid "Allow the graphical login program to execute bootloader" -+msgstr "" -+ -+#: booleans.py:227 - msgid "" --"Enable/Disable additional audit rules, that are normally not reported in the " --"log files." -+"Allow the graphical login program to login directly as sysadm_r:sysadm_t" - msgstr "" - --#: ../gui/system-config-selinux.glade:2781 --msgid "label44" -+#: booleans.py:228 -+msgid "Allow xen to manage nfs files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2818 --msgid "Change process mode to permissive." -+#: booleans.py:229 -+msgid "" -+"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " -+"logical volumes for disk images." - msgstr "" - --#: ../gui/system-config-selinux.glade:2836 --msgid "Change process mode to enforcing" -+#: booleans.py:230 -+msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." - msgstr "" - --#: ../gui/system-config-selinux.glade:2928 --msgid "Process Domain" -+#: booleans.py:231 -+msgid "" -+"Allow xguest users to configure Network Manager and connect to apache ports" - msgstr "" - --#: ../gui/system-config-selinux.glade:2956 --msgid "label59" -+#: booleans.py:232 -+msgid "Allow xguest to exec content" - msgstr "" - --#: ../gui/usersPage.py:138 --#, python-format --msgid "SELinux user '%s' is required" -+#: booleans.py:233 -+msgid "Allow xguest users to mount removable media" -+msgstr "" -+ -+#: booleans.py:234 -+msgid "Allow xguest to use blue tooth devices" -+msgstr "" -+ -+#: booleans.py:235 -+msgid "Allows clients to write to the X server shared memory segments." -+msgstr "" -+ -+#: booleans.py:236 -+msgid "Allows XServer to execute writable memory" -+msgstr "" -+ -+#: booleans.py:237 -+msgid "Support X userspace object manager" -+msgstr "" -+ -+#: booleans.py:238 -+msgid "Allow zabbix to connect to unreserved ports" -+msgstr "" -+ -+#: booleans.py:239 -+msgid "Allow zebra daemon to write it configuration files" -+msgstr "" -+ -+#: booleans.py:240 -+msgid "" -+"Allow ZoneMinder to modify public files used for public file transfer " -+"services." - msgstr "" -diff --git a/policycoreutils/po/am.po b/policycoreutils/po/am.po -index a4478db..961d921 100644 ---- a/policycoreutils/po/am.po -+++ b/policycoreutils/po/am.po -@@ -8,7 +8,7 @@ msgid "" - msgstr "" - "Project-Id-Version: PACKAGE VERSION\n" - "Report-Msgid-Bugs-To: \n" --"POT-Creation-Date: 2012-05-25 07:28-0400\n" -+"POT-Creation-Date: 2013-01-04 12:01-0500\n" - "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" - "Last-Translator: FULL NAME \n" - "Language-Team: LANGUAGE \n" -@@ -24,7 +24,7 @@ msgid "" - " are the arguments to that script." - msgstr "" - --#: ../run_init/run_init.c:126 ../newrole/newrole.c:1124 -+#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 - #, c-format - msgid "failed to initialize PAM\n" - msgstr "" -@@ -73,353 +73,359 @@ msgstr "" - msgid "authentication failed.\n" - msgstr "" - --#: ../run_init/run_init.c:405 ../newrole/newrole.c:1258 -+#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 - #, c-format - msgid "Could not set exec context to %s.\n" - msgstr "" - --#: ../audit2allow/audit2allow:230 -+#: ../audit2allow/audit2allow:232 - msgid "******************** IMPORTANT ***********************\n" - msgstr "" - --#: ../audit2allow/audit2allow:231 -+#: ../audit2allow/audit2allow:233 - msgid "To make this policy package active, execute:" - msgstr "" - --#: ../semanage/seobject.py:143 ../semanage/seobject.py:147 --msgid "global" --msgstr "" -- --#: ../semanage/seobject.py:225 -+#: ../semanage/seobject.py:194 - msgid "Could not create semanage handle" - msgstr "" - --#: ../semanage/seobject.py:233 -+#: ../semanage/seobject.py:202 - msgid "SELinux policy is not managed or store cannot be accessed." - msgstr "" - --#: ../semanage/seobject.py:238 -+#: ../semanage/seobject.py:207 - msgid "Cannot read policy store." - msgstr "" - --#: ../semanage/seobject.py:243 -+#: ../semanage/seobject.py:212 - msgid "Could not establish semanage connection" - msgstr "" - --#: ../semanage/seobject.py:248 -+#: ../semanage/seobject.py:217 - msgid "Could not test MLS enabled status" - msgstr "" - --#: ../semanage/seobject.py:254 ../semanage/seobject.py:269 -+#: ../semanage/seobject.py:223 ../semanage/seobject.py:238 - msgid "Not yet implemented" - msgstr "" - --#: ../semanage/seobject.py:258 -+#: ../semanage/seobject.py:227 - msgid "Semanage transaction already in progress" - msgstr "" - --#: ../semanage/seobject.py:267 -+#: ../semanage/seobject.py:236 - msgid "Could not start semanage transaction" - msgstr "" - --#: ../semanage/seobject.py:278 -+#: ../semanage/seobject.py:248 - msgid "Could not commit semanage transaction" - msgstr "" - --#: ../semanage/seobject.py:283 -+#: ../semanage/seobject.py:253 - msgid "Semanage transaction not in progress" - msgstr "" - --#: ../semanage/seobject.py:295 ../semanage/seobject.py:375 -+#: ../semanage/seobject.py:265 ../semanage/seobject.py:345 - msgid "Could not list SELinux modules" - msgstr "" - --#: ../semanage/seobject.py:308 -+#: ../semanage/seobject.py:278 - msgid "Modules Name" - msgstr "" - --#: ../semanage/seobject.py:308 ../gui/modulesPage.py:62 -+#: ../semanage/seobject.py:278 ../gui/modulesPage.py:63 - msgid "Version" - msgstr "" - --#: ../semanage/seobject.py:311 ../gui/statusPage.py:75 -+#: ../semanage/seobject.py:281 ../gui/statusPage.py:75 - msgid "Disabled" - msgstr "" - --#: ../semanage/seobject.py:326 -+#: ../semanage/seobject.py:296 - #, python-format - msgid "Could not disable module %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:337 -+#: ../semanage/seobject.py:307 - #, python-format - msgid "Could not enable module %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:352 -+#: ../semanage/seobject.py:322 - #, python-format - msgid "Could not remove module %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:362 -+#: ../semanage/seobject.py:332 - msgid "dontaudit requires either 'on' or 'off'" - msgstr "" - --#: ../semanage/seobject.py:391 -+#: ../semanage/seobject.py:360 - msgid "Builtin Permissive Types" - msgstr "" - --#: ../semanage/seobject.py:401 -+#: ../semanage/seobject.py:370 - msgid "Customized Permissive Types" - msgstr "" - --#: ../semanage/seobject.py:442 -+#: ../semanage/seobject.py:412 - #, python-format - msgid "Could not set permissive domain %s (module installation failed)" - msgstr "" - --#: ../semanage/seobject.py:448 -+#: ../semanage/seobject.py:418 - #, python-format - msgid "Could not remove permissive domain %s (remove failed)" - msgstr "" - --#: ../semanage/seobject.py:483 ../semanage/seobject.py:557 --#: ../semanage/seobject.py:603 ../semanage/seobject.py:700 --#: ../semanage/seobject.py:730 ../semanage/seobject.py:797 --#: ../semanage/seobject.py:854 ../semanage/seobject.py:1101 --#: ../semanage/seobject.py:1790 ../semanage/seobject.py:1853 --#: ../semanage/seobject.py:1872 ../semanage/seobject.py:1993 --#: ../semanage/seobject.py:2045 -+#: ../semanage/seobject.py:453 ../semanage/seobject.py:527 -+#: ../semanage/seobject.py:573 ../semanage/seobject.py:695 -+#: ../semanage/seobject.py:725 ../semanage/seobject.py:792 -+#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104 -+#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883 -+#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025 -+#: ../semanage/seobject.py:2076 - #, python-format - msgid "Could not create a key for %s" - msgstr "" - --#: ../semanage/seobject.py:487 ../semanage/seobject.py:561 --#: ../semanage/seobject.py:607 ../semanage/seobject.py:613 -+#: ../semanage/seobject.py:457 ../semanage/seobject.py:531 -+#: ../semanage/seobject.py:577 ../semanage/seobject.py:583 - #, python-format - msgid "Could not check if login mapping for %s is defined" - msgstr "" - --#: ../semanage/seobject.py:496 -+#: ../semanage/seobject.py:466 - #, python-format - msgid "Linux Group %s does not exist" - msgstr "" - --#: ../semanage/seobject.py:501 -+#: ../semanage/seobject.py:471 - #, python-format - msgid "Linux User %s does not exist" - msgstr "" - --#: ../semanage/seobject.py:505 -+#: ../semanage/seobject.py:475 - #, python-format - msgid "Could not create login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:509 ../semanage/seobject.py:745 -+#: ../semanage/seobject.py:479 ../semanage/seobject.py:740 - #, python-format - msgid "Could not set name for %s" - msgstr "" - --#: ../semanage/seobject.py:514 ../semanage/seobject.py:755 -+#: ../semanage/seobject.py:484 ../semanage/seobject.py:750 - #, python-format - msgid "Could not set MLS range for %s" - msgstr "" - --#: ../semanage/seobject.py:518 -+#: ../semanage/seobject.py:488 - #, python-format - msgid "Could not set SELinux user for %s" - msgstr "" - --#: ../semanage/seobject.py:522 -+#: ../semanage/seobject.py:492 - #, python-format - msgid "Could not add login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:540 -+#: ../semanage/seobject.py:510 - msgid "Requires seuser or serange" - msgstr "" - --#: ../semanage/seobject.py:563 ../semanage/seobject.py:609 -+#: ../semanage/seobject.py:533 ../semanage/seobject.py:579 - #, python-format - msgid "Login mapping for %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:567 -+#: ../semanage/seobject.py:537 - #, python-format - msgid "Could not query seuser for %s" - msgstr "" - --#: ../semanage/seobject.py:581 -+#: ../semanage/seobject.py:551 - #, python-format - msgid "Could not modify login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:615 -+#: ../semanage/seobject.py:585 - #, python-format - msgid "Login mapping for %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:619 -+#: ../semanage/seobject.py:589 - #, python-format - msgid "Could not delete login mapping for %s" - msgstr "" - --#: ../semanage/seobject.py:641 ../semanage/seobject.py:659 --#: ../semanage/seobject.py:897 -+#: ../semanage/seobject.py:611 ../semanage/seobject.py:644 -+#: ../semanage/seobject.py:892 - msgid "Could not list login mappings" - msgstr "" - --#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 -+#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 - #: ../gui/system-config-selinux.glade:100 - msgid "Login Name" - msgstr "" - --#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 --#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 -+#: ../semanage/seobject.py:672 ../semanage/seobject.py:684 -+#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 - #: ../gui/system-config-selinux.glade:128 - #: ../gui/system-config-selinux.glade:915 - #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 - msgid "SELinux User" - msgstr "" - --#: ../semanage/seobject.py:684 ../gui/system-config-selinux.glade:156 -+#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156 - #: ../gui/system-config-selinux.glade:943 - msgid "MLS/MCS Range" - msgstr "" - --#: ../semanage/seobject.py:703 ../semanage/seobject.py:734 --#: ../semanage/seobject.py:801 ../semanage/seobject.py:858 --#: ../semanage/seobject.py:864 -+#: ../semanage/seobject.py:672 -+msgid "Service" -+msgstr "" -+ -+#: ../semanage/seobject.py:698 ../semanage/seobject.py:729 -+#: ../semanage/seobject.py:796 ../semanage/seobject.py:853 -+#: ../semanage/seobject.py:859 - #, python-format - msgid "Could not check if SELinux user %s is defined" - msgstr "" - --#: ../semanage/seobject.py:706 ../semanage/seobject.py:807 --#: ../semanage/seobject.py:870 -+#: ../semanage/seobject.py:701 ../semanage/seobject.py:802 -+#: ../semanage/seobject.py:865 - #, python-format - msgid "Could not query user for %s" - msgstr "" - --#: ../semanage/seobject.py:726 -+#: ../semanage/seobject.py:721 - #, python-format - msgid "You must add at least one role for %s" - msgstr "" - --#: ../semanage/seobject.py:741 -+#: ../semanage/seobject.py:736 - #, python-format - msgid "Could not create SELinux user for %s" - msgstr "" - --#: ../semanage/seobject.py:750 -+#: ../semanage/seobject.py:745 - #, python-format - msgid "Could not add role %s for %s" - msgstr "" - --#: ../semanage/seobject.py:759 -+#: ../semanage/seobject.py:754 - #, python-format - msgid "Could not set MLS level for %s" - msgstr "" - --#: ../semanage/seobject.py:762 -+#: ../semanage/seobject.py:757 - #, python-format - msgid "Could not add prefix %s for %s" - msgstr "" - --#: ../semanage/seobject.py:765 -+#: ../semanage/seobject.py:760 - #, python-format - msgid "Could not extract key for %s" - msgstr "" - --#: ../semanage/seobject.py:769 -+#: ../semanage/seobject.py:764 - #, python-format - msgid "Could not add SELinux user %s" - msgstr "" - --#: ../semanage/seobject.py:791 -+#: ../semanage/seobject.py:786 - msgid "Requires prefix, roles, level or range" - msgstr "" - --#: ../semanage/seobject.py:793 -+#: ../semanage/seobject.py:788 - msgid "Requires prefix or roles" - msgstr "" - --#: ../semanage/seobject.py:803 ../semanage/seobject.py:860 -+#: ../semanage/seobject.py:798 ../semanage/seobject.py:855 - #, python-format - msgid "SELinux user %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:832 -+#: ../semanage/seobject.py:827 - #, python-format - msgid "Could not modify SELinux user %s" - msgstr "" - --#: ../semanage/seobject.py:866 -+#: ../semanage/seobject.py:861 - #, python-format - msgid "SELinux user %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:877 -+#: ../semanage/seobject.py:872 - #, python-format - msgid "Could not delete SELinux user %s" - msgstr "" - --#: ../semanage/seobject.py:915 -+#: ../semanage/seobject.py:910 - msgid "Could not list SELinux users" - msgstr "" - --#: ../semanage/seobject.py:921 -+#: ../semanage/seobject.py:916 - #, python-format - msgid "Could not list roles for user %s" - msgstr "" - --#: ../semanage/seobject.py:946 -+#: ../semanage/seobject.py:941 - msgid "Labeling" - msgstr "" - --#: ../semanage/seobject.py:946 -+#: ../semanage/seobject.py:941 - msgid "MLS/" - msgstr "" - --#: ../semanage/seobject.py:947 -+#: ../semanage/seobject.py:942 - msgid "Prefix" - msgstr "" - --#: ../semanage/seobject.py:947 -+#: ../semanage/seobject.py:942 - msgid "MCS Level" - msgstr "" - --#: ../semanage/seobject.py:947 -+#: ../semanage/seobject.py:942 - msgid "MCS Range" - msgstr "" - --#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 -+#: ../semanage/seobject.py:942 ../semanage/seobject.py:947 - #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 - msgid "SELinux Roles" - msgstr "" - --#: ../semanage/seobject.py:967 -+#: ../semanage/seobject.py:964 - msgid "Protocol udp or tcp is required" - msgstr "" - --#: ../semanage/seobject.py:969 -+#: ../semanage/seobject.py:966 - msgid "Port is required" - msgstr "" - --#: ../semanage/seobject.py:979 -+#: ../semanage/seobject.py:976 - msgid "Invalid Port" - msgstr "" - --#: ../semanage/seobject.py:983 -+#: ../semanage/seobject.py:980 - #, python-format - msgid "Could not create a key for %s/%s" - msgstr "" - --#: ../semanage/seobject.py:994 -+#: ../semanage/seobject.py:991 - msgid "Type is required" - msgstr "" - --#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1059 --#: ../semanage/seobject.py:1114 ../semanage/seobject.py:1120 -+#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056 -+#: ../semanage/seobject.py:1814 -+#, python-format -+msgid "Type %s is invalid, must be a port type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062 -+#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123 - #, python-format - msgid "Could not check if port %s/%s is defined" - msgstr "" -@@ -469,8 +475,8 @@ msgstr "" - msgid "Could not add port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1316 --#: ../semanage/seobject.py:1512 -+#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324 -+#: ../semanage/seobject.py:1523 - msgid "Requires setype or serange" - msgstr "" - -@@ -478,463 +484,472 @@ msgstr "" - msgid "Requires setype" - msgstr "" - --#: ../semanage/seobject.py:1061 ../semanage/seobject.py:1116 -+#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119 - #, python-format - msgid "Port %s/%s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1065 -+#: ../semanage/seobject.py:1068 - #, python-format - msgid "Could not query port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1076 -+#: ../semanage/seobject.py:1079 - #, python-format - msgid "Could not modify port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1089 -+#: ../semanage/seobject.py:1092 - msgid "Could not list the ports" - msgstr "" - --#: ../semanage/seobject.py:1105 -+#: ../semanage/seobject.py:1108 - #, python-format - msgid "Could not delete the port %s" - msgstr "" - --#: ../semanage/seobject.py:1122 -+#: ../semanage/seobject.py:1125 - #, python-format - msgid "Port %s/%s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1126 -+#: ../semanage/seobject.py:1129 - #, python-format - msgid "Could not delete port %s/%s" - msgstr "" - --#: ../semanage/seobject.py:1142 ../semanage/seobject.py:1164 -+#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167 - msgid "Could not list ports" - msgstr "" - --#: ../semanage/seobject.py:1203 -+#: ../semanage/seobject.py:1206 - msgid "SELinux Port Type" - msgstr "" - --#: ../semanage/seobject.py:1203 -+#: ../semanage/seobject.py:1206 - msgid "Proto" - msgstr "" - --#: ../semanage/seobject.py:1203 ../gui/system-config-selinux.glade:335 -+#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335 - msgid "Port Number" - msgstr "" - --#: ../semanage/seobject.py:1222 -+#: ../semanage/seobject.py:1227 - msgid "Node Address is required" - msgstr "" - --#: ../semanage/seobject.py:1237 -+#: ../semanage/seobject.py:1242 - msgid "Unknown or missing protocol" - msgstr "" - --#: ../semanage/seobject.py:1251 ../semanage/seobject.py:1450 --#: ../semanage/seobject.py:1728 --msgid "SELinux Type is required" -+#: ../semanage/seobject.py:1256 -+msgid "SELinux node type is required" - msgstr "" - --#: ../semanage/seobject.py:1255 ../semanage/seobject.py:1320 --#: ../semanage/seobject.py:1356 ../semanage/seobject.py:1454 --#: ../semanage/seobject.py:1516 ../semanage/seobject.py:1550 --#: ../semanage/seobject.py:1732 -+#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327 -+#, python-format -+msgid "Type %s is invalid, must be a node type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331 -+#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465 -+#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561 -+#: ../semanage/seobject.py:1759 - #, python-format - msgid "Could not create key for %s" - msgstr "" - --#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1324 --#: ../semanage/seobject.py:1360 ../semanage/seobject.py:1366 -+#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335 -+#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377 - #, python-format - msgid "Could not check if addr %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1266 -+#: ../semanage/seobject.py:1274 - #, python-format - msgid "Could not create addr for %s" - msgstr "" - --#: ../semanage/seobject.py:1272 ../semanage/seobject.py:1470 --#: ../semanage/seobject.py:1690 -+#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481 -+#: ../semanage/seobject.py:1714 - #, python-format - msgid "Could not create context for %s" - msgstr "" - --#: ../semanage/seobject.py:1276 -+#: ../semanage/seobject.py:1284 - #, python-format - msgid "Could not set mask for %s" - msgstr "" - --#: ../semanage/seobject.py:1280 -+#: ../semanage/seobject.py:1288 - #, python-format - msgid "Could not set user in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1284 -+#: ../semanage/seobject.py:1292 - #, python-format - msgid "Could not set role in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1288 -+#: ../semanage/seobject.py:1296 - #, python-format - msgid "Could not set type in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1293 -+#: ../semanage/seobject.py:1301 - #, python-format - msgid "Could not set mls fields in addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1297 -+#: ../semanage/seobject.py:1305 - #, python-format - msgid "Could not set addr context for %s" - msgstr "" - --#: ../semanage/seobject.py:1301 -+#: ../semanage/seobject.py:1309 - #, python-format - msgid "Could not add addr %s" - msgstr "" - --#: ../semanage/seobject.py:1326 ../semanage/seobject.py:1362 -+#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373 - #, python-format - msgid "Addr %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1330 -+#: ../semanage/seobject.py:1341 - #, python-format - msgid "Could not query addr %s" - msgstr "" - --#: ../semanage/seobject.py:1340 -+#: ../semanage/seobject.py:1351 - #, python-format - msgid "Could not modify addr %s" - msgstr "" - --#: ../semanage/seobject.py:1368 -+#: ../semanage/seobject.py:1379 - #, python-format - msgid "Addr %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1372 -+#: ../semanage/seobject.py:1383 - #, python-format - msgid "Could not delete addr %s" - msgstr "" - --#: ../semanage/seobject.py:1384 -+#: ../semanage/seobject.py:1395 - msgid "Could not deleteall node mappings" - msgstr "" - --#: ../semanage/seobject.py:1398 -+#: ../semanage/seobject.py:1409 - msgid "Could not list addrs" - msgstr "" - --#: ../semanage/seobject.py:1458 ../semanage/seobject.py:1520 --#: ../semanage/seobject.py:1554 ../semanage/seobject.py:1560 -+#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752 -+msgid "SELinux Type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531 -+#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571 - #, python-format - msgid "Could not check if interface %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1465 -+#: ../semanage/seobject.py:1476 - #, python-format - msgid "Could not create interface for %s" - msgstr "" - --#: ../semanage/seobject.py:1474 -+#: ../semanage/seobject.py:1485 - #, python-format - msgid "Could not set user in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1478 -+#: ../semanage/seobject.py:1489 - #, python-format - msgid "Could not set role in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1482 -+#: ../semanage/seobject.py:1493 - #, python-format - msgid "Could not set type in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1487 -+#: ../semanage/seobject.py:1498 - #, python-format - msgid "Could not set mls fields in interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1491 -+#: ../semanage/seobject.py:1502 - #, python-format - msgid "Could not set interface context for %s" - msgstr "" - --#: ../semanage/seobject.py:1495 -+#: ../semanage/seobject.py:1506 - #, python-format - msgid "Could not set message context for %s" - msgstr "" - --#: ../semanage/seobject.py:1499 -+#: ../semanage/seobject.py:1510 - #, python-format - msgid "Could not add interface %s" - msgstr "" - --#: ../semanage/seobject.py:1522 ../semanage/seobject.py:1556 -+#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567 - #, python-format - msgid "Interface %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1526 -+#: ../semanage/seobject.py:1537 - #, python-format - msgid "Could not query interface %s" - msgstr "" - --#: ../semanage/seobject.py:1537 -+#: ../semanage/seobject.py:1548 - #, python-format - msgid "Could not modify interface %s" - msgstr "" - --#: ../semanage/seobject.py:1562 -+#: ../semanage/seobject.py:1573 - #, python-format - msgid "Interface %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1566 -+#: ../semanage/seobject.py:1577 - #, python-format - msgid "Could not delete interface %s" - msgstr "" - --#: ../semanage/seobject.py:1578 -+#: ../semanage/seobject.py:1589 - msgid "Could not delete all interface mappings" - msgstr "" - --#: ../semanage/seobject.py:1592 -+#: ../semanage/seobject.py:1603 - msgid "Could not list interfaces" - msgstr "" - --#: ../semanage/seobject.py:1617 -+#: ../semanage/seobject.py:1628 - msgid "SELinux Interface" - msgstr "" - --#: ../semanage/seobject.py:1617 ../semanage/seobject.py:1944 -+#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974 - msgid "Context" - msgstr "" - --#: ../semanage/seobject.py:1667 -+#: ../semanage/seobject.py:1691 - #, python-format - msgid "Equivalence class for %s already exists" - msgstr "" - --#: ../semanage/seobject.py:1673 -+#: ../semanage/seobject.py:1697 - #, python-format - msgid "File spec %s conflicts with equivalency rule '%s %s'" - msgstr "" - --#: ../semanage/seobject.py:1682 -+#: ../semanage/seobject.py:1706 - #, python-format - msgid "Equivalence class for %s does not exists" - msgstr "" - --#: ../semanage/seobject.py:1696 -+#: ../semanage/seobject.py:1720 - #, python-format - msgid "Could not set user in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1700 -+#: ../semanage/seobject.py:1724 - #, python-format - msgid "Could not set role in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1705 ../semanage/seobject.py:1762 -+#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789 - #, python-format - msgid "Could not set mls fields in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1711 -+#: ../semanage/seobject.py:1735 - msgid "Invalid file specification" - msgstr "" - --#: ../semanage/seobject.py:1713 -+#: ../semanage/seobject.py:1737 - msgid "File specification can not include spaces" - msgstr "" - --#: ../semanage/seobject.py:1718 -+#: ../semanage/seobject.py:1742 - #, python-format - msgid "" - "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" - msgstr "" - --#: ../semanage/seobject.py:1736 ../semanage/seobject.py:1741 --#: ../semanage/seobject.py:1794 ../semanage/seobject.py:1876 --#: ../semanage/seobject.py:1880 -+#: ../semanage/seobject.py:1755 -+#, python-format -+msgid "Type %s is invalid, must be a file or device type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768 -+#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906 -+#: ../semanage/seobject.py:1910 - #, python-format - msgid "Could not check if file context for %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1749 -+#: ../semanage/seobject.py:1776 - #, python-format - msgid "Could not create file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1757 -+#: ../semanage/seobject.py:1784 - #, python-format - msgid "Could not set type in file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1765 ../semanage/seobject.py:1822 --#: ../semanage/seobject.py:1826 -+#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852 -+#: ../semanage/seobject.py:1856 - #, python-format - msgid "Could not set file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1771 -+#: ../semanage/seobject.py:1798 - #, python-format - msgid "Could not add file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1785 -+#: ../semanage/seobject.py:1812 - msgid "Requires setype, serange or seuser" - msgstr "" - --#: ../semanage/seobject.py:1798 ../semanage/seobject.py:1884 -+#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914 - #, python-format - msgid "File context for %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:1804 -+#: ../semanage/seobject.py:1834 - #, python-format - msgid "Could not query file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1830 -+#: ../semanage/seobject.py:1860 - #, python-format - msgid "Could not modify file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1843 -+#: ../semanage/seobject.py:1873 - msgid "Could not list the file contexts" - msgstr "" - --#: ../semanage/seobject.py:1857 -+#: ../semanage/seobject.py:1887 - #, python-format - msgid "Could not delete the file context %s" - msgstr "" - --#: ../semanage/seobject.py:1882 -+#: ../semanage/seobject.py:1912 - #, python-format - msgid "File context for %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:1888 -+#: ../semanage/seobject.py:1918 - #, python-format - msgid "Could not delete file context for %s" - msgstr "" - --#: ../semanage/seobject.py:1903 -+#: ../semanage/seobject.py:1933 - msgid "Could not list file contexts" - msgstr "" - --#: ../semanage/seobject.py:1907 -+#: ../semanage/seobject.py:1937 - msgid "Could not list local file contexts" - msgstr "" - --#: ../semanage/seobject.py:1944 -+#: ../semanage/seobject.py:1974 - msgid "SELinux fcontext" - msgstr "" - --#: ../semanage/seobject.py:1944 -+#: ../semanage/seobject.py:1974 - msgid "type" - msgstr "" - --#: ../semanage/seobject.py:1957 -+#: ../semanage/seobject.py:1987 - msgid "" - "\n" - "SELinux Distribution fcontext Equivalence \n" - msgstr "" - --#: ../semanage/seobject.py:1962 -+#: ../semanage/seobject.py:1992 - msgid "" - "\n" - "SELinux Local fcontext Equivalence \n" - msgstr "" - --#: ../semanage/seobject.py:1996 ../semanage/seobject.py:2048 --#: ../semanage/seobject.py:2054 -+#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079 -+#: ../semanage/seobject.py:2085 - #, python-format - msgid "Could not check if boolean %s is defined" - msgstr "" - --#: ../semanage/seobject.py:1998 ../semanage/seobject.py:2050 -+#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081 - #, python-format - msgid "Boolean %s is not defined" - msgstr "" - --#: ../semanage/seobject.py:2002 -+#: ../semanage/seobject.py:2034 - #, python-format - msgid "Could not query file context %s" - msgstr "" - --#: ../semanage/seobject.py:2007 -+#: ../semanage/seobject.py:2039 - #, python-format - msgid "You must specify one of the following values: %s" - msgstr "" - --#: ../semanage/seobject.py:2012 -+#: ../semanage/seobject.py:2044 - #, python-format - msgid "Could not set active value of boolean %s" - msgstr "" - --#: ../semanage/seobject.py:2015 -+#: ../semanage/seobject.py:2047 - #, python-format - msgid "Could not modify boolean %s" - msgstr "" - --#: ../semanage/seobject.py:2033 -+#: ../semanage/seobject.py:2063 - #, python-format - msgid "Bad format %s: Record %s" - msgstr "" - --#: ../semanage/seobject.py:2056 -+#: ../semanage/seobject.py:2087 - #, python-format - msgid "Boolean %s is defined in policy, cannot be deleted" - msgstr "" - --#: ../semanage/seobject.py:2060 -+#: ../semanage/seobject.py:2091 - #, python-format - msgid "Could not delete boolean %s" - msgstr "" - --#: ../semanage/seobject.py:2072 ../semanage/seobject.py:2089 -+#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120 - msgid "Could not list booleans" - msgstr "" - --#: ../semanage/seobject.py:2112 --msgid "unknown" --msgstr "" -- --#: ../semanage/seobject.py:2125 -+#: ../semanage/seobject.py:2155 - msgid "off" - msgstr "" - --#: ../semanage/seobject.py:2125 -+#: ../semanage/seobject.py:2155 - msgid "on" - msgstr "" - --#: ../semanage/seobject.py:2139 -+#: ../semanage/seobject.py:2169 - msgid "SELinux boolean" - msgstr "" - --#: ../semanage/seobject.py:2139 -+#: ../semanage/seobject.py:2169 - msgid "State" - msgstr "" - --#: ../semanage/seobject.py:2139 -+#: ../semanage/seobject.py:2169 - msgid "Default" - msgstr "" - --#: ../semanage/seobject.py:2139 ../gui/polgen.glade:3355 --#: ../gui/polgengui.py:253 -+#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113 -+#: ../gui/polgengui.py:269 - msgid "Description" - msgstr "" - -@@ -998,7 +1013,7 @@ msgstr "" - msgid "Error sending audit message.\n" - msgstr "" - --#: ../newrole/newrole.c:692 ../newrole/newrole.c:1059 -+#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 - #, c-format - msgid "Could not determine enforcing mode.\n" - msgstr "" -@@ -1113,62 +1128,66 @@ msgstr "" - msgid "Unable to set SIGHUP handler\n" - msgstr "" - --#: ../newrole/newrole.c:1053 -+#: ../newrole/newrole.c:1036 -+msgid "Sorry, newrole failed to drop capabilities\n" -+msgstr "" -+ -+#: ../newrole/newrole.c:1052 - #, c-format - msgid "Sorry, newrole may be used only on a SELinux kernel.\n" - msgstr "" - --#: ../newrole/newrole.c:1070 -+#: ../newrole/newrole.c:1069 - #, c-format - msgid "failed to get old_context.\n" - msgstr "" - --#: ../newrole/newrole.c:1077 -+#: ../newrole/newrole.c:1076 - #, c-format - msgid "Warning! Could not retrieve tty information.\n" - msgstr "" - --#: ../newrole/newrole.c:1098 -+#: ../newrole/newrole.c:1097 - #, c-format - msgid "error on reading PAM service configuration.\n" - msgstr "" - --#: ../newrole/newrole.c:1133 -+#: ../newrole/newrole.c:1132 - #, c-format - msgid "newrole: incorrect password for %s\n" - msgstr "" - --#: ../newrole/newrole.c:1160 -+#: ../newrole/newrole.c:1159 - #, c-format - msgid "newrole: failure forking: %s" - msgstr "" - --#: ../newrole/newrole.c:1163 ../newrole/newrole.c:1186 -+#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 - #, c-format - msgid "Unable to restore tty label...\n" - msgstr "" - --#: ../newrole/newrole.c:1165 ../newrole/newrole.c:1192 -+#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 - #, c-format - msgid "Failed to close tty properly\n" - msgstr "" - --#: ../newrole/newrole.c:1224 -+#: ../newrole/newrole.c:1223 - #, c-format - msgid "Could not close descriptors.\n" - msgstr "" - --#: ../newrole/newrole.c:1251 -+#: ../newrole/newrole.c:1250 - #, c-format - msgid "Error allocating shell's argv0.\n" - msgstr "" - --#: ../newrole/newrole.c:1287 -+#: ../newrole/newrole.c:1286 - #, c-format - msgid "Unable to restore the environment, aborting\n" - msgstr "" - --#: ../newrole/newrole.c:1298 -+#: ../newrole/newrole.c:1297 - msgid "failed to exec shell\n" - msgstr "" - -@@ -1271,20 +1290,20 @@ msgstr "" - msgid "chcat -l +CompanyConfidential juser" - msgstr "" - --#: ../scripts/chcat:399 ../gui/polgen.py:1351 --#, c-format, python-format -+#: ../scripts/chcat:399 -+#, c-format - msgid "Options Error %s " - msgstr "" - --#: ../gui/booleansPage.py:195 ../gui/system-config-selinux.glade:1706 -+#: ../gui/booleansPage.py:194 ../gui/system-config-selinux.glade:1706 - msgid "Boolean" - msgstr "" - --#: ../gui/booleansPage.py:252 ../gui/semanagePage.py:162 -+#: ../gui/booleansPage.py:245 ../gui/semanagePage.py:162 - msgid "all" - msgstr "" - --#: ../gui/booleansPage.py:254 ../gui/semanagePage.py:164 -+#: ../gui/booleansPage.py:247 ../gui/semanagePage.py:164 - #: ../gui/system-config-selinux.glade:1615 - #: ../gui/system-config-selinux.glade:1820 - #: ../gui/system-config-selinux.glade:2437 -@@ -1340,577 +1359,464 @@ msgstr "" - msgid "Login '%s' is required" - msgstr "" - --#: ../gui/modulesPage.py:48 ../gui/system-config-selinux.glade:2753 -+#: ../gui/modulesPage.py:49 ../gui/system-config-selinux.glade:2753 - msgid "Policy Module" - msgstr "" - --#: ../gui/modulesPage.py:57 -+#: ../gui/modulesPage.py:58 - msgid "Module Name" - msgstr "" - --#: ../gui/modulesPage.py:134 -+#: ../gui/modulesPage.py:135 - msgid "Disable Audit" - msgstr "" - --#: ../gui/modulesPage.py:137 ../gui/system-config-selinux.glade:2662 -+#: ../gui/modulesPage.py:138 ../gui/system-config-selinux.glade:2662 - msgid "Enable Audit" - msgstr "" - --#: ../gui/modulesPage.py:162 -+#: ../gui/modulesPage.py:163 - msgid "Load Policy Module" - msgstr "" - --#: ../gui/polgen.glade:79 --msgid "Polgen" --msgstr "" -- --#: ../gui/polgen.glade:80 -+#: ../gui/polgen.glade:9 - msgid "Red Hat 2007" - msgstr "" - --#: ../gui/polgen.glade:81 -+#: ../gui/polgen.glade:11 - msgid "GPL" - msgstr "" - - #. TRANSLATORS: Replace this string with your names, one name per line. --#: ../gui/polgen.glade:85 ../gui/system-config-selinux.glade:17 -+#: ../gui/polgen.glade:13 ../gui/system-config-selinux.glade:17 - msgid "translator-credits" - msgstr "" - --#: ../gui/polgen.glade:90 -+#: ../gui/polgen.glade:34 -+msgid "Add Booleans Dialog" -+msgstr "" -+ -+#: ../gui/polgen.glade:101 -+msgid "Boolean Name" -+msgstr "" -+ -+#: ../gui/polgen.glade:230 - msgid "SELinux Policy Generation Tool" - msgstr "" - --#: ../gui/polgen.glade:128 -+#: ../gui/polgen.glade:251 - msgid "" - "Select the policy type for the application or user role you want to " - "confine:" - msgstr "" - --#: ../gui/polgen.glade:177 -+#: ../gui/polgen.glade:284 - msgid "Applications" - msgstr "" - --#: ../gui/polgen.glade:239 ../gui/polgen.glade:259 -+#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171 -+msgid "Standard Init Daemon" -+msgstr "" -+ -+#: ../gui/polgen.glade:320 ../gui/polgen.glade:336 - msgid "" - "Standard Init Daemon are daemons started on boot via init scripts. Usually " - "requires a script in /etc/rc.d/init.d" - msgstr "" - --#: ../gui/polgen.glade:241 ../gui/polgen.py:156 --msgid "Standard Init Daemon" -+#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172 -+msgid "DBUS System Daemon" - msgstr "" - --#: ../gui/polgen.glade:261 ../gui/polgen.py:157 --msgid "DBUS System Daemon" -+#: ../gui/polgen.glade:349 -+msgid "Internet Services Daemon (inetd)" - msgstr "" - --#: ../gui/polgen.glade:280 -+#: ../gui/polgen.glade:353 - msgid "Internet Services Daemon are daemons started by xinetd" - msgstr "" - --#: ../gui/polgen.glade:282 --msgid "Internet Services Daemon (inetd)" -+#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174 -+msgid "Web Application/Script (CGI)" - msgstr "" - --#: ../gui/polgen.glade:301 -+#: ../gui/polgen.glade:370 - msgid "" - "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" - msgstr "" - --#: ../gui/polgen.glade:303 ../gui/polgen.py:159 --msgid "Web Application/Script (CGI)" -+#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176 -+msgid "User Application" - msgstr "" - --#: ../gui/polgen.glade:322 ../gui/polgen.glade:343 -+#: ../gui/polgen.glade:387 ../gui/polgen.glade:404 - msgid "" - "User Application are any application that you would like to confine that is " - "started by a user" - msgstr "" - --#: ../gui/polgen.glade:324 ../gui/polgen.py:160 --msgid "User Application" --msgstr "" -- --#: ../gui/polgen.glade:345 ../gui/polgen.py:161 -+#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175 - msgid "Sandbox" - msgstr "" - --#: ../gui/polgen.glade:391 -+#: ../gui/polgen.glade:446 - msgid "Login Users" - msgstr "" - --#: ../gui/polgen.glade:453 -+#: ../gui/polgen.glade:478 -+msgid "Existing User Roles" -+msgstr "" -+ -+#: ../gui/polgen.glade:482 - msgid "Modify an existing login user record." - msgstr "" - --#: ../gui/polgen.glade:455 --msgid "Existing User Roles" -+#: ../gui/polgen.glade:495 -+msgid "Minimal Terminal User Role" - msgstr "" - --#: ../gui/polgen.glade:474 -+#: ../gui/polgen.glade:499 - msgid "" - "This user will login to a machine only via a terminal or remote login. By " - "default this user will have no setuid, no networking, no su, no sudo." - msgstr "" - --#: ../gui/polgen.glade:476 ../gui/polgen.py:162 --msgid "Minimal Terminal User Role" -+#: ../gui/polgen.glade:512 -+msgid "Minimal X Windows User Role" - msgstr "" - --#: ../gui/polgen.glade:495 -+#: ../gui/polgen.glade:516 - msgid "" - "This user can login to a machine via X or terminal. By default this user " - "will have no setuid, no networking, no sudo, no su" - msgstr "" - --#: ../gui/polgen.glade:497 ../gui/polgen.py:163 --msgid "Minimal X Windows User Role" -+#: ../gui/polgen.glade:529 -+msgid "User Role" - msgstr "" - --#: ../gui/polgen.glade:516 -+#: ../gui/polgen.glade:533 - msgid "" - "User with full networking, no setuid applications without transition, no " - "sudo, no su." - msgstr "" - --#: ../gui/polgen.glade:518 ../gui/polgen.py:164 --msgid "User Role" -+#: ../gui/polgen.glade:546 -+msgid "Admin User Role" - msgstr "" - --#: ../gui/polgen.glade:537 -+#: ../gui/polgen.glade:550 - msgid "" - "User with full networking, no setuid applications without transition, no su, " - "can sudo to Root Administration Roles" - msgstr "" - --#: ../gui/polgen.glade:539 ../gui/polgen.py:165 --msgid "Admin User Role" -+#: ../gui/polgen.glade:592 -+msgid "Root Users" - msgstr "" - --#: ../gui/polgen.glade:585 --msgid "Root Users" -+#: ../gui/polgen.glade:623 -+msgid "Root Admin User Role" - msgstr "" - --#: ../gui/polgen.glade:647 -+#: ../gui/polgen.glade:627 - msgid "" - "Select Root Administrator User Role, if this user will be used to administer " - "the machine while running as root. This user will not be able to login to " - "the system directly." - msgstr "" - --#: ../gui/polgen.glade:649 ../gui/polgen.py:166 --msgid "Root Admin User Role" --msgstr "" -- --#: ../gui/polgen.glade:716 --msgid "label104" --msgstr "" -- --#: ../gui/polgen.glade:745 -+#: ../gui/polgen.glade:705 - msgid "Enter name of application or user role:" - msgstr "" - --#: ../gui/polgen.glade:779 ../gui/polgengui.py:251 -+#: ../gui/polgen.glade:728 ../gui/polgengui.py:267 - msgid "Name" - msgstr "" - --#: ../gui/polgen.glade:807 -+#: ../gui/polgen.glade:739 - msgid "Enter complete path for executable to be confined." - msgstr "" - --#: ../gui/polgen.glade:830 ../gui/polgen.glade:950 ../gui/polgen.glade:3142 -+#: ../gui/polgen.glade:756 ../gui/polgen.glade:838 ../gui/polgen.glade:2361 - msgid "..." - msgstr "" - --#: ../gui/polgen.glade:849 -+#: ../gui/polgen.glade:776 - msgid "Enter unique name for the confined application or user role." - msgstr "" - --#: ../gui/polgen.glade:871 -+#: ../gui/polgen.glade:794 - msgid "Executable" - msgstr "" - --#: ../gui/polgen.glade:899 -+#: ../gui/polgen.glade:808 - msgid "Init script" - msgstr "" - --#: ../gui/polgen.glade:927 -+#: ../gui/polgen.glade:821 - msgid "" - "Enter complete path to init script used to start the confined application." - msgstr "" - --#: ../gui/polgen.glade:982 --msgid "label105" --msgstr "" -- --#: ../gui/polgen.glade:1011 -+#: ../gui/polgen.glade:887 - msgid "Select existing role to modify:" - msgstr "" - --#: ../gui/polgen.glade:1045 -+#: ../gui/polgen.glade:908 - msgid "Select the user roles that will transiton to the %s domain." - msgstr "" - --#: ../gui/polgen.glade:1073 --msgid "label106" -+#: ../gui/polgen.glade:928 -+msgid "role tab" - msgstr "" - --#: ../gui/polgen.glade:1102 -+#: ../gui/polgen.glade:945 - msgid "Select roles that %s will transition to:" - msgstr "" - --#: ../gui/polgen.glade:1136 -+#: ../gui/polgen.glade:963 - msgid "Select applications domains that %s will transition to." - msgstr "" - --#: ../gui/polgen.glade:1164 --msgid "label107" -+#: ../gui/polgen.glade:983 -+msgid "" -+"transition \n" -+"role tab" - msgstr "" - --#: ../gui/polgen.glade:1193 -+#: ../gui/polgen.glade:1001 - msgid "Select the user_roles that will transition to %s:" - msgstr "" - --#: ../gui/polgen.glade:1227 -+#: ../gui/polgen.glade:1019 - msgid "Select the user roles that will transiton to this applications domains." - msgstr "" - --#: ../gui/polgen.glade:1255 --msgid "label108" --msgstr "" -- --#: ../gui/polgen.glade:1284 -+#: ../gui/polgen.glade:1056 - msgid "Select domains that %s will administer:" - msgstr "" - --#: ../gui/polgen.glade:1318 ../gui/polgen.glade:1409 -+#: ../gui/polgen.glade:1074 ../gui/polgen.glade:1129 - msgid "Select the domains that you would like this user administer." - msgstr "" - --#: ../gui/polgen.glade:1346 --msgid "label109" --msgstr "" -- --#: ../gui/polgen.glade:1375 -+#: ../gui/polgen.glade:1111 - msgid "Select additional roles for %s:" - msgstr "" - --#: ../gui/polgen.glade:1437 --msgid "label111" --msgstr "" -- --#: ../gui/polgen.glade:1466 -+#: ../gui/polgen.glade:1166 - msgid "Enter network ports that %s binds on:" - msgstr "" - --#: ../gui/polgen.glade:1497 ../gui/polgen.glade:1997 -+#: ../gui/polgen.glade:1186 ../gui/polgen.glade:1557 - msgid "TCP Ports" - msgstr "" - --#: ../gui/polgen.glade:1565 ../gui/polgen.glade:1785 -+#: ../gui/polgen.glade:1223 ../gui/polgen.glade:1390 ../gui/polgen.glade:1589 -+#: ../gui/polgen.glade:1698 -+msgid "All" -+msgstr "" -+ -+#: ../gui/polgen.glade:1227 ../gui/polgen.glade:1394 - msgid "Allows %s to bind to any udp port" - msgstr "" - --#: ../gui/polgen.glade:1567 ../gui/polgen.glade:1787 ../gui/polgen.glade:2061 --#: ../gui/polgen.glade:2215 --msgid "All" -+#: ../gui/polgen.glade:1240 ../gui/polgen.glade:1407 -+msgid "600-1024" - msgstr "" - --#: ../gui/polgen.glade:1585 ../gui/polgen.glade:1805 -+#: ../gui/polgen.glade:1244 ../gui/polgen.glade:1411 - msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" - msgstr "" - --#: ../gui/polgen.glade:1587 ../gui/polgen.glade:1807 --msgid "600-1024" -+#: ../gui/polgen.glade:1257 ../gui/polgen.glade:1424 -+msgid "Unreserved Ports (>1024)" - msgstr "" - --#: ../gui/polgen.glade:1605 ../gui/polgen.glade:1825 -+#: ../gui/polgen.glade:1261 ../gui/polgen.glade:1428 - msgid "" - "Enter a comma separated list of udp ports or ranges of ports that %s binds " - "to. Example: 612, 650-660" - msgstr "" - --#: ../gui/polgen.glade:1607 ../gui/polgen.glade:1827 --msgid "Unreserved Ports (>1024)" --msgstr "" -- --#: ../gui/polgen.glade:1638 ../gui/polgen.glade:1858 ../gui/polgen.glade:2079 --#: ../gui/polgen.glade:2233 -+#: ../gui/polgen.glade:1289 ../gui/polgen.glade:1456 ../gui/polgen.glade:1609 -+#: ../gui/polgen.glade:1718 - msgid "Select Ports" - msgstr "" - --#: ../gui/polgen.glade:1663 ../gui/polgen.glade:1883 -+#: ../gui/polgen.glade:1302 ../gui/polgen.glade:1469 - msgid "Allows %s to bind to any udp ports > 1024" - msgstr "" - --#: ../gui/polgen.glade:1717 ../gui/polgen.glade:2151 -+#: ../gui/polgen.glade:1353 ../gui/polgen.glade:1666 - msgid "UDP Ports" - msgstr "" - --#: ../gui/polgen.glade:1937 --msgid "label113" -+#: ../gui/polgen.glade:1519 -+msgid "" -+"Network\n" -+"Bind tab" - msgstr "" - --#: ../gui/polgen.glade:1966 -+#: ../gui/polgen.glade:1537 - msgid "Select network ports that %s connects to:" - msgstr "" - --#: ../gui/polgen.glade:2058 -+#: ../gui/polgen.glade:1593 - msgid "Allows %s to connect to any tcp port" - msgstr "" - --#: ../gui/polgen.glade:2104 -+#: ../gui/polgen.glade:1622 - msgid "" - "Enter a comma separated list of tcp ports or ranges of ports that %s " - "connects to. Example: 612, 650-660" - msgstr "" - --#: ../gui/polgen.glade:2212 -+#: ../gui/polgen.glade:1702 - msgid "Allows %s to connect to any udp port" - msgstr "" - --#: ../gui/polgen.glade:2258 -+#: ../gui/polgen.glade:1731 - msgid "" - "Enter a comma separated list of udp ports or ranges of ports that %s " - "connects to. Example: 612, 650-660" - msgstr "" - --#: ../gui/polgen.glade:2305 --msgid "label114" --msgstr "" -- --#: ../gui/polgen.glade:2334 -+#: ../gui/polgen.glade:1792 - msgid "Select common application traits for %s:" - msgstr "" - --#: ../gui/polgen.glade:2366 -+#: ../gui/polgen.glade:1809 - msgid "Writes syslog messages\t" - msgstr "" - --#: ../gui/polgen.glade:2385 -+#: ../gui/polgen.glade:1824 - msgid "Create/Manipulate temporary files in /tmp" - msgstr "" - --#: ../gui/polgen.glade:2404 -+#: ../gui/polgen.glade:1839 - msgid "Uses Pam for authentication" - msgstr "" - --#: ../gui/polgen.glade:2423 -+#: ../gui/polgen.glade:1854 - msgid "Uses nsswitch or getpw* calls" - msgstr "" - --#: ../gui/polgen.glade:2442 -+#: ../gui/polgen.glade:1869 - msgid "Uses dbus" - msgstr "" - --#: ../gui/polgen.glade:2461 -+#: ../gui/polgen.glade:1884 - msgid "Sends audit messages" - msgstr "" - --#: ../gui/polgen.glade:2480 -+#: ../gui/polgen.glade:1899 - msgid "Interacts with the terminal" - msgstr "" - --#: ../gui/polgen.glade:2499 -+#: ../gui/polgen.glade:1914 - msgid "Sends email" - msgstr "" - --#: ../gui/polgen.glade:2530 --msgid "label115" --msgstr "" -- --#: ../gui/polgen.glade:2559 -+#: ../gui/polgen.glade:1961 - msgid "Add files/directories that %s manages" - msgstr "" - --#: ../gui/polgen.glade:2788 -+#: ../gui/polgen.glade:2122 - msgid "" - "Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " - "Files ..." - msgstr "" - --#: ../gui/polgen.glade:2823 --msgid "label116" --msgstr "" -- --#: ../gui/polgen.glade:2852 -+#: ../gui/polgen.glade:2166 - msgid "Add booleans from the %s policy:" - msgstr "" - --#: ../gui/polgen.glade:3002 -+#: ../gui/polgen.glade:2274 - msgid "Add/Remove booleans used by the %s domain" - msgstr "" - --#: ../gui/polgen.glade:3066 -+#: ../gui/polgen.glade:2316 - msgid "Which directory you will generate the %s policy?" - msgstr "" - --#: ../gui/polgen.glade:3097 -+#: ../gui/polgen.glade:2334 - msgid "Policy Directory" - msgstr "" - --#: ../gui/polgen.glade:3254 --msgid "Add Booleans Dialog" --msgstr "" -- --#: ../gui/polgen.glade:3327 --msgid "Boolean Name" --msgstr "" -- --#: ../gui/polgengui.py:261 -+#: ../gui/polgengui.py:277 - msgid "Role" - msgstr "" - --#: ../gui/polgengui.py:268 -+#: ../gui/polgengui.py:284 - msgid "Existing_User" - msgstr "" - --#: ../gui/polgengui.py:282 ../gui/polgengui.py:290 ../gui/polgengui.py:304 -+#: ../gui/polgengui.py:298 ../gui/polgengui.py:306 ../gui/polgengui.py:320 - msgid "Application" - msgstr "" - --#: ../gui/polgengui.py:352 -+#: ../gui/polgengui.py:363 - #, python-format - msgid "%s must be a directory" - msgstr "" - --#: ../gui/polgengui.py:412 ../gui/polgengui.py:693 -+#: ../gui/polgengui.py:423 ../gui/polgengui.py:704 - msgid "You must select a user" - msgstr "" - --#: ../gui/polgengui.py:542 -+#: ../gui/polgengui.py:553 - msgid "Select executable file to be confined." - msgstr "" - --#: ../gui/polgengui.py:553 -+#: ../gui/polgengui.py:564 - msgid "Select init script file to be confined." - msgstr "" - --#: ../gui/polgengui.py:563 -+#: ../gui/polgengui.py:574 - msgid "Select file(s) that confined application creates or writes" - msgstr "" - --#: ../gui/polgengui.py:570 -+#: ../gui/polgengui.py:581 - msgid "Select directory(s) that the confined application owns and writes into" - msgstr "" - --#: ../gui/polgengui.py:632 -+#: ../gui/polgengui.py:643 - msgid "Select directory to generate policy files in" - msgstr "" - --#: ../gui/polgengui.py:649 -+#: ../gui/polgengui.py:660 - #, python-format - msgid "" - "Type %s_t already defined in current policy.\n" - "Do you want to continue?" - msgstr "" - --#: ../gui/polgengui.py:649 ../gui/polgengui.py:653 -+#: ../gui/polgengui.py:660 ../gui/polgengui.py:664 - msgid "Verify Name" - msgstr "" - --#: ../gui/polgengui.py:653 -+#: ../gui/polgengui.py:664 - #, python-format - msgid "" - "Module %s.pp already loaded in current policy.\n" - "Do you want to continue?" - msgstr "" - --#: ../gui/polgengui.py:699 -+#: ../gui/polgengui.py:710 - msgid "" - "You must add a name made up of letters and numbers and containing no spaces." - msgstr "" - --#: ../gui/polgengui.py:713 -+#: ../gui/polgengui.py:724 - msgid "You must enter a executable" - msgstr "" - --#: ../gui/polgengui.py:738 ../gui/system-config-selinux.py:174 -+#: ../gui/polgengui.py:749 ../gui/system-config-selinux.py:180 - msgid "Configue SELinux" - msgstr "" - --#: ../gui/polgen.py:158 --msgid "Internet Services Daemon" --msgstr "" -- --#: ../gui/polgen.py:197 --#, python-format --msgid "Ports must be numbers or ranges of numbers from 1 to %d " --msgstr "" -- --#: ../gui/polgen.py:324 --msgid "You must enter a name for your confined process/user" --msgstr "" -- --#: ../gui/polgen.py:326 --msgid "" --"Name must be alpha numberic with no spaces. Consider using option \"-n " --"MODULENAME\"" --msgstr "" -- --#: ../gui/polgen.py:414 --msgid "User Role types can not be assigned executables." --msgstr "" -- --#: ../gui/polgen.py:420 --msgid "Only Daemon apps can use an init script.." --msgstr "" -- --#: ../gui/polgen.py:438 --msgid "use_resolve must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:444 --msgid "use_syslog must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:450 --msgid "use_kerberos must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:456 --msgid "manage_krb5_rcache must be a boolean value " --msgstr "" -- --#: ../gui/polgen.py:486 --msgid "USER Types automatically get a tmp type" --msgstr "" -- --#: ../gui/polgen.py:1004 --msgid "You must enter the executable path for your confined process" --msgstr "" -- --#: ../gui/polgen.py:1182 --msgid "Type Enforcement file" --msgstr "" -- --#: ../gui/polgen.py:1183 --msgid "Interface file" --msgstr "" -- --#: ../gui/polgen.py:1184 --msgid "File Contexts file" --msgstr "" -- --#: ../gui/polgen.py:1185 --msgid "Setup Script" --msgstr "" -- --#: ../gui/polgen.py:1306 --#, python-format --msgid "" --"\n" --"%s\n" --"\n" --"sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]\n" --"valid Types:\n" --msgstr "" -- --#: ../gui/polgen.py:1354 --msgid "Executable or Name required" --msgstr "" -- - #: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528 - msgid "Network Port" - msgstr "" -@@ -1948,1411 +1854,1620 @@ msgstr "" - msgid "Group View" - msgstr "" - --#: ../gui/selinux.tbl:1 ../gui/selinux.tbl:30 ../gui/selinux.tbl:31 --#: ../gui/selinux.tbl:32 ../gui/selinux.tbl:33 ../gui/selinux.tbl:34 --#: ../gui/selinux.tbl:36 ../gui/selinux.tbl:37 ../gui/selinux.tbl:38 --#: ../gui/selinux.tbl:39 ../gui/selinux.tbl:40 ../gui/selinux.tbl:42 --#: ../gui/selinux.tbl:43 ../gui/selinux.tbl:44 ../gui/selinux.tbl:45 --#: ../gui/selinux.tbl:46 ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 --#: ../gui/selinux.tbl:49 ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 --#: ../gui/selinux.tbl:52 ../gui/selinux.tbl:53 ../gui/selinux.tbl:59 --#: ../gui/selinux.tbl:60 ../gui/selinux.tbl:61 ../gui/selinux.tbl:62 --#: ../gui/selinux.tbl:63 ../gui/selinux.tbl:64 ../gui/selinux.tbl:65 --#: ../gui/selinux.tbl:66 ../gui/selinux.tbl:67 ../gui/selinux.tbl:68 --#: ../gui/selinux.tbl:69 ../gui/selinux.tbl:75 ../gui/selinux.tbl:76 --#: ../gui/selinux.tbl:77 ../gui/selinux.tbl:78 ../gui/selinux.tbl:79 --#: ../gui/selinux.tbl:80 ../gui/selinux.tbl:81 ../gui/selinux.tbl:82 --#: ../gui/selinux.tbl:83 ../gui/selinux.tbl:84 ../gui/selinux.tbl:86 --#: ../gui/selinux.tbl:88 ../gui/selinux.tbl:89 ../gui/selinux.tbl:90 --#: ../gui/selinux.tbl:92 ../gui/selinux.tbl:94 ../gui/selinux.tbl:95 --#: ../gui/selinux.tbl:96 ../gui/selinux.tbl:97 ../gui/selinux.tbl:98 --#: ../gui/selinux.tbl:99 ../gui/selinux.tbl:100 ../gui/selinux.tbl:101 --#: ../gui/selinux.tbl:102 ../gui/selinux.tbl:103 ../gui/selinux.tbl:104 --#: ../gui/selinux.tbl:106 ../gui/selinux.tbl:108 ../gui/selinux.tbl:109 --#: ../gui/selinux.tbl:110 ../gui/selinux.tbl:111 ../gui/selinux.tbl:112 --#: ../gui/selinux.tbl:113 ../gui/selinux.tbl:114 ../gui/selinux.tbl:116 --#: ../gui/selinux.tbl:117 ../gui/selinux.tbl:119 ../gui/selinux.tbl:121 --#: ../gui/selinux.tbl:123 ../gui/selinux.tbl:124 ../gui/selinux.tbl:127 --#: ../gui/selinux.tbl:129 ../gui/selinux.tbl:130 ../gui/selinux.tbl:131 --#: ../gui/selinux.tbl:132 ../gui/selinux.tbl:133 ../gui/selinux.tbl:134 --#: ../gui/selinux.tbl:135 ../gui/selinux.tbl:136 ../gui/selinux.tbl:137 --#: ../gui/selinux.tbl:138 ../gui/selinux.tbl:139 ../gui/selinux.tbl:142 --#: ../gui/selinux.tbl:143 ../gui/selinux.tbl:144 ../gui/selinux.tbl:145 --#: ../gui/selinux.tbl:146 ../gui/selinux.tbl:147 ../gui/selinux.tbl:148 --#: ../gui/selinux.tbl:149 ../gui/selinux.tbl:150 ../gui/selinux.tbl:151 --#: ../gui/selinux.tbl:152 ../gui/selinux.tbl:154 ../gui/selinux.tbl:155 --#: ../gui/selinux.tbl:156 ../gui/selinux.tbl:157 ../gui/selinux.tbl:158 --#: ../gui/selinux.tbl:159 ../gui/selinux.tbl:160 ../gui/selinux.tbl:167 --#: ../gui/selinux.tbl:171 ../gui/selinux.tbl:172 ../gui/selinux.tbl:173 --#: ../gui/selinux.tbl:174 ../gui/selinux.tbl:175 ../gui/selinux.tbl:177 --#: ../gui/selinux.tbl:178 ../gui/selinux.tbl:179 ../gui/selinux.tbl:180 --#: ../gui/selinux.tbl:184 ../gui/selinux.tbl:192 ../gui/selinux.tbl:193 --#: ../gui/selinux.tbl:194 ../gui/selinux.tbl:195 ../gui/selinux.tbl:196 --#: ../gui/selinux.tbl:197 ../gui/selinux.tbl:198 ../gui/selinux.tbl:199 --#: ../gui/selinux.tbl:200 ../gui/selinux.tbl:201 ../gui/selinux.tbl:206 --#: ../gui/selinux.tbl:207 ../gui/selinux.tbl:218 ../gui/selinux.tbl:219 --#: ../gui/selinux.tbl:220 ../gui/selinux.tbl:222 ../gui/selinux.tbl:224 --#: ../gui/selinux.tbl:226 ../gui/selinux.tbl:227 ../gui/selinux.tbl:230 --msgid "SELinux Service Protection" --msgstr "" -- --#: ../gui/selinux.tbl:1 --msgid "Disable SELinux protection for acct daemon" --msgstr "" -- --#: ../gui/selinux.tbl:2 ../gui/selinux.tbl:3 ../gui/selinux.tbl:70 --#: ../gui/selinux.tbl:153 ../gui/selinux.tbl:168 ../gui/selinux.tbl:169 --#: ../gui/selinux.tbl:170 ../gui/selinux.tbl:189 ../gui/selinux.tbl:202 --#: ../gui/selinux.tbl:203 ../gui/selinux.tbl:204 ../gui/selinux.tbl:205 --msgid "Admin" --msgstr "" -- --#: ../gui/selinux.tbl:2 --msgid "Allow all daemons to write corefiles to /" --msgstr "" -- --#: ../gui/selinux.tbl:3 --msgid "Allow all daemons the ability to use unallocated ttys" -+#: ../gui/semanagePage.py:126 -+#, python-format -+msgid "Are you sure you want to delete %s '%s'?" - msgstr "" - --#: ../gui/selinux.tbl:4 ../gui/selinux.tbl:5 ../gui/selinux.tbl:11 --#: ../gui/selinux.tbl:12 ../gui/selinux.tbl:13 ../gui/selinux.tbl:15 --#: ../gui/selinux.tbl:20 ../gui/selinux.tbl:41 ../gui/selinux.tbl:208 --#: ../gui/selinux.tbl:210 ../gui/selinux.tbl:211 ../gui/selinux.tbl:212 --#: ../gui/selinux.tbl:213 ../gui/selinux.tbl:214 ../gui/selinux.tbl:215 --#: ../gui/selinux.tbl:216 ../gui/selinux.tbl:217 --msgid "User Privs" -+#: ../gui/semanagePage.py:126 -+#, python-format -+msgid "Delete %s" - msgstr "" - --#: ../gui/selinux.tbl:4 --msgid "" --"Allow gadmin SELinux user account to execute files in home directory or /tmp" -+#: ../gui/semanagePage.py:134 -+#, python-format -+msgid "Add %s" - msgstr "" - --#: ../gui/selinux.tbl:5 --msgid "" --"Allow guest SELinux user account to execute files in home directory or /tmp" -+#: ../gui/semanagePage.py:148 -+#, python-format -+msgid "Modify %s" - msgstr "" - --#: ../gui/selinux.tbl:6 ../gui/selinux.tbl:9 ../gui/selinux.tbl:16 --msgid "Memory Protection" -+#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 -+msgid "Permissive" - msgstr "" - --#: ../gui/selinux.tbl:6 --msgid "Allow java executable stack" -+#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 -+msgid "Enforcing" - msgstr "" - --#: ../gui/selinux.tbl:7 ../gui/selinux.tbl:8 ../gui/selinux.tbl:35 --#: ../gui/selinux.tbl:209 --msgid "Mount" -+#: ../gui/statusPage.py:94 -+msgid "Status" - msgstr "" - --#: ../gui/selinux.tbl:7 --msgid "Allow mount to mount any file" -+#: ../gui/statusPage.py:133 -+msgid "" -+"Changing the policy type will cause a relabel of the entire file system on " -+"the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" - msgstr "" - --#: ../gui/selinux.tbl:8 --msgid "Allow mount to mount any directory" -+#: ../gui/statusPage.py:147 -+msgid "" -+"Changing to SELinux disabled requires a reboot. It is not recommended. If " -+"you later decide to turn SELinux back on, the system will be required to " -+"relabel. If you just want to see if SELinux is causing a problem on your " -+"system, you can go to permissive mode which will only log errors and not " -+"enforce SELinux policy. Permissive mode does not require a reboot Do you " -+"wish to continue?" - msgstr "" - --#: ../gui/selinux.tbl:9 --msgid "Allow mplayer executable stack" -+#: ../gui/statusPage.py:152 -+msgid "" -+"Changing to SELinux enabled will cause a relabel of the entire file system " -+"on the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" - msgstr "" - --#: ../gui/selinux.tbl:10 ../gui/selinux.tbl:162 ../gui/selinux.tbl:187 --#: ../gui/selinux.tbl:188 --msgid "SSH" -+#: ../gui/system-config-selinux.glade:11 -+msgid "system-config-selinux" - msgstr "" - --#: ../gui/selinux.tbl:10 --msgid "Allow ssh to run ssh-keysign" -+#: ../gui/system-config-selinux.glade:12 -+msgid "" -+"Copyright (c)2006 Red Hat, Inc.\n" -+"Copyright (c) 2006 Dan Walsh " - msgstr "" - --#: ../gui/selinux.tbl:11 --msgid "" --"Allow staff SELinux user account to execute files in home directory or /tmp" -+#: ../gui/system-config-selinux.glade:22 -+#: ../gui/system-config-selinux.glade:544 -+msgid "Add SELinux Login Mapping" - msgstr "" - --#: ../gui/selinux.tbl:12 --msgid "" --"Allow sysadm SELinux user account to execute files in home directory or /tmp" -+#: ../gui/system-config-selinux.glade:257 -+msgid "Add SELinux Network Ports" - msgstr "" - --#: ../gui/selinux.tbl:13 --msgid "" --"Allow unconfined SELinux user account to execute files in home directory or /" --"tmp" -+#: ../gui/system-config-selinux.glade:391 -+#: ../gui/system-config-selinux.glade:678 -+msgid "SELinux Type" - msgstr "" - --#: ../gui/selinux.tbl:14 --msgid "Network Configuration" -+#: ../gui/system-config-selinux.glade:622 -+msgid "File Specification" - msgstr "" - --#: ../gui/selinux.tbl:14 --msgid "Allow unlabeled packets to flow on the network" -+#: ../gui/system-config-selinux.glade:650 -+msgid "File Type" - msgstr "" - --#: ../gui/selinux.tbl:15 -+#: ../gui/system-config-selinux.glade:727 - msgid "" --"Allow user SELinux user account to execute files in home directory or /tmp" -+"all files\n" -+"regular file\n" -+"directory\n" -+"character device\n" -+"block device\n" -+"socket\n" -+"symbolic link\n" -+"named pipe\n" - msgstr "" - --#: ../gui/selinux.tbl:16 --msgid "Allow unconfined to dyntrans to unconfined_execmem" -+#: ../gui/system-config-selinux.glade:773 -+msgid "MLS" - msgstr "" - --#: ../gui/selinux.tbl:17 ../gui/selinux.tbl:18 ../gui/selinux.tbl:120 --#: ../gui/selinux.tbl:140 --msgid "Databases" -+#: ../gui/system-config-selinux.glade:837 -+msgid "Add SELinux User" - msgstr "" - --#: ../gui/selinux.tbl:17 --msgid "Allow user to connect to mysql socket" -+#: ../gui/system-config-selinux.glade:1079 -+msgid "SELinux Administration" - msgstr "" - --#: ../gui/selinux.tbl:18 --msgid "Allow user to connect to postgres socket" -+#: ../gui/system-config-selinux.glade:1122 -+msgid "Add" - msgstr "" - --#: ../gui/selinux.tbl:19 ../gui/selinux.tbl:165 ../gui/selinux.tbl:223 --msgid "XServer" --msgstr "" -+#: ../gui/system-config-selinux.glade:1144 -+msgid "_Properties" -+msgstr "" - --#: ../gui/selinux.tbl:19 --msgid "Allow clients to write to X shared memory" -+#: ../gui/system-config-selinux.glade:1166 -+msgid "_Delete" - msgstr "" - --#: ../gui/selinux.tbl:20 -+#: ../gui/system-config-selinux.glade:1256 -+msgid "Select Management Object" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1273 -+msgid "Select:" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1326 -+msgid "System Default Enforcing Mode" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1354 - msgid "" --"Allow xguest SELinux user account to execute files in home directory or /tmp" -+"Disabled\n" -+"Permissive\n" -+"Enforcing\n" - msgstr "" - --#: ../gui/selinux.tbl:21 ../gui/selinux.tbl:228 ../gui/selinux.tbl:229 --#: ../gui/selinux.tbl:231 --msgid "NIS" -+#: ../gui/system-config-selinux.glade:1373 -+msgid "Current Enforcing Mode" - msgstr "" - --#: ../gui/selinux.tbl:21 --msgid "Allow daemons to run with NIS" -+#: ../gui/system-config-selinux.glade:1418 -+msgid "System Default Policy Type: " - msgstr "" - --#: ../gui/selinux.tbl:22 ../gui/selinux.tbl:23 ../gui/selinux.tbl:24 --#: ../gui/selinux.tbl:25 ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 --#: ../gui/selinux.tbl:28 ../gui/selinux.tbl:29 ../gui/selinux.tbl:71 --#: ../gui/selinux.tbl:73 ../gui/selinux.tbl:74 ../gui/selinux.tbl:115 --#: ../gui/selinux.tbl:118 --msgid "Web Applications" -+#: ../gui/system-config-selinux.glade:1463 -+msgid "" -+"Select if you wish to relabel then entire file system on next reboot. " -+"Relabeling can take a very long time, depending on the size of the system. " -+"If you are changing policy types or going from disabled to enforcing, a " -+"relabel is required." - msgstr "" - --#: ../gui/selinux.tbl:22 --msgid "Transition staff SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1509 -+msgid "Relabel on next reboot." - msgstr "" - --#: ../gui/selinux.tbl:23 --msgid "Transition sysadm SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1561 -+msgid "label37" - msgstr "" - --#: ../gui/selinux.tbl:24 --msgid "Transition user SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1598 -+msgid "Revert boolean setting to system default" - msgstr "" - --#: ../gui/selinux.tbl:25 --msgid "Transition xguest SELinux user to Web Browser Domain" -+#: ../gui/system-config-selinux.glade:1614 -+msgid "Toggle between Customized and All Booleans" - msgstr "" - --#: ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 ../gui/selinux.tbl:28 --#: ../gui/selinux.tbl:29 --msgid "Allow staff Web Browsers to write to home directories" -+#: ../gui/system-config-selinux.glade:1645 -+#: ../gui/system-config-selinux.glade:1850 -+#: ../gui/system-config-selinux.glade:2037 -+#: ../gui/system-config-selinux.glade:2224 -+#: ../gui/system-config-selinux.glade:2467 -+#: ../gui/system-config-selinux.glade:2692 -+#: ../gui/system-config-selinux.glade:2867 -+msgid "Filter" - msgstr "" - --#: ../gui/selinux.tbl:30 --msgid "Disable SELinux protection for amanda" -+#: ../gui/system-config-selinux.glade:1734 -+msgid "label50" - msgstr "" - --#: ../gui/selinux.tbl:31 --msgid "Disable SELinux protection for amavis" -+#: ../gui/system-config-selinux.glade:1771 -+msgid "Add File Context" - msgstr "" - --#: ../gui/selinux.tbl:32 --msgid "Disable SELinux protection for apmd daemon" -+#: ../gui/system-config-selinux.glade:1787 -+msgid "Modify File Context" - msgstr "" - --#: ../gui/selinux.tbl:33 --msgid "Disable SELinux protection for arpwatch daemon" -+#: ../gui/system-config-selinux.glade:1803 -+msgid "Delete File Context" - msgstr "" - --#: ../gui/selinux.tbl:34 --msgid "Disable SELinux protection for auditd daemon" -+#: ../gui/system-config-selinux.glade:1819 -+msgid "Toggle between all and customized file context" - msgstr "" - --#: ../gui/selinux.tbl:35 --msgid "Disable SELinux protection for automount daemon" -+#: ../gui/system-config-selinux.glade:1939 -+msgid "label38" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1976 -+msgid "Add SELinux User Mapping" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:1992 -+msgid "Modify SELinux User Mapping" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2008 -+msgid "Delete SELinux User Mapping" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2126 -+msgid "label39" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2163 -+msgid "Add User" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2179 -+msgid "Modify User" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2195 -+msgid "Delete User" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2313 -+msgid "label41" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2350 -+msgid "Add Network Port" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2366 -+msgid "Edit Network Port" - msgstr "" - --#: ../gui/selinux.tbl:36 --msgid "Disable SELinux protection for avahi" -+#: ../gui/system-config-selinux.glade:2382 -+msgid "Delete Network Port" - msgstr "" - --#: ../gui/selinux.tbl:37 --msgid "Disable SELinux protection for bluetooth daemon" -+#: ../gui/system-config-selinux.glade:2418 -+#: ../gui/system-config-selinux.glade:2436 -+msgid "Toggle between Customized and All Ports" - msgstr "" - --#: ../gui/selinux.tbl:38 --msgid "Disable SELinux protection for canna daemon" -+#: ../gui/system-config-selinux.glade:2556 -+msgid "label42" - msgstr "" - --#: ../gui/selinux.tbl:39 --msgid "Disable SELinux protection for cardmgr daemon" -+#: ../gui/system-config-selinux.glade:2593 -+msgid "Generate new policy module" - msgstr "" - --#: ../gui/selinux.tbl:40 --msgid "Disable SELinux protection for Cluster Server" -+#: ../gui/system-config-selinux.glade:2609 -+msgid "Load policy module" - msgstr "" - --#: ../gui/selinux.tbl:41 -+#: ../gui/system-config-selinux.glade:2625 -+msgid "Remove loadable policy module" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2661 - msgid "" --"Allow cdrecord to read various content. nfs, samba, removable devices, user " --"temp and untrusted content files" -+"Enable/Disable additional audit rules, that are normally not reported in the " -+"log files." -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2781 -+msgid "label44" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2818 -+msgid "Change process mode to permissive." - msgstr "" - --#: ../gui/selinux.tbl:42 --msgid "Disable SELinux protection for ciped daemon" -+#: ../gui/system-config-selinux.glade:2836 -+msgid "Change process mode to enforcing" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2928 -+msgid "Process Domain" -+msgstr "" -+ -+#: ../gui/system-config-selinux.glade:2956 -+msgid "label59" -+msgstr "" -+ -+#: ../gui/usersPage.py:138 -+#, python-format -+msgid "SELinux user '%s' is required" - msgstr "" - --#: ../gui/selinux.tbl:43 --msgid "Disable SELinux protection for clamd daemon" -+#: ../sepolicy/sepolicy.py:202 -+msgid "Generate SELinux man pages" - msgstr "" - --#: ../gui/selinux.tbl:44 --msgid "Disable SELinux protection for clamscan" -+#: ../sepolicy/sepolicy.py:205 -+msgid "path in which the generated SELinux man pages will be stored" - msgstr "" - --#: ../gui/selinux.tbl:45 --msgid "Disable SELinux protection for clvmd" -+#: ../sepolicy/sepolicy.py:207 -+msgid "name of the OS for man pages" - msgstr "" - --#: ../gui/selinux.tbl:46 --msgid "Disable SELinux protection for comsat daemon" -+#: ../sepolicy/sepolicy.py:209 -+msgid "Generate HTML man pages structure for selected SELinux man page" - msgstr "" - --#: ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 ../gui/selinux.tbl:49 --#: ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 --msgid "Disable SELinux protection for courier daemon" -+#: ../sepolicy/sepolicy.py:213 -+msgid "All domains" - msgstr "" - --#: ../gui/selinux.tbl:52 --msgid "Disable SELinux protection for cpucontrol daemon" -+#: ../sepolicy/sepolicy.py:216 -+msgid "Domain name(s) of man pages to be created" - msgstr "" - --#: ../gui/selinux.tbl:53 --msgid "Disable SELinux protection for cpuspeed daemon" -+#: ../sepolicy/sepolicy.py:221 -+msgid "Query SELinux policy network information" - msgstr "" - --#: ../gui/selinux.tbl:54 --msgid "Cron" -+#: ../sepolicy/sepolicy.py:226 -+msgid "list all SELinux port types" - msgstr "" - --#: ../gui/selinux.tbl:54 --msgid "Disable SELinux protection for crond daemon" -+#: ../sepolicy/sepolicy.py:229 -+msgid "show SELinux type related to the port" - msgstr "" - --#: ../gui/selinux.tbl:55 ../gui/selinux.tbl:56 ../gui/selinux.tbl:57 --#: ../gui/selinux.tbl:91 --msgid "Printing" -+#: ../sepolicy/sepolicy.py:232 -+msgid "Show ports defined for this SELinux type" - msgstr "" - --#: ../gui/selinux.tbl:55 --msgid "Disable SELinux protection for cupsd back end server" -+#: ../sepolicy/sepolicy.py:235 -+msgid "show ports to which this domain can bind and/or connect" - msgstr "" - --#: ../gui/selinux.tbl:56 --msgid "Disable SELinux protection for cupsd daemon" -+#: ../sepolicy/sepolicy.py:250 -+msgid "query SELinux policy to see if domains can communicate with each other" - msgstr "" - --#: ../gui/selinux.tbl:57 --msgid "Disable SELinux protection for cupsd_lpd" -+#: ../sepolicy/sepolicy.py:253 -+msgid "Source Domain" - msgstr "" - --#: ../gui/selinux.tbl:58 --msgid "CVS" -+#: ../sepolicy/sepolicy.py:256 -+msgid "Target Domain" - msgstr "" - --#: ../gui/selinux.tbl:58 --msgid "Disable SELinux protection for cvs daemon" -+#: ../sepolicy/sepolicy.py:276 -+msgid "query SELinux Policy to see description of booleans" - msgstr "" - --#: ../gui/selinux.tbl:59 --msgid "Disable SELinux protection for cyrus daemon" -+#: ../sepolicy/sepolicy.py:280 -+msgid "get all booleans descriptions" - msgstr "" - --#: ../gui/selinux.tbl:60 --msgid "Disable SELinux protection for dbskkd daemon" -+#: ../sepolicy/sepolicy.py:282 -+msgid "boolean to get description" - msgstr "" - --#: ../gui/selinux.tbl:61 --msgid "Disable SELinux protection for dbusd daemon" -+#: ../sepolicy/sepolicy.py:301 -+msgid "" -+"query SELinux Policy to see how a source process domain can transition to " -+"the target process domain" - msgstr "" - --#: ../gui/selinux.tbl:62 --msgid "Disable SELinux protection for dccd" -+#: ../sepolicy/sepolicy.py:304 -+msgid "source process domain" - msgstr "" - --#: ../gui/selinux.tbl:63 --msgid "Disable SELinux protection for dccifd" -+#: ../sepolicy/sepolicy.py:307 -+msgid "target process domain" - msgstr "" - --#: ../gui/selinux.tbl:64 --msgid "Disable SELinux protection for dccm" -+#: ../sepolicy/sepolicy.py:327 -+msgid "Command required for this type of policy" - msgstr "" - --#: ../gui/selinux.tbl:65 --msgid "Disable SELinux protection for ddt daemon" -+#: ../sepolicy/sepolicy.py:347 -+msgid "List SELinux Policy interfaces" - msgstr "" - --#: ../gui/selinux.tbl:66 --msgid "Disable SELinux protection for devfsd daemon" -+#: ../sepolicy/sepolicy.py:362 -+msgid "Generate SELinux Policy module template" - msgstr "" - --#: ../gui/selinux.tbl:67 --msgid "Disable SELinux protection for dhcpc daemon" -+#: ../sepolicy/sepolicy.py:365 -+msgid "Enter domain type which you will be extending" - msgstr "" - --#: ../gui/selinux.tbl:68 --msgid "Disable SELinux protection for dhcpd daemon" -+#: ../sepolicy/sepolicy.py:368 -+msgid "Enter SELinux user(s) which will transition to this domain" - msgstr "" - --#: ../gui/selinux.tbl:69 --msgid "Disable SELinux protection for dictd daemon" -+#: ../sepolicy/sepolicy.py:371 -+msgid "Enter domain(s) that this confined admin will administrate" - msgstr "" - --#: ../gui/selinux.tbl:70 --msgid "Allow sysadm_t to directly start daemons" -+#: ../sepolicy/sepolicy.py:374 -+msgid "name of policy to generate" - msgstr "" - --#: ../gui/selinux.tbl:71 --msgid "Disable SELinux protection for Evolution" -+#: ../sepolicy/sepolicy.py:378 -+msgid "path in which the generated policy files will be stored" - msgstr "" - --#: ../gui/selinux.tbl:72 --msgid "Games" -+#: ../sepolicy/sepolicy.py:380 -+msgid "executable to confine" - msgstr "" - --#: ../gui/selinux.tbl:72 --msgid "Disable SELinux protection for games" -+#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387 -+#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393 -+#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399 -+#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405 -+#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411 -+#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417 -+#, python-format -+msgid "Generate Policy for %s" - msgstr "" - --#: ../gui/selinux.tbl:73 --msgid "Disable SELinux protection for the web browsers" -+#: ../sepolicy/sepolicy.py:422 -+msgid "commands" - msgstr "" - --#: ../gui/selinux.tbl:74 --msgid "Disable SELinux protection for Thunderbird" -+#: ../sepolicy/sepolicy.py:425 -+msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" - msgstr "" - --#: ../gui/selinux.tbl:75 --msgid "Disable SELinux protection for distccd daemon" -+#: ../sepolicy/sepolicy/__init__.py:48 -+msgid "No SELinux Policy installed" - msgstr "" - --#: ../gui/selinux.tbl:76 --msgid "Disable SELinux protection for dmesg daemon" -+#: ../sepolicy/sepolicy/__init__.py:54 -+#, python-format -+msgid "Failed to read %s policy file" - msgstr "" - --#: ../gui/selinux.tbl:77 --msgid "Disable SELinux protection for dnsmasq daemon" -+#: ../sepolicy/sepolicy/__init__.py:127 -+msgid "unknown" - msgstr "" - --#: ../gui/selinux.tbl:78 --msgid "Disable SELinux protection for dovecot daemon" -+#: ../sepolicy/sepolicy/generate.py:173 -+msgid "Internet Services Daemon" - msgstr "" - --#: ../gui/selinux.tbl:79 --msgid "Disable SELinux protection for entropyd daemon" -+#: ../sepolicy/sepolicy/generate.py:177 -+msgid "Existing Domain Type" - msgstr "" - --#: ../gui/selinux.tbl:80 --msgid "Disable SELinux protection for fetchmail" -+#: ../sepolicy/sepolicy/generate.py:178 -+msgid "Minimal Terminal Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:81 --msgid "Disable SELinux protection for fingerd daemon" -+#: ../sepolicy/sepolicy/generate.py:179 -+msgid "Minimal X Windows Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:82 --msgid "Disable SELinux protection for freshclam daemon" -+#: ../sepolicy/sepolicy/generate.py:180 -+msgid "Desktop Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:83 --msgid "Disable SELinux protection for fsdaemon daemon" -+#: ../sepolicy/sepolicy/generate.py:181 -+msgid "Administrator Login User Role" - msgstr "" - --#: ../gui/selinux.tbl:84 --msgid "Disable SELinux protection for gpm daemon" -+#: ../sepolicy/sepolicy/generate.py:182 -+msgid "Confined Root Administrator Role" - msgstr "" - --#: ../gui/selinux.tbl:85 ../gui/selinux.tbl:125 --msgid "NFS" -+#: ../sepolicy/sepolicy/generate.py:187 -+msgid "Valid Types:\n" - msgstr "" - --#: ../gui/selinux.tbl:85 --msgid "Disable SELinux protection for gss daemon" -+#: ../sepolicy/sepolicy/generate.py:221 -+#, python-format -+msgid "Ports must be numbers or ranges of numbers from 1 to %d " - msgstr "" - --#: ../gui/selinux.tbl:86 --msgid "Disable SELinux protection for Hal daemon" -+#: ../sepolicy/sepolicy/generate.py:231 -+msgid "You must enter a valid policy type" - msgstr "" - --#: ../gui/selinux.tbl:87 --msgid "Compatibility" -+#: ../sepolicy/sepolicy/generate.py:234 -+#, python-format -+msgid "You must enter a name for your policy module for your %s." - msgstr "" - --#: ../gui/selinux.tbl:87 -+#: ../sepolicy/sepolicy/generate.py:355 - msgid "" --"Do not audit things that we know to be broken but which are not security " --"risks" -+"Name must be alpha numberic with no spaces. Consider using option \"-n " -+"MODULENAME\"" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:447 -+msgid "User Role types can not be assigned executables." - msgstr "" - --#: ../gui/selinux.tbl:88 --msgid "Disable SELinux protection for hostname daemon" -+#: ../sepolicy/sepolicy/generate.py:453 -+msgid "Only Daemon apps can use an init script.." - msgstr "" - --#: ../gui/selinux.tbl:89 --msgid "Disable SELinux protection for hotplug daemon" -+#: ../sepolicy/sepolicy/generate.py:471 -+msgid "use_resolve must be a boolean value " - msgstr "" - --#: ../gui/selinux.tbl:90 --msgid "Disable SELinux protection for howl daemon" -+#: ../sepolicy/sepolicy/generate.py:477 -+msgid "use_syslog must be a boolean value " - msgstr "" - --#: ../gui/selinux.tbl:91 --msgid "Disable SELinux protection for cups hplip daemon" -+#: ../sepolicy/sepolicy/generate.py:483 -+msgid "use_kerberos must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:489 -+msgid "manage_krb5_rcache must be a boolean value " - msgstr "" - --#: ../gui/selinux.tbl:92 --msgid "Disable SELinux protection for httpd rotatelogs" -+#: ../sepolicy/sepolicy/generate.py:519 -+msgid "USER Types automatically get a tmp type" - msgstr "" - --#: ../gui/selinux.tbl:93 ../gui/selinux.tbl:232 ../gui/selinux.tbl:233 --msgid "HTTPD Service" -+#: ../sepolicy/sepolicy/generate.py:857 -+#, python-format -+msgid "%s policy modules require existing domains" - msgstr "" - --#: ../gui/selinux.tbl:93 --msgid "Disable SELinux protection for http suexec" -+#: ../sepolicy/sepolicy/generate.py:1059 -+msgid "You must enter the executable path for your confined process" - msgstr "" - --#: ../gui/selinux.tbl:94 --msgid "Disable SELinux protection for hwclock daemon" -+#: ../sepolicy/sepolicy/generate.py:1321 -+msgid "Type Enforcement file" - msgstr "" - --#: ../gui/selinux.tbl:95 --msgid "Disable SELinux protection for i18n daemon" -+#: ../sepolicy/sepolicy/generate.py:1322 -+msgid "Interface file" - msgstr "" - --#: ../gui/selinux.tbl:96 --msgid "Disable SELinux protection for imazesrv daemon" -+#: ../sepolicy/sepolicy/generate.py:1323 -+msgid "File Contexts file" - msgstr "" - --#: ../gui/selinux.tbl:97 --msgid "Disable SELinux protection for inetd child daemons" -+#: ../sepolicy/sepolicy/generate.py:1324 -+msgid "Spec file" - msgstr "" - --#: ../gui/selinux.tbl:98 --msgid "Disable SELinux protection for inetd daemon" -+#: ../sepolicy/sepolicy/generate.py:1325 -+msgid "Setup Script" - msgstr "" - --#: ../gui/selinux.tbl:99 --msgid "Disable SELinux protection for innd daemon" -+#: booleans.py:1 -+msgid "" -+"Allow ABRT to modify public files used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:100 --msgid "Disable SELinux protection for iptables daemon" -+#: booleans.py:2 -+msgid "" -+"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" - msgstr "" - --#: ../gui/selinux.tbl:101 --msgid "Disable SELinux protection for ircd daemon" -+#: booleans.py:3 -+msgid "Allow amavis to use JIT compiler" - msgstr "" - --#: ../gui/selinux.tbl:102 --msgid "Disable SELinux protection for irqbalance daemon" -+#: booleans.py:4 -+msgid "Allow antivirus programs to read non security files on a system" - msgstr "" - --#: ../gui/selinux.tbl:103 --msgid "Disable SELinux protection for iscsi daemon" -+#: booleans.py:5 -+msgid "Allow auditadm to exec content" - msgstr "" - --#: ../gui/selinux.tbl:104 --msgid "Disable SELinux protection for jabberd daemon" -+#: booleans.py:6 -+msgid "" -+"Allow users to resolve user passwd entries directly from ldap rather then " -+"using a sssd server" - msgstr "" - --#: ../gui/selinux.tbl:105 ../gui/selinux.tbl:107 --msgid "Kerberos" -+#: booleans.py:7 -+msgid "Allow users to login using a radius server" - msgstr "" - --#: ../gui/selinux.tbl:105 --msgid "Disable SELinux protection for kadmind daemon" -+#: booleans.py:8 -+msgid "Allow users to login using a yubikey server" - msgstr "" - --#: ../gui/selinux.tbl:106 --msgid "Disable SELinux protection for klogd daemon" -+#: booleans.py:9 -+msgid "Allow awstats to purge Apache logs" - msgstr "" - --#: ../gui/selinux.tbl:107 --msgid "Disable SELinux protection for krb5kdc daemon" -+#: booleans.py:10 -+msgid "" -+"Allow cdrecord to read various content. nfs, samba, removable devices, user " -+"temp and untrusted content files" - msgstr "" - --#: ../gui/selinux.tbl:108 --msgid "Disable SELinux protection for ktalk daemons" -+#: booleans.py:11 -+msgid "Allow clamd to use JIT compiler" - msgstr "" - --#: ../gui/selinux.tbl:109 --msgid "Disable SELinux protection for kudzu daemon" -+#: booleans.py:12 -+msgid "Allow clamscan to non security files on a system" - msgstr "" - --#: ../gui/selinux.tbl:110 --msgid "Disable SELinux protection for locate daemon" -+#: booleans.py:13 -+msgid "Allow clamscan to read user content" - msgstr "" - --#: ../gui/selinux.tbl:111 --msgid "Disable SELinux protection for lpd daemon" -+#: booleans.py:14 -+msgid "" -+"Allow Cobbler to modify public files used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:112 --msgid "Disable SELinux protection for lrrd daemon" -+#: booleans.py:15 -+msgid "Allow Cobbler to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:113 --msgid "Disable SELinux protection for lvm daemon" -+#: booleans.py:16 -+msgid "Allow Cobbler to access cifs file systems." - msgstr "" - --#: ../gui/selinux.tbl:114 --msgid "Disable SELinux protection for mailman" -+#: booleans.py:17 -+msgid "Allow Cobbler to access nfs file systems." - msgstr "" - --#: ../gui/selinux.tbl:115 --msgid "Allow evolution and thunderbird to read user files" -+#: booleans.py:18 -+msgid "Allow collectd to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:116 --msgid "Disable SELinux protection for mdadm daemon" -+#: booleans.py:19 -+msgid "Allow codnor domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:117 --msgid "Disable SELinux protection for monopd daemon" -+#: booleans.py:20 -+msgid "" -+"Allow system cron jobs to relabel filesystem for restoring file contexts." - msgstr "" - --#: ../gui/selinux.tbl:118 --msgid "Allow the mozilla browser to read user files" -+#: booleans.py:21 -+msgid "Allow cvs daemon to read shadow" - msgstr "" - --#: ../gui/selinux.tbl:119 --msgid "Disable SELinux protection for mrtg daemon" -+#: booleans.py:22 -+msgid "Allow all daemons to write corefiles to /" - msgstr "" - --#: ../gui/selinux.tbl:120 --msgid "Disable SELinux protection for mysqld daemon" -+#: booleans.py:23 -+msgid "Allow all daemons to use tcp wrappers." - msgstr "" - --#: ../gui/selinux.tbl:121 --msgid "Disable SELinux protection for nagios daemon" -+#: booleans.py:24 -+msgid "Allow all daemons the ability to read/write terminals" - msgstr "" - --#: ../gui/selinux.tbl:122 ../gui/selinux.tbl:128 --msgid "Name Service" -+#: booleans.py:25 -+msgid "Allow dan to manage user files" - msgstr "" - --#: ../gui/selinux.tbl:122 --msgid "Disable SELinux protection for named daemon" -+#: booleans.py:26 -+msgid "Allow dan to read user files" - msgstr "" - --#: ../gui/selinux.tbl:123 --msgid "Disable SELinux protection for nessusd daemon" -+#: booleans.py:27 -+msgid "Allow dbadm to manage files in users home directories" - msgstr "" - --#: ../gui/selinux.tbl:124 --msgid "Disable SELinux protection for NetworkManager" -+#: booleans.py:28 -+msgid "Allow dbadm to read files in users home directories" - msgstr "" - --#: ../gui/selinux.tbl:125 --msgid "Disable SELinux protection for nfsd daemon" -+#: booleans.py:29 -+msgid "" -+"Deny user domains applications to map a memory region as both executable and " -+"writable, this is dangerous and the executable should be reported in bugzilla" - msgstr "" - --#: ../gui/selinux.tbl:126 ../gui/selinux.tbl:163 ../gui/selinux.tbl:176 --#: ../gui/selinux.tbl:221 --msgid "Samba" -+#: booleans.py:30 -+msgid "Allow sysadm to debug or ptrace all processes." - msgstr "" - --#: ../gui/selinux.tbl:126 --msgid "Disable SELinux protection for nmbd daemon" -+#: booleans.py:31 -+msgid "Allow dhcpc client applications to execute iptables commands" - msgstr "" - --#: ../gui/selinux.tbl:127 --msgid "Disable SELinux protection for nrpe daemon" -+#: booleans.py:32 -+msgid "Allow DHCP daemon to use LDAP backends" - msgstr "" - --#: ../gui/selinux.tbl:128 --msgid "Disable SELinux protection for nscd daemon" -+#: booleans.py:33 -+msgid "Allow all domains to use other domains file descriptors" - msgstr "" - --#: ../gui/selinux.tbl:129 --msgid "Disable SELinux protection for nsd daemon" -+#: booleans.py:34 -+msgid "Allow all domains to have the kernel load modules" - msgstr "" - --#: ../gui/selinux.tbl:130 --msgid "Disable SELinux protection for ntpd daemon" -+#: booleans.py:35 -+msgid "Allow the use of the audio devices as the source for the entropy feeds" - msgstr "" - --#: ../gui/selinux.tbl:131 --msgid "Disable SELinux protection for oddjob" -+#: booleans.py:36 -+msgid "Allow exim to connect to databases (postgres, mysql)" - msgstr "" - --#: ../gui/selinux.tbl:132 --msgid "Disable SELinux protection for oddjob_mkhomedir" -+#: booleans.py:37 -+msgid "Allow exim to create, read, write, and delete unprivileged user files." - msgstr "" - --#: ../gui/selinux.tbl:133 --msgid "Disable SELinux protection for openvpn daemon" -+#: booleans.py:38 -+msgid "Allow exim to read unprivileged user files." - msgstr "" - --#: ../gui/selinux.tbl:134 --msgid "Disable SELinux protection for pam daemon" -+#: booleans.py:39 -+msgid "Enable extra rules in the cron domain to support fcron." - msgstr "" - --#: ../gui/selinux.tbl:135 --msgid "Disable SELinux protection for pegasus" -+#: booleans.py:40 -+msgid "Allow fenced domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:136 --msgid "Disable SELinux protection for perdition daemon" -+#: booleans.py:41 -+msgid "Allow fenced domain to execute ssh." - msgstr "" - --#: ../gui/selinux.tbl:137 --msgid "Disable SELinux protection for portmap daemon" -+#: booleans.py:42 -+msgid "Allow all domains to execute in fips_mode" - msgstr "" - --#: ../gui/selinux.tbl:138 --msgid "Disable SELinux protection for portslave daemon" -+#: booleans.py:43 -+msgid "Allow ftp to read and write files in the user home directories" - msgstr "" - --#: ../gui/selinux.tbl:139 --msgid "Disable SELinux protection for postfix" -+#: booleans.py:44 -+msgid "" -+"Allow ftp servers to upload files, used for public file transfer services. " -+"Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/selinux.tbl:140 --msgid "Disable SELinux protection for postgresql daemon" -+#: booleans.py:45 -+msgid "Allow ftp servers to connect to all ports > 1023" - msgstr "" - --#: ../gui/selinux.tbl:141 --msgid "pppd" -+#: booleans.py:46 -+msgid "Allow ftp servers to connect to mysql database ports" - msgstr "" - --#: ../gui/selinux.tbl:141 --msgid "Allow pppd to be run for a regular user" -+#: booleans.py:47 -+msgid "" -+"Allow ftp servers to login to local users and read/write all files on the " -+"system, governed by DAC." - msgstr "" - --#: ../gui/selinux.tbl:142 --msgid "Disable SELinux protection for pptp" -+#: booleans.py:48 -+msgid "Allow ftp servers to use cifs used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:143 --msgid "Disable SELinux protection for prelink daemon" -+#: booleans.py:49 -+msgid "Allow ftp servers to use nfs used for public file transfer services." - msgstr "" - --#: ../gui/selinux.tbl:144 --msgid "Disable SELinux protection for privoxy daemon" -+#: booleans.py:50 -+msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" - msgstr "" - --#: ../gui/selinux.tbl:145 --msgid "Disable SELinux protection for ptal daemon" -+#: booleans.py:51 -+msgid "Determine whether Git CGI can search home directories." - msgstr "" - --#: ../gui/selinux.tbl:146 --msgid "Disable SELinux protection for pxe daemon" -+#: booleans.py:52 -+msgid "Determine whether Git CGI can access cifs file systems." - msgstr "" - --#: ../gui/selinux.tbl:147 --msgid "Disable SELinux protection for pyzord" -+#: booleans.py:53 -+msgid "Determine whether Git CGI can access nfs file systems." - msgstr "" - --#: ../gui/selinux.tbl:148 --msgid "Disable SELinux protection for quota daemon" -+#: booleans.py:54 -+msgid "" -+"Determine whether Git session daemon can bind TCP sockets to all unreserved " -+"ports." - msgstr "" - --#: ../gui/selinux.tbl:149 --msgid "Disable SELinux protection for radiusd daemon" -+#: booleans.py:55 -+msgid "" -+"Determine whether calling user domains can execute Git daemon in the " -+"git_session_t domain." - msgstr "" - --#: ../gui/selinux.tbl:150 --msgid "Disable SELinux protection for radvd daemon" -+#: booleans.py:56 -+msgid "Determine whether Git system daemon can search home directories." - msgstr "" - --#: ../gui/selinux.tbl:151 --msgid "Disable SELinux protection for rdisc" -+#: booleans.py:57 -+msgid "Determine whether Git system daemon can access cifs file systems." - msgstr "" - --#: ../gui/selinux.tbl:152 --msgid "Disable SELinux protection for readahead" -+#: booleans.py:58 -+msgid "Determine whether Git system daemon can access nfs file systems." - msgstr "" - --#: ../gui/selinux.tbl:153 --msgid "Allow programs to read files in non-standard locations (default_t)" -+#: booleans.py:59 -+msgid "Allow gitisis daemon to send mail" - msgstr "" - --#: ../gui/selinux.tbl:154 --msgid "Disable SELinux protection for restorecond" -+#: booleans.py:60 -+msgid "Enable reading of urandom for all domains." - msgstr "" - --#: ../gui/selinux.tbl:155 --msgid "Disable SELinux protection for rhgb daemon" -+#: booleans.py:61 -+msgid "" -+"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" -+"agent to manage user files." - msgstr "" - --#: ../gui/selinux.tbl:156 --msgid "Disable SELinux protection for ricci" -+#: booleans.py:62 -+msgid "" -+"Allow gpg web domain to modify public files used for public file transfer " -+"services." - msgstr "" - --#: ../gui/selinux.tbl:157 --msgid "Disable SELinux protection for ricci_modclusterd" -+#: booleans.py:63 -+msgid "Allow gssd to read temp directory. For access to kerberos tgt." - msgstr "" - --#: ../gui/selinux.tbl:158 --msgid "Disable SELinux protection for rlogind daemon" -+#: booleans.py:64 -+msgid "Allow guest to exec content" - msgstr "" - --#: ../gui/selinux.tbl:159 --msgid "Disable SELinux protection for rpcd daemon" -+#: booleans.py:65 -+msgid "" -+"Allow Apache to modify public files used for public file transfer services. " -+"Directories/Files must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/selinux.tbl:160 --msgid "Disable SELinux protection for rshd" -+#: booleans.py:66 -+msgid "Allow httpd to use built in scripting (usually php)" - msgstr "" - --#: ../gui/selinux.tbl:161 --msgid "rsync" -+#: booleans.py:67 -+msgid "Allow http daemon to check spam" - msgstr "" - --#: ../gui/selinux.tbl:161 --msgid "Disable SELinux protection for rsync daemon" -+#: booleans.py:68 -+msgid "" -+"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " -+"ports" - msgstr "" - --#: ../gui/selinux.tbl:162 --msgid "Allow ssh to run from inetd instead of as a daemon" -+#: booleans.py:69 -+msgid "Allow httpd to connect to the ldap port" - msgstr "" - --#: ../gui/selinux.tbl:163 --msgid "Allow Samba to share nfs directories" -+#: booleans.py:70 -+msgid "Allow http daemon to connect to zabbix" - msgstr "" - --#: ../gui/selinux.tbl:164 ../gui/selinux.tbl:166 --msgid "SASL authentication server" -+#: booleans.py:71 -+msgid "Allow HTTPD scripts and modules to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:164 --msgid "Allow sasl authentication server to read /etc/shadow" -+#: booleans.py:72 -+msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." - msgstr "" - --#: ../gui/selinux.tbl:165 -+#: booleans.py:73 - msgid "" --"Allow X-Windows server to map a memory region as both executable and writable" -+"Allow HTTPD scripts and modules to connect to databases over the network." -+msgstr "" -+ -+#: booleans.py:74 -+msgid "Allow httpd to connect to memcache server" - msgstr "" - --#: ../gui/selinux.tbl:166 --msgid "Disable SELinux protection for saslauthd daemon" -+#: booleans.py:75 -+msgid "Allow httpd to act as a relay" - msgstr "" - --#: ../gui/selinux.tbl:167 --msgid "Disable SELinux protection for scannerdaemon daemon" -+#: booleans.py:76 -+msgid "Allow http daemon to send mail" - msgstr "" - --#: ../gui/selinux.tbl:168 --msgid "Do not allow transition to sysadm_t, sudo and su effected" -+#: booleans.py:77 -+msgid "Allow Apache to communicate with avahi service via dbus" - msgstr "" - --#: ../gui/selinux.tbl:169 --msgid "Do not allow any processes to load kernel modules" -+#: booleans.py:78 -+msgid "Allow httpd cgi support" - msgstr "" - --#: ../gui/selinux.tbl:170 --msgid "Do not allow any processes to modify kernel SELinux policy" -+#: booleans.py:79 -+msgid "Allow httpd to act as a FTP server by listening on the ftp port." - msgstr "" - --#: ../gui/selinux.tbl:171 --msgid "Disable SELinux protection for sendmail daemon" -+#: booleans.py:80 -+msgid "Allow httpd to read home directories" - msgstr "" - --#: ../gui/selinux.tbl:172 --msgid "Disable SELinux protection for setrans" -+#: booleans.py:81 -+msgid "Allow httpd scripts and modules execmem/execstack" - msgstr "" - --#: ../gui/selinux.tbl:173 --msgid "Disable SELinux protection for setroubleshoot daemon" -+#: booleans.py:82 -+msgid "Allow HTTPD to connect to port 80 for graceful shutdown" - msgstr "" - --#: ../gui/selinux.tbl:174 --msgid "Disable SELinux protection for slapd daemon" -+#: booleans.py:83 -+msgid "Allow httpd processes to manage IPA content" - msgstr "" - --#: ../gui/selinux.tbl:175 --msgid "Disable SELinux protection for slrnpull daemon" -+#: booleans.py:84 -+msgid "Allow Apache to use mod_auth_ntlm_winbind" - msgstr "" - --#: ../gui/selinux.tbl:176 --msgid "Disable SELinux protection for smbd daemon" -+#: booleans.py:85 -+msgid "Allow Apache to use mod_auth_pam" - msgstr "" - --#: ../gui/selinux.tbl:177 --msgid "Disable SELinux protection for snmpd daemon" -+#: booleans.py:86 -+msgid "Allow httpd to read user content" - msgstr "" - --#: ../gui/selinux.tbl:178 --msgid "Disable SELinux protection for snort daemon" -+#: booleans.py:87 -+msgid "Allow Apache to run in stickshift mode, not transition to passenger" - msgstr "" - --#: ../gui/selinux.tbl:179 --msgid "Disable SELinux protection for soundd daemon" -+#: booleans.py:88 -+msgid "Allow httpd daemon to change its resource limits" - msgstr "" - --#: ../gui/selinux.tbl:180 --msgid "Disable SELinux protection for sound daemon" -+#: booleans.py:89 -+msgid "" -+"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." - msgstr "" - --#: ../gui/selinux.tbl:181 ../gui/selinux.tbl:182 ../gui/selinux.tbl:183 --msgid "Spam Protection" -+#: booleans.py:90 -+msgid "" -+"Allow apache scripts to write to public content, directories/files must be " -+"labeled public_rw_content_t." - msgstr "" - --#: ../gui/selinux.tbl:181 --msgid "Disable SELinux protection for spamd daemon" -+#: booleans.py:91 -+msgid "Allow Apache to execute tmp content." - msgstr "" - --#: ../gui/selinux.tbl:182 --msgid "Allow spamd to access home directories" -+#: booleans.py:92 -+msgid "" -+"Unify HTTPD to communicate with the terminal. Needed for entering the " -+"passphrase for certificates at the terminal." - msgstr "" - --#: ../gui/selinux.tbl:183 --msgid "Allow Spam Assassin daemon network access" -+#: booleans.py:93 -+msgid "Unify HTTPD handling of all content files." - msgstr "" - --#: ../gui/selinux.tbl:184 --msgid "Disable SELinux protection for speedmgmt daemon" -+#: booleans.py:94 -+msgid "Allow httpd to access cifs file systems" - msgstr "" - --#: ../gui/selinux.tbl:185 ../gui/selinux.tbl:186 --msgid "Squid" -+#: booleans.py:95 -+msgid "Allow httpd to access FUSE file systems" - msgstr "" - --#: ../gui/selinux.tbl:185 --msgid "Allow squid daemon to connect to the network" -+#: booleans.py:96 -+msgid "Allow httpd to run gpg" - msgstr "" - --#: ../gui/selinux.tbl:186 --msgid "Disable SELinux protection for squid daemon" -+#: booleans.py:97 -+msgid "Allow httpd to access nfs file systems" - msgstr "" - --#: ../gui/selinux.tbl:187 --msgid "Disable SELinux protection for ssh daemon" -+#: booleans.py:98 -+msgid "Allow httpd to communicate with oddjob to start up a service" - msgstr "" - --#: ../gui/selinux.tbl:188 --msgid "Allow ssh logins as sysadm_r:sysadm_t" -+#: booleans.py:99 -+msgid "Allow httpd to access openstack ports" -+msgstr "" -+ -+#: booleans.py:100 -+msgid "Allow Apache to query NS records" -+msgstr "" -+ -+#: booleans.py:101 -+msgid "Allow icecast to connect to all ports, not just sound ports." - msgstr "" - --#: ../gui/selinux.tbl:189 -+#: booleans.py:102 - msgid "" --"Allow staff_r users to search the sysadm home dir and read files (such as ~/." --"bashrc)" -+"Allow the Irssi IRC Client to connect to any port, and to bind to any " -+"unreserved port." - msgstr "" - --#: ../gui/selinux.tbl:190 ../gui/selinux.tbl:191 --msgid "Universal SSL tunnel" -+#: booleans.py:103 -+msgid "Allow confined applications to run with kerberos." - msgstr "" - --#: ../gui/selinux.tbl:190 --msgid "Disable SELinux protection for stunnel daemon" -+#: booleans.py:104 -+msgid "Allow syslogd daemon to send mail" - msgstr "" - --#: ../gui/selinux.tbl:191 --msgid "Allow stunnel daemon to run as standalone, outside of xinetd" -+#: booleans.py:105 -+msgid "Allow syslogd the ability to read/write terminals" - msgstr "" - --#: ../gui/selinux.tbl:192 --msgid "Disable SELinux protection for swat daemon" -+#: booleans.py:106 -+msgid "Allow logging in and using the system from /dev/console." - msgstr "" - --#: ../gui/selinux.tbl:193 --msgid "Disable SELinux protection for sxid daemon" -+#: booleans.py:107 -+msgid "" -+"Control the ability to mmap a low area of the address space, as configured " -+"by /proc/sys/kernel/mmap_min_addr." - msgstr "" - --#: ../gui/selinux.tbl:194 --msgid "Disable SELinux protection for syslogd daemon" -+#: booleans.py:108 -+msgid "Allow mock to read files in home directories." - msgstr "" - --#: ../gui/selinux.tbl:195 --msgid "Disable SELinux protection for system cron jobs" -+#: booleans.py:109 -+msgid "Allow the mount command to mount any directory or file." - msgstr "" - --#: ../gui/selinux.tbl:196 --msgid "Disable SELinux protection for tcp daemon" -+#: booleans.py:110 -+msgid "Allow mozilla plugin domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:197 --msgid "Disable SELinux protection for telnet daemon" -+#: booleans.py:111 -+msgid "" -+"Allow mozilla_plugins to create random content in the users home directory" - msgstr "" - --#: ../gui/selinux.tbl:198 --msgid "Disable SELinux protection for tftpd daemon" -+#: booleans.py:112 -+msgid "Allow confined web browsers to read home directory content" - msgstr "" - --#: ../gui/selinux.tbl:199 --msgid "Disable SELinux protection for transproxy daemon" -+#: booleans.py:113 -+msgid "Allow mplayer executable stack" - msgstr "" - --#: ../gui/selinux.tbl:200 --msgid "Disable SELinux protection for udev daemon" -+#: booleans.py:114 -+msgid "Allow mysqld to connect to all ports" - msgstr "" - --#: ../gui/selinux.tbl:201 --msgid "Disable SELinux protection for uml daemon" -+#: booleans.py:115 -+msgid "Allow BIND to bind apache port." - msgstr "" - --#: ../gui/selinux.tbl:202 -+#: booleans.py:116 - msgid "" --"Allow xinetd to run unconfined, including any services it starts that do not " --"have a domain transition explicitly defined" -+"Allow BIND to write the master zone files. Generally this is used for " -+"dynamic DNS or zone transfers." -+msgstr "" -+ -+#: booleans.py:117 -+msgid "Allow any files/directories to be exported read/only via NFS." -+msgstr "" -+ -+#: booleans.py:118 -+msgid "Allow any files/directories to be exported read/write via NFS." - msgstr "" - --#: ../gui/selinux.tbl:203 -+#: booleans.py:119 - msgid "" --"Allow rc scripts to run unconfined, including any daemon started by an rc " --"script that does not have a domain transition explicitly defined" -+"Allow nfs servers to modify public files used for public file transfer " -+"services. Files/Directories must be labeled public_content_rw_t." -+msgstr "" -+ -+#: booleans.py:120 -+msgid "Allow system to run with NIS" -+msgstr "" -+ -+#: booleans.py:121 -+msgid "Allow confined applications to use nscd shared memory." -+msgstr "" -+ -+#: booleans.py:122 -+msgid "Allow openshift to lockdown app" - msgstr "" - --#: ../gui/selinux.tbl:204 --msgid "Allow rpm to run unconfined" -+#: booleans.py:123 -+msgid "Allow openvpn to read home directories" - msgstr "" - --#: ../gui/selinux.tbl:205 --msgid "Allow privileged utilities like hotplug and insmod to run unconfined" -+#: booleans.py:124 -+msgid "Allow piranha-lvs domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:206 --msgid "Disable SELinux protection for updfstab daemon" -+#: booleans.py:125 -+msgid "Allow polipo to connect to all ports > 1023" - msgstr "" - --#: ../gui/selinux.tbl:207 --msgid "Disable SELinux protection for uptimed daemon" -+#: booleans.py:126 -+msgid "" -+"Determine whether Polipo session daemon can bind tcp sockets to all " -+"unreserved ports." - msgstr "" - --#: ../gui/selinux.tbl:208 -+#: booleans.py:127 - msgid "" --"Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only " --"staff_r can do so" -+"Determine whether calling user domains can execute Polipo daemon in the " -+"polipo_session_t domain." -+msgstr "" -+ -+#: booleans.py:128 -+msgid "Determine whether polipo can access cifs file systems." -+msgstr "" -+ -+#: booleans.py:129 -+msgid "Determine whether Polipo can access nfs file systems." -+msgstr "" -+ -+#: booleans.py:130 -+msgid "Enable polyinstantiated directory support." - msgstr "" - --#: ../gui/selinux.tbl:209 --msgid "Allow users to execute the mount command" -+#: booleans.py:131 -+msgid "Allow postfix_local domain full write access to mail_spool directories" - msgstr "" - --#: ../gui/selinux.tbl:210 --msgid "Allow regular users direct mouse access (only allow the X server)" -+#: booleans.py:132 -+msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" - msgstr "" - --#: ../gui/selinux.tbl:211 --msgid "Allow users to run the dmesg command" -+#: booleans.py:133 -+msgid "Allow transmit client label to foreign database" - msgstr "" - --#: ../gui/selinux.tbl:212 --msgid "Allow users to control network interfaces (also needs USERCTL=true)" -+#: booleans.py:134 -+msgid "Allow database admins to execute DML statement" - msgstr "" - --#: ../gui/selinux.tbl:213 --msgid "Allow normal user to execute ping" -+#: booleans.py:135 -+msgid "Allow unprivileged users to execute DDL statement" - msgstr "" - --#: ../gui/selinux.tbl:214 --msgid "Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)" -+#: booleans.py:136 -+msgid "Allow pppd to load kernel modules for certain modems" - msgstr "" - --#: ../gui/selinux.tbl:215 --msgid "Allow users to rw usb devices" -+#: booleans.py:137 -+msgid "Allow pppd to be run for a regular user" - msgstr "" - --#: ../gui/selinux.tbl:216 -+#: booleans.py:138 - msgid "" --"Allow users to run TCP servers (bind to ports and accept connection from the " --"same domain and outside users) disabling this forces FTP passive mode and " --"may change other protocols" -+"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." - msgstr "" - --#: ../gui/selinux.tbl:217 --msgid "Allow user to stat ttyfiles" -+#: booleans.py:139 -+msgid "Allow Puppet client to manage all file types." - msgstr "" - --#: ../gui/selinux.tbl:218 --msgid "Disable SELinux protection for uucpd daemon" -+#: booleans.py:140 -+msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" - msgstr "" - --#: ../gui/selinux.tbl:219 --msgid "Disable SELinux protection for vmware daemon" -+#: booleans.py:141 -+msgid "Allow racoon to read shadow" - msgstr "" - --#: ../gui/selinux.tbl:220 --msgid "Disable SELinux protection for watchdog daemon" -+#: booleans.py:142 -+msgid "Allow rgmanager domain to connect to the network using TCP." - msgstr "" - --#: ../gui/selinux.tbl:221 --msgid "Disable SELinux protection for winbind daemon" -+#: booleans.py:143 -+msgid "" -+"Allow rsync to modify public files used for public file transfer services. " -+"Files/Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/selinux.tbl:222 --msgid "Disable SELinux protection for xdm daemon" -+#: booleans.py:144 -+msgid "Allow rsync to run as a client" - msgstr "" - --#: ../gui/selinux.tbl:223 --msgid "Allow xdm logins as sysadm_r:sysadm_t" -+#: booleans.py:145 -+msgid "Allow rsync to export any files/directories read only." - msgstr "" - --#: ../gui/selinux.tbl:224 --msgid "Disable SELinux protection for xen daemon" -+#: booleans.py:146 -+msgid "Allow rsync servers to share cifs files systems" - msgstr "" - --#: ../gui/selinux.tbl:225 --msgid "XEN" -+#: booleans.py:147 -+msgid "Allow rsync servers to share nfs files systems" - msgstr "" - --#: ../gui/selinux.tbl:225 --msgid "Allow xen to read/write physical disk devices" -+#: booleans.py:148 -+msgid "Allow samba to create new home directories (e.g. via PAM)" - msgstr "" - --#: ../gui/selinux.tbl:226 --msgid "Disable SELinux protection for xfs daemon" -+#: booleans.py:149 -+msgid "" -+"Allow samba to act as the domain controller, add users, groups and change " -+"passwords." - msgstr "" - --#: ../gui/selinux.tbl:227 --msgid "Disable SELinux protection for xen control" -+#: booleans.py:150 -+msgid "Allow samba to share users home directories." - msgstr "" - --#: ../gui/selinux.tbl:228 --msgid "Disable SELinux protection for ypbind daemon" -+#: booleans.py:151 -+msgid "Allow samba to share any file/directory read only." - msgstr "" - --#: ../gui/selinux.tbl:229 --msgid "Disable SELinux protection for NIS Password Daemon" -+#: booleans.py:152 -+msgid "Allow samba to share any file/directory read/write." - msgstr "" - --#: ../gui/selinux.tbl:230 --msgid "Disable SELinux protection for ypserv daemon" -+#: booleans.py:153 -+msgid "Allow samba to act as a portmapper" - msgstr "" - --#: ../gui/selinux.tbl:231 --msgid "Disable SELinux protection for NIS Transfer Daemon" -+#: booleans.py:154 -+msgid "Allow samba to run unconfined scripts" - msgstr "" - --#: ../gui/selinux.tbl:232 --msgid "Allow SELinux webadm user to manage unprivileged users home directories" -+#: booleans.py:155 -+msgid "Allow samba to export ntfs/fusefs volumes." - msgstr "" - --#: ../gui/selinux.tbl:233 --msgid "Allow SELinux webadm user to read unprivileged users home directories" -+#: booleans.py:156 -+msgid "Allow samba to export NFS volumes." - msgstr "" - --#: ../gui/semanagePage.py:126 --#, python-format --msgid "Are you sure you want to delete %s '%s'?" -+#: booleans.py:157 -+msgid "Allow sanlock to read/write fuse files" - msgstr "" - --#: ../gui/semanagePage.py:126 --#, python-format --msgid "Delete %s" -+#: booleans.py:158 -+msgid "Allow sanlock to manage nfs files" - msgstr "" - --#: ../gui/semanagePage.py:134 --#, python-format --msgid "Add %s" -+#: booleans.py:159 -+msgid "Allow sanlock to manage cifs files" - msgstr "" - --#: ../gui/semanagePage.py:148 --#, python-format --msgid "Modify %s" -+#: booleans.py:160 -+msgid "Allow sasl to read shadow" - msgstr "" - --#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 --msgid "Permissive" -+#: booleans.py:161 -+msgid "Allow secadm to exec content" - msgstr "" - --#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 --msgid "Enforcing" -+#: booleans.py:162 -+msgid "" -+"disallow programs, such as newrole, from transitioning to administrative " -+"user domains." - msgstr "" - --#: ../gui/statusPage.py:94 --msgid "Status" -+#: booleans.py:163 -+msgid "Disable kernel module loading." - msgstr "" - --#: ../gui/statusPage.py:133 -+#: booleans.py:164 - msgid "" --"Changing the policy type will cause a relabel of the entire file system on " --"the next boot. Relabeling takes a long time depending on the size of the " --"file system. Do you wish to continue?" -+"Boolean to determine whether the system permits loading policy, setting " -+"enforcing mode, and changing boolean values. Set this to true and you have " -+"to reboot to set it back." - msgstr "" - --#: ../gui/statusPage.py:147 -+#: booleans.py:165 -+msgid "Allow regular users direct dri device access" -+msgstr "" -+ -+#: booleans.py:166 - msgid "" --"Changing to SELinux disabled requires a reboot. It is not recommended. If " --"you later decide to turn SELinux back on, the system will be required to " --"relabel. If you just want to see if SELinux is causing a problem on your " --"system, you can go to permissive mode which will only log errors and not " --"enforce SELinux policy. Permissive mode does not require a reboot Do you " --"wish to continue?" -+"Allow unconfined executables to make their heap memory executable. Doing " -+"this is a really bad idea. Probably indicates a badly coded executable, but " -+"could indicate an attack. This executable should be reported in bugzilla" - msgstr "" - --#: ../gui/statusPage.py:152 -+#: booleans.py:167 - msgid "" --"Changing to SELinux enabled will cause a relabel of the entire file system " --"on the next boot. Relabeling takes a long time depending on the size of the " --"file system. Do you wish to continue?" -+"Allow all unconfined executables to use libraries requiring text relocation " -+"that are not labeled textrel_shlib_t" - msgstr "" - --#: ../gui/system-config-selinux.glade:11 --msgid "system-config-selinux" -+#: booleans.py:168 -+msgid "" -+"Allow unconfined executables to make their stack executable. This should " -+"never, ever be necessary. Probably indicates a badly coded executable, but " -+"could indicate an attack. This executable should be reported in bugzilla" - msgstr "" - --#: ../gui/system-config-selinux.glade:12 -+#: booleans.py:169 -+msgid "Allow users to connect to the local mysql server" -+msgstr "" -+ -+#: booleans.py:170 - msgid "" --"Copyright (c)2006 Red Hat, Inc.\n" --"Copyright (c) 2006 Dan Walsh " -+"Allow confined users the ability to execute the ping and traceroute commands." - msgstr "" - --#: ../gui/system-config-selinux.glade:22 --#: ../gui/system-config-selinux.glade:544 --msgid "Add SELinux Login Mapping" -+#: booleans.py:171 -+msgid "Allow users to connect to PostgreSQL" - msgstr "" - --#: ../gui/system-config-selinux.glade:257 --msgid "Add SELinux Network Ports" -+#: booleans.py:172 -+msgid "" -+"Allow user to r/w files on filesystems that do not have extended attributes " -+"(FAT, CDROM, FLOPPY)" - msgstr "" - --#: ../gui/system-config-selinux.glade:391 --#: ../gui/system-config-selinux.glade:678 --msgid "SELinux Type" -+#: booleans.py:173 -+msgid "" -+"Allow users to run TCP servers (bind to ports and accept connection from the " -+"same domain and outside users) disabling this forces FTP passive mode and " -+"may change other protocols." - msgstr "" - --#: ../gui/system-config-selinux.glade:622 --msgid "File Specification" -+#: booleans.py:174 -+msgid "Allow user to use ssh chroot environment." - msgstr "" - --#: ../gui/system-config-selinux.glade:650 --msgid "File Type" -+#: booleans.py:175 -+msgid "Allow user music sharing" - msgstr "" - --#: ../gui/system-config-selinux.glade:727 -+#: booleans.py:176 - msgid "" --"all files\n" --"regular file\n" --"directory\n" --"character device\n" --"block device\n" --"socket\n" --"symbolic link\n" --"named pipe\n" -+"Allow anon internal-sftp to upload files, used for public file transfer " -+"services. Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/system-config-selinux.glade:773 --msgid "MLS" -+#: booleans.py:177 -+msgid "" -+"Allow sftp-internal to read and write files in the user home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:837 --msgid "Add SELinux User" -+#: booleans.py:178 -+msgid "" -+"Allow sftp-internal to login to local users and read/write all files on the " -+"system, governed by DAC." - msgstr "" - --#: ../gui/system-config-selinux.glade:1079 --msgid "SELinux Administration" -+#: booleans.py:179 -+msgid "" -+"Allow internal-sftp to read and write files in the user ssh home directories." - msgstr "" - --#: ../gui/system-config-selinux.glade:1122 --msgid "Add" -+#: booleans.py:180 -+msgid "Allow sge to connect to the network using any TCP port" - msgstr "" - --#: ../gui/system-config-selinux.glade:1144 --msgid "_Properties" -+#: booleans.py:181 -+msgid "Allow sge to access nfs file systems." - msgstr "" - --#: ../gui/system-config-selinux.glade:1166 --msgid "_Delete" -+#: booleans.py:182 -+msgid "" -+"Enable additional permissions needed to support devices on 3ware controllers." - msgstr "" - --#: ../gui/system-config-selinux.glade:1256 --msgid "Select Management Object" -+#: booleans.py:183 -+msgid "" -+"Allow samba to modify public files used for public file transfer services. " -+"Files/Directories must be labeled public_content_rw_t." - msgstr "" - --#: ../gui/system-config-selinux.glade:1273 --msgid "Select:" -+#: booleans.py:184 -+msgid "Allow user spamassassin clients to use the network." - msgstr "" - --#: ../gui/system-config-selinux.glade:1326 --msgid "System Default Enforcing Mode" -+#: booleans.py:185 -+msgid "Allow spamd to read/write user home directories." - msgstr "" - --#: ../gui/system-config-selinux.glade:1354 -+#: booleans.py:186 - msgid "" --"Disabled\n" --"Permissive\n" --"Enforcing\n" -+"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." - msgstr "" - --#: ../gui/system-config-selinux.glade:1373 --msgid "Current Enforcing Mode" -+#: booleans.py:187 -+msgid "Allow squid to run as a transparent proxy (TPROXY)" - msgstr "" - --#: ../gui/system-config-selinux.glade:1418 --msgid "System Default Policy Type: " -+#: booleans.py:188 -+msgid "" -+"Allow ssh with chroot env to read and write files in the user home " -+"directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1463 -+#: booleans.py:189 -+msgid "allow host key based authentication" -+msgstr "" -+ -+#: booleans.py:190 -+msgid "Allow ssh logins as sysadm_r:sysadm_t" -+msgstr "" -+ -+#: booleans.py:191 -+msgid "Allow staff to exec content" -+msgstr "" -+ -+#: booleans.py:192 -+msgid "allow staff user to create and transition to svirt domains." -+msgstr "" -+ -+#: booleans.py:193 -+msgid "Allow sysadm to exec content" -+msgstr "" -+ -+#: booleans.py:194 -+msgid "Allow the Telepathy connection managers to connect to any network port." -+msgstr "" -+ -+#: booleans.py:195 - msgid "" --"Select if you wish to relabel then entire file system on next reboot. " --"Relabeling can take a very long time, depending on the size of the system. " --"If you are changing policy types or going from disabled to enforcing, a " --"relabel is required." -+"Allow the Telepathy connection managers to connect to any generic TCP port." - msgstr "" - --#: ../gui/system-config-selinux.glade:1509 --msgid "Relabel on next reboot." -+#: booleans.py:196 -+msgid "" -+"Allow tftp to modify public files used for public file transfer services." - msgstr "" - --#: ../gui/system-config-selinux.glade:1561 --msgid "label37" -+#: booleans.py:197 -+msgid "Allow tftp to read and write files in the user home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1598 --msgid "Revert boolean setting to system default" -+#: booleans.py:198 -+msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." - msgstr "" - --#: ../gui/system-config-selinux.glade:1614 --msgid "Toggle between Customized and All Booleans" -+#: booleans.py:199 -+msgid "Allow tor to act as a relay" - msgstr "" - --#: ../gui/system-config-selinux.glade:1645 --#: ../gui/system-config-selinux.glade:1850 --#: ../gui/system-config-selinux.glade:2037 --#: ../gui/system-config-selinux.glade:2224 --#: ../gui/system-config-selinux.glade:2467 --#: ../gui/system-config-selinux.glade:2692 --#: ../gui/system-config-selinux.glade:2867 --msgid "Filter" -+#: booleans.py:200 -+msgid "" -+"allow unconfined users to transition to the chrome sandbox domains when " -+"running chrome-sandbox" - msgstr "" - --#: ../gui/system-config-selinux.glade:1734 --msgid "label50" -+#: booleans.py:201 -+msgid "Allow a user to login as an unconfined domain" - msgstr "" - --#: ../gui/system-config-selinux.glade:1771 --msgid "Add File Context" -+#: booleans.py:202 -+msgid "" -+"Allow unconfined users to transition to the Mozilla plugin domain when " -+"running xulrunner plugin-container." - msgstr "" - --#: ../gui/system-config-selinux.glade:1787 --msgid "Modify File Context" -+#: booleans.py:203 -+msgid "Allow video playing tools to run unconfined" - msgstr "" - --#: ../gui/system-config-selinux.glade:1803 --msgid "Delete File Context" -+#: booleans.py:204 -+msgid "Allow unprivledged user to create and transition to svirt domains." - msgstr "" - --#: ../gui/system-config-selinux.glade:1819 --msgid "Toggle between all and customized file context" -+#: booleans.py:205 -+msgid "Support ecryptfs home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1939 --msgid "label38" -+#: booleans.py:206 -+msgid "Support fusefs home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:1976 --msgid "Add SELinux User Mapping" -+#: booleans.py:207 -+msgid "Use lpd server instead of cups" - msgstr "" - --#: ../gui/system-config-selinux.glade:1992 --msgid "Modify SELinux User Mapping" -+#: booleans.py:208 -+msgid "Support NFS home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:2008 --msgid "Delete SELinux User Mapping" -+#: booleans.py:209 -+msgid "Support SAMBA home directories" - msgstr "" - --#: ../gui/system-config-selinux.glade:2126 --msgid "label39" -+#: booleans.py:210 -+msgid "Allow user to exec content" - msgstr "" - --#: ../gui/system-config-selinux.glade:2163 --msgid "Add User" -+#: booleans.py:211 -+msgid "Allow varnishd to connect to all ports, not just HTTP." - msgstr "" - --#: ../gui/system-config-selinux.glade:2179 --msgid "Modify User" -+#: booleans.py:212 -+msgid "Ignore vbetool mmap_zero errors." - msgstr "" - --#: ../gui/system-config-selinux.glade:2195 --msgid "Delete User" -+#: booleans.py:213 -+msgid "" -+"Allow confined virtual guests to use serial/parallel communication ports" - msgstr "" - --#: ../gui/system-config-selinux.glade:2313 --msgid "label41" -+#: booleans.py:214 -+msgid "" -+"Allow confined virtual guests to use executable memory and executable stack" - msgstr "" - --#: ../gui/system-config-selinux.glade:2350 --msgid "Add Network Port" -+#: booleans.py:215 -+msgid "Allow confined virtual guests to read fuse files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2366 --msgid "Edit Network Port" -+#: booleans.py:216 -+msgid "Allow confined virtual guests to manage nfs files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2382 --msgid "Delete Network Port" -+#: booleans.py:217 -+msgid "Allow confined virtual guests to interact with rawip sockets" - msgstr "" - --#: ../gui/system-config-selinux.glade:2418 --#: ../gui/system-config-selinux.glade:2436 --msgid "Toggle between Customized and All Ports" -+#: booleans.py:218 -+msgid "Allow confined virtual guests to manage cifs files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2556 --msgid "label42" -+#: booleans.py:219 -+msgid "Allow confined virtual guests to interact with the sanlock" - msgstr "" - --#: ../gui/system-config-selinux.glade:2593 --msgid "Generate new policy module" -+#: booleans.py:220 -+msgid "Allow confined virtual guests to manage device configuration, (pci)" - msgstr "" - --#: ../gui/system-config-selinux.glade:2609 --msgid "Load policy module" -+#: booleans.py:221 -+msgid "Allow confined virtual guests to use usb devices" - msgstr "" - --#: ../gui/system-config-selinux.glade:2625 --msgid "Remove loadable policy module" -+#: booleans.py:222 -+msgid "Allow confined virtual guests to interact with the xserver" - msgstr "" - --#: ../gui/system-config-selinux.glade:2661 -+#: booleans.py:223 -+msgid "Allow webadm to manage files in users home directories" -+msgstr "" -+ -+#: booleans.py:224 -+msgid "Allow webadm to read files in users home directories" -+msgstr "" -+ -+#: booleans.py:225 -+msgid "Ignore wine mmap_zero errors." -+msgstr "" -+ -+#: booleans.py:226 -+msgid "Allow the graphical login program to execute bootloader" -+msgstr "" -+ -+#: booleans.py:227 - msgid "" --"Enable/Disable additional audit rules, that are normally not reported in the " --"log files." -+"Allow the graphical login program to login directly as sysadm_r:sysadm_t" - msgstr "" - --#: ../gui/system-config-selinux.glade:2781 --msgid "label44" -+#: booleans.py:228 -+msgid "Allow xen to manage nfs files" - msgstr "" - --#: ../gui/system-config-selinux.glade:2818 --msgid "Change process mode to permissive." -+#: booleans.py:229 -+msgid "" -+"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " -+"logical volumes for disk images." - msgstr "" - --#: ../gui/system-config-selinux.glade:2836 --msgid "Change process mode to enforcing" -+#: booleans.py:230 -+msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." - msgstr "" - --#: ../gui/system-config-selinux.glade:2928 --msgid "Process Domain" -+#: booleans.py:231 -+msgid "" -+"Allow xguest users to configure Network Manager and connect to apache ports" - msgstr "" - --#: ../gui/system-config-selinux.glade:2956 --msgid "label59" -+#: booleans.py:232 -+msgid "Allow xguest to exec content" - msgstr "" - --#: ../gui/usersPage.py:138 --#, python-format --msgid "SELinux user '%s' is required" -+#: booleans.py:233 -+msgid "Allow xguest users to mount removable media" -+msgstr "" -+ -+#: booleans.py:234 -+msgid "Allow xguest to use blue tooth devices" -+msgstr "" -+ -+#: booleans.py:235 -+msgid "Allows clients to write to the X server shared memory segments." -+msgstr "" -+ -+#: booleans.py:236 -+msgid "Allows XServer to execute writable memory" -+msgstr "" -+ -+#: booleans.py:237 -+msgid "Support X userspace object manager" -+msgstr "" -+ -+#: booleans.py:238 -+msgid "Allow zabbix to connect to unreserved ports" -+msgstr "" -+ -+#: booleans.py:239 -+msgid "Allow zebra daemon to write it configuration files" -+msgstr "" -+ -+#: booleans.py:240 -+msgid "" -+"Allow ZoneMinder to modify public files used for public file transfer " -+"services." - msgstr "" -diff --git a/policycoreutils/po/ar.po b/policycoreutils/po/ar.po -index b908f48..151ca6a 100644 ---- a/policycoreutils/po/ar.po -+++ b/policycoreutils/po/ar.po -@@ -1,7 +1,7 @@ - # SOME DESCRIPTIVE TITLE. - # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER - # This file is distributed under the same license as the PACKAGE package. --# -+# - # Translators: - # Ali Al-Ammari , 2010. - # Amjad Al-Obaili , 2010. -@@ -12,28 +12,24 @@ msgid "" - msgstr "" - "Project-Id-Version: Policycoreutils\n" - "Report-Msgid-Bugs-To: \n" --"POT-Creation-Date: 2012-05-25 07:28-0400\n" --"PO-Revision-Date: 2012-04-02 20:30+0000\n" -+"POT-Creation-Date: 2013-01-04 12:01-0500\n" -+"PO-Revision-Date: 2013-01-04 17:02+0000\n" - "Last-Translator: dwalsh \n" - "Language-Team: Arabic \n" --"Language: ar\n" - "MIME-Version: 1.0\n" - "Content-Type: text/plain; charset=UTF-8\n" - "Content-Transfer-Encoding: 8bit\n" --"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " --"&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5\n" -+"Language: ar\n" -+"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" - - #: ../run_init/run_init.c:67 - msgid "" - "USAGE: run_init