From 14010ed68c2c52585126deed2f2d14755ccf41c8 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 15:25:25 +0000 Subject: [PATCH] import UBI policycoreutils-3.8-1.el10 --- .gitignore | 20 +- .policycoreutils.metadata | 13 - ...t-be-verbose-if-you-are-not-on-a-tty.patch | 9 +- ...rate-Handle-more-reserved-port-types.patch | 7 +- ...hbox-window-manager-instead-of-openb.patch | 31 +- 0004-Use-SHA-2-instead-of-SHA-1.patch | 178 + ...-sepolicy-Fix-spec-file-dependencies.patch | 48 + ...engui.py-to-usr-bin-selinux-polgengu.patch | 43 - ...ktop-files-to-usr-share-applications.patch | 49 - ...t-to-Xephyr-as-it-works-better-with-.patch | 26 - ...RD_FILE_CONTEXT-section-in-man-pages.patch | 46 - ...xecutable-we-don-t-want-to-print-a-p.patch | 27 - ...sepolicy-manpage-web-functionality.-.patch | 169 - ...e-the-trailing-newline-for-etc-syste.patch | 26 - ...-in-manpage.py-to-not-contain-online.patch | 25 - ...d-interface-file_type_is_executable-.patch | 63 - ...her-small-optimization-for-mcs-types.patch | 53 - ...ion-files-into-the-right-sub-directo.patch | 515 -- ...ettext-domains-in-python-gui-sandbox.patch | 306 -- ...al-.pot-files-for-gui-python-sandbox.patch | 4532 ----------------- ...setfiles-Improve-description-of-d-sw.patch | 30 - ...ix-RESOURCE_LEAK-coverity-scan-defec.patch | 24 - ...-python-Use-ipaddress-instead-of-IPy.patch | 45 - ...Do-not-traceback-when-the-default-po.patch | 93 - ...icycoreutils-fixfiles-Fix-B-F-onboot.patch | 108 - ...fixfiles-Force-full-relabel-when-SEL.patch | 33 - ...fixfiles-Fix-unbound-variable-proble.patch | 32 - ...move-module-in-system-config-selinux.patch | 38 - ...Do-not-use-default-s0-range-in-seman.patch | 30 - ...coreutils-fixfiles-Fix-verify-option.patch | 33 - ...Improve-handling-of-permissive-state.patch | 102 - ...emanage-fix-moduleRecords.customized.patch | 41 - ...Add-support-for-DCCP-and-SCTP-protoc.patch | 45 - ...FoundError-in-org.selinux.relabel_on.patch | 40 - ...x-redundant-console-log-output-error.patch | 200 - ...empty-stdout-before-exiting-on-Broke.patch | 55 - ...e-Sort-imports-in-alphabetical-order.patch | 41 - ...allow-any-policy-statement-in-if-n-d.patch | 49 - ...files-Do-not-abort-on-labeling-error.patch | 68 - ...rop-ABORT_ON_ERRORS-and-related-code.patch | 110 - ...s-setfiles-Drop-unused-nerr-variable.patch | 44 - ...escribe-fcontext-regular-expressions.patch | 62 - ...setfiles-do-not-restrict-checks-agai.patch | 69 - .../0041-semodule-add-m-checksum-option.patch | 674 --- ...2-semodule-Fix-lang_ext-column-index.patch | 29 - ...semodule-Don-t-forget-to-munmap-data.patch | 32 - ...Improve-error-message-when-selabel_o.patch | 41 - ...nage-move-module-hashing-into-libsem.patch | 539 -- ...mand-line-option-to-detect-module-ch.patch | 144 - ...emanage-import-into-two-transactions.patch | 64 - ...rebuild-if-modules-changed-to-refres.patch | 81 - ...n-Harden-tools-against-rogue-modules.patch | 79 - ...ery-the-local-database-if-the-fconte.patch | 65 - ...cy-add-missing-booleans-to-man-pages.patch | 112 - ...olicy-Cache-conditional-rule-queries.patch | 73 - ...den-more-tools-against-rogue-modules.patch | 98 - ...054-sepolicy-port-to-dnf4-python-API.patch | 95 - ...Do-not-sort-local-fcontext-definitio.patch | 64 - ...anage-Allow-modifying-records-on-add.patch | 396 -- bachradsusi.gpg | 438 ++ ...licycoreutils.spec => policycoreutils.spec | 689 +-- selinux-3.8.tar.gz.asc | 16 + ...selinux-autorelabel => selinux-autorelabel | 12 +- ...tor.sh => selinux-autorelabel-generator.sh | 11 +- ...ervice => selinux-autorelabel-mark.service | 0 ...bel.service => selinux-autorelabel.service | 0 ...label.target => selinux-autorelabel.target | 0 sources | 7 + 68 files changed, 1133 insertions(+), 10204 deletions(-) delete mode 100644 .policycoreutils.metadata rename SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch => 0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch (78%) rename SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch => 0002-sepolicy-generate-Handle-more-reserved-port-types.patch (95%) rename SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch => 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch (71%) create mode 100644 0004-Use-SHA-2-instead-of-SHA-1.patch create mode 100644 0005-python-sepolicy-Fix-spec-file-dependencies.patch delete mode 100644 SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch delete mode 100644 SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch delete mode 100644 SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch delete mode 100644 SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch delete mode 100644 SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch delete mode 100644 SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch delete mode 100644 SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch delete mode 100644 SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch delete mode 100644 SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch delete mode 100644 SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch delete mode 100644 SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch delete mode 100644 SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch delete mode 100644 SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch delete mode 100644 SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch delete mode 100644 SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch delete mode 100644 SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch delete mode 100644 SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch delete mode 100644 SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch delete mode 100644 SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch delete mode 100644 SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch delete mode 100644 SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch delete mode 100644 SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch delete mode 100644 SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch delete mode 100644 SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch delete mode 100644 SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch delete mode 100644 SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch delete mode 100644 SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch delete mode 100644 SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch delete mode 100644 SOURCES/0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch delete mode 100644 SOURCES/0034-python-semanage-Sort-imports-in-alphabetical-order.patch delete mode 100644 SOURCES/0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch delete mode 100644 SOURCES/0036-setfiles-Do-not-abort-on-labeling-error.patch delete mode 100644 SOURCES/0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch delete mode 100644 SOURCES/0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch delete mode 100644 SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch delete mode 100644 SOURCES/0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch delete mode 100644 SOURCES/0041-semodule-add-m-checksum-option.patch delete mode 100644 SOURCES/0042-semodule-Fix-lang_ext-column-index.patch delete mode 100644 SOURCES/0043-semodule-Don-t-forget-to-munmap-data.patch delete mode 100644 SOURCES/0044-policycoreutils-Improve-error-message-when-selabel_o.patch delete mode 100644 SOURCES/0045-semodule-libsemanage-move-module-hashing-into-libsem.patch delete mode 100644 SOURCES/0046-semodule-add-command-line-option-to-detect-module-ch.patch delete mode 100644 SOURCES/0047-python-Split-semanage-import-into-two-transactions.patch delete mode 100644 SOURCES/0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch delete mode 100644 SOURCES/0049-python-Harden-tools-against-rogue-modules.patch delete mode 100644 SOURCES/0050-python-Do-not-query-the-local-database-if-the-fconte.patch delete mode 100644 SOURCES/0051-python-sepolicy-add-missing-booleans-to-man-pages.patch delete mode 100644 SOURCES/0052-python-sepolicy-Cache-conditional-rule-queries.patch delete mode 100644 SOURCES/0053-python-Harden-more-tools-against-rogue-modules.patch delete mode 100644 SOURCES/0054-sepolicy-port-to-dnf4-python-API.patch delete mode 100644 SOURCES/0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch delete mode 100644 SOURCES/0056-python-semanage-Allow-modifying-records-on-add.patch create mode 100644 bachradsusi.gpg rename SPECS/policycoreutils.spec => policycoreutils.spec (92%) create mode 100644 selinux-3.8.tar.gz.asc rename SOURCES/selinux-autorelabel => selinux-autorelabel (88%) rename SOURCES/selinux-autorelabel-generator.sh => selinux-autorelabel-generator.sh (73%) rename SOURCES/selinux-autorelabel-mark.service => selinux-autorelabel-mark.service (100%) rename SOURCES/selinux-autorelabel.service => selinux-autorelabel.service (100%) rename SOURCES/selinux-autorelabel.target => selinux-autorelabel.target (100%) create mode 100644 sources diff --git a/.gitignore b/.gitignore index 57456b5..d09c89f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,7 @@ -SOURCES/gui-po.tgz -SOURCES/policycoreutils-2.9.tar.gz -SOURCES/policycoreutils-po.tgz -SOURCES/python-po.tgz -SOURCES/restorecond-2.9.tar.gz -SOURCES/sandbox-po.tgz -SOURCES/selinux-dbus-2.9.tar.gz -SOURCES/selinux-gui-2.9.tar.gz -SOURCES/selinux-python-2.9.tar.gz -SOURCES/selinux-sandbox-2.9.tar.gz -SOURCES/semodule-utils-2.9.tar.gz -SOURCES/sepolicy-icons.tgz -SOURCES/system-config-selinux.png +selinux-3.8.tar.gz +selinux-gui.zip +selinux-policycoreutils.zip +selinux-python.zip +selinux-sandbox.zip +sepolicy-icons.tgz +system-config-selinux.png diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata deleted file mode 100644 index e530a47..0000000 --- a/.policycoreutils.metadata +++ /dev/null @@ -1,13 +0,0 @@ -3f355f8cbfdf7be6f9a8190153090af95d2c7358 SOURCES/gui-po.tgz -6e64d9a38fb516738023eb429eef29af5383f443 SOURCES/policycoreutils-2.9.tar.gz -51122ae6029657bf762d72bff94bab38890fd1e7 SOURCES/policycoreutils-po.tgz -c503e61733af54159d5950bbd9fa8080771ee938 SOURCES/python-po.tgz -0a34ef54394972870203832c8ce52d4405bd5330 SOURCES/restorecond-2.9.tar.gz -7df1784ab0c6b0823943571d733b856d10a87f76 SOURCES/sandbox-po.tgz -8645509cdfc433278c2e4d29ee8f511625c7edcc SOURCES/selinux-dbus-2.9.tar.gz -5c155ae47692389d9fabaa154195e7f978f2a3f0 SOURCES/selinux-gui-2.9.tar.gz -660e1ab824ef80f7a69f0b70f61e231957fd398e SOURCES/selinux-python-2.9.tar.gz -0e208cad193021ad17a445b76b72af3fef8db999 SOURCES/selinux-sandbox-2.9.tar.gz -a4414223e60bb664ada4824e54f8d36ab208d599 SOURCES/semodule-utils-2.9.tar.gz -d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz -611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png diff --git a/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch similarity index 78% rename from SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch rename to 0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch index 8fbfb11..e319d1d 100644 --- a/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +++ b/0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch @@ -1,14 +1,15 @@ -From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001 +From 12f57453e8b53a8aab6d3581fd1a4c921fe36918 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 14 Feb 2014 12:32:12 -0500 Subject: [PATCH] Don't be verbose if you are not on a tty +Content-type: text/plain --- policycoreutils/scripts/fixfiles | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index b2779581..53d28c7b 100755 +index b7cd765c15e4..f2518e96e34c 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { @@ -17,8 +18,8 @@ index b2779581..53d28c7b 100755 VERBOSE="-p" +[ -t 1 ] || VERBOSE="" FORCEFLAG="" + THREADS="" RPMFILES="" - PREFC="" -- -2.21.0 +2.47.0 diff --git a/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch b/0002-sepolicy-generate-Handle-more-reserved-port-types.patch similarity index 95% rename from SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch rename to 0002-sepolicy-generate-Handle-more-reserved-port-types.patch index b4a9fd4..996113f 100644 --- a/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch +++ b/0002-sepolicy-generate-Handle-more-reserved-port-types.patch @@ -1,7 +1,8 @@ -From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001 +From fb7357cd097801fcdfa21ed49a17a3875db05e42 Mon Sep 17 00:00:00 2001 From: Masatake YAMATO Date: Thu, 14 Dec 2017 15:57:58 +0900 Subject: [PATCH] sepolicy-generate: Handle more reserved port types +Content-type: text/plain Currently only reserved_port_t, port_t and hi_reserved_port_t are handled as special when making a ports-dictionary. However, as fas as @@ -52,7 +53,7 @@ https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redha 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 7175d36b..93caedee 100644 +index adf65f27a822..f726ad51b775 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py @@ -100,7 +100,9 @@ def get_all_ports(): @@ -67,5 +68,5 @@ index 7175d36b..93caedee 100644 dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) return dict -- -2.21.0 +2.47.0 diff --git a/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch similarity index 71% rename from SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch rename to 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch index b9674eb..9c77d93 100644 --- a/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +++ b/0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch @@ -1,7 +1,8 @@ -From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001 +From f2092a1b859a028f2c5c79b41c70b135ba3ad0fa Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 18 Jul 2018 09:09:35 +0200 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox +Content-type: text/plain --- sandbox/sandbox | 4 ++-- @@ -10,10 +11,10 @@ Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox 3 files changed, 3 insertions(+), 17 deletions(-) diff --git a/sandbox/sandbox b/sandbox/sandbox -index a12403b3..707959a6 100644 +index e3fd6119ed4d..e01425f0c637 100644 --- a/sandbox/sandbox +++ b/sandbox/sandbox -@@ -268,7 +268,7 @@ class Sandbox: +@@ -270,7 +270,7 @@ class Sandbox: copyfile(f, "/tmp", self.__tmpdir) copyfile(f, "/var/tmp", self.__tmpdir) @@ -22,7 +23,7 @@ index a12403b3..707959a6 100644 execfile = self.__homedir + "/.sandboxrc" fd = open(execfile, "w+") if self.__options.session: -@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -370,7 +370,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [- parser.add_option("-W", "--windowmanager", dest="wm", type="string", @@ -32,24 +33,24 @@ index a12403b3..707959a6 100644 parser.add_option("-l", "--level", dest="level", diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8 -index d83fee76..90ef4951 100644 +index 095b9e27042d..1c1870190e51 100644 --- a/sandbox/sandbox.8 +++ b/sandbox/sandbox.8 -@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz +@@ -80,7 +80,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz \fB\-W\fR \fB\-\-windowmanager\fR - Select alternative window manager to run within + Select alternative window manager to run within .B sandbox \-X. -Default to /usr/bin/openbox. +Default to /usr/bin/matchbox-window-manager. .TP - \fB\-X\fR + \fB\-X\fR Create an X based Sandbox for gui apps, temporary files for diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh -index 47745280..c211ebc1 100644 +index 28169182ce42..e2a7ad9b2ac7 100644 --- a/sandbox/sandboxX.sh +++ b/sandbox/sandboxX.sh -@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8 - [ -z $2 ] && export DPI="96" || export DPI="$2" +@@ -7,20 +7,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8 + [ -z $3 ] && export DPI="96" || export DPI="$3" trap "exit 0" HUP -mkdir -p ~/.config/openbox @@ -66,9 +67,9 @@ index 47745280..c211ebc1 100644 - -EOF - - (/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do - export DISPLAY=:$D - cat > ~/seremote << __EOF + if [ "$WAYLAND_NATIVE" == "no" ]; then + if [ -z "$WAYLAND_DISPLAY" ]; then + DISPLAY_COMMAND='/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null' -- -2.21.0 +2.47.0 diff --git a/0004-Use-SHA-2-instead-of-SHA-1.patch b/0004-Use-SHA-2-instead-of-SHA-1.patch new file mode 100644 index 0000000..bcebe4f --- /dev/null +++ b/0004-Use-SHA-2-instead-of-SHA-1.patch @@ -0,0 +1,178 @@ +From 4780b755bb1171f5aa4cd7545535839d451a2070 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Fri, 30 Jul 2021 14:14:37 +0200 +Subject: [PATCH] Use SHA-2 instead of SHA-1 +Content-type: text/plain + +The use of SHA-1 in RHEL9 is deprecated +--- + policycoreutils/setfiles/restorecon.8 | 10 +++++----- + policycoreutils/setfiles/restorecon_xattr.8 | 8 ++++---- + policycoreutils/setfiles/restorecon_xattr.c | 12 ++++++------ + policycoreutils/setfiles/setfiles.8 | 10 +++++----- + 4 files changed, 20 insertions(+), 20 deletions(-) + +diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 +index c3cc5c9b0e52..6160aced5922 100644 +--- a/policycoreutils/setfiles/restorecon.8 ++++ b/policycoreutils/setfiles/restorecon.8 +@@ -95,14 +95,14 @@ display usage information and exit. + ignore files that do not exist. + .TP + .B \-I +-ignore digest to force checking of labels even if the stored SHA1 digest +-matches the specfiles SHA1 digest. The digest will then be updated provided ++ignore digest to force checking of labels even if the stored SHA256 digest ++matches the specfiles SHA256 digest. The digest will then be updated provided + there are no errors. See the + .B NOTES + section for further details. + .TP + .B \-D +-Set or update any directory SHA1 digests. Use this option to ++Set or update any directory SHA256 digests. Use this option to + enable usage of the + .IR security.sehash + extended attribute. +@@ -200,7 +200,7 @@ the + .B \-D + option to + .B restorecon +-will cause it to store a SHA1 digest of the default specfiles set in an extended ++will cause it to store a SHA256 digest of the default specfiles set in an extended + attribute named + .IR security.sehash + on each directory specified in +@@ -217,7 +217,7 @@ for further details. + .sp + The + .B \-I +-option will ignore the SHA1 digest from each directory specified in ++option will ignore the SHA256 digest from each directory specified in + .IR pathname \ ... + and provided the + .B \-n +diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8 +index 51d12a4dbb80..09bfd8c40ab4 100644 +--- a/policycoreutils/setfiles/restorecon_xattr.8 ++++ b/policycoreutils/setfiles/restorecon_xattr.8 +@@ -23,7 +23,7 @@ or + + .SH "DESCRIPTION" + .B restorecon_xattr +-will display the SHA1 digests added to extended attributes ++will display the SHA256 digests added to extended attributes + .I security.sehash + or delete the attribute completely. These attributes are set by + .BR restorecon (8) +@@ -48,12 +48,12 @@ extended attribute and are automatically excluded from searches. + .sp + By default + .B restorecon_xattr +-will display the SHA1 digests with "Match" appended if they match the default ++will display the SHA256 digests with "Match" appended if they match the default + specfile set or the + .I specfile + set used with the + .B \-f +-option. Non-matching SHA1 digests will be displayed with "No Match" appended. ++option. Non-matching SHA256 digests will be displayed with "No Match" appended. + This feature can be disabled by the + .B \-n + option. +@@ -87,7 +87,7 @@ Do not append "Match" or "No Match" to displayed digests. + recursively descend directories. + .TP + .B \-v +-display SHA1 digest generated by specfile set (Note that this digest is not ++display SHA256 digest generated by specfile set (Note that this digest is not + used to match the + .I security.sehash + directory digest entries, and is shown for reference only). +diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c +index 31fb82fd2099..bc22d3fd4560 100644 +--- a/policycoreutils/setfiles/restorecon_xattr.c ++++ b/policycoreutils/setfiles/restorecon_xattr.c +@@ -38,7 +38,7 @@ int main(int argc, char **argv) + unsigned int xattr_flags = 0, delete_digest = 0, recurse = 0; + unsigned int delete_all_digests = 0, ignore_mounts = 0; + bool display_digest = false; +- char *sha1_buf, **specfiles, *fc_file = NULL, *pathname = NULL; ++ char *sha256_buf, **specfiles, *fc_file = NULL, *pathname = NULL; + unsigned char *fc_digest = NULL; + size_t i, fc_digest_len = 0, num_specfiles; + +@@ -133,8 +133,8 @@ int main(int argc, char **argv) + exit(-1); + } + +- sha1_buf = malloc(fc_digest_len * 2 + 1); +- if (!sha1_buf) { ++ sha256_buf = malloc(fc_digest_len * 2 + 1); ++ if (!sha256_buf) { + fprintf(stderr, + "Error allocating digest buffer: %s\n", + strerror(errno)); +@@ -143,16 +143,16 @@ int main(int argc, char **argv) + } + + for (i = 0; i < fc_digest_len; i++) +- sprintf((&sha1_buf[i * 2]), "%02x", fc_digest[i]); ++ sprintf((&sha256_buf[i * 2]), "%02x", fc_digest[i]); + +- printf("specfiles SHA1 digest: %s\n", sha1_buf); ++ printf("specfiles SHA256 digest: %s\n", sha256_buf); + + printf("calculated using the following specfile(s):\n"); + if (specfiles) { + for (i = 0; i < num_specfiles; i++) + printf("%s\n", specfiles[i]); + } +- free(sha1_buf); ++ free(sha256_buf); + printf("\n"); + } + +diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 +index ee01725050bb..57c663a99d67 100644 +--- a/policycoreutils/setfiles/setfiles.8 ++++ b/policycoreutils/setfiles/setfiles.8 +@@ -95,14 +95,14 @@ display usage information and exit. + ignore files that do not exist. + .TP + .B \-I +-ignore digest to force checking of labels even if the stored SHA1 digest +-matches the specfiles SHA1 digest. The digest will then be updated provided ++ignore digest to force checking of labels even if the stored SHA256 digest ++matches the specfiles SHA256 digest. The digest will then be updated provided + there are no errors. See the + .B NOTES + section for further details. + .TP + .B \-D +-Set or update any directory SHA1 digests. Use this option to ++Set or update any directory SHA256 digests. Use this option to + enable usage of the + .IR security.sehash + extended attribute. +@@ -261,7 +261,7 @@ the + .B \-D + option to + .B setfiles +-will cause it to store a SHA1 digest of the ++will cause it to store a SHA256 digest of the + .B spec_file + set in an extended attribute named + .IR security.sehash +@@ -282,7 +282,7 @@ for further details. + .sp + The + .B \-I +-option will ignore the SHA1 digest from each directory specified in ++option will ignore the SHA256 digest from each directory specified in + .IR pathname \ ... + and provided the + .B \-n +-- +2.47.0 + diff --git a/0005-python-sepolicy-Fix-spec-file-dependencies.patch b/0005-python-sepolicy-Fix-spec-file-dependencies.patch new file mode 100644 index 0000000..27f1ea1 --- /dev/null +++ b/0005-python-sepolicy-Fix-spec-file-dependencies.patch @@ -0,0 +1,48 @@ +From 7e8d67e63daebd675284afaf98aa07530659272f Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Tue, 30 May 2023 09:07:28 +0200 +Subject: [PATCH] python/sepolicy: Fix spec file dependencies +Content-type: text/plain + +semanage is part of policycoreutils-python-utils package, selinuxenabled +is part of libselinux-utils (required by ^^^) and restorecon/load_policy +are part of policycoreutils (also required by policycoreutils-python-utils). + +Signed-off-by: Vit Mojzis +--- + python/sepolicy/sepolicy/templates/spec.py | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/python/sepolicy/sepolicy/templates/spec.py b/python/sepolicy/sepolicy/templates/spec.py +index 433c298a17e0..a6d4508bb670 100644 +--- a/python/sepolicy/sepolicy/templates/spec.py ++++ b/python/sepolicy/sepolicy/templates/spec.py +@@ -11,18 +11,20 @@ Version: 1.0 + Release: 1%{?dist} + Summary: SELinux policy module for MODULENAME + +-Group: System Environment/Base +-License: GPLv2+ ++Group: System Environment/Base ++License: GPLv2+ + # This is an example. You will need to change it. ++# For a complete guide on packaging your policy ++# see https://fedoraproject.org/wiki/SELinux/IndependentPolicy + URL: http://HOSTNAME + Source0: MODULENAME.pp + Source1: MODULENAME.if + Source2: DOMAINNAME_selinux.8 + Source3: DOMAINNAME_u + +-Requires: policycoreutils, libselinux-utils +-Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils +-Requires(postun): policycoreutils ++Requires: policycoreutils-python-utils, libselinux-utils ++Requires(post): selinux-policy-base >= %{selinux_policyver}, policycoreutils-python-utils ++Requires(postun): policycoreutils-python-utils + """ + + mid_section="""\ +-- +2.47.0 + diff --git a/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch deleted file mode 100644 index 6fb92fb..0000000 --- a/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 5 Mar 2019 17:38:55 +0100 -Subject: [PATCH] gui: Install polgengui.py to /usr/bin/selinux-polgengui - -polgengui.py is a standalone gui tool which should be in /usr/bin with other -tools. - -Signed-off-by: Petr Lautrbach ---- - gui/Makefile | 2 +- - gui/modulesPage.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/gui/Makefile b/gui/Makefile -index c2f982de..b2375fbf 100644 ---- a/gui/Makefile -+++ b/gui/Makefile -@@ -31,7 +31,7 @@ install: all - -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ - install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) - install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) -- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR) -+ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui - install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR) - install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8 - install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8 -diff --git a/gui/modulesPage.py b/gui/modulesPage.py -index 34c5d9e3..cb856b2d 100644 ---- a/gui/modulesPage.py -+++ b/gui/modulesPage.py -@@ -118,7 +118,7 @@ class modulesPage(semanagePage): - - def new_module(self, args): - try: -- Popen(["/usr/share/system-config-selinux/polgengui.py"]) -+ Popen(["selinux-polgengui"]) - except ValueError as e: - self.error(e.args[0]) - --- -2.21.0 - diff --git a/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch deleted file mode 100644 index 26a16bf..0000000 --- a/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 5 Mar 2019 17:25:00 +0100 -Subject: [PATCH] gui: Install .desktop files to /usr/share/applications by - default - -/usr/share/applications is a standard directory for .desktop files. -Installation path can be changed using DESKTOPDIR variable in installation -phase, e.g. - -make DESKTOPDIR=/usr/local/share/applications install - -Signed-off-by: Petr Lautrbach ---- - gui/Makefile | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/gui/Makefile b/gui/Makefile -index b2375fbf..ca965c94 100644 ---- a/gui/Makefile -+++ b/gui/Makefile -@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin - SHAREDIR ?= $(PREFIX)/share/system-config-selinux - DATADIR ?= $(PREFIX)/share - MANDIR ?= $(PREFIX)/share/man -+DESKTOPDIR ?= $(PREFIX)/share/applications - - TARGETS= \ - booleansPage.py \ -@@ -29,6 +30,7 @@ install: all - -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps - -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps - -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/ -+ -mkdir -p $(DESTDIR)$(DESKTOPDIR) - install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR) - install -m 755 system-config-selinux $(DESTDIR)$(BINDIR) - install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui -@@ -44,7 +46,7 @@ install: all - install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps - install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps - install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux -- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux -+ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR) - -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps - install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png - for i in 16 22 32 48 256; do \ --- -2.21.0 - diff --git a/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch deleted file mode 100644 index 8802042..0000000 --- a/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 20 Aug 2015 12:58:41 +0200 -Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in - recent Fedoras - ---- - sandbox/sandboxX.sh | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh -index eaa500d0..47745280 100644 ---- a/sandbox/sandboxX.sh -+++ b/sandbox/sandboxX.sh -@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF - - EOF - --(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do -+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do - export DISPLAY=:$D - cat > ~/seremote << __EOF - #!/bin/sh --- -2.21.0 - diff --git a/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch deleted file mode 100644 index 0973405..0000000 --- a/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Mon, 21 Apr 2014 13:54:40 -0400 -Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages - -Signed-off-by: Miroslav Grepl ---- - python/sepolicy/sepolicy/manpage.py | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 1d367962..24e311a3 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -735,10 +735,13 @@ Default Defined Ports:""") - - def _file_context(self): - flist = [] -+ flist_non_exec = [] - mpaths = [] - for f in self.all_file_types: - if f.startswith(self.domainname): - flist.append(f) -+ if not file_type_is_executable(f) or not file_type_is_entrypoint(f): -+ flist_non_exec.append(f) - if f in self.fcdict: - mpaths = mpaths + self.fcdict[f]["regex"] - if len(mpaths) == 0: -@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d - SELinux defines the file context types for the %(domainname)s, if you wanted to - store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk. - --.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?' -+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?' - .br - .B restorecon -R -v /srv/my%(domainname)s_content - - Note: SELinux often uses regular expressions to specify labels that match multiple files. --""" % {'domainname': self.domainname, "type": flist[0]}) -+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]}) - - self.fd.write(r""" - .I The following file types are defined for %(domainname)s: --- -2.21.0 - diff --git a/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch deleted file mode 100644 index 9e7d54f..0000000 --- a/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Mon, 12 May 2014 14:11:22 +0200 -Subject: [PATCH] If there is no executable we don't want to print a part of - STANDARD FILE CONTEXT - ---- - python/sepolicy/sepolicy/manpage.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 24e311a3..46092be0 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d - .PP - """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) - -- self.fd.write(r""" -+ if flist_non_exec: -+ self.fd.write(r""" - .PP - .B STANDARD FILE CONTEXT - --- -2.21.0 - diff --git a/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch deleted file mode 100644 index f87058c..0000000 --- a/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch +++ /dev/null @@ -1,169 +0,0 @@ -From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Thu, 19 Feb 2015 17:45:15 +0100 -Subject: [PATCH] Simplication of sepolicy-manpage web functionality. - system_release is no longer hardcoded and it creates only index.html and html - man pages in the directory for the system release. - ---- - python/sepolicy/sepolicy/__init__.py | 25 +++-------- - python/sepolicy/sepolicy/manpage.py | 65 +++------------------------- - 2 files changed, 13 insertions(+), 77 deletions(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 6aed31bd..88a2b8f6 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -1209,27 +1209,14 @@ def boolean_desc(boolean): - - - def get_os_version(): -- os_version = "" -- pkg_name = "selinux-policy" -+ system_release = "" - try: -- try: -- from commands import getstatusoutput -- except ImportError: -- from subprocess import getstatusoutput -- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) -- if rc == 0: -- os_version = output.split(".")[-2] -- except: -- os_version = "" -- -- if os_version[0:2] == "fc": -- os_version = "Fedora" + os_version[2:] -- elif os_version[0:2] == "el": -- os_version = "RHEL" + os_version[2:] -- else: -- os_version = "" -+ with open('/etc/system-release') as f: -+ system_release = f.readline() -+ except IOError: -+ system_release = "Misc" - -- return os_version -+ return system_release - - - def reinit(): -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 46092be0..d60acfaf 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -149,10 +149,6 @@ def prettyprint(f, trim): - manpage_domains = [] - manpage_roles = [] - --fedora_releases = ["Fedora17", "Fedora18"] --rhel_releases = ["RHEL6", "RHEL7"] -- -- - def get_alphabet_manpages(manpage_list): - alphabet_manpages = dict.fromkeys(string.ascii_letters, []) - for i in string.ascii_letters: -@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage): - class HTMLManPages: - - """ -- Generate a HHTML Manpages on an given SELinux domains -+ Generate a HTML Manpages on an given SELinux domains - """ - - def __init__(self, manpage_roles, manpage_domains, path, os_version): -@@ -190,9 +186,9 @@ class HTMLManPages: - self.manpage_domains = get_alphabet_manpages(manpage_domains) - self.os_version = os_version - self.old_path = path + "/" -- self.new_path = self.old_path + self.os_version + "/" -+ self.new_path = self.old_path - -- if self.os_version in fedora_releases or self.os_version in rhel_releases: -+ if self.os_version: - self.__gen_html_manpages() - else: - print("SELinux HTML man pages can not be generated for this %s" % os_version) -@@ -201,7 +197,6 @@ class HTMLManPages: - def __gen_html_manpages(self): - self._write_html_manpage() - self._gen_index() -- self._gen_body() - self._gen_css() - - def _write_html_manpage(self): -@@ -219,67 +214,21 @@ class HTMLManPages: - convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) - - def _gen_index(self): -- index = self.old_path + "index.html" -- fd = open(index, 'w') -- fd.write(""" -- -- -- -- SELinux man pages online -- -- --

SELinux man pages

--

--Fedora or Red Hat Enterprise Linux Man Pages. --

--
--

Fedora

-- -- --
--
--
--""")
--        for f in fedora_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (f, f, f, f))
--
--        fd.write("""
--
--
--

RHEL

-- -- --
--
--
--""")
--        for r in rhel_releases:
--            fd.write("""
--%s - SELinux man pages for %s """ % (r, r, r, r))
--
--        fd.write("""
--
-- """) -- fd.close() -- print("%s has been created" % index) -- -- def _gen_body(self): - html = self.new_path + self.os_version + ".html" - fd = open(html, 'w') - fd.write(""" - - -- -- Linux man-pages online for Fedora18 -+ -+ SELinux man pages online - - --

SELinux man pages for Fedora18

-+

SELinux man pages for %s

-
- -
-

SELinux roles

--""") -+""" % self.os_version) - for letter in self.manpage_roles: - if len(self.manpage_roles[letter]): - fd.write(""" --- -2.21.0 - diff --git a/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch deleted file mode 100644 index a96bab9..0000000 --- a/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch +++ /dev/null @@ -1,26 +0,0 @@ -From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 20 Feb 2015 16:42:01 +0100 -Subject: [PATCH] We want to remove the trailing newline for - /etc/system_release. - ---- - python/sepolicy/sepolicy/__init__.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 88a2b8f6..0c66f4d5 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -1212,7 +1212,7 @@ def get_os_version(): - system_release = "" - try: - with open('/etc/system-release') as f: -- system_release = f.readline() -+ system_release = f.readline().rstrip() - except IOError: - system_release = "Misc" - --- -2.21.0 - diff --git a/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch deleted file mode 100644 index a896dfc..0000000 --- a/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 20 Feb 2015 16:42:53 +0100 -Subject: [PATCH] Fix title in manpage.py to not contain 'online'. - ---- - python/sepolicy/sepolicy/manpage.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index d60acfaf..de8184d8 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -220,7 +220,7 @@ class HTMLManPages: - - - -- SELinux man pages online -+ SELinux man pages - - -

SELinux man pages for %s

--- -2.21.0 - diff --git a/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch deleted file mode 100644 index 749a2c4..0000000 --- a/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch +++ /dev/null @@ -1,63 +0,0 @@ -From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 27 Feb 2017 17:12:39 +0100 -Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and - file_type_is_entrypoint(f) - -- use direct queries -- load exec_types and entry_types only once ---- - python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++-- - 1 file changed, 20 insertions(+), 2 deletions(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index de8184d8..f8a94fc0 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -125,8 +125,24 @@ def gen_domains(): - domains.sort() - return domains - --types = None - -+exec_types = None -+ -+def _gen_exec_types(): -+ global exec_types -+ if exec_types is None: -+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"] -+ return exec_types -+ -+entry_types = None -+ -+def _gen_entry_types(): -+ global entry_types -+ if entry_types is None: -+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"] -+ return entry_types -+ -+types = None - - def _gen_types(): - global types -@@ -372,6 +388,8 @@ class ManPage: - self.all_file_types = sepolicy.get_all_file_types() - self.role_allows = sepolicy.get_all_role_allows() - self.types = _gen_types() -+ self.exec_types = _gen_exec_types() -+ self.entry_types = _gen_entry_types() - - if self.source_files: - self.fcpath = self.root + "file_contexts" -@@ -689,7 +707,7 @@ Default Defined Ports:""") - for f in self.all_file_types: - if f.startswith(self.domainname): - flist.append(f) -- if not file_type_is_executable(f) or not file_type_is_entrypoint(f): -+ if not f in self.exec_types or not f in self.entry_types: - flist_non_exec.append(f) - if f in self.fcdict: - mpaths = mpaths + self.fcdict[f]["regex"] --- -2.21.0 - diff --git a/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch deleted file mode 100644 index bea01d5..0000000 --- a/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch +++ /dev/null @@ -1,53 +0,0 @@ -From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 28 Feb 2017 21:29:46 +0100 -Subject: [PATCH] sepolicy: Another small optimization for mcs types - ---- - python/sepolicy/sepolicy/manpage.py | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index f8a94fc0..67d39301 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -142,6 +142,15 @@ def _gen_entry_types(): - entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"] - return entry_types - -+mcs_constrained_types = None -+ -+def _gen_mcs_constrained_types(): -+ global mcs_constrained_types -+ if mcs_constrained_types is None: -+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -+ return mcs_constrained_types -+ -+ - types = None - - def _gen_types(): -@@ -390,6 +399,7 @@ class ManPage: - self.types = _gen_types() - self.exec_types = _gen_exec_types() - self.entry_types = _gen_entry_types() -+ self.mcs_constrained_types = _gen_mcs_constrained_types() - - if self.source_files: - self.fcpath = self.root + "file_contexts" -@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a - %s""" % ", ".join(paths)) - - def _mcs_types(self): -- try: -- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -- except StopIteration: -- return -- if self.type not in mcs_constrained_type['types']: -+ if self.type not in self.mcs_constrained_types['types']: - return - self.fd.write (""" - .SH "MCS Constrained" --- -2.21.0 - diff --git a/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch deleted file mode 100644 index f3524b7..0000000 --- a/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch +++ /dev/null @@ -1,515 +0,0 @@ -From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 6 Aug 2018 13:23:00 +0200 -Subject: [PATCH] Move po/ translation files into the right sub-directories - -When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/ -sub-directories, po/ translation files stayed in policycoreutils/. - -This commit split original policycoreutils/po directory into -policycoreutils/po -python/po -gui/po -sandbox/po - -See https://github.com/fedora-selinux/selinux/issues/43 ---- - gui/Makefile | 3 ++ - gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++ - gui/po/POTFILES | 17 ++++++++ - policycoreutils/po/Makefile | 70 ++----------------------------- - policycoreutils/po/POTFILES | 9 ++++ - python/Makefile | 2 +- - python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++ - python/po/POTFILES | 10 +++++ - sandbox/Makefile | 2 + - sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++ - sandbox/po/POTFILES | 1 + - 11 files changed, 293 insertions(+), 68 deletions(-) - create mode 100644 gui/po/Makefile - create mode 100644 gui/po/POTFILES - create mode 100644 policycoreutils/po/POTFILES - create mode 100644 python/po/Makefile - create mode 100644 python/po/POTFILES - create mode 100644 sandbox/po/Makefile - create mode 100644 sandbox/po/POTFILES - -diff --git a/gui/Makefile b/gui/Makefile -index ca965c94..5a5bf6dc 100644 ---- a/gui/Makefile -+++ b/gui/Makefile -@@ -22,6 +22,7 @@ system-config-selinux.ui \ - usersPage.py - - all: $(TARGETS) system-config-selinux.py polgengui.py -+ (cd po && $(MAKE) $@) - - install: all - -mkdir -p $(DESTDIR)$(MANDIR)/man8 -@@ -54,6 +55,8 @@ install: all - install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ - done - install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ -+ (cd po && $(MAKE) $@) -+ - clean: - - indent: -diff --git a/gui/po/Makefile b/gui/po/Makefile -new file mode 100644 -index 00000000..a0f5439f ---- /dev/null -+++ b/gui/po/Makefile -@@ -0,0 +1,82 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = gui -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git a/gui/po/POTFILES b/gui/po/POTFILES -new file mode 100644 -index 00000000..1795c5c1 ---- /dev/null -+++ b/gui/po/POTFILES -@@ -0,0 +1,17 @@ -+../booleansPage.py -+../domainsPage.py -+../fcontextPage.py -+../loginsPage.py -+../modulesPage.py -+../org.selinux.config.policy -+../polgengui.py -+../polgen.ui -+../portsPage.py -+../selinux-polgengui.desktop -+../semanagePage.py -+../sepolicy.desktop -+../statusPage.py -+../system-config-selinux.desktop -+../system-config-selinux.py -+../system-config-selinux.ui -+../usersPage.py -diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile -index 575e1431..18bc1dff 100644 ---- a/policycoreutils/po/Makefile -+++ b/policycoreutils/po/Makefile -@@ -3,7 +3,6 @@ - # - - PREFIX ?= /usr --TOP = ../.. - - # What is this package? - NLSPACKAGE = policycoreutils -@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) - - POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) - MOFILES = $(patsubst %.po,%.mo,$(POFILES)) --POTFILES = \ -- ../run_init/open_init_pty.c \ -- ../run_init/run_init.c \ -- ../semodule_link/semodule_link.c \ -- ../audit2allow/audit2allow \ -- ../semanage/seobject.py \ -- ../setsebool/setsebool.c \ -- ../newrole/newrole.c \ -- ../load_policy/load_policy.c \ -- ../sestatus/sestatus.c \ -- ../semodule/semodule.c \ -- ../setfiles/setfiles.c \ -- ../semodule_package/semodule_package.c \ -- ../semodule_deps/semodule_deps.c \ -- ../semodule_expand/semodule_expand.c \ -- ../scripts/chcat \ -- ../scripts/fixfiles \ -- ../restorecond/stringslist.c \ -- ../restorecond/restorecond.h \ -- ../restorecond/utmpwatcher.h \ -- ../restorecond/stringslist.h \ -- ../restorecond/restorecond.c \ -- ../restorecond/utmpwatcher.c \ -- ../gui/booleansPage.py \ -- ../gui/fcontextPage.py \ -- ../gui/loginsPage.py \ -- ../gui/mappingsPage.py \ -- ../gui/modulesPage.py \ -- ../gui/polgen.glade \ -- ../gui/polgengui.py \ -- ../gui/portsPage.py \ -- ../gui/semanagePage.py \ -- ../gui/statusPage.py \ -- ../gui/system-config-selinux.glade \ -- ../gui/system-config-selinux.py \ -- ../gui/usersPage.py \ -- ../secon/secon.c \ -- booleans.py \ -- ../sepolicy/sepolicy.py \ -- ../sepolicy/sepolicy/communicate.py \ -- ../sepolicy/sepolicy/__init__.py \ -- ../sepolicy/sepolicy/network.py \ -- ../sepolicy/sepolicy/generate.py \ -- ../sepolicy/sepolicy/sepolicy.glade \ -- ../sepolicy/sepolicy/gui.py \ -- ../sepolicy/sepolicy/manpage.py \ -- ../sepolicy/sepolicy/transition.py \ -- ../sepolicy/sepolicy/templates/executable.py \ -- ../sepolicy/sepolicy/templates/__init__.py \ -- ../sepolicy/sepolicy/templates/network.py \ -- ../sepolicy/sepolicy/templates/rw.py \ -- ../sepolicy/sepolicy/templates/script.py \ -- ../sepolicy/sepolicy/templates/semodule.py \ -- ../sepolicy/sepolicy/templates/tmp.py \ -- ../sepolicy/sepolicy/templates/user.py \ -- ../sepolicy/sepolicy/templates/var_lib.py \ -- ../sepolicy/sepolicy/templates/var_log.py \ -- ../sepolicy/sepolicy/templates/var_run.py \ -- ../sepolicy/sepolicy/templates/var_spool.py -+POTFILES = $(shell cat POTFILES) - - #default:: clean - --all:: $(MOFILES) -+all:: $(POTFILE) $(MOFILES) - --booleans.py: -- sepolicy booleans -a > booleans.py -- --$(POTFILE): $(POTFILES) booleans.py -+$(POTFILE): $(POTFILES) - $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) - @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ - rm -f $(NLSPACKAGE).po; \ -@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py - mv -f $(NLSPACKAGE).po $(POTFILE); \ - fi; \ - --update-po: Makefile $(POTFILE) refresh-po -- @rm -f booleans.py - - refresh-po: Makefile - for cat in $(POFILES); do \ -diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES -new file mode 100644 -index 00000000..12237dc6 ---- /dev/null -+++ b/policycoreutils/po/POTFILES -@@ -0,0 +1,9 @@ -+../run_init/open_init_pty.c -+../run_init/run_init.c -+../setsebool/setsebool.c -+../newrole/newrole.c -+../load_policy/load_policy.c -+../sestatus/sestatus.c -+../semodule/semodule.c -+../setfiles/setfiles.c -+../secon/secon.c -diff --git a/python/Makefile b/python/Makefile -index 9b66d52f..00312dbd 100644 ---- a/python/Makefile -+++ b/python/Makefile -@@ -1,4 +1,4 @@ --SUBDIRS = sepolicy audit2allow semanage sepolgen chcat -+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po - - all install relabel clean indent test: - @for subdir in $(SUBDIRS); do \ -diff --git a/python/po/Makefile b/python/po/Makefile -new file mode 100644 -index 00000000..4e052d5a ---- /dev/null -+++ b/python/po/Makefile -@@ -0,0 +1,83 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = python -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES) -+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git a/python/po/POTFILES b/python/po/POTFILES -new file mode 100644 -index 00000000..128eb870 ---- /dev/null -+++ b/python/po/POTFILES -@@ -0,0 +1,10 @@ -+../audit2allow/audit2allow -+../chcat/chcat -+../semanage/semanage -+../semanage/seobject.py -+../sepolgen/src/sepolgen/interfaces.py -+../sepolicy/sepolicy/generate.py -+../sepolicy/sepolicy/gui.py -+../sepolicy/sepolicy/__init__.py -+../sepolicy/sepolicy/interface.py -+../sepolicy/sepolicy.py -diff --git a/sandbox/Makefile b/sandbox/Makefile -index 9da5e58d..b817824e 100644 ---- a/sandbox/Makefile -+++ b/sandbox/Makefile -@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng - SEUNSHARE_OBJS = seunshare.o - - all: sandbox seunshare sandboxX.sh start -+ (cd po && $(MAKE) $@) - - seunshare: $(SEUNSHARE_OBJS) - -@@ -39,6 +40,7 @@ install: all - install -m 755 start $(DESTDIR)$(SHAREDIR) - -mkdir -p $(DESTDIR)$(SYSCONFDIR) - install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox -+ (cd po && $(MAKE) $@) - - test: - @$(PYTHON) test_sandbox.py -v -diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile -new file mode 100644 -index 00000000..0556bbe9 ---- /dev/null -+++ b/sandbox/po/Makefile -@@ -0,0 +1,82 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = sandbox -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(POTFILE) $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES -new file mode 100644 -index 00000000..deff3f2f ---- /dev/null -+++ b/sandbox/po/POTFILES -@@ -0,0 +1 @@ -+../sandbox --- -2.21.0 - diff --git a/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch deleted file mode 100644 index c214ee4..0000000 --- a/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch +++ /dev/null @@ -1,306 +0,0 @@ -From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 6 Aug 2018 13:37:07 +0200 -Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/ - -https://github.com/fedora-selinux/selinux/issues/43 ---- - gui/booleansPage.py | 2 +- - gui/domainsPage.py | 2 +- - gui/fcontextPage.py | 2 +- - gui/loginsPage.py | 2 +- - gui/modulesPage.py | 2 +- - gui/polgengui.py | 2 +- - gui/portsPage.py | 2 +- - gui/semanagePage.py | 2 +- - gui/statusPage.py | 2 +- - gui/system-config-selinux.py | 2 +- - gui/usersPage.py | 2 +- - python/chcat/chcat | 2 +- - python/semanage/semanage | 2 +- - python/semanage/seobject.py | 2 +- - python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +- - python/sepolicy/sepolicy.py | 2 +- - python/sepolicy/sepolicy/__init__.py | 2 +- - python/sepolicy/sepolicy/generate.py | 2 +- - python/sepolicy/sepolicy/gui.py | 2 +- - python/sepolicy/sepolicy/interface.py | 2 +- - sandbox/sandbox | 2 +- - 21 files changed, 21 insertions(+), 21 deletions(-) - -diff --git a/gui/booleansPage.py b/gui/booleansPage.py -index 7849bea2..dd12b6d6 100644 ---- a/gui/booleansPage.py -+++ b/gui/booleansPage.py -@@ -38,7 +38,7 @@ DISABLED = 2 - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/domainsPage.py b/gui/domainsPage.py -index bad5140d..6bbe4de5 100644 ---- a/gui/domainsPage.py -+++ b/gui/domainsPage.py -@@ -30,7 +30,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py -index 370bbee4..e424366d 100644 ---- a/gui/fcontextPage.py -+++ b/gui/fcontextPage.py -@@ -47,7 +47,7 @@ class context: - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/loginsPage.py b/gui/loginsPage.py -index b67eb8bc..cbfb0cc2 100644 ---- a/gui/loginsPage.py -+++ b/gui/loginsPage.py -@@ -29,7 +29,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/modulesPage.py b/gui/modulesPage.py -index cb856b2d..26ac5404 100644 ---- a/gui/modulesPage.py -+++ b/gui/modulesPage.py -@@ -30,7 +30,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/polgengui.py b/gui/polgengui.py -index b1cc9937..46a1bd2c 100644 ---- a/gui/polgengui.py -+++ b/gui/polgengui.py -@@ -63,7 +63,7 @@ def get_all_modules(): - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/portsPage.py b/gui/portsPage.py -index 30f58383..a537ecc8 100644 ---- a/gui/portsPage.py -+++ b/gui/portsPage.py -@@ -35,7 +35,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/semanagePage.py b/gui/semanagePage.py -index 4127804f..5361d69c 100644 ---- a/gui/semanagePage.py -+++ b/gui/semanagePage.py -@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/statusPage.py b/gui/statusPage.py -index 766854b1..a8f079b9 100644 ---- a/gui/statusPage.py -+++ b/gui/statusPage.py -@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel" - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py -index c42301b6..1e0d5eb1 100644 ---- a/gui/system-config-selinux.py -+++ b/gui/system-config-selinux.py -@@ -45,7 +45,7 @@ import selinux - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/usersPage.py b/gui/usersPage.py -index 26794ed5..d15d4c5a 100644 ---- a/gui/usersPage.py -+++ b/gui/usersPage.py -@@ -29,7 +29,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/python/chcat/chcat b/python/chcat/chcat -index ba398684..df2509f2 100755 ---- a/python/chcat/chcat -+++ b/python/chcat/chcat -@@ -30,7 +30,7 @@ import getopt - import selinux - import seobject - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 144cc000..56db3e0d 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -27,7 +27,7 @@ import traceback - import argparse - import seobject - import sys --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 13fdf531..b90b1070 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -29,7 +29,7 @@ import sys - import stat - import socket - from semanage import * --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - import sepolicy - import setools - from IPy import IP -diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py -index 998c4356..56ebd807 100644 ---- a/python/sepolgen/src/sepolgen/sepolgeni18n.py -+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py -@@ -19,7 +19,7 @@ - - try: - import gettext -- t = gettext.translation( 'yumex' ) -+ t = gettext.translation( 'selinux-python' ) - _ = t.gettext - except: - def _(str): -diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py -index 1934cd86..8bd6a579 100755 ---- a/python/sepolicy/sepolicy.py -+++ b/python/sepolicy/sepolicy.py -@@ -27,7 +27,7 @@ import selinux - import sepolicy - from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text - import argparse --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 0c66f4d5..b6ca57c3 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -13,7 +13,7 @@ import os - import re - import gzip - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 019e7836..7175d36b 100644 ---- a/python/sepolicy/sepolicy/generate.py -+++ b/python/sepolicy/sepolicy/generate.py -@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py -index 00fd7a11..805cee67 100644 ---- a/python/sepolicy/sepolicy/gui.py -+++ b/python/sepolicy/sepolicy/gui.py -@@ -41,7 +41,7 @@ import os - import re - import unicodedata - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py -index 583091ae..e2b8d23b 100644 ---- a/python/sepolicy/sepolicy/interface.py -+++ b/python/sepolicy/sepolicy/interface.py -@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/sandbox/sandbox b/sandbox/sandbox -index 1dec07ac..a12403b3 100644 ---- a/sandbox/sandbox -+++ b/sandbox/sandbox -@@ -37,7 +37,7 @@ import sepolicy - - SEUNSHARE = "/usr/sbin/seunshare" - SANDBOXSH = "/usr/share/sandbox/sandboxX.sh" --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-sandbox" - try: - import gettext - kwargs = {} --- -2.21.0 - diff --git a/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch deleted file mode 100644 index 7b7d340..0000000 --- a/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch +++ /dev/null @@ -1,4532 +0,0 @@ -From c8c59758d2fb7f6cbe368c9ff8f356ea7acebb4b Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 6 Aug 2018 14:23:19 +0200 -Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/ - -https://github.com/fedora-selinux/selinux/issues/43 ---- - gui/po/gui.pot | 964 ++++++++++++ - python/po/python.pot | 3375 ++++++++++++++++++++++++++++++++++++++++ - sandbox/po/sandbox.pot | 157 ++ - 3 files changed, 4496 insertions(+) - create mode 100644 gui/po/gui.pot - create mode 100644 python/po/python.pot - create mode 100644 sandbox/po/sandbox.pot - -diff --git a/gui/po/gui.pot b/gui/po/gui.pot -new file mode 100644 -index 00000000..1663b4ca ---- /dev/null -+++ b/gui/po/gui.pot -@@ -0,0 +1,964 @@ -+# SOME DESCRIPTIVE TITLE. -+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -+# This file is distributed under the same license as the PACKAGE package. -+# FIRST AUTHOR , YEAR. -+# -+#, fuzzy -+msgid "" -+msgstr "" -+"Project-Id-Version: PACKAGE VERSION\n" -+"Report-Msgid-Bugs-To: \n" -+"POT-Creation-Date: 2018-08-06 14:22+0200\n" -+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -+"Last-Translator: FULL NAME \n" -+"Language-Team: LANGUAGE \n" -+"Language: \n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=CHARSET\n" -+"Content-Transfer-Encoding: 8bit\n" -+ -+#: ../booleansPage.py:198 ../system-config-selinux.ui:1025 -+msgid "Boolean" -+msgstr "" -+ -+#: ../booleansPage.py:248 ../semanagePage.py:166 -+msgid "all" -+msgstr "" -+ -+#: ../booleansPage.py:250 ../semanagePage.py:168 -+#: ../system-config-selinux.ui:961 ../system-config-selinux.ui:1097 -+#: ../system-config-selinux.ui:1506 -+msgid "Customized" -+msgstr "" -+ -+#: ../domainsPage.py:55 ../system-config-selinux.ui:1834 -+msgid "Process Domain" -+msgstr "" -+ -+#: ../domainsPage.py:63 -+msgid "Domain Name" -+msgstr "" -+ -+#: ../domainsPage.py:68 -+msgid "Mode" -+msgstr "" -+ -+#: ../domainsPage.py:101 ../domainsPage.py:112 ../domainsPage.py:156 -+#: ../statusPage.py:73 ../system-config-selinux.ui:622 -+#: ../system-config-selinux.ui:1755 -+msgid "Permissive" -+msgstr "" -+ -+#: ../fcontextPage.py:72 ../system-config-selinux.ui:1160 -+msgid "File Labeling" -+msgstr "" -+ -+#: ../fcontextPage.py:82 -+msgid "" -+"File\n" -+"Specification" -+msgstr "" -+ -+#: ../fcontextPage.py:89 -+msgid "" -+"Selinux\n" -+"File Type" -+msgstr "" -+ -+#: ../fcontextPage.py:96 -+msgid "" -+"File\n" -+"Type" -+msgstr "" -+ -+#: ../loginsPage.py:55 ../system-config-selinux.ui:1281 -+msgid "User Mapping" -+msgstr "" -+ -+#: ../loginsPage.py:59 -+msgid "" -+"Login\n" -+"Name" -+msgstr "" -+ -+#: ../loginsPage.py:63 ../usersPage.py:60 -+msgid "" -+"SELinux\n" -+"User" -+msgstr "" -+ -+#: ../loginsPage.py:66 ../usersPage.py:65 -+msgid "" -+"MLS/\n" -+"MCS Range" -+msgstr "" -+ -+#: ../loginsPage.py:135 -+#, python-format -+msgid "Login '%s' is required" -+msgstr "" -+ -+#: ../modulesPage.py:55 ../system-config-selinux.ui:1722 -+msgid "Policy Module" -+msgstr "" -+ -+#: ../modulesPage.py:65 -+msgid "Module Name" -+msgstr "" -+ -+#: ../modulesPage.py:70 -+msgid "Priority" -+msgstr "" -+ -+#: ../modulesPage.py:79 -+msgid "Kind" -+msgstr "" -+ -+#: ../modulesPage.py:147 -+msgid "Disable Audit" -+msgstr "" -+ -+#: ../modulesPage.py:150 ../system-config-selinux.ui:1659 -+msgid "Enable Audit" -+msgstr "" -+ -+#: ../modulesPage.py:175 -+msgid "Load Policy Module" -+msgstr "" -+ -+#: ../org.selinux.config.policy:11 -+msgid "Run System Config SELinux" -+msgstr "" -+ -+#: ../org.selinux.config.policy:12 -+msgid "Authentication is required to run system-config-selinux" -+msgstr "" -+ -+#: ../polgengui.py:288 ../polgen.ui:728 -+msgid "Name" -+msgstr "" -+ -+#: ../polgengui.py:290 ../polgen.ui:111 -+msgid "Description" -+msgstr "" -+ -+#: ../polgengui.py:298 -+msgid "Role" -+msgstr "" -+ -+#: ../polgengui.py:305 -+msgid "Existing_User" -+msgstr "" -+ -+#: ../polgengui.py:319 ../polgengui.py:327 ../polgengui.py:341 -+msgid "Application" -+msgstr "" -+ -+#: ../polgengui.py:386 -+#, python-format -+msgid "%s must be a directory" -+msgstr "" -+ -+#: ../polgengui.py:446 ../polgengui.py:727 -+msgid "You must select a user" -+msgstr "" -+ -+#: ../polgengui.py:576 -+msgid "Select executable file to be confined." -+msgstr "" -+ -+#: ../polgengui.py:587 -+msgid "Select init script file to be confined." -+msgstr "" -+ -+#: ../polgengui.py:597 -+msgid "Select file(s) that confined application creates or writes" -+msgstr "" -+ -+#: ../polgengui.py:604 -+msgid "Select directory(s) that the confined application owns and writes into" -+msgstr "" -+ -+#: ../polgengui.py:666 -+msgid "Select directory to generate policy files in" -+msgstr "" -+ -+#: ../polgengui.py:683 -+#, python-format -+msgid "" -+"Type %s_t already defined in current policy.\n" -+"Do you want to continue?" -+msgstr "" -+ -+#: ../polgengui.py:683 ../polgengui.py:687 -+msgid "Verify Name" -+msgstr "" -+ -+#: ../polgengui.py:687 -+#, python-format -+msgid "" -+"Module %s already loaded in current policy.\n" -+"Do you want to continue?" -+msgstr "" -+ -+#: ../polgengui.py:733 -+msgid "" -+"You must add a name made up of letters and numbers and containing no spaces." -+msgstr "" -+ -+#: ../polgengui.py:747 -+msgid "You must enter a executable" -+msgstr "" -+ -+#: ../polgengui.py:772 ../system-config-selinux.py:184 -+msgid "Configue SELinux" -+msgstr "" -+ -+#: ../polgen.ui:9 -+msgid "Red Hat 2007" -+msgstr "" -+ -+#: ../polgen.ui:11 -+msgid "GPL" -+msgstr "" -+ -+#. TRANSLATORS: Replace this string with your names, one name per line. -+#: ../polgen.ui:13 ../system-config-selinux.ui:15 -+msgid "translator-credits" -+msgstr "" -+ -+#: ../polgen.ui:34 -+msgid "Add Booleans Dialog" -+msgstr "" -+ -+#: ../polgen.ui:99 -+msgid "Boolean Name" -+msgstr "" -+ -+#: ../polgen.ui:234 ../selinux-polgengui.desktop:3 -+msgid "SELinux Policy Generation Tool" -+msgstr "" -+ -+#: ../polgen.ui:255 -+msgid "" -+"Select the policy type for the application or user role you want to " -+"confine:" -+msgstr "" -+ -+#: ../polgen.ui:288 -+msgid "Applications" -+msgstr "" -+ -+#: ../polgen.ui:320 -+msgid "Standard Init Daemon" -+msgstr "" -+ -+#: ../polgen.ui:324 ../polgen.ui:340 -+msgid "" -+"Standard Init Daemon are daemons started on boot via init scripts. Usually " -+"requires a script in /etc/rc.d/init.d" -+msgstr "" -+ -+#: ../polgen.ui:336 -+msgid "DBUS System Daemon" -+msgstr "" -+ -+#: ../polgen.ui:353 -+msgid "Internet Services Daemon (inetd)" -+msgstr "" -+ -+#: ../polgen.ui:357 -+msgid "Internet Services Daemon are daemons started by xinetd" -+msgstr "" -+ -+#: ../polgen.ui:370 -+msgid "Web Application/Script (CGI)" -+msgstr "" -+ -+#: ../polgen.ui:374 -+msgid "" -+"Web Applications/Script (CGI) CGI scripts started by the web server (apache)" -+msgstr "" -+ -+#: ../polgen.ui:387 -+msgid "User Application" -+msgstr "" -+ -+#: ../polgen.ui:391 ../polgen.ui:408 -+msgid "" -+"User Application are any application that you would like to confine that is " -+"started by a user" -+msgstr "" -+ -+#: ../polgen.ui:404 -+msgid "Sandbox" -+msgstr "" -+ -+#: ../polgen.ui:450 -+msgid "Login Users" -+msgstr "" -+ -+#: ../polgen.ui:482 -+msgid "Existing User Roles" -+msgstr "" -+ -+#: ../polgen.ui:486 -+msgid "Modify an existing login user record." -+msgstr "" -+ -+#: ../polgen.ui:499 -+msgid "Minimal Terminal User Role" -+msgstr "" -+ -+#: ../polgen.ui:503 -+msgid "" -+"This user will login to a machine only via a terminal or remote login. By " -+"default this user will have no setuid, no networking, no su, no sudo." -+msgstr "" -+ -+#: ../polgen.ui:516 -+msgid "Minimal X Windows User Role" -+msgstr "" -+ -+#: ../polgen.ui:520 -+msgid "" -+"This user can login to a machine via X or terminal. By default this user " -+"will have no setuid, no networking, no sudo, no su" -+msgstr "" -+ -+#: ../polgen.ui:533 -+msgid "User Role" -+msgstr "" -+ -+#: ../polgen.ui:537 -+msgid "" -+"User with full networking, no setuid applications without transition, no " -+"sudo, no su." -+msgstr "" -+ -+#: ../polgen.ui:550 -+msgid "Admin User Role" -+msgstr "" -+ -+#: ../polgen.ui:554 -+msgid "" -+"User with full networking, no setuid applications without transition, no su, " -+"can sudo to Root Administration Roles" -+msgstr "" -+ -+#: ../polgen.ui:596 -+msgid "Root Users" -+msgstr "" -+ -+#: ../polgen.ui:627 -+msgid "Root Admin User Role" -+msgstr "" -+ -+#: ../polgen.ui:631 -+msgid "" -+"Select Root Administrator User Role, if this user will be used to administer " -+"the machine while running as root. This user will not be able to login to " -+"the system directly." -+msgstr "" -+ -+#: ../polgen.ui:705 -+msgid "Enter name of application or user role:" -+msgstr "" -+ -+#: ../polgen.ui:739 -+msgid "Enter complete path for executable to be confined." -+msgstr "" -+ -+#: ../polgen.ui:756 ../polgen.ui:838 ../polgen.ui:2317 -+msgid "..." -+msgstr "" -+ -+#: ../polgen.ui:776 -+msgid "Enter unique name for the confined application or user role." -+msgstr "" -+ -+#: ../polgen.ui:794 -+msgid "Executable" -+msgstr "" -+ -+#: ../polgen.ui:808 -+msgid "Init script" -+msgstr "" -+ -+#: ../polgen.ui:821 -+msgid "" -+"Enter complete path to init script used to start the confined application." -+msgstr "" -+ -+#: ../polgen.ui:883 -+msgid "Select existing role to modify:" -+msgstr "" -+ -+#: ../polgen.ui:904 -+#, python-format -+msgid "Select the user roles that will transiton to the %s domain." -+msgstr "" -+ -+#: ../polgen.ui:921 -+msgid "role tab" -+msgstr "" -+ -+#: ../polgen.ui:937 -+#, python-format -+msgid "Select roles that %s will transition to:" -+msgstr "" -+ -+#: ../polgen.ui:955 -+#, python-format -+msgid "Select applications domains that %s will transition to." -+msgstr "" -+ -+#: ../polgen.ui:972 -+msgid "" -+"transition \n" -+"role tab" -+msgstr "" -+ -+#: ../polgen.ui:989 -+#, python-format -+msgid "Select the user_roles that will transition to %s:" -+msgstr "" -+ -+#: ../polgen.ui:1007 -+msgid "Select the user roles that will transiton to this applications domains." -+msgstr "" -+ -+#: ../polgen.ui:1040 -+#, python-format -+msgid "Select domains that %s will administer:" -+msgstr "" -+ -+#: ../polgen.ui:1058 ../polgen.ui:1109 -+msgid "Select the domains that you would like this user administer." -+msgstr "" -+ -+#: ../polgen.ui:1091 -+#, python-format -+msgid "Select additional roles for %s:" -+msgstr "" -+ -+#: ../polgen.ui:1142 -+#, python-format -+msgid "Enter network ports that %s binds on:" -+msgstr "" -+ -+#: ../polgen.ui:1162 ../polgen.ui:1529 -+msgid "TCP Ports" -+msgstr "" -+ -+#: ../polgen.ui:1199 ../polgen.ui:1366 ../polgen.ui:1561 ../polgen.ui:1670 -+msgid "All" -+msgstr "" -+ -+#: ../polgen.ui:1203 ../polgen.ui:1370 -+#, python-format -+msgid "Allows %s to bind to any udp port" -+msgstr "" -+ -+#: ../polgen.ui:1216 ../polgen.ui:1383 -+msgid "600-1024" -+msgstr "" -+ -+#: ../polgen.ui:1220 ../polgen.ui:1387 -+#, python-format -+msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" -+msgstr "" -+ -+#: ../polgen.ui:1233 ../polgen.ui:1400 -+msgid "Unreserved Ports (>1024)" -+msgstr "" -+ -+#: ../polgen.ui:1237 ../polgen.ui:1404 -+#, python-format -+msgid "" -+"Enter a comma separated list of udp ports or ranges of ports that %s binds " -+"to. Example: 612, 650-660" -+msgstr "" -+ -+#: ../polgen.ui:1265 ../polgen.ui:1432 ../polgen.ui:1581 ../polgen.ui:1690 -+msgid "Select Ports" -+msgstr "" -+ -+#: ../polgen.ui:1278 ../polgen.ui:1445 -+#, python-format -+msgid "Allows %s to bind to any udp ports > 1024" -+msgstr "" -+ -+#: ../polgen.ui:1329 ../polgen.ui:1638 -+msgid "UDP Ports" -+msgstr "" -+ -+#: ../polgen.ui:1492 -+msgid "" -+"Network\n" -+"Bind tab" -+msgstr "" -+ -+#: ../polgen.ui:1509 -+#, python-format -+msgid "Select network ports that %s connects to:" -+msgstr "" -+ -+#: ../polgen.ui:1565 -+#, python-format -+msgid "Allows %s to connect to any tcp port" -+msgstr "" -+ -+#: ../polgen.ui:1594 -+#, python-format -+msgid "" -+"Enter a comma separated list of tcp ports or ranges of ports that %s " -+"connects to. Example: 612, 650-660" -+msgstr "" -+ -+#: ../polgen.ui:1674 -+#, python-format -+msgid "Allows %s to connect to any udp port" -+msgstr "" -+ -+#: ../polgen.ui:1703 -+#, python-format -+msgid "" -+"Enter a comma separated list of udp ports or ranges of ports that %s " -+"connects to. Example: 612, 650-660" -+msgstr "" -+ -+#: ../polgen.ui:1760 -+#, python-format -+msgid "Select common application traits for %s:" -+msgstr "" -+ -+#: ../polgen.ui:1777 -+msgid "Writes syslog messages\t" -+msgstr "" -+ -+#: ../polgen.ui:1792 -+msgid "Create/Manipulate temporary files in /tmp" -+msgstr "" -+ -+#: ../polgen.ui:1807 -+msgid "Uses Pam for authentication" -+msgstr "" -+ -+#: ../polgen.ui:1822 -+msgid "Uses nsswitch or getpw* calls" -+msgstr "" -+ -+#: ../polgen.ui:1837 -+msgid "Uses dbus" -+msgstr "" -+ -+#: ../polgen.ui:1852 -+msgid "Sends audit messages" -+msgstr "" -+ -+#: ../polgen.ui:1867 -+msgid "Interacts with the terminal" -+msgstr "" -+ -+#: ../polgen.ui:1882 -+msgid "Sends email" -+msgstr "" -+ -+#: ../polgen.ui:1925 -+#, python-format -+msgid "Add files/directories that %s manages" -+msgstr "" -+ -+#: ../polgen.ui:2086 -+#, python-format -+msgid "" -+"Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " -+"Files ..." -+msgstr "" -+ -+#: ../polgen.ui:2126 -+#, python-format -+msgid "Add booleans from the %s policy:" -+msgstr "" -+ -+#: ../polgen.ui:2234 -+#, python-format -+msgid "Add/Remove booleans used by the %s domain" -+msgstr "" -+ -+#: ../polgen.ui:2272 -+#, python-format -+msgid "Which directory you will generate the %s policy?" -+msgstr "" -+ -+#: ../polgen.ui:2290 -+msgid "Policy Directory" -+msgstr "" -+ -+#: ../portsPage.py:60 ../system-config-selinux.ui:1570 -+msgid "Network Port" -+msgstr "" -+ -+#: ../portsPage.py:95 -+msgid "" -+"SELinux Port\n" -+"Type" -+msgstr "" -+ -+#: ../portsPage.py:101 ../system-config-selinux.ui:294 -+msgid "Protocol" -+msgstr "" -+ -+#: ../portsPage.py:106 ../system-config-selinux.ui:355 -+msgid "" -+"MLS/MCS\n" -+"Level" -+msgstr "" -+ -+#: ../portsPage.py:111 -+msgid "Port" -+msgstr "" -+ -+#: ../portsPage.py:213 -+#, python-format -+msgid "Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 " -+msgstr "" -+ -+#: ../portsPage.py:258 -+msgid "List View" -+msgstr "" -+ -+#: ../portsPage.py:261 ../system-config-selinux.ui:1492 -+msgid "Group View" -+msgstr "" -+ -+#: ../selinux-polgengui.desktop:32 ../sepolicy.desktop:4 -+msgid "Generate SELinux policy modules" -+msgstr "" -+ -+#: ../selinux-polgengui.desktop:62 ../system-config-selinux.desktop:62 -+msgid "system-config-selinux" -+msgstr "" -+ -+#: ../semanagePage.py:130 -+#, python-format -+msgid "Are you sure you want to delete %s '%s'?" -+msgstr "" -+ -+#: ../semanagePage.py:130 -+#, python-format -+msgid "Delete %s" -+msgstr "" -+ -+#: ../semanagePage.py:138 -+#, python-format -+msgid "Add %s" -+msgstr "" -+ -+#: ../semanagePage.py:152 -+#, python-format -+msgid "Modify %s" -+msgstr "" -+ -+#: ../sepolicy.desktop:3 -+msgid "SELinux Policy Management Tool" -+msgstr "" -+ -+#: ../sepolicy.desktop:5 -+msgid "sepolicy" -+msgstr "" -+ -+#: ../sepolicy.desktop:11 -+msgid "policy;security;selinux;avc;permission;mac;" -+msgstr "" -+ -+#: ../statusPage.py:74 ../system-config-selinux.ui:625 -+#: ../system-config-selinux.ui:1770 -+msgid "Enforcing" -+msgstr "" -+ -+#: ../statusPage.py:79 ../system-config-selinux.ui:619 -+msgid "Disabled" -+msgstr "" -+ -+#: ../statusPage.py:98 -+msgid "Status" -+msgstr "" -+ -+#: ../statusPage.py:137 -+msgid "" -+"Changing the policy type will cause a relabel of the entire file system on " -+"the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../statusPage.py:151 -+msgid "" -+"Changing to SELinux disabled requires a reboot. It is not recommended. If " -+"you later decide to turn SELinux back on, the system will be required to " -+"relabel. If you just want to see if SELinux is causing a problem on your " -+"system, you can go to permissive mode which will only log errors and not " -+"enforce SELinux policy. Permissive mode does not require a reboot Do you " -+"wish to continue?" -+msgstr "" -+ -+#: ../statusPage.py:156 -+msgid "" -+"Changing to SELinux enabled will cause a relabel of the entire file system " -+"on the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../system-config-selinux.desktop:3 -+msgid "SELinux Management" -+msgstr "" -+ -+#: ../system-config-selinux.desktop:32 -+msgid "Configure SELinux in a graphical setting" -+msgstr "" -+ -+#: ../system-config-selinux.ui:11 -+msgid "" -+"Copyright (c)2006 Red Hat, Inc.\n" -+"Copyright (c) 2006 Dan Walsh " -+msgstr "" -+ -+#: ../system-config-selinux.ui:53 ../system-config-selinux.ui:433 -+msgid "Add SELinux Login Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:117 -+msgid "Login Name" -+msgstr "" -+ -+#: ../system-config-selinux.ui:128 ../system-config-selinux.ui:1402 -+#: ../system-config-selinux.ui:1937 ../usersPage.py:54 -+msgid "SELinux User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:139 ../system-config-selinux.ui:1948 -+msgid "MLS/MCS Range" -+msgstr "" -+ -+#: ../system-config-selinux.ui:219 -+msgid "Add SELinux Network Ports" -+msgstr "" -+ -+#: ../system-config-selinux.ui:283 -+msgid "Port Number" -+msgstr "" -+ -+#: ../system-config-selinux.ui:305 ../system-config-selinux.ui:519 -+msgid "SELinux Type" -+msgstr "" -+ -+#: ../system-config-selinux.ui:406 -+msgid "all files" -+msgstr "" -+ -+#: ../system-config-selinux.ui:409 -+msgid "regular file" -+msgstr "" -+ -+#: ../system-config-selinux.ui:412 -+msgid "directory" -+msgstr "" -+ -+#: ../system-config-selinux.ui:415 -+msgid "character device" -+msgstr "" -+ -+#: ../system-config-selinux.ui:418 -+msgid "block device" -+msgstr "" -+ -+#: ../system-config-selinux.ui:421 -+msgid "socket file" -+msgstr "" -+ -+#: ../system-config-selinux.ui:424 -+msgid "symbolic link" -+msgstr "" -+ -+#: ../system-config-selinux.ui:427 -+msgid "named pipe" -+msgstr "" -+ -+#: ../system-config-selinux.ui:497 -+msgid "File Specification" -+msgstr "" -+ -+#: ../system-config-selinux.ui:508 -+msgid "File Type" -+msgstr "" -+ -+#: ../system-config-selinux.ui:569 -+msgid "MLS" -+msgstr "" -+ -+#: ../system-config-selinux.ui:631 -+msgid "SELinux Administration" -+msgstr "" -+ -+#: ../system-config-selinux.ui:648 -+msgid "_File" -+msgstr "" -+ -+#: ../system-config-selinux.ui:656 -+msgid "_Add" -+msgstr "" -+ -+#: ../system-config-selinux.ui:668 -+msgid "_Properties" -+msgstr "" -+ -+#: ../system-config-selinux.ui:680 -+msgid "_Delete" -+msgstr "" -+ -+#: ../system-config-selinux.ui:707 -+msgid "_Help" -+msgstr "" -+ -+#: ../system-config-selinux.ui:754 -+msgid "Select Management Object" -+msgstr "" -+ -+#: ../system-config-selinux.ui:767 -+msgid "Select:" -+msgstr "" -+ -+#: ../system-config-selinux.ui:797 -+msgid "System Default Enforcing Mode" -+msgstr "" -+ -+#: ../system-config-selinux.ui:826 -+msgid "Current Enforcing Mode" -+msgstr "" -+ -+#: ../system-config-selinux.ui:848 -+msgid "System Default Policy Type: " -+msgstr "" -+ -+#: ../system-config-selinux.ui:871 -+msgid "" -+"Select if you wish to relabel then entire file system on next reboot. " -+"Relabeling can take a very long time, depending on the size of the system. " -+"If you are changing policy types or going from disabled to enforcing, a " -+"relabel is required." -+msgstr "" -+ -+#: ../system-config-selinux.ui:903 -+msgid "Relabel on next reboot." -+msgstr "" -+ -+#: ../system-config-selinux.ui:947 -+msgid "Revert boolean setting to system default" -+msgstr "" -+ -+#: ../system-config-selinux.ui:960 -+msgid "Toggle between Customized and All Booleans" -+msgstr "" -+ -+#: ../system-config-selinux.ui:986 ../system-config-selinux.ui:1122 -+#: ../system-config-selinux.ui:1242 ../system-config-selinux.ui:1363 -+#: ../system-config-selinux.ui:1531 ../system-config-selinux.ui:1683 -+#: ../system-config-selinux.ui:1795 -+msgid "Filter" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1057 -+msgid "Add File Context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1070 -+msgid "Modify File Context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1083 -+msgid "Delete File Context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1096 -+msgid "Toggle between all and customized file context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1192 -+msgid "Add SELinux User Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1205 -+msgid "Modify SELinux User Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1218 -+msgid "Delete SELinux User Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1313 -+msgid "Add User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1326 -+msgid "Modify User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1339 -+msgid "Delete User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1434 -+msgid "Add Network Port" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1447 -+msgid "Edit Network Port" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1460 -+msgid "Delete Network Port" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1491 ../system-config-selinux.ui:1505 -+msgid "Toggle between Customized and All Ports" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1602 -+msgid "Generate new policy module" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1614 -+msgid "Load policy module" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1627 -+msgid "Remove loadable policy module" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1658 -+msgid "" -+"Enable/Disable additional audit rules, that are normally not reported in the " -+"log files." -+msgstr "" -+ -+#: ../system-config-selinux.ui:1754 -+msgid "Change process mode to permissive." -+msgstr "" -+ -+#: ../system-config-selinux.ui:1769 -+msgid "Change process mode to enforcing" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1873 -+msgid "Add SELinux User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1970 ../usersPage.py:69 -+msgid "SELinux Roles" -+msgstr "" -+ -+#: ../usersPage.py:142 -+#, python-format -+msgid "SELinux user '%s' is required" -+msgstr "" -diff --git a/python/po/python.pot b/python/po/python.pot -new file mode 100644 -index 00000000..a279b0e8 ---- /dev/null -+++ b/python/po/python.pot -@@ -0,0 +1,3375 @@ -+# SOME DESCRIPTIVE TITLE. -+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -+# This file is distributed under the same license as the PACKAGE package. -+# FIRST AUTHOR , YEAR. -+# -+#, fuzzy -+msgid "" -+msgstr "" -+"Project-Id-Version: PACKAGE VERSION\n" -+"Report-Msgid-Bugs-To: \n" -+"POT-Creation-Date: 2018-08-06 14:22+0200\n" -+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -+"Last-Translator: FULL NAME \n" -+"Language-Team: LANGUAGE \n" -+"Language: \n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=CHARSET\n" -+"Content-Transfer-Encoding: 8bit\n" -+ -+#: ../audit2allow/audit2allow:237 -+msgid "******************** IMPORTANT ***********************\n" -+msgstr "" -+ -+#: ../audit2allow/audit2allow:238 -+#, python-format -+msgid "" -+"To make this policy package active, execute:\n" -+"\n" -+"semodule -i %s\n" -+"\n" -+msgstr "" -+ -+#: ../chcat/chcat:115 ../chcat/chcat:194 -+msgid "Requires at least one category" -+msgstr "" -+ -+#: ../chcat/chcat:129 ../chcat/chcat:208 -+#, python-format -+msgid "Can not modify sensitivity levels using '+' on %s" -+msgstr "" -+ -+#: ../chcat/chcat:133 -+#, python-format -+msgid "%s is already in %s" -+msgstr "" -+ -+#: ../chcat/chcat:213 ../chcat/chcat:223 -+#, python-format -+msgid "%s is not in %s" -+msgstr "" -+ -+#: ../chcat/chcat:295 ../chcat/chcat:300 -+msgid "Can not combine +/- with other types of categories" -+msgstr "" -+ -+#: ../chcat/chcat:350 -+msgid "Can not have multiple sensitivities" -+msgstr "" -+ -+#: ../chcat/chcat:357 -+#, python-format -+msgid "Usage %s CATEGORY File ..." -+msgstr "" -+ -+#: ../chcat/chcat:358 -+#, python-format -+msgid "Usage %s -l CATEGORY user ..." -+msgstr "" -+ -+#: ../chcat/chcat:359 -+#, python-format -+msgid "Usage %s [[+|-]CATEGORY],...] File ..." -+msgstr "" -+ -+#: ../chcat/chcat:360 -+#, python-format -+msgid "Usage %s -l [[+|-]CATEGORY],...] user ..." -+msgstr "" -+ -+#: ../chcat/chcat:361 -+#, python-format -+msgid "Usage %s -d File ..." -+msgstr "" -+ -+#: ../chcat/chcat:362 -+#, python-format -+msgid "Usage %s -l -d user ..." -+msgstr "" -+ -+#: ../chcat/chcat:363 -+#, python-format -+msgid "Usage %s -L" -+msgstr "" -+ -+#: ../chcat/chcat:364 -+#, python-format -+msgid "Usage %s -L -l user" -+msgstr "" -+ -+#: ../chcat/chcat:365 -+msgid "Use -- to end option list. For example" -+msgstr "" -+ -+#: ../chcat/chcat:366 -+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt" -+msgstr "" -+ -+#: ../chcat/chcat:367 -+msgid "chcat -l +CompanyConfidential juser" -+msgstr "" -+ -+#: ../chcat/chcat:436 -+#, python-format -+msgid "Options Error %s " -+msgstr "" -+ -+#: ../semanage/semanage:203 -+msgid "Select an alternate SELinux Policy Store to manage" -+msgstr "" -+ -+#: ../semanage/semanage:207 -+msgid "Select a priority for module operations" -+msgstr "" -+ -+#: ../semanage/semanage:211 -+#, python-format -+msgid "Do not print heading when listing %s object types" -+msgstr "" -+ -+#: ../semanage/semanage:215 -+msgid "Do not reload policy after commit" -+msgstr "" -+ -+#: ../semanage/semanage:219 -+#, python-format -+msgid "List %s local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:223 -+#, python-format -+msgid "Add a record of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:227 -+msgid "SELinux Type for the object" -+msgstr "" -+ -+#: ../semanage/semanage:231 -+msgid "" -+"Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)" -+msgstr "" -+ -+#: ../semanage/semanage:236 -+msgid "" -+"\n" -+"MLS/MCS Security Range (MLS/MCS Systems only)\n" -+"SELinux Range for SELinux login mapping\n" -+"defaults to the SELinux user record range.\n" -+"SELinux Range for SELinux user defaults to s0.\n" -+msgstr "" -+ -+#: ../semanage/semanage:245 -+msgid "" -+"\n" -+" Protocol for the specified port (tcp|udp) or internet protocol\n" -+" version for the specified node (ipv4|ipv6).\n" -+msgstr "" -+ -+#: ../semanage/semanage:251 -+msgid "" -+"\n" -+" Subnet prefix for the specified infiniband ibpkey.\n" -+msgstr "" -+ -+#: ../semanage/semanage:256 -+msgid "" -+"\n" -+" Name for the specified infiniband end port.\n" -+msgstr "" -+ -+#: ../semanage/semanage:261 -+#, python-format -+msgid "Modify a record of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:265 -+#, python-format -+msgid "List records of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:269 -+#, python-format -+msgid "Delete a record of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:273 -+msgid "Extract customizable commands, for use within a transaction" -+msgstr "" -+ -+#: ../semanage/semanage:277 -+#, python-format -+msgid "Remove all %s objects local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:281 -+msgid "SELinux user name" -+msgstr "" -+ -+#: ../semanage/semanage:286 -+msgid "Manage login mappings between linux users and SELinux confined users" -+msgstr "" -+ -+#: ../semanage/semanage:303 -+#, python-format -+msgid "login_name | %%groupname" -+msgstr "" -+ -+#: ../semanage/semanage:355 -+msgid "Manage file context mapping definitions" -+msgstr "" -+ -+#: ../semanage/semanage:369 -+msgid "" -+"Substitute target path with sourcepath when generating default\n" -+" label. " -+"This is used with fcontext. Requires source and target\n" -+" path " -+"arguments. The context labeling for the target subtree is\n" -+" made " -+"equivalent to that defined for the source." -+msgstr "" -+ -+#: ../semanage/semanage:377 -+msgid "file_spec" -+msgstr "" -+ -+#: ../semanage/semanage:405 -+msgid "Manage SELinux confined users (Roles and levels for an SELinux user)" -+msgstr "" -+ -+#: ../semanage/semanage:423 -+msgid "" -+"\n" -+"SELinux Roles. You must enclose multiple roles within " -+"quotes, separate by spaces. Or specify -R multiple times.\n" -+msgstr "" -+ -+#: ../semanage/semanage:427 -+msgid "selinux_name" -+msgstr "" -+ -+#: ../semanage/semanage:455 -+msgid "Manage network port type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:471 -+msgid "port | port_range" -+msgstr "" -+ -+#: ../semanage/semanage:500 -+msgid "Manage infiniband ibpkey type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:516 -+msgid "pkey | pkey_range" -+msgstr "" -+ -+#: ../semanage/semanage:543 -+msgid "Manage infiniband end port type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:559 -+msgid "ibendport" -+msgstr "" -+ -+#: ../semanage/semanage:586 -+msgid "Manage network interface type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:601 -+msgid "interface_spec" -+msgstr "" -+ -+#: ../semanage/semanage:625 -+msgid "Manage SELinux policy modules" -+msgstr "" -+ -+#: ../semanage/semanage:637 -+msgid "Remove a module" -+msgstr "" -+ -+#: ../semanage/semanage:638 -+msgid "Disable a module" -+msgstr "" -+ -+#: ../semanage/semanage:639 -+msgid "Enable a module" -+msgstr "" -+ -+#: ../semanage/semanage:640 -+msgid "Name of the module to act on" -+msgstr "" -+ -+#: ../semanage/semanage:667 -+msgid "Manage network node type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:681 -+msgid "Network Mask" -+msgstr "" -+ -+#: ../semanage/semanage:685 -+msgid "node" -+msgstr "" -+ -+#: ../semanage/semanage:710 -+msgid "Manage booleans to selectively enable functionality" -+msgstr "" -+ -+#: ../semanage/semanage:715 -+msgid "boolean" -+msgstr "" -+ -+#: ../semanage/semanage:725 -+msgid "Enable the boolean" -+msgstr "" -+ -+#: ../semanage/semanage:726 -+msgid "Disable the boolean" -+msgstr "" -+ -+#: ../semanage/semanage:743 -+msgid "semanage permissive: error: the following argument is required: type\n" -+msgstr "" -+ -+#: ../semanage/semanage:748 -+msgid "Manage process type enforcement mode" -+msgstr "" -+ -+#: ../semanage/semanage:760 ../semanage/seobject.py:2611 -+msgid "type" -+msgstr "" -+ -+#: ../semanage/semanage:771 -+msgid "Disable/Enable dontaudit rules in policy" -+msgstr "" -+ -+#: ../semanage/semanage:791 -+msgid "Output local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:793 -+msgid "Output file" -+msgstr "" -+ -+#: ../semanage/semanage:871 -+msgid "Import local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:874 -+msgid "Input file" -+msgstr "" -+ -+#: ../semanage/seobject.py:274 -+msgid "Could not create semanage handle" -+msgstr "" -+ -+#: ../semanage/seobject.py:282 -+msgid "SELinux policy is not managed or store cannot be accessed." -+msgstr "" -+ -+#: ../semanage/seobject.py:287 -+msgid "Cannot read policy store." -+msgstr "" -+ -+#: ../semanage/seobject.py:292 -+msgid "Could not establish semanage connection" -+msgstr "" -+ -+#: ../semanage/seobject.py:297 -+msgid "Could not test MLS enabled status" -+msgstr "" -+ -+#: ../semanage/seobject.py:303 ../semanage/seobject.py:319 -+msgid "Not yet implemented" -+msgstr "" -+ -+#: ../semanage/seobject.py:307 -+msgid "Semanage transaction already in progress" -+msgstr "" -+ -+#: ../semanage/seobject.py:316 -+msgid "Could not start semanage transaction" -+msgstr "" -+ -+#: ../semanage/seobject.py:330 -+msgid "Could not commit semanage transaction" -+msgstr "" -+ -+#: ../semanage/seobject.py:335 -+msgid "Semanage transaction not in progress" -+msgstr "" -+ -+#: ../semanage/seobject.py:349 ../semanage/seobject.py:469 -+msgid "Could not list SELinux modules" -+msgstr "" -+ -+#: ../semanage/seobject.py:356 -+msgid "Could not get module name" -+msgstr "" -+ -+#: ../semanage/seobject.py:360 -+msgid "Could not get module enabled" -+msgstr "" -+ -+#: ../semanage/seobject.py:364 -+msgid "Could not get module priority" -+msgstr "" -+ -+#: ../semanage/seobject.py:368 -+msgid "Could not get module lang_ext" -+msgstr "" -+ -+#: ../semanage/seobject.py:389 -+msgid "Module Name" -+msgstr "" -+ -+#: ../semanage/seobject.py:389 -+msgid "Priority" -+msgstr "" -+ -+#: ../semanage/seobject.py:389 -+msgid "Language" -+msgstr "" -+ -+#: ../semanage/seobject.py:392 ../sepolicy/sepolicy/sepolicy.glade:3431 -+msgid "Disabled" -+msgstr "" -+ -+#: ../semanage/seobject.py:401 -+#, python-format -+msgid "Module does not exist: %s " -+msgstr "" -+ -+#: ../semanage/seobject.py:405 ../semanage/seobject.py:432 -+#, python-format -+msgid "Invalid priority %d (needs to be between 1 and 999)" -+msgstr "" -+ -+#: ../semanage/seobject.py:415 -+msgid "Could not create module key" -+msgstr "" -+ -+#: ../semanage/seobject.py:419 -+msgid "Could not set module key name" -+msgstr "" -+ -+#: ../semanage/seobject.py:424 -+#, python-format -+msgid "Could not enable module %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:426 -+#, python-format -+msgid "Could not disable module %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:437 -+#, python-format -+msgid "Could not remove module %s (remove failed)" -+msgstr "" -+ -+#: ../semanage/seobject.py:454 -+msgid "dontaudit requires either 'on' or 'off'" -+msgstr "" -+ -+#: ../semanage/seobject.py:484 -+msgid "Builtin Permissive Types" -+msgstr "" -+ -+#: ../semanage/seobject.py:494 -+msgid "Customized Permissive Types" -+msgstr "" -+ -+#: ../semanage/seobject.py:502 -+msgid "" -+"The sepolgen python module is required to setup permissive domains.\n" -+"In some distributions it is included in the policycoreutils-devel package.\n" -+"# yum install policycoreutils-devel\n" -+"Or similar for your distro." -+msgstr "" -+ -+#: ../semanage/seobject.py:512 -+#, python-format -+msgid "Could not set permissive domain %s (module installation failed)" -+msgstr "" -+ -+#: ../semanage/seobject.py:518 -+#, python-format -+msgid "Could not remove permissive domain %s (remove failed)" -+msgstr "" -+ -+#: ../semanage/seobject.py:555 ../semanage/seobject.py:627 -+#: ../semanage/seobject.py:674 ../semanage/seobject.py:794 -+#: ../semanage/seobject.py:824 ../semanage/seobject.py:889 -+#: ../semanage/seobject.py:945 ../semanage/seobject.py:1209 -+#: ../semanage/seobject.py:1468 ../semanage/seobject.py:2442 -+#: ../semanage/seobject.py:2512 ../semanage/seobject.py:2536 -+#: ../semanage/seobject.py:2664 ../semanage/seobject.py:2715 -+#, python-format -+msgid "Could not create a key for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:559 ../semanage/seobject.py:631 -+#: ../semanage/seobject.py:678 ../semanage/seobject.py:684 -+#, python-format -+msgid "Could not check if login mapping for %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:561 -+#, python-format -+msgid "Login mapping for %s is already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:566 -+#, python-format -+msgid "Linux Group %s does not exist" -+msgstr "" -+ -+#: ../semanage/seobject.py:571 -+#, python-format -+msgid "Linux User %s does not exist" -+msgstr "" -+ -+#: ../semanage/seobject.py:575 -+#, python-format -+msgid "Could not create login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:579 ../semanage/seobject.py:838 -+#, python-format -+msgid "Could not set name for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:584 ../semanage/seobject.py:848 -+#, python-format -+msgid "Could not set MLS range for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:588 -+#, python-format -+msgid "Could not set SELinux user for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:592 -+#, python-format -+msgid "Could not add login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:610 -+msgid "Requires seuser or serange" -+msgstr "" -+ -+#: ../semanage/seobject.py:633 ../semanage/seobject.py:680 -+#, python-format -+msgid "Login mapping for %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:637 -+#, python-format -+msgid "Could not query seuser for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:652 -+#, python-format -+msgid "Could not modify login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:686 -+#, python-format -+msgid "Login mapping for %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:690 -+#, python-format -+msgid "Could not delete login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:712 ../semanage/seobject.py:745 -+#: ../semanage/seobject.py:988 -+msgid "Could not list login mappings" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 ../semanage/seobject.py:781 -+#: ../sepolicy/sepolicy/sepolicy.glade:1162 -+#: ../sepolicy/sepolicy/sepolicy.glade:3156 -+msgid "Login Name" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 ../semanage/seobject.py:781 -+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040 -+#: ../sepolicy/sepolicy/sepolicy.glade:1188 -+#: ../sepolicy/sepolicy/sepolicy.glade:3174 -+#: ../sepolicy/sepolicy/sepolicy.glade:3260 -+#: ../sepolicy/sepolicy/sepolicy.glade:4915 -+msgid "SELinux User" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 -+msgid "MLS/MCS Range" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 -+msgid "Service" -+msgstr "" -+ -+#: ../semanage/seobject.py:797 ../semanage/seobject.py:828 -+#: ../semanage/seobject.py:893 ../semanage/seobject.py:949 -+#: ../semanage/seobject.py:955 -+#, python-format -+msgid "Could not check if SELinux user %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:800 ../semanage/seobject.py:899 -+#: ../semanage/seobject.py:961 -+#, python-format -+msgid "Could not query user for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:820 -+#, python-format -+msgid "You must add at least one role for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:830 -+#, python-format -+msgid "SELinux user %s is already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:834 -+#, python-format -+msgid "Could not create SELinux user for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:843 -+#, python-format -+msgid "Could not add role %s for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:852 -+#, python-format -+msgid "Could not set MLS level for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:855 -+#, python-format -+msgid "Could not add prefix %s for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:858 -+#, python-format -+msgid "Could not extract key for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:862 -+#, python-format -+msgid "Could not add SELinux user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:883 -+msgid "Requires prefix, roles, level or range" -+msgstr "" -+ -+#: ../semanage/seobject.py:885 -+msgid "Requires prefix or roles" -+msgstr "" -+ -+#: ../semanage/seobject.py:895 ../semanage/seobject.py:951 -+#, python-format -+msgid "SELinux user %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:924 -+#, python-format -+msgid "Could not modify SELinux user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:957 -+#, python-format -+msgid "SELinux user %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:968 -+#, python-format -+msgid "Could not delete SELinux user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1006 -+msgid "Could not list SELinux users" -+msgstr "" -+ -+#: ../semanage/seobject.py:1012 -+#, python-format -+msgid "Could not list roles for user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1034 -+msgid "Labeling" -+msgstr "" -+ -+#: ../semanage/seobject.py:1034 -+msgid "MLS/" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 -+msgid "Prefix" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 -+msgid "MCS Level" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 -+msgid "MCS Range" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040 -+#: ../sepolicy/sepolicy/sepolicy.glade:3280 -+#: ../sepolicy/sepolicy/sepolicy.glade:5251 -+#: ../sepolicy/sepolicy/sepolicy.glade:5400 -+msgid "SELinux Roles" -+msgstr "" -+ -+#: ../semanage/seobject.py:1061 -+msgid "Protocol udp or tcp is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1063 -+msgid "Port is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1073 -+msgid "Invalid Port" -+msgstr "" -+ -+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1345 -+#, python-format -+msgid "Could not create a key for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1088 ../semanage/seobject.py:1356 -+#: ../semanage/seobject.py:1604 -+msgid "Type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1091 ../semanage/seobject.py:1155 -+#, python-format -+msgid "Type %s is invalid, must be a port type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1097 ../semanage/seobject.py:1161 -+#: ../semanage/seobject.py:1227 ../semanage/seobject.py:1233 -+#, python-format -+msgid "Could not check if port %s/%s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1099 -+#, python-format -+msgid "Port %s/%s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1103 -+#, python-format -+msgid "Could not create port for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1109 ../semanage/seobject.py:1377 -+#: ../semanage/seobject.py:1624 -+#, python-format -+msgid "Could not create context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1113 -+#, python-format -+msgid "Could not set user in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1117 -+#, python-format -+msgid "Could not set role in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1121 -+#, python-format -+msgid "Could not set type in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1126 -+#, python-format -+msgid "Could not set mls fields in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1130 -+#, python-format -+msgid "Could not set port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1134 -+#, python-format -+msgid "Could not add port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1150 ../semanage/seobject.py:1416 -+#: ../semanage/seobject.py:1663 ../semanage/seobject.py:1923 -+#: ../semanage/seobject.py:2125 -+msgid "Requires setype or serange" -+msgstr "" -+ -+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1418 -+#: ../semanage/seobject.py:1665 -+msgid "Requires setype" -+msgstr "" -+ -+#: ../semanage/seobject.py:1163 ../semanage/seobject.py:1229 -+#, python-format -+msgid "Port %s/%s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1167 -+#, python-format -+msgid "Could not query port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1181 -+#, python-format -+msgid "Could not modify port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1196 -+msgid "Could not list the ports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1213 -+#, python-format -+msgid "Could not delete the port %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1235 -+#, python-format -+msgid "Port %s/%s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1239 -+#, python-format -+msgid "Could not delete port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1277 -+msgid "Could not list ports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1311 ../sepolicy/sepolicy/sepolicy.glade:2676 -+#: ../sepolicy/sepolicy/sepolicy.glade:2774 -+#: ../sepolicy/sepolicy/sepolicy.glade:4648 -+msgid "SELinux Port Type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1311 -+msgid "Proto" -+msgstr "" -+ -+#: ../semanage/seobject.py:1311 ../semanage/seobject.py:1801 -+#: ../sepolicy/sepolicy/sepolicy.glade:1413 -+msgid "Port Number" -+msgstr "" -+ -+#: ../semanage/seobject.py:1331 -+msgid "Subnet Prefix is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1341 -+msgid "Invalid Pkey" -+msgstr "" -+ -+#: ../semanage/seobject.py:1359 ../semanage/seobject.py:1421 -+#, python-format -+msgid "Type %s is invalid, must be a ibpkey type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1365 ../semanage/seobject.py:1427 -+#: ../semanage/seobject.py:1481 ../semanage/seobject.py:1487 -+#, python-format -+msgid "Could not check if ibpkey %s/%s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1367 -+#, python-format -+msgid "ibpkey %s/%s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1371 -+#, python-format -+msgid "Could not create ibpkey for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1381 -+#, python-format -+msgid "Could not set user in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1385 -+#, python-format -+msgid "Could not set role in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1389 -+#, python-format -+msgid "Could not set type in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1394 -+#, python-format -+msgid "Could not set mls fields in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1398 -+#, python-format -+msgid "Could not set ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1402 -+#, python-format -+msgid "Could not add ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1429 ../semanage/seobject.py:1483 -+#, python-format -+msgid "ibpkey %s/%s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1433 -+#, python-format -+msgid "Could not query ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1444 -+#, python-format -+msgid "Could not modify ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1457 -+msgid "Could not list the ibpkeys" -+msgstr "" -+ -+#: ../semanage/seobject.py:1472 -+#, python-format -+msgid "Could not delete the ibpkey %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1489 -+#, python-format -+msgid "ibpkey %s/%s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1493 -+#, python-format -+msgid "Could not delete ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1509 ../semanage/seobject.py:1530 -+msgid "Could not list ibpkeys" -+msgstr "" -+ -+#: ../semanage/seobject.py:1564 -+msgid "SELinux IB Pkey Type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1564 -+msgid "Subnet_Prefix" -+msgstr "" -+ -+#: ../semanage/seobject.py:1564 -+msgid "Pkey Number" -+msgstr "" -+ -+#: ../semanage/seobject.py:1584 -+msgid "IB device name is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1589 -+msgid "Invalid Port Number" -+msgstr "" -+ -+#: ../semanage/seobject.py:1593 -+#, python-format -+msgid "Could not create a key for ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1607 ../semanage/seobject.py:1668 -+#, python-format -+msgid "Type %s is invalid, must be an ibendport type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1612 ../semanage/seobject.py:1674 -+#: ../semanage/seobject.py:1726 ../semanage/seobject.py:1732 -+#, python-format -+msgid "Could not check if ibendport %s/%s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1614 -+#, python-format -+msgid "ibendport %s/%s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1618 -+#, python-format -+msgid "Could not create ibendport for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1628 -+#, python-format -+msgid "Could not set user in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1632 -+#, python-format -+msgid "Could not set role in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1636 -+#, python-format -+msgid "Could not set type in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1641 -+#, python-format -+msgid "Could not set mls fields in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1645 -+#, python-format -+msgid "Could not set ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1649 -+#, python-format -+msgid "Could not add ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1676 ../semanage/seobject.py:1728 -+#, python-format -+msgid "ibendport %s/%s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1680 -+#, python-format -+msgid "Could not query ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1691 -+#, python-format -+msgid "Could not modify ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1704 -+msgid "Could not list the ibendports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1713 -+#, python-format -+msgid "Could not create a key for %s/%d" -+msgstr "" -+ -+#: ../semanage/seobject.py:1717 -+#, python-format -+msgid "Could not delete the ibendport %s/%d" -+msgstr "" -+ -+#: ../semanage/seobject.py:1734 -+#, python-format -+msgid "ibendport %s/%s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1738 -+#, python-format -+msgid "Could not delete ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1754 ../semanage/seobject.py:1774 -+msgid "Could not list ibendports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1801 -+msgid "SELinux IB End Port Type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1801 -+msgid "IB Device Name" -+msgstr "" -+ -+#: ../semanage/seobject.py:1825 -+msgid "Node Address is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1840 -+msgid "Unknown or missing protocol" -+msgstr "" -+ -+#: ../semanage/seobject.py:1854 -+msgid "SELinux node type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1857 ../semanage/seobject.py:1926 -+#, python-format -+msgid "Type %s is invalid, must be a node type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1861 ../semanage/seobject.py:1930 -+#: ../semanage/seobject.py:1968 ../semanage/seobject.py:2066 -+#: ../semanage/seobject.py:2129 ../semanage/seobject.py:2165 -+#: ../semanage/seobject.py:2377 -+#, python-format -+msgid "Could not create key for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1863 ../semanage/seobject.py:1934 -+#: ../semanage/seobject.py:1972 ../semanage/seobject.py:1978 -+#, python-format -+msgid "Could not check if addr %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1867 -+#, python-format -+msgid "Addr %s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1871 -+#, python-format -+msgid "Could not create addr for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1877 ../semanage/seobject.py:2081 -+#: ../semanage/seobject.py:2333 -+#, python-format -+msgid "Could not create context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1881 -+#, python-format -+msgid "Could not set mask for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1885 -+#, python-format -+msgid "Could not set user in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1889 -+#, python-format -+msgid "Could not set role in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1893 -+#, python-format -+msgid "Could not set type in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1898 -+#, python-format -+msgid "Could not set mls fields in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1902 -+#, python-format -+msgid "Could not set addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1906 -+#, python-format -+msgid "Could not add addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1936 ../semanage/seobject.py:1974 -+#, python-format -+msgid "Addr %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1940 -+#, python-format -+msgid "Could not query addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1950 -+#, python-format -+msgid "Could not modify addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1980 -+#, python-format -+msgid "Addr %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1984 -+#, python-format -+msgid "Could not delete addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1998 -+msgid "Could not deleteall node mappings" -+msgstr "" -+ -+#: ../semanage/seobject.py:2012 -+msgid "Could not list addrs" -+msgstr "" -+ -+#: ../semanage/seobject.py:2062 ../semanage/seobject.py:2370 -+msgid "SELinux Type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:2070 ../semanage/seobject.py:2133 -+#: ../semanage/seobject.py:2169 ../semanage/seobject.py:2175 -+#, python-format -+msgid "Could not check if interface %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2072 -+#, python-format -+msgid "Interface %s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2076 -+#, python-format -+msgid "Could not create interface for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2085 -+#, python-format -+msgid "Could not set user in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2089 -+#, python-format -+msgid "Could not set role in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2093 -+#, python-format -+msgid "Could not set type in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2098 -+#, python-format -+msgid "Could not set mls fields in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2102 -+#, python-format -+msgid "Could not set interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2106 -+#, python-format -+msgid "Could not set message context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2110 -+#, python-format -+msgid "Could not add interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2135 ../semanage/seobject.py:2171 -+#, python-format -+msgid "Interface %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2139 -+#, python-format -+msgid "Could not query interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2150 -+#, python-format -+msgid "Could not modify interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2177 -+#, python-format -+msgid "Interface %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:2181 -+#, python-format -+msgid "Could not delete interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2195 -+msgid "Could not delete all interface mappings" -+msgstr "" -+ -+#: ../semanage/seobject.py:2209 -+msgid "Could not list interfaces" -+msgstr "" -+ -+#: ../semanage/seobject.py:2231 -+msgid "SELinux Interface" -+msgstr "" -+ -+#: ../semanage/seobject.py:2231 ../semanage/seobject.py:2611 -+msgid "Context" -+msgstr "" -+ -+#: ../semanage/seobject.py:2299 -+#, python-format -+msgid "Target %s is not valid. Target is not allowed to end with '/'" -+msgstr "" -+ -+#: ../semanage/seobject.py:2302 -+#, python-format -+msgid "Substiture %s is not valid. Substitute is not allowed to end with '/'" -+msgstr "" -+ -+#: ../semanage/seobject.py:2305 -+#, python-format -+msgid "Equivalence class for %s already exists" -+msgstr "" -+ -+#: ../semanage/seobject.py:2311 -+#, python-format -+msgid "File spec %s conflicts with equivalency rule '%s %s'" -+msgstr "" -+ -+#: ../semanage/seobject.py:2322 -+#, python-format -+msgid "Equivalence class for %s does not exist" -+msgstr "" -+ -+#: ../semanage/seobject.py:2339 -+#, python-format -+msgid "Could not set user in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2343 -+#, python-format -+msgid "Could not set role in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2348 ../semanage/seobject.py:2406 -+#, python-format -+msgid "Could not set mls fields in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2354 -+msgid "Invalid file specification" -+msgstr "" -+ -+#: ../semanage/seobject.py:2356 -+msgid "File specification can not include spaces" -+msgstr "" -+ -+#: ../semanage/seobject.py:2361 -+#, python-format -+msgid "" -+"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" -+msgstr "" -+ -+#: ../semanage/seobject.py:2373 ../semanage/seobject.py:2436 -+#, python-format -+msgid "Type %s is invalid, must be a file or device type" -+msgstr "" -+ -+#: ../semanage/seobject.py:2381 ../semanage/seobject.py:2386 -+#: ../semanage/seobject.py:2446 ../semanage/seobject.py:2540 -+#: ../semanage/seobject.py:2544 -+#, python-format -+msgid "Could not check if file context for %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2389 -+#, python-format -+msgid "File context for %s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2393 -+#, python-format -+msgid "Could not create file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2401 -+#, python-format -+msgid "Could not set type in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2409 ../semanage/seobject.py:2476 -+#: ../semanage/seobject.py:2480 -+#, python-format -+msgid "Could not set file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2415 -+#, python-format -+msgid "Could not add file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2434 -+msgid "Requires setype, serange or seuser" -+msgstr "" -+ -+#: ../semanage/seobject.py:2450 ../semanage/seobject.py:2548 -+#, python-format -+msgid "File context for %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2458 -+#, python-format -+msgid "Could not query file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2484 -+#, python-format -+msgid "Could not modify file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2502 -+msgid "Could not list the file contexts" -+msgstr "" -+ -+#: ../semanage/seobject.py:2516 -+#, python-format -+msgid "Could not delete the file context %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2546 -+#, python-format -+msgid "File context for %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:2552 -+#, python-format -+msgid "Could not delete file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2569 -+msgid "Could not list file contexts" -+msgstr "" -+ -+#: ../semanage/seobject.py:2573 -+msgid "Could not list file contexts for home directories" -+msgstr "" -+ -+#: ../semanage/seobject.py:2577 -+msgid "Could not list local file contexts" -+msgstr "" -+ -+#: ../semanage/seobject.py:2611 -+msgid "SELinux fcontext" -+msgstr "" -+ -+#: ../semanage/seobject.py:2624 -+msgid "" -+"\n" -+"SELinux Distribution fcontext Equivalence \n" -+msgstr "" -+ -+#: ../semanage/seobject.py:2629 -+msgid "" -+"\n" -+"SELinux Local fcontext Equivalence \n" -+msgstr "" -+ -+#: ../semanage/seobject.py:2667 ../semanage/seobject.py:2718 -+#: ../semanage/seobject.py:2724 -+#, python-format -+msgid "Could not check if boolean %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2669 ../semanage/seobject.py:2720 -+#, python-format -+msgid "Boolean %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2673 -+#, python-format -+msgid "Could not query file context %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2678 -+#, python-format -+msgid "You must specify one of the following values: %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2683 -+#, python-format -+msgid "Could not set active value of boolean %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2686 -+#, python-format -+msgid "Could not modify boolean %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2702 -+#, python-format -+msgid "Bad format %s: Record %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2726 -+#, python-format -+msgid "Boolean %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:2730 -+#, python-format -+msgid "Could not delete boolean %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2742 ../semanage/seobject.py:2759 -+msgid "Could not list booleans" -+msgstr "" -+ -+#: ../semanage/seobject.py:2792 -+msgid "off" -+msgstr "" -+ -+#: ../semanage/seobject.py:2792 -+msgid "on" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 -+msgid "SELinux boolean" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 -+msgid "State" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 -+msgid "Default" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 ../sepolicy/sepolicy/sepolicy.glade:2148 -+#: ../sepolicy/sepolicy/sepolicy.glade:2518 -+#: ../sepolicy/sepolicy/sepolicy.glade:5117 -+msgid "Description" -+msgstr "" -+ -+#: ../sepolgen/src/sepolgen/interfaces.py:486 -+msgid "Found circular interface class" -+msgstr "" -+ -+#: ../sepolgen/src/sepolgen/interfaces.py:491 -+#, python-format -+msgid "Missing interface definition for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:141 -+msgid "Standard Init Daemon" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:142 -+msgid "DBUS System Daemon" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:143 -+msgid "Internet Services Daemon" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:144 -+msgid "Web Application/Script (CGI)" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:145 -+msgid "Sandbox" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:146 -+msgid "User Application" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:147 -+msgid "Existing Domain Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:148 -+msgid "Minimal Terminal Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:149 -+msgid "Minimal X Windows Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:150 -+msgid "Desktop Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:151 -+msgid "Administrator Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:152 -+msgid "Confined Root Administrator Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:153 -+msgid "Module information for a new type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:159 -+msgid "Valid Types:\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:194 -+#, python-format -+msgid "Ports must be numbers or ranges of numbers from 1 to %d " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:206 -+msgid "You must enter a valid policy type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:209 -+#, python-format -+msgid "You must enter a name for your policy module for your '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:347 -+msgid "" -+"Name must be alpha numberic with no spaces. Consider using option \"-n " -+"MODULENAME\"" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:439 -+msgid "User Role types can not be assigned executables." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:445 -+msgid "Only Daemon apps can use an init script.." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:463 -+msgid "use_resolve must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:469 -+msgid "use_syslog must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:475 -+msgid "use_kerberos must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:481 -+msgid "manage_krb5_rcache must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:511 -+msgid "USER Types automatically get a tmp type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:848 -+#, python-format -+msgid "'%s' policy modules require existing domains" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:873 -+msgid "Type field required" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:886 -+#, python-format -+msgid "" -+"You need to define a new type which ends with: \n" -+" %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1114 -+msgid "You must enter the executable path for your confined process" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1381 -+msgid "Type Enforcement file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1382 -+msgid "Interface file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1383 -+msgid "File Contexts file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1386 -+msgid "Spec file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1387 -+msgid "Setup Script" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3742 -+#: ../sepolicy/sepolicy/sepolicy.glade:3844 -+#: ../sepolicy/sepolicy/sepolicy.glade:3907 -+#: ../sepolicy/sepolicy/sepolicy.glade:3970 -+msgid "No" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3725 -+#: ../sepolicy/sepolicy/sepolicy.glade:3826 -+#: ../sepolicy/sepolicy/sepolicy.glade:3890 -+#: ../sepolicy/sepolicy/sepolicy.glade:3953 -+msgid "Yes" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:69 -+msgid "Disable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:69 -+msgid "Enable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:82 ../sepolicy/sepolicy/sepolicy.glade:726 -+#: ../sepolicy/sepolicy/sepolicy.glade:1467 -+#: ../sepolicy/sepolicy/sepolicy.glade:3511 -+msgid "Advanced >>" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:82 -+msgid "Advanced <<" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:83 ../sepolicy/sepolicy/sepolicy.glade:80 -+msgid "Advanced Search >>" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:83 -+msgid "Advanced Search <<" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:108 -+msgid "" -+"\n" -+"To change from Disabled to Enforcing mode\n" -+"- Change the system mode from Disabled to Permissive\n" -+"- Reboot, so that the system can relabel\n" -+"- Once the system is working as planned\n" -+" * Change the system mode to Enforcing\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:503 -+#, python-format -+msgid "%s is not a valid domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:652 -+msgid "System Status: Disabled" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:750 -+msgid "Help: Start Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:754 -+msgid "Help: Booleans Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:760 -+msgid "Help: Executable Files Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:763 -+msgid "Help: Writable Files Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:766 -+msgid "Help: Application Types Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:771 -+msgid "Help: Outbound Network Connections Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:774 -+msgid "Help: Inbound Network Connections Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:780 -+msgid "Help: Transition from application Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:783 -+msgid "Help: Transition into application Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:786 -+msgid "Help: Transition application file Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:790 -+msgid "Help: Systems Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:794 -+msgid "Help: Lockdown Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:798 -+msgid "Help: Login Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:802 -+msgid "Help: SELinux User Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:806 -+msgid "Help: File Equivalence Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:951 ../sepolicy/sepolicy/gui.py:1242 -+#: ../sepolicy/sepolicy/gui.py:1682 ../sepolicy/sepolicy/gui.py:1929 -+#: ../sepolicy/sepolicy/gui.py:2717 -+msgid "More..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1059 -+#, python-format -+msgid "File path used to enter the '%s' domain." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1060 -+#, python-format -+msgid "Files to which the '%s' domain can write." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1061 -+#, python-format -+msgid "Network Ports to which the '%s' is allowed to connect." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1062 -+#, python-format -+msgid "Network Ports to which the '%s' is allowed to listen." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1063 -+#, python-format -+msgid "File Types defined for the '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1064 -+#, python-format -+msgid "" -+"Display boolean information that can be used to modify the policy for the " -+"'%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1065 -+#, python-format -+msgid "Display file type information that can be used by the '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1066 -+#, python-format -+msgid "Display network ports to which the '%s' can connect or listen to." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1067 -+#, python-format -+msgid "Application Transitions Into '%s'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1068 -+#, python-format -+msgid "Application Transitions From '%s'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1069 -+#, python-format -+msgid "File Transitions From '%s'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1070 -+#, python-format -+msgid "" -+"Executables which will transition to '%s', when executing selected domains " -+"entrypoint." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1071 -+#, python-format -+msgid "" -+"Executables which will transition to a different domain, when '%s' executes " -+"them." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1072 -+#, python-format -+msgid "Files by '%s' with transitions to a different label." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1073 -+#, python-format -+msgid "Display applications that can transition into or out of the '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1167 ../sepolicy/sepolicy/__init__.py:74 -+msgid "all files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1181 -+msgid "MISSING FILE PATH" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1296 -+#, python-format -+msgid "To disable this transition, go to the %sBoolean section%s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1298 -+#, python-format -+msgid "To enable this transition, go to the %sBoolean section%s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1355 -+msgid "executable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1358 -+msgid "writable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1361 -+msgid "application" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1362 -+#, python-format -+msgid "Add new %(TYPE)s file path for '%(DOMAIN)s' domains." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1363 -+#, python-format -+msgid "Delete %(TYPE)s file paths for '%(DOMAIN)s' domain." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1364 -+#, python-format -+msgid "" -+"Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the " -+"list can be selected, this indicates they were modified previously." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1376 -+msgid "connect" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1379 -+msgid "listen for inbound connections" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1381 -+#, python-format -+msgid "" -+"Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1382 -+#, python-format -+msgid "" -+"Delete modified port definitions to which the '%(APP)s' domain is allowed to " -+"%(PERM)s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1383 -+#, python-format -+msgid "" -+"Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1412 -+msgid "Add new SELinux User/Role definition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1413 -+msgid "Delete modified SELinux User/Role definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1414 -+msgid "Modify selected modified SELinux User/Role definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1421 -+msgid "Add new Login Mapping definition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1422 -+msgid "Delete modified Login Mapping definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1423 -+msgid "Modify selected modified Login Mapping definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1430 -+msgid "Add new File Equivalence definition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1431 -+msgid "Delete modified File Equivalence definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1432 -+msgid "" -+"Modify selected modified File Equivalence definitions. Only bolded items in " -+"the list can be selected, this indicates they were modified previously." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1460 -+#, python-format -+msgid "Boolean %s Allow Rules" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1473 -+#, python-format -+msgid "Add Network Port for %s. Ports will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1474 -+#, python-format -+msgid "Add Network Port for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1479 -+#, python-format -+msgid "" -+"Add File Labeling for %s. File labels will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1480 ../sepolicy/sepolicy/gui.py:1533 -+#, python-format -+msgid "Add File Labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1490 -+msgid "Add Login Mapping. User Mapping will be created when Update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1491 -+msgid "Add Login Mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1496 -+msgid "" -+"Add SELinux User Role. SELinux user roles will be created when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1497 -+msgid "Add SELinux Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1504 -+msgid "" -+"Add File Equivalency Mapping. Mapping will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1505 -+msgid "Add SELinux File Equivalency" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1532 -+#, python-format -+msgid "" -+"Modify File Labeling for %s. File labels will be created when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1588 -+msgid "" -+"Modify SELinux User Role. SELinux user roles will be modified when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1589 -+msgid "Modify SELinux Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1597 -+msgid "" -+"Modify Login Mapping. Login Mapping will be modified when Update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1598 -+msgid "Modify Login Mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1604 -+msgid "" -+"Modify File Equivalency Mapping. Mapping will be created when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1605 -+msgid "Modify SELinux File Equivalency" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1690 -+#, python-format -+msgid "" -+"Modify Network Port for %s. Ports will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1691 -+#, python-format -+msgid "Modify Network Port for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1910 -+#, python-format -+msgid "The entry '%s' is not a valid path. Paths must begin with a '/'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1923 -+msgid "Port number must be between 1 and 65536" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2203 -+#, python-format -+msgid "SELinux name: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2214 -+#, python-format -+msgid "Add file labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2216 -+#, python-format -+msgid "Delete file labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2218 -+#, python-format -+msgid "Modify file labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2222 -+#, python-format -+msgid "File path: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2225 -+#, python-format -+msgid "File class: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2228 ../sepolicy/sepolicy/gui.py:2252 -+#, python-format -+msgid "SELinux file type: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2237 -+#, python-format -+msgid "Add ports for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2239 -+#, python-format -+msgid "Delete ports for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2241 -+#, python-format -+msgid "Modify ports for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2244 -+#, python-format -+msgid "Network ports: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2247 -+#, python-format -+msgid "Network protocol: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2261 -+msgid "Add user" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2263 -+msgid "Delete user" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2265 -+msgid "Modify user" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2268 -+#, python-format -+msgid "SELinux User : %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2273 -+#, python-format -+msgid "Roles: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2277 ../sepolicy/sepolicy/gui.py:2302 -+#, python-format -+msgid "MLS/MCS Range: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2286 -+msgid "Add login mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2288 -+msgid "Delete login mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2290 -+msgid "Modify login mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2294 -+#, python-format -+msgid "Login Name : %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2298 -+#, python-format -+msgid "SELinux User: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2311 -+msgid "Add file equiv labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2313 -+msgid "Delete file equiv labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2315 -+msgid "Modify file equiv labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2319 -+#, python-format -+msgid "File path : %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2323 -+#, python-format -+msgid "Equivalence: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2354 ../sepolicy/sepolicy/sepolicy.glade:129 -+#: ../sepolicy/sepolicy/sepolicy.glade:1898 -+#: ../sepolicy/sepolicy/sepolicy.glade:3803 -+msgid "System" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2363 ../sepolicy/sepolicy/sepolicy.glade:95 -+msgid "File Equivalence" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2373 ../sepolicy/sepolicy/sepolicy.glade:112 -+msgid "Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2426 -+#, python-format -+msgid "" -+"Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the " -+"default %(DEF_CONTEXT)s?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2436 ../sepolicy/sepolicy/sepolicy.glade:4226 -+msgid "Update" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2438 -+msgid "Update Changes" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2440 -+msgid "Revert Changes" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2571 -+msgid "System Status: Enforcing" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2574 -+msgid "System Status: Permissive" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2638 -+msgid "" -+"Changing the policy type will cause a relabel of the entire file system on " -+"the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2768 -+msgid "" -+"Changing to SELinux disabled requires a reboot. It is not recommended. If " -+"you later decide to turn SELinux back on, the system will be required to " -+"relabel. If you just want to see if SELinux is causing a problem on your " -+"system, you can go to permissive mode which will only log errors and not " -+"enforce SELinux policy. Permissive mode does not require a reboot. Do you " -+"wish to continue?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2772 -+msgid "" -+"Changing to SELinux enabled will cause a relabel of the entire file system " -+"on the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2802 -+msgid "" -+"You are attempting to close the application without applying your changes.\n" -+" * To apply changes you have made during this session, click No and " -+"click Update.\n" -+" * To leave the application without applying your changes, click Yes. " -+"All changes that you have made during this session will be lost." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2802 -+msgid "Loss of data Dialog" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:75 -+msgid "regular file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:76 -+msgid "directory" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:77 -+msgid "character device" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:78 -+msgid "block device" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:79 -+msgid "socket file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:80 -+msgid "symbolic link" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:81 -+msgid "named pipe" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:130 -+msgid "No SELinux Policy installed" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:157 -+#, python-format -+msgid "Failed to read %s policy file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:418 -+#, python-format -+msgid "-- Allowed %s [ %s ]" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:831 -+msgid "You must regenerate interface info by running /usr/bin/sepolgen-ifgen" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:1150 -+msgid "unknown" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:223 -+#, python-format -+msgid "Compiling %s interface" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:231 -+#, python-format -+msgid "" -+"\n" -+"Compile test for %s failed.\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:234 -+#, python-format -+msgid "" -+"\n" -+"Compile test for %s has not run. %s\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:240 -+#, python-format -+msgid "" -+"\n" -+"Compiling of %s interface is not supported." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:227 -+#, python-format -+msgid "Interface %s does not exist." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:324 -+msgid "You need to install policycoreutils-gui package to use the gui option" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:329 -+msgid "Graphical User Interface for SELinux Policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:332 ../sepolicy/sepolicy.py:380 -+msgid "Domain name(s) of man pages to be created" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:345 -+msgid "Alternative root needs to be setup" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:362 -+msgid "Generate SELinux man pages" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:365 -+msgid "path in which the generated SELinux man pages will be stored" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:367 -+msgid "name of the OS for man pages" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:369 -+msgid "Generate HTML man pages structure for selected SELinux man page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:371 -+msgid "Alternate root directory, defaults to /" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:373 -+msgid "" -+"With this flag, alternative root path needs to include file context files " -+"and policy.xml file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:377 -+msgid "All domains" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:386 -+msgid "Query SELinux policy network information" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:391 -+msgid "list all SELinux port types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:394 -+msgid "show SELinux type related to the port" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:397 -+msgid "Show ports defined for this SELinux type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:400 -+msgid "show ports to which this domain can bind and/or connect" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:403 -+msgid "show ports to which this application can bind and/or connect" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:420 -+msgid "query SELinux policy to see if domains can communicate with each other" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:423 -+msgid "Source Domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:426 -+msgid "Target Domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:447 -+msgid "query SELinux Policy to see description of booleans" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:451 -+msgid "get all booleans descriptions" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:454 -+msgid "boolean to get description" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:466 -+msgid "" -+"query SELinux Policy to see how a source process domain can transition to " -+"the target process domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:469 -+msgid "source process domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:472 -+msgid "target process domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:517 -+#, python-format -+msgid "sepolicy generate: error: one of the arguments %s is required" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:522 -+msgid "Command required for this type of policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:533 -+#, python-format -+msgid "" -+"-t option can not be used with '%s' domains. Read usage for more details." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:538 -+#, python-format -+msgid "" -+"-d option can not be used with '%s' domains. Read usage for more details." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:542 -+#, python-format -+msgid "" -+"-a option can not be used with '%s' domains. Read usage for more details." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:546 -+msgid "-w option can not be used with the --newtype option" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:567 -+msgid "List SELinux Policy interfaces" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:587 -+msgid "Enter interface names, you wish to query" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:597 -+msgid "Generate SELinux Policy module template" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:600 -+msgid "Enter domain type which you will be extending" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:603 -+msgid "Enter SELinux user(s) which will transition to this domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:606 -+msgid "Enter SELinux role(s) to which the administror domain will transition" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:609 -+msgid "Enter domain(s) which this confined admin will administrate" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:612 -+msgid "name of policy to generate" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:619 -+msgid "path in which the generated policy files will be stored" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:621 -+msgid "path to which the confined processes will need to write" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:622 -+msgid "Policy types which require a command" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:626 ../sepolicy/sepolicy.py:629 -+#: ../sepolicy/sepolicy.py:632 ../sepolicy/sepolicy.py:635 -+#: ../sepolicy/sepolicy.py:638 ../sepolicy/sepolicy.py:644 -+#: ../sepolicy/sepolicy.py:647 ../sepolicy/sepolicy.py:650 -+#: ../sepolicy/sepolicy.py:656 ../sepolicy/sepolicy.py:659 -+#: ../sepolicy/sepolicy.py:662 ../sepolicy/sepolicy.py:665 -+#, python-format -+msgid "Generate '%s' policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:653 -+#, python-format -+msgid "Generate '%s' policy " -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:667 -+msgid "executable to confine" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:672 -+msgid "commands" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:675 -+msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:25 -+#: ../sepolicy/sepolicy/sepolicy.glade:4330 -+msgid "Applications" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:52 -+msgid "Select domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:189 -+#: ../sepolicy/sepolicy/sepolicy.glade:4367 -+#: ../sepolicy/sepolicy/sepolicy.glade:4460 -+#: ../sepolicy/sepolicy/sepolicy.glade:4606 -+#: ../sepolicy/sepolicy/sepolicy.glade:4755 -+#: ../sepolicy/sepolicy/sepolicy.glade:4889 -+#: ../sepolicy/sepolicy/sepolicy.glade:5030 -+#: ../sepolicy/sepolicy/sepolicy.glade:5103 -+#: ../sepolicy/sepolicy/sepolicy.glade:5238 -+msgid "Select" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:204 -+#: ../sepolicy/sepolicy/sepolicy.glade:539 -+#: ../sepolicy/sepolicy/sepolicy.glade:684 -+#: ../sepolicy/sepolicy/sepolicy.glade:1239 -+#: ../sepolicy/sepolicy/sepolicy.glade:1535 -+#: ../sepolicy/sepolicy/sepolicy.glade:4540 -+#: ../sepolicy/sepolicy/sepolicy.glade:4690 -+#: ../sepolicy/sepolicy/sepolicy.glade:4821 -+#: ../sepolicy/sepolicy/sepolicy.glade:4955 -+#: ../sepolicy/sepolicy/sepolicy.glade:5173 -+#: ../sepolicy/sepolicy/sepolicy.glade:5304 -+#: ../sepolicy/sepolicy/sepolicy.glade:5464 -+msgid "Cancel" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:332 -+msgid "" -+"The entry that was entered is incorrect. Please try again in the " -+"ex:/.../... format." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:358 -+msgid "Retry" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:442 -+#: ../sepolicy/sepolicy/sepolicy.glade:1120 -+#: ../sepolicy/sepolicy/sepolicy.glade:1368 -+#: ../sepolicy/sepolicy/sepolicy.glade:5332 -+msgid "Network Port Definitions" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:458 -+msgid "" -+"Add file Equivalence Mapping. Mapping will be created when Update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:483 -+#: ../sepolicy/sepolicy/sepolicy.glade:4046 -+msgid "Path" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:493 -+#: ../sepolicy/sepolicy/sepolicy.glade:5384 -+msgid "" -+"Specify a new SELinux user name. By convention SELinux User names usually " -+"end in an _u." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:497 -+msgid "Enter the path to which you want to setup an equivalence label." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:510 -+#: ../sepolicy/sepolicy/sepolicy.glade:4063 -+#: ../sepolicy/sepolicy/sepolicy.glade:4781 -+msgid "Equivalence Path" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:524 -+#: ../sepolicy/sepolicy/sepolicy.glade:669 -+#: ../sepolicy/sepolicy/sepolicy.glade:1224 -+#: ../sepolicy/sepolicy/sepolicy.glade:1520 -+#: ../sepolicy/sepolicy/sepolicy.glade:5449 -+msgid "Save to update" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:564 -+msgid "" -+"Specify the mapping between the new path and the equivalence path. " -+"Everything under this new path will be labeled as if they were under the " -+"equivalence path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:621 -+msgid "Add a file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:638 -+msgid "" -+" File Labeling for . File labels will be created " -+"when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:711 -+#: ../sepolicy/sepolicy/sepolicy.glade:1485 -+msgid "MLS" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:747 -+#: ../sepolicy/sepolicy/sepolicy.glade:2306 -+#: ../sepolicy/sepolicy/sepolicy.glade:2418 -+#: ../sepolicy/sepolicy/sepolicy.glade:2540 -+#: ../sepolicy/sepolicy/sepolicy.glade:4500 -+msgid "Class" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:763 -+msgid "Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:777 -+msgid "" -+"Select the file class to which this label will be applied. Defaults to all " -+"classes." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:804 -+msgid "Make Path Recursive" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:808 -+msgid "" -+"Select Make Path Recursive if you want to apply this label to all children " -+"of the specified directory path. objects under the directory to have this " -+"label." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:821 -+msgid "Browse" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:825 -+msgid "Browse to select the file/directory for labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:869 -+msgid "Path " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:880 -+msgid "" -+"Specify the path using regular expressions that you would like to modify the " -+"labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:902 -+msgid "Select the SELinux file type to assign to this path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:929 -+msgid "Enter the MLS Label to assign to this file path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:933 -+msgid "SELinux MLS Label you wish to assign to this path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1070 -+msgid "Analyzing Policy..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1137 -+msgid "" -+"Add Login Mapping. Login Mapping will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1172 -+msgid "" -+"Enter the login user name of the user to which you wish to add SELinux User " -+"confinement." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1201 -+msgid "" -+"Select the SELinux User to assign to this login user. Login users by " -+"default get assigned by the __default__ user." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1264 -+msgid "" -+"Enter MLS/MCS Range for this login User. Defaults to the range for the " -+"Selected SELinux User." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1267 -+#: ../sepolicy/sepolicy/sepolicy.glade:3192 -+#: ../sepolicy/sepolicy/sepolicy.glade:3313 -+#: ../sepolicy/sepolicy/sepolicy.glade:5414 -+msgid "MLS Range" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1279 -+msgid "" -+"Specify the MLS Range for this user to login in with. Defaults to the " -+"selected SELinux Users MLS Range." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1385 -+msgid "" -+" Network Port for . Ports will be created when " -+"update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1423 -+msgid "Enter the port number or range to which you want to add a port type." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1439 -+#: ../sepolicy/sepolicy/sepolicy.glade:2658 -+#: ../sepolicy/sepolicy/sepolicy.glade:2756 -+#: ../sepolicy/sepolicy/sepolicy.glade:4633 -+msgid "Protocol" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1453 -+msgid "Port Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1498 -+msgid "Select the port type you want to assign to the specified port number." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1562 -+msgid "tcp" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1566 -+msgid "" -+"Select tcp if the port type should be assigned to tcp port numbers." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1579 -+msgid "udp" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1583 -+msgid "" -+"Select udp if the port type should be assigned to udp port numbers." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1605 -+msgid "Enter the MLS Label to assign to this port." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1707 -+msgid "SELinux Configuration" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1743 -+msgid "Select..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1792 -+#: ../sepolicy/sepolicy/sepolicy.glade:2212 -+msgid "Booleans" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1796 -+msgid "" -+"Display boolean information that can be used to modify the policy for the " -+"'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1810 -+#: ../sepolicy/sepolicy/sepolicy.glade:2597 -+msgid "Files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1814 -+msgid "" -+"Display file type information that can be used by the 'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1828 -+#: ../sepolicy/sepolicy/sepolicy.glade:2830 -+msgid "Network" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1832 -+msgid "" -+"Display network ports to which the 'selected domain' can connect or listen " -+"to." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1846 -+#: ../sepolicy/sepolicy/sepolicy.glade:3121 -+msgid "Transitions" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1850 -+msgid "" -+"Display applications that can transition into or out of the 'selected " -+"domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1864 -+#: ../sepolicy/sepolicy/sepolicy.glade:3222 -+msgid "Login Mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1867 -+#: ../sepolicy/sepolicy/sepolicy.glade:1884 -+#: ../sepolicy/sepolicy/sepolicy.glade:1901 -+msgid "Manage the SELinux configuration" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1881 -+#: ../sepolicy/sepolicy/sepolicy.glade:3344 -+msgid "SELinux Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1915 -+#: ../sepolicy/sepolicy/sepolicy.glade:4016 -+msgid "Lockdown" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1918 -+msgid "" -+"Lockdown the SELinux System.\n" -+"This screen can be used to turn up the SELinux Protections." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1933 -+msgid "radiobutton" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1993 -+msgid "Filter" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2021 -+msgid "Show Modified Only" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2060 -+msgid "Mislabeled files exist" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2080 -+msgid "Show mislabeled files only" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2120 -+#: ../sepolicy/sepolicy/sepolicy.glade:3244 -+msgid "" -+"If-Then-Else rules written in policy that can\n" -+"allow alternative access control." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2132 -+msgid "Enabled" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2183 -+msgid "Name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2252 -+#: ../sepolicy/sepolicy/sepolicy.glade:2364 -+#: ../sepolicy/sepolicy/sepolicy.glade:2482 -+#: ../sepolicy/sepolicy/sepolicy.glade:4473 -+#: ../sepolicy/sepolicy/sepolicy.glade:4768 -+msgid "File Path" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2288 -+#: ../sepolicy/sepolicy/sepolicy.glade:2399 -+msgid "SELinux File Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2332 -+msgid "File path used to enter the 'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2333 -+msgid "Executable Files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2448 -+msgid "Files to which the 'selected domain' can write." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2449 -+msgid "Writable files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2571 -+msgid "File Types defined for the 'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2572 -+msgid "Application File Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2639 -+#: ../sepolicy/sepolicy/sepolicy.glade:2738 -+#: ../sepolicy/sepolicy/sepolicy.glade:4619 -+msgid "Port" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2704 -+msgid "Network Ports to which the 'selected domain' is allowed to connect." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2705 -+msgid "Outbound" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2804 -+msgid "Network Ports to which the 'selected domain' is allowed to listen." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2805 -+msgid "Inbound" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2866 -+#: ../sepolicy/sepolicy/sepolicy.glade:2956 -+msgid "" -+"Boolean\n" -+"Enabled" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2892 -+msgid "Boolean name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2909 -+msgid "SELinux Application Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2930 -+msgid "" -+"Executables which will transition to a different domain, when the 'selected " -+"domain' executes them." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2933 -+msgid "Application Transitions From 'select domain'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2972 -+msgid "Calling Process Domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2988 -+msgid "Executable File" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3012 -+msgid "" -+"Executables which will transition to the 'selected domain', when executing a " -+"selected domains entrypoint." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3013 -+msgid "Application Transitions Into 'select domain'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3028 -+msgid "" -+"File Transitions define what happens when the current domain creates the " -+"content of a particular class in a directory of the destination type. " -+"Optionally a file name could be specified for the transition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3036 -+msgid "SELinux Directory Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3049 -+msgid "Destination Class" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3063 -+msgid "SELinux Destination Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3076 -+msgid "File Name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3098 -+msgid "File Transitions From 'select domain'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3297 -+#: ../sepolicy/sepolicy/sepolicy.glade:5508 -+msgid "Default Level" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3383 -+msgid "Select the system mode when the system first boots up" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3395 -+#: ../sepolicy/sepolicy/sepolicy.glade:3469 -+msgid "Enforcing" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3414 -+#: ../sepolicy/sepolicy/sepolicy.glade:3487 -+msgid "Permissive" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3456 -+msgid "Select the system mode for the current session" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3533 -+msgid "System Policy Type:" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3594 -+msgid "System Mode" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3632 -+msgid "Import system settings from another machine" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3640 -+msgid "Import" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3659 -+msgid "Export system settings to a file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3669 -+msgid "Export" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3688 -+msgid "Relabel all files back to system defaults on reboot" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3783 -+msgid "System Configuration" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3830 -+#: ../sepolicy/sepolicy/sepolicy.glade:3848 -+msgid "" -+"An unconfined domain is a process label that allows the process to do what " -+"it wants, without SELinux interfering. Applications started at boot by the " -+"init system that SELinux do not have defined SELinux policy will run as " -+"unconfined if this module is enabled. Disabling it means all daemons will " -+"now be confined. To disable the unconfined_t user you must first remove " -+"unconfined_t from the users/login screens." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3866 -+msgid "Disable ability to run unconfined system processes?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3894 -+#: ../sepolicy/sepolicy/sepolicy.glade:3911 -+#: ../sepolicy/sepolicy/sepolicy.glade:3957 -+#: ../sepolicy/sepolicy/sepolicy.glade:3974 -+msgid "" -+"A permissive domain is a process label that allows the process to do what it " -+"wants, with SELinux only logging the denials, but not enforcing them. " -+"Usually permissive domains indicate experimental policy, disabling the " -+"module could cause SELinux to deny access to a domain, that should be " -+"allowed." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3929 -+msgid "Disable all permissive processes?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3995 -+msgid "Deny all processes from ptracing or debugging other processes?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4032 -+msgid "" -+"File equivalence cause the system to label content under the new path as if " -+"it were under the equivalence path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4088 -+msgid "Files Equivalence" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4101 -+msgid "...SELECT TO VIEW DATA..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4132 -+msgid "Delete" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4148 -+msgid "Modify" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4163 -+msgid "Add" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4209 -+msgid "Revert" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4214 -+msgid "" -+"Revert button will launch a dialog window which allows you to revert changes " -+"within the current transaction." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4231 -+msgid "Commit all changes in your current transaction to the server." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4279 -+msgid "Applications - Advanced Search" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4344 -+msgid "Process Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4385 -+msgid "More Details" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4421 -+#: ../sepolicy/sepolicy/sepolicy.glade:4715 -+msgid "Delete Modified File Labeling" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4439 -+msgid "" -+"Select file labeling to delete. File labeling will be deleted when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4486 -+msgid "SELinux File Label" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4525 -+#: ../sepolicy/sepolicy/sepolicy.glade:4675 -+#: ../sepolicy/sepolicy/sepolicy.glade:4806 -+#: ../sepolicy/sepolicy/sepolicy.glade:4940 -+#: ../sepolicy/sepolicy/sepolicy.glade:5289 -+msgid "Save to Update" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4565 -+msgid "Delete Modified Ports" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4583 -+msgid "Select ports to delete. Ports will be deleted when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4733 -+msgid "" -+"Select file equivalence labeling to delete. File equivalence labeling will " -+"be deleted when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4849 -+#: ../sepolicy/sepolicy/sepolicy.glade:5198 -+msgid "Delete Modified Users Mapping." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4867 -+msgid "" -+"Select login user mapping to delete. Login user mapping will be deleted when " -+"update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4902 -+msgid "Login name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4983 -+msgid "More Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5010 -+msgid "Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5069 -+msgid "" -+"Review the updates you have made before committing them to the system. To " -+"reset an item, uncheck the checkbox. All items checked will be updated in " -+"the system when you select update." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5132 -+msgid "Action" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5158 -+msgid "Apply" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5216 -+msgid "" -+"Select users mapping to delete.Users mapping will be deleted when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5264 -+msgid "SELinux Username" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5349 -+msgid "" -+"Add User Roles. SELinux User Roles will be created when Update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5374 -+msgid "SELinux User Name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5489 -+msgid "" -+"Enter MLS/MCS Range for this SELinux User.\n" -+"s0-s0:c1023" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5520 -+msgid "" -+"Specify the default level that you would like this SELinux user to login " -+"with. Defaults to s0." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5524 -+msgid "Enter Default Level for SELinux User to login with. Default s0" -+msgstr "" -diff --git a/sandbox/po/sandbox.pot b/sandbox/po/sandbox.pot -new file mode 100644 -index 00000000..328b4f01 ---- /dev/null -+++ b/sandbox/po/sandbox.pot -@@ -0,0 +1,157 @@ -+# SOME DESCRIPTIVE TITLE. -+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -+# This file is distributed under the same license as the PACKAGE package. -+# FIRST AUTHOR , YEAR. -+# -+#, fuzzy -+msgid "" -+msgstr "" -+"Project-Id-Version: PACKAGE VERSION\n" -+"Report-Msgid-Bugs-To: \n" -+"POT-Creation-Date: 2018-08-06 14:22+0200\n" -+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -+"Last-Translator: FULL NAME \n" -+"Language-Team: LANGUAGE \n" -+"Language: \n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=CHARSET\n" -+"Content-Transfer-Encoding: 8bit\n" -+ -+#: ../sandbox:119 -+#, python-format -+msgid "Do you want to save changes to '%s' (Y/N): " -+msgstr "" -+ -+#: ../sandbox:120 -+msgid "Sandbox Message" -+msgstr "" -+ -+#: ../sandbox:132 -+#, python-format -+msgid "Do you want to save changes to '%s' (y/N): " -+msgstr "" -+ -+#: ../sandbox:133 -+msgid "[yY]" -+msgstr "" -+ -+#: ../sandbox:156 -+msgid "User account must be setup with an MCS Range" -+msgstr "" -+ -+#: ../sandbox:184 -+msgid "" -+"Failed to find any unused category sets. Consider a larger MCS range for " -+"this user." -+msgstr "" -+ -+#: ../sandbox:215 -+msgid "Homedir and tempdir required for level mounts" -+msgstr "" -+ -+#: ../sandbox:218 ../sandbox:229 ../sandbox:234 -+#, python-format -+msgid "" -+"\n" -+"%s is required for the action you want to perform.\n" -+msgstr "" -+ -+#: ../sandbox:305 -+#, python-format -+msgid "" -+"\n" -+"Policy defines the following types for use with the -t:\n" -+"\t%s\n" -+msgstr "" -+ -+#: ../sandbox:312 -+#, python-format -+msgid "" -+"\n" -+"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I " -+"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t " -+"type ] command\n" -+"\n" -+"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I " -+"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t " -+"type ] -S\n" -+"%s\n" -+msgstr "" -+ -+#: ../sandbox:324 -+msgid "include file in sandbox" -+msgstr "" -+ -+#: ../sandbox:327 -+msgid "read list of files to include in sandbox from INCLUDEFILE" -+msgstr "" -+ -+#: ../sandbox:329 -+msgid "run sandbox with SELinux type" -+msgstr "" -+ -+#: ../sandbox:332 -+msgid "mount new home and/or tmp directory" -+msgstr "" -+ -+#: ../sandbox:336 -+msgid "dots per inch for X display" -+msgstr "" -+ -+#: ../sandbox:339 -+msgid "run complete desktop session within sandbox" -+msgstr "" -+ -+#: ../sandbox:342 -+msgid "Shred content before tempory directories are removed" -+msgstr "" -+ -+#: ../sandbox:346 -+msgid "run X application within a sandbox" -+msgstr "" -+ -+#: ../sandbox:352 -+msgid "alternate home directory to use for mounting" -+msgstr "" -+ -+#: ../sandbox:357 -+msgid "alternate /tmp directory to use for mounting" -+msgstr "" -+ -+#: ../sandbox:366 -+msgid "alternate window manager" -+msgstr "" -+ -+#: ../sandbox:369 -+msgid "MCS/MLS level for the sandbox" -+msgstr "" -+ -+#: ../sandbox:385 -+msgid "" -+"Sandbox Policy is not currently installed.\n" -+"You need to install the selinux-policy-sandbox package in order to run this " -+"command" -+msgstr "" -+ -+#: ../sandbox:397 -+msgid "" -+"You must specify a Homedir and tempdir when setting up a session sandbox" -+msgstr "" -+ -+#: ../sandbox:399 -+msgid "Commands are not allowed in a session sandbox" -+msgstr "" -+ -+#: ../sandbox:409 -+msgid "Command required" -+msgstr "" -+ -+#: ../sandbox:412 -+#, python-format -+msgid "%s is not an executable" -+msgstr "" -+ -+#: ../sandbox:535 -+#, python-format -+msgid "Invalid value %s" -+msgstr "" --- -2.21.0 - diff --git a/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch deleted file mode 100644 index 4120fce..0000000 --- a/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 21 Mar 2018 08:51:31 +0100 -Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch - -The "-q" switch is becoming obsolete (completely unused in fedora) and -debug output ("-d" switch) makes sense in any scenario. Therefore both -options can be specified at once. - -Resolves: rhbz#1271327 ---- - policycoreutils/setfiles/setfiles.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index ccaaf4de..a8a76c86 100644 ---- a/policycoreutils/setfiles/setfiles.8 -+++ b/policycoreutils/setfiles/setfiles.8 -@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy. - .TP - .B \-d - show what specification matched each file (do not abort validation --after ABORT_ON_ERRORS errors). -+after ABORT_ON_ERRORS errors). Not affected by "\-q" - .TP - .BI \-e \ directory - directory to exclude (repeat option for more than one directory). --- -2.21.0 - diff --git a/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch deleted file mode 100644 index 73b9c7a..0000000 --- a/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch +++ /dev/null @@ -1,24 +0,0 @@ -From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 8 Nov 2018 09:20:58 +0100 -Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects - ---- - semodule-utils/semodule_package/semodule_package.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c -index 3515234e..7b75b3fd 100644 ---- a/semodule-utils/semodule_package/semodule_package.c -+++ b/semodule-utils/semodule_package/semodule_package.c -@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len) - } - if (!sb.st_size) { - *len = 0; -+ close(fd); - return 0; - } - --- -2.21.0 - diff --git a/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch deleted file mode 100644 index 6ba17e2..0000000 --- a/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch +++ /dev/null @@ -1,45 +0,0 @@ -From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 3 Dec 2018 14:40:09 +0100 -Subject: [PATCH] python: Use ipaddress instead of IPy - -ipaddress module was added in python 3.3 and this allows us to drop python3-IPy ---- - python/semanage/seobject.py | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index b90b1070..58497e3b 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -32,7 +32,7 @@ from semanage import * - PROGNAME = "selinux-python" - import sepolicy - import setools --from IPy import IP -+import ipaddress - - try: - import gettext -@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords): - - # verify valid comination - if len(mask) == 0 or mask[0] == "/": -- i = IP(addr + mask) -- newaddr = i.strNormal(0) -- newmask = str(i.netmask()) -- if newmask == "0.0.0.0" and i.version() == 6: -+ i = ipaddress.ip_network(addr + mask) -+ newaddr = str(i.network_address) -+ newmask = str(i.netmask) -+ if newmask == "0.0.0.0" and i.version == 6: - newmask = "::" - -- protocol = "ipv%d" % i.version() -+ protocol = "ipv%d" % i.version - - try: - newprotocol = self.protocol.index(protocol) --- -2.21.0 - diff --git a/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch deleted file mode 100644 index 8aa249f..0000000 --- a/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 5938d18536f4c0a76521d1f0721e981e6570b012 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 4 Apr 2019 23:02:56 +0200 -Subject: [PATCH] python/semanage: Do not traceback when the default policy is - not available - -"import seobject" causes "import sepolicy" which crashes when the system policy -is not available. It's better to provide an error message instead. - -Signed-off-by: Petr Lautrbach ---- - python/semanage/semanage | 37 +++++++++++++++++++++---------------- - 1 file changed, 21 insertions(+), 16 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 56db3e0d..4c766ae3 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -25,7 +25,6 @@ - - import traceback - import argparse --import seobject - import sys - PROGNAME = "selinux-python" - try: -@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action): - sys.exit(1) - setattr(namespace, self.dest, values) - --# define dictonary for seobject OBEJCTS --object_dict = { -- 'login': seobject.loginRecords, -- 'user': seobject.seluserRecords, -- 'port': seobject.portRecords, -- 'module': seobject.moduleRecords, -- 'interface': seobject.interfaceRecords, -- 'node': seobject.nodeRecords, -- 'fcontext': seobject.fcontextRecords, -- 'boolean': seobject.booleanRecords, -- 'permissive': seobject.permissiveRecords, -- 'dontaudit': seobject.dontauditClass, -- 'ibpkey': seobject.ibpkeyRecords, -- 'ibendport': seobject.ibendportRecords --} - - def generate_custom_usage(usage_text, usage_dict): - # generate custom usage from given text and dictonary -@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers): - - - def handleModule(args): -+ import seobject - OBJECT = seobject.moduleRecords(args) - if args.action_add: - OBJECT.add(args.action_add[0], args.priority) -@@ -846,6 +831,7 @@ def mkargv(line): - - - def handleImport(args): -+ import seobject - trans = seobject.semanageRecords(args) - trans.start() - -@@ -887,6 +873,25 @@ def createCommandParser(): - #To add a new subcommand define the parser for it in a function above and call it here. - subparsers = commandParser.add_subparsers(dest='subcommand') - subparsers.required = True -+ -+ import seobject -+ # define dictonary for seobject OBEJCTS -+ global object_dict -+ object_dict = { -+ 'login': seobject.loginRecords, -+ 'user': seobject.seluserRecords, -+ 'port': seobject.portRecords, -+ 'module': seobject.moduleRecords, -+ 'interface': seobject.interfaceRecords, -+ 'node': seobject.nodeRecords, -+ 'fcontext': seobject.fcontextRecords, -+ 'boolean': seobject.booleanRecords, -+ 'permissive': seobject.permissiveRecords, -+ 'dontaudit': seobject.dontauditClass, -+ 'ibpkey': seobject.ibpkeyRecords, -+ 'ibendport': seobject.ibendportRecords -+ } -+ - setupImportParser(subparsers) - setupExportParser(subparsers) - setupLoginParser(subparsers) --- -2.21.0 - diff --git a/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch deleted file mode 100644 index eca127b..0000000 --- a/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 99582e3bf63475b7af5793bb9230e88d847dc7c8 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 2 Jul 2019 17:11:32 +0200 -Subject: [PATCH] policycoreutils/fixfiles: Fix [-B] [-F] onboot - -Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel" -command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes -`fixfiles -B onboot` to show usage instead of updating /.autorelabel - -The code is restructured to handle -B for different modes correctly. - -Fixes: - # fixfiles -B onboot - Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel - ... - -Signed-off-by: Petr Lautrbach ---- - policycoreutils/scripts/fixfiles | 29 +++++++++++++++-------------- - 1 file changed, 15 insertions(+), 14 deletions(-) - -diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index 53d28c7b..9dd44213 100755 ---- a/policycoreutils/scripts/fixfiles -+++ b/policycoreutils/scripts/fixfiles -@@ -112,7 +112,7 @@ VERBOSE="-p" - FORCEFLAG="" - RPMFILES="" - PREFC="" --RESTORE_MODE="DEFAULT" -+RESTORE_MODE="" - SETFILES=/sbin/setfiles - RESTORECON=/sbin/restorecon - FILESYSTEMSRW=`get_rw_labeled_mounts` -@@ -214,16 +214,17 @@ restore () { - OPTION=$1 - shift - --case "$RESTORE_MODE" in -- PREFC) -- diff_filecontext $* -- return -- ;; -- BOOTTIME) -+# [-B | -N time ] -+if [ -z "$BOOTTIME" ]; then - newer $BOOTTIME $* - return -- ;; --esac -+fi -+ -+# -C PREVIOUS_FILECONTEXT -+if [ "$RESTORE_MODE" == PREFC ]; then -+ diff_filecontext $* -+ return -+fi - - [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon - -@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in - FILEPATH) - ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH" - ;; -- DEFAULT) -+ *) - if [ -n "${FILESYSTEMSRW}" ]; then - LogReadOnly - echo "${OPTION}ing `echo ${FILESYSTEMSRW}`" -@@ -272,7 +273,7 @@ fullrelabel() { - - - relabel() { -- if [ "$RESTORE_MODE" != DEFAULT ]; then -+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then - usage - exit 1 - fi -@@ -306,7 +307,7 @@ case "$1" in - verify) restore Verify -n;; - relabel) relabel;; - onboot) -- if [ "$RESTORE_MODE" != DEFAULT ]; then -+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then - usage - exit 1 - fi -@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then - fi - - set_restore_mode() { -- if [ "$RESTORE_MODE" != DEFAULT ]; then -+ if [ -n "$RESTORE_MODE" ]; then - # can't specify two different modes - usage - exit 1 -@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do - case "$i" in - B) - BOOTTIME=`/bin/who -b | awk '{print $3}'` -- set_restore_mode BOOTTIME -+ set_restore_mode DEFAULT - ;; - N) - BOOTTIME=$OPTARG --- -2.21.0 - diff --git a/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch deleted file mode 100644 index 4d30a77..0000000 --- a/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 2 Jul 2019 17:12:07 +0200 -Subject: [PATCH] policycoreutils/fixfiles: Force full relabel when SELinux is - disabled - -The previous check used getfilecon to check whether / slash contains a label, -but getfilecon fails only when SELinux is disabled. Therefore it's better to -check this using selinuxenabled. - -Signed-off-by: Petr Lautrbach ---- - policycoreutils/scripts/fixfiles | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index 9dd44213..a9d27d13 100755 ---- a/policycoreutils/scripts/fixfiles -+++ b/policycoreutils/scripts/fixfiles -@@ -314,8 +314,8 @@ case "$1" in - > /.autorelabel || exit $? - [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel - [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel -- # Force full relabel if / does not have a label on it -- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel -+ # Force full relabel if SELinux is not enabled -+ selinuxenabled || echo -F > /.autorelabel - echo "System will relabel on next boot" - ;; - *) --- -2.21.0 - diff --git a/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch deleted file mode 100644 index c5ae9ba..0000000 --- a/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7383f8fbab82826de21d3013a43680867642e49e Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 21 Aug 2019 17:43:25 +0200 -Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem - -Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix -[-B] [-F] onboot"), which broke "fixfiles relabel": - - #fixfiles relabel - /sbin/fixfiles: line 151: $1: unbound variable - -Resolves: rhbz#1743213 ---- - policycoreutils/scripts/fixfiles | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index a9d27d13..df0042aa 100755 ---- a/policycoreutils/scripts/fixfiles -+++ b/policycoreutils/scripts/fixfiles -@@ -215,7 +215,7 @@ OPTION=$1 - shift - - # [-B | -N time ] --if [ -z "$BOOTTIME" ]; then -+if [ -n "$BOOTTIME" ]; then - newer $BOOTTIME $* - return - fi --- -2.21.0 - diff --git a/SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch b/SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch deleted file mode 100644 index 660e5bb..0000000 --- a/SOURCES/0025-gui-Fix-remove-module-in-system-config-selinux.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f6c67c02f25d3a8971dcc5667121236fab85dd65 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 29 Aug 2019 08:58:20 +0200 -Subject: [PATCH] gui: Fix remove module in system-config-selinux - -When a user tried to remove a policy module with priority other than 400 via -GUI, it failed with a message: - -libsemanage.semanage_direct_remove_key: Unable to remove module somemodule at priority 400. (No such file or directory). - -This is fixed by calling "semodule -x PRIORITY -r NAME" instead of -"semodule -r NAME". - -From Jono Hein -Signed-off-by: Petr Lautrbach ---- - gui/modulesPage.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/gui/modulesPage.py b/gui/modulesPage.py -index 26ac5404..35a0129b 100644 ---- a/gui/modulesPage.py -+++ b/gui/modulesPage.py -@@ -125,9 +125,10 @@ class modulesPage(semanagePage): - def delete(self): - store, iter = self.view.get_selection().get_selected() - module = store.get_value(iter, 0) -+ priority = store.get_value(iter, 1) - try: - self.wait() -- status, output = getstatusoutput("semodule -r %s" % module) -+ status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module)) - self.ready() - if status != 0: - self.error(output) --- -2.21.0 - diff --git a/SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch b/SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch deleted file mode 100644 index df5bf20..0000000 --- a/SOURCES/0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c2e942fc452bff06cc5ed9017afe169c6941f4e4 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 3 Sep 2019 15:17:27 +0200 -Subject: [PATCH] python/semanage: Do not use default s0 range in "semanage - login -a" - -Using the "s0" default means that new login mappings are always added with "s0" -range instead of the range of SELinux user. - -Signed-off-by: Petr Lautrbach ---- - python/semanage/semanage | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 4c766ae3..fa78afce 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -221,7 +221,7 @@ def parser_add_level(parser, name): - - - def parser_add_range(parser, name): -- parser.add_argument('-r', '--range', default="s0", -+ parser.add_argument('-r', '--range', default='', - help=_(''' - MLS/MCS Security Range (MLS/MCS Systems only) - SELinux Range for SELinux login mapping --- -2.21.0 - diff --git a/SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch b/SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch deleted file mode 100644 index df5bd65..0000000 --- a/SOURCES/0027-policycoreutils-fixfiles-Fix-verify-option.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 4733a594c5df14f64293d19f16498e68dc5e3a98 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 24 Sep 2019 08:41:30 +0200 -Subject: [PATCH] policycoreutils/fixfiles: Fix "verify" option - -"restorecon -n" (used in the "restore" function) has to be used with -"-v" to display the files whose labels would be changed. - -Fixes: - Fixfiles verify does not report misslabelled files unless "-v" option is - used. - -Signed-off-by: Vit Mojzis ---- - policycoreutils/scripts/fixfiles | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index df0042aa..be19e56c 100755 ---- a/policycoreutils/scripts/fixfiles -+++ b/policycoreutils/scripts/fixfiles -@@ -304,7 +304,7 @@ process() { - case "$1" in - restore) restore Relabel;; - check) VERBOSE="-v"; restore Check -n;; -- verify) restore Verify -n;; -+ verify) VERBOSE="-v"; restore Verify -n;; - relabel) relabel;; - onboot) - if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then --- -2.21.0 - diff --git a/SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch b/SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch deleted file mode 100644 index 0965a9a..0000000 --- a/SOURCES/0028-python-semanage-Improve-handling-of-permissive-state.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 0803fcb2c014b2cedf8f4d92b80fc382916477ee Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 27 Sep 2019 16:13:47 +0200 -Subject: [PATCH] python/semanage: Improve handling of "permissive" statements - -- Add "customized" method to permissiveRecords which is than used for - "semanage permissive --extract" and "semanage export" -- Enable "semanage permissive --deleteall" (already implemented) -- Add "permissive" to the list of modules exported using - "semanage export" -- Update "semanage permissive" man page - -Signed-off-by: Vit Mojzis ---- - python/semanage/semanage | 11 ++++++++--- - python/semanage/semanage-permissive.8 | 8 +++++++- - python/semanage/seobject.py | 3 +++ - 3 files changed, 18 insertions(+), 4 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index fa78afce..b2bd9df9 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -722,6 +722,11 @@ def handlePermissive(args): - - if args.action == "list": - OBJECT.list(args.noheading) -+ elif args.action == "deleteall": -+ OBJECT.deleteall() -+ elif args.action == "extract": -+ for i in OBJECT.customized(): -+ print("permissive %s" % str(i)) - elif args.type is not None: - if args.action == "add": - OBJECT.add(args.type) -@@ -737,9 +742,9 @@ def setupPermissiveParser(subparsers): - pgroup = permissiveParser.add_mutually_exclusive_group(required=True) - parser_add_add(pgroup, "permissive") - parser_add_delete(pgroup, "permissive") -+ parser_add_deleteall(pgroup, "permissive") -+ parser_add_extract(pgroup, "permissive") - parser_add_list(pgroup, "permissive") -- #TODO: probably should be also added => need to implement own option handling -- #parser_add_deleteall(pgroup) - - parser_add_noheading(permissiveParser, "permissive") - parser_add_noreload(permissiveParser, "permissive") -@@ -763,7 +768,7 @@ def setupDontauditParser(subparsers): - - - def handleExport(args): -- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"] -+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey", "permissive"] - for i in manageditems: - print("%s -D" % i) - for i in manageditems: -diff --git a/python/semanage/semanage-permissive.8 b/python/semanage/semanage-permissive.8 -index 1999a451..5c3364fa 100644 ---- a/python/semanage/semanage-permissive.8 -+++ b/python/semanage/semanage-permissive.8 -@@ -2,7 +2,7 @@ - .SH "NAME" - .B semanage\-permissive \- SELinux Policy Management permissive mapping tool - .SH "SYNOPSIS" --.B semanage permissive [\-h] (\-a | \-d | \-l) [\-n] [\-N] [\-S STORE] [type] -+.B semanage permissive [\-h] [\-n] [\-N] [\-S STORE] (\-\-add TYPE | \-\-delete TYPE | \-\-deleteall | \-\-extract | \-\-list) - - .SH "DESCRIPTION" - semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage permissive adds or removes a SELinux Policy permissive module. -@@ -18,9 +18,15 @@ Add a record of the specified object type - .I \-d, \-\-delete - Delete a record of the specified object type - .TP -+.I \-D, \-\-deleteall -+Remove all local customizations of permissive domains -+.TP - .I \-l, \-\-list - List records of the specified object type - .TP -+.I \-E, \-\-extract -+Extract customizable commands, for use within a transaction -+.TP - .I \-n, \-\-noheading - Do not print heading when listing the specified object type - .TP -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 58497e3b..3959abc8 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -478,6 +478,9 @@ class permissiveRecords(semanageRecords): - l.append(name.split("permissive_")[1]) - return l - -+ def customized(self): -+ return ["-a %s" % x for x in sorted(self.get_all())] -+ - def list(self, heading=1, locallist=0): - all = [y["name"] for y in [x for x in sepolicy.info(sepolicy.TYPE) if x["permissive"]]] - if len(all) == 0: --- -2.21.0 - diff --git a/SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch b/SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch deleted file mode 100644 index 37ed550..0000000 --- a/SOURCES/0029-python-semanage-fix-moduleRecords.customized.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 7cc31c4799dd94ed516a39d853744bd1ffb6dc69 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 30 Sep 2019 09:49:04 +0200 -Subject: [PATCH] python/semanage: fix moduleRecords.customized() - -Return value of "customized" has to be iterable. - -Fixes: - "semanage export" with no modules in the system (eg. monolithic policy) - crashes: - - Traceback (most recent call last): - File "/usr/sbin/semanage", line 970, in - do_parser() - File "/usr/sbin/semanage", line 949, in do_parser - args.func(args) - File "/usr/sbin/semanage", line 771, in handleExport - for c in OBJECT.customized(): - TypeError: 'NoneType' object is not iterable - -Signed-off-by: Vit Mojzis ---- - python/semanage/seobject.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 3959abc8..16edacaa 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -380,7 +380,7 @@ class moduleRecords(semanageRecords): - def customized(self): - all = self.get_all() - if len(all) == 0: -- return -+ return [] - return ["-d %s" % x[0] for x in [t for t in all if t[1] == 0]] - - def list(self, heading=1, locallist=0): --- -2.21.0 - diff --git a/SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch b/SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch deleted file mode 100644 index 16dbfb3..0000000 --- a/SOURCES/0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 7cbfcec89a6972f9c700687ed3cef25ff0846461 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 8 Oct 2019 14:22:13 +0200 -Subject: [PATCH] python/semanage: Add support for DCCP and SCTP protocols - -Fixes: - # semanage port -a -p sctp -t port_t 1234 - ValueError: Protocol udp or tcp is required - # semanage port -d -p sctp -t port_t 1234 - ValueError: Protocol udp or tcp is required - -Signed-off-by: Vit Mojzis ---- - python/semanage/seobject.py | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 16edacaa..70ebfd08 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -1058,13 +1058,15 @@ class portRecords(semanageRecords): - pass - - def __genkey(self, port, proto): -- if proto == "tcp": -- proto_d = SEMANAGE_PROTO_TCP -+ protocols = {"tcp": SEMANAGE_PROTO_TCP, -+ "udp": SEMANAGE_PROTO_UDP, -+ "sctp": SEMANAGE_PROTO_SCTP, -+ "dccp": SEMANAGE_PROTO_DCCP} -+ -+ if proto in protocols.keys(): -+ proto_d = protocols[proto] - else: -- if proto == "udp": -- proto_d = SEMANAGE_PROTO_UDP -- else: -- raise ValueError(_("Protocol udp or tcp is required")) -+ raise ValueError(_("Protocol has to be one of udp, tcp, dccp or sctp")) - if port == "": - raise ValueError(_("Port is required")) - --- -2.21.0 - diff --git a/SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch b/SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch deleted file mode 100644 index ef5f2b6..0000000 --- a/SOURCES/0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 6e5ccf2dd3329b400b70b7806b9c6128c5c50995 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Fri, 15 Nov 2019 09:15:49 +0100 -Subject: [PATCH] dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot - -When org.selinux.relabel_on_boot(0) was called twice, it failed with -FileNotFoundError. - -Fixes: - $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:1 - method return sender=:1.53 -> dest=:1.54 reply_serial=2 - $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0 - method return sender=:1.53 -> dest=:1.55 reply_serial=2 - $ dbus-send --system --print-reply --dest=org.selinux /org/selinux/object org.selinux.relabel_on_boot int64:0 - Error org.freedesktop.DBus.Python.FileNotFoundError: FileNotFoundError: [Errno 2] No such file or directory: '/.autorelabel' - -Signed-off-by: Petr Lautrbach ---- - dbus/selinux_server.py | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py -index b9debc071485..be4f4557a9fa 100644 ---- a/dbus/selinux_server.py -+++ b/dbus/selinux_server.py -@@ -85,7 +85,10 @@ class selinux_server(slip.dbus.service.Object): - fd = open("/.autorelabel", "w") - fd.close() - else: -- os.unlink("/.autorelabel") -+ try: -+ os.unlink("/.autorelabel") -+ except FileNotFoundError: -+ pass - - def write_selinux_config(self, enforcing=None, policy=None): - path = selinux.selinux_path() + "config" --- -2.23.0 - diff --git a/SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch b/SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch deleted file mode 100644 index 166c6bd..0000000 --- a/SOURCES/0032-restorecond-Fix-redundant-console-log-output-error.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 76371721bafed56efcb7a83b3fa3285383ede5b7 Mon Sep 17 00:00:00 2001 -From: Baichuan Kong -Date: Thu, 14 Nov 2019 10:48:07 +0800 -Subject: [PATCH] restorecond: Fix redundant console log output error - -When starting restorecond without any option the following redundant -console log is outputed: - -/dev/log 100.0% -/var/volatile/run/syslogd.pid 100.0% -... - -This is caused by two global variables of same name r_opts. When -executes r_opts = opts in restore_init(), it originally intends -to assign the address of struct r_opts in "restorecond.c" to the -pointer *r_opts in "restore.c". - -However, the address is assigned to the struct r_opts and covers -the value of low eight bytes in it. That causes unexpected value -of member varibale 'nochange' and 'verbose' in struct r_opts, thus -affects value of 'restorecon_flags' and executes unexpected operations -when restorecon the files such as the redundant console log output or -file label nochange. - -Cause restorecond/restore.c is copied from policycoreutils/setfiles, -which share the same pattern. It also has potential risk to generate -same problems, So fix it in case. - -Signed-off-by: Baichuan Kong - -(cherry-picked from SElinuxProject -commit ad2208ec220f55877a4d31084be2b4d6413ee082) - -Resolves: rhbz#1626468 ---- - policycoreutils/setfiles/restore.c | 42 ++++++++++++++---------------- - restorecond/restore.c | 40 +++++++++++++--------------- - 2 files changed, 37 insertions(+), 45 deletions(-) - -diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index 9dea5656..d3335d1a 100644 ---- a/policycoreutils/setfiles/restore.c -+++ b/policycoreutils/setfiles/restore.c -@@ -17,40 +17,37 @@ - char **exclude_list; - int exclude_count; - --struct restore_opts *r_opts; -- - void restore_init(struct restore_opts *opts) - { - int rc; - -- r_opts = opts; - struct selinux_opt selinux_opts[] = { -- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, -- { SELABEL_OPT_PATH, r_opts->selabel_opt_path }, -- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest } -+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate }, -+ { SELABEL_OPT_PATH, opts->selabel_opt_path }, -+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest } - }; - -- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); -- if (!r_opts->hnd) { -- perror(r_opts->selabel_opt_path); -+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); -+ if (!opts->hnd) { -+ perror(opts->selabel_opt_path); - exit(1); - } - -- r_opts->restorecon_flags = 0; -- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose | -- r_opts->progress | r_opts->set_specctx | -- r_opts->add_assoc | r_opts->ignore_digest | -- r_opts->recurse | r_opts->userealpath | -- r_opts->xdev | r_opts->abort_on_error | -- r_opts->syslog_changes | r_opts->log_matches | -- r_opts->ignore_noent | r_opts->ignore_mounts | -- r_opts->mass_relabel; -+ opts->restorecon_flags = 0; -+ opts->restorecon_flags = opts->nochange | opts->verbose | -+ opts->progress | opts->set_specctx | -+ opts->add_assoc | opts->ignore_digest | -+ opts->recurse | opts->userealpath | -+ opts->xdev | opts->abort_on_error | -+ opts->syslog_changes | opts->log_matches | -+ opts->ignore_noent | opts->ignore_mounts | -+ opts->mass_relabel; - - /* Use setfiles, restorecon and restorecond own handles */ -- selinux_restorecon_set_sehandle(r_opts->hnd); -+ selinux_restorecon_set_sehandle(opts->hnd); - -- if (r_opts->rootpath) { -- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath); -+ if (opts->rootpath) { -+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath); - if (rc) { - fprintf(stderr, - "selinux_restorecon_set_alt_rootpath error: %s.\n", -@@ -81,7 +78,6 @@ int process_glob(char *name, struct restore_opts *opts) - size_t i = 0; - int len, rc, errors; - -- r_opts = opts; - memset(&globbuf, 0, sizeof(globbuf)); - - errors = glob(name, GLOB_TILDE | GLOB_PERIOD | -@@ -96,7 +92,7 @@ int process_glob(char *name, struct restore_opts *opts) - if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) - continue; - rc = selinux_restorecon(globbuf.gl_pathv[i], -- r_opts->restorecon_flags); -+ opts->restorecon_flags); - if (rc < 0) - errors = rc; - } -diff --git a/restorecond/restore.c b/restorecond/restore.c -index f6e30001..b93b5fdb 100644 ---- a/restorecond/restore.c -+++ b/restorecond/restore.c -@@ -12,39 +12,36 @@ - char **exclude_list; - int exclude_count; - --struct restore_opts *r_opts; -- - void restore_init(struct restore_opts *opts) - { - int rc; - -- r_opts = opts; - struct selinux_opt selinux_opts[] = { -- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate }, -- { SELABEL_OPT_PATH, r_opts->selabel_opt_path }, -- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest } -+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate }, -+ { SELABEL_OPT_PATH, opts->selabel_opt_path }, -+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest } - }; - -- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); -- if (!r_opts->hnd) { -- perror(r_opts->selabel_opt_path); -+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); -+ if (!opts->hnd) { -+ perror(opts->selabel_opt_path); - exit(1); - } - -- r_opts->restorecon_flags = 0; -- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose | -- r_opts->progress | r_opts->set_specctx | -- r_opts->add_assoc | r_opts->ignore_digest | -- r_opts->recurse | r_opts->userealpath | -- r_opts->xdev | r_opts->abort_on_error | -- r_opts->syslog_changes | r_opts->log_matches | -- r_opts->ignore_noent | r_opts->ignore_mounts; -+ opts->restorecon_flags = 0; -+ opts->restorecon_flags = opts->nochange | opts->verbose | -+ opts->progress | opts->set_specctx | -+ opts->add_assoc | opts->ignore_digest | -+ opts->recurse | opts->userealpath | -+ opts->xdev | opts->abort_on_error | -+ opts->syslog_changes | opts->log_matches | -+ opts->ignore_noent | opts->ignore_mounts; - - /* Use setfiles, restorecon and restorecond own handles */ -- selinux_restorecon_set_sehandle(r_opts->hnd); -+ selinux_restorecon_set_sehandle(opts->hnd); - -- if (r_opts->rootpath) { -- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath); -+ if (opts->rootpath) { -+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath); - if (rc) { - fprintf(stderr, - "selinux_restorecon_set_alt_rootpath error: %s.\n", -@@ -75,7 +72,6 @@ int process_glob(char *name, struct restore_opts *opts) - size_t i = 0; - int len, rc, errors; - -- r_opts = opts; - memset(&globbuf, 0, sizeof(globbuf)); - - errors = glob(name, GLOB_TILDE | GLOB_PERIOD | -@@ -90,7 +86,7 @@ int process_glob(char *name, struct restore_opts *opts) - if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) - continue; - rc = selinux_restorecon(globbuf.gl_pathv[i], -- r_opts->restorecon_flags); -+ opts->restorecon_flags); - if (rc < 0) - errors = rc; - } --- -2.21.0 - diff --git a/SOURCES/0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch b/SOURCES/0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch deleted file mode 100644 index 56a271b..0000000 --- a/SOURCES/0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 0bed778c53a4f93b1b092b3db33e8c36aabfa39d Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 5 Jan 2021 17:00:21 +0100 -Subject: [PATCH] python/semanage: empty stdout before exiting on - BrokenPipeError - -Empty stdout buffer before exiting when BrokenPipeError is -encountered. Otherwise python will flush the bufer during exit, which -may trigger the exception again. -https://docs.python.org/3/library/signal.html#note-on-sigpipe - -Fixes: - #semanage fcontext -l | egrep -q -e '^/home' - BrokenPipeError: [Errno 32] Broken pipe - Exception ignored in: <_io.TextIOWrapper name='' mode='w' encoding='UTF-8'> - BrokenPipeError: [Errno 32] Broken pipe - -Note that the error above only appears occasionally (usually only the -first line is printed). - -Signed-off-by: Vit Mojzis -Acked-by: Nicolas Iooss ---- - python/semanage/semanage | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index b2bd9df9..1abe3536 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -26,6 +26,7 @@ - import traceback - import argparse - import sys -+import os - PROGNAME = "selinux-python" - try: - import gettext -@@ -953,6 +954,13 @@ def do_parser(): - args = commandParser.parse_args(make_args(sys.argv)) - args.func(args) - sys.exit(0) -+ except BrokenPipeError as e: -+ sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) -+ # Python flushes standard streams on exit; redirect remaining output -+ # to devnull to avoid another BrokenPipeError at shutdown -+ devnull = os.open(os.devnull, os.O_WRONLY) -+ os.dup2(devnull, sys.stdout.fileno()) -+ sys.exit(1) - except IOError as e: - sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e))) - sys.exit(1) --- -2.29.2 - diff --git a/SOURCES/0034-python-semanage-Sort-imports-in-alphabetical-order.patch b/SOURCES/0034-python-semanage-Sort-imports-in-alphabetical-order.patch deleted file mode 100644 index 8c1bab7..0000000 --- a/SOURCES/0034-python-semanage-Sort-imports-in-alphabetical-order.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 4b0e627d42f9a8e09dcd064a6ae897f4c2e9cf6c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 6 Jan 2021 10:00:07 +0100 -Subject: [PATCH] python/semanage: Sort imports in alphabetical order - -Signed-off-by: Vit Mojzis ---- - python/semanage/semanage | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 1abe3536..781e8645 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -23,10 +23,12 @@ - # - # - --import traceback - import argparse --import sys - import os -+import re -+import sys -+import traceback -+ - PROGNAME = "selinux-python" - try: - import gettext -@@ -786,8 +788,6 @@ def setupExportParser(subparsers): - exportParser.add_argument('-f', '--output_file', dest='output_file', action=SetExportFile, help=_('Output file')) - exportParser.set_defaults(func=handleExport) - --import re -- - - def mkargv(line): - dquote = "\"" --- -2.29.2 - diff --git a/SOURCES/0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch b/SOURCES/0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch deleted file mode 100644 index 4ad47e4..0000000 --- a/SOURCES/0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch +++ /dev/null @@ -1,49 +0,0 @@ -From e0a1cdb6181bcf3a23fe63b8e67fd5020e81d05e Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 22 Jan 2021 16:25:52 +0100 -Subject: [PATCH] python/sepolgen: allow any policy statement in if(n)def - -"ifdef/ifndef" statements can be used to conditionally define -an interface, but this syntax is not recognised by sepolgen-ifgen. -Fix sepolgen-ifgen to allow any policy statement inside an -"ifdef/ifndef" statement. - -Fixes: - $ cat < i.if -ifndef(`apache_manage_pid_files',` - interface(`apache_manage_pid_files',` - manage_files_pattern($1, httpd_var_run_t, httpd_var_run_t) - ') -') - - #sepolgen-ifgen --interface=i.if - i.if: Syntax error on line 2 interface [type=INTERFACE] - i.if: Syntax error on line 4 ' [type=SQUOTE] - -Signed-off-by: Vit Mojzis -[OM: s/fidef/ifdef/] -Signed-off-by: Ondrej Mosnacek ---- - python/sepolgen/src/sepolgen/refparser.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py -index f506dc3a..5d77e2a3 100644 ---- a/python/sepolgen/src/sepolgen/refparser.py -+++ b/python/sepolgen/src/sepolgen/refparser.py -@@ -431,9 +431,9 @@ def p_ifelse(p): - - - def p_ifdef(p): -- '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi -- | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi -- | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi -+ '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi -+ | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi -+ | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi - ''' - x = refpolicy.IfDef(p[4]) - if p[1] == 'ifdef': --- -2.29.2 - diff --git a/SOURCES/0036-setfiles-Do-not-abort-on-labeling-error.patch b/SOURCES/0036-setfiles-Do-not-abort-on-labeling-error.patch deleted file mode 100644 index aab207b..0000000 --- a/SOURCES/0036-setfiles-Do-not-abort-on-labeling-error.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 53ccdd55adfbec60fb4277286f2ad94660838504 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 13 Jan 2021 22:09:47 +0100 -Subject: [PATCH] setfiles: Do not abort on labeling error - -Commit 602347c7422e ("policycoreutils: setfiles - Modify to use -selinux_restorecon") changed behavior of setfiles. Original -implementation skipped files which it couldn't set context to while the -new implementation aborts on them. setfiles should abort only if it -can't validate a context from spec_file. - -Reproducer: - - # mkdir -p r/1 r/2 r/3 - # touch r/1/1 r/2/1 - # chattr +i r/2/1 - # touch r/3/1 - # setfiles -r r -v /etc/selinux/targeted/contexts/files/file_contexts r - Relabeled r from unconfined_u:object_r:mnt_t:s0 to unconfined_u:object_r:root_t:s0 - Relabeled r/2 from unconfined_u:object_r:mnt_t:s0 to unconfined_u:object_r:default_t:s0 - setfiles: Could not set context for r/2/1: Operation not permitted - -r/3 and r/1 are not relabeled. - -Signed-off-by: Petr Lautrbach ---- - policycoreutils/setfiles/setfiles.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index bc83c27b4c06..68eab45aa2b4 100644 ---- a/policycoreutils/setfiles/setfiles.c -+++ b/policycoreutils/setfiles/setfiles.c -@@ -182,6 +182,7 @@ int main(int argc, char **argv) - policyfile = NULL; - nerr = 0; - -+ r_opts.abort_on_error = 0; - r_opts.progname = strdup(argv[0]); - if (!r_opts.progname) { - fprintf(stderr, "%s: Out of memory!\n", argv[0]); -@@ -194,7 +195,6 @@ int main(int argc, char **argv) - * setfiles: - * Recursive descent, - * Does not expand paths via realpath, -- * Aborts on errors during the file tree walk, - * Try to track inode associations for conflict detection, - * Does not follow mounts (sets SELINUX_RESTORECON_XDEV), - * Validates all file contexts at init time. -@@ -202,7 +202,6 @@ int main(int argc, char **argv) - iamrestorecon = 0; - r_opts.recurse = SELINUX_RESTORECON_RECURSE; - r_opts.userealpath = 0; /* SELINUX_RESTORECON_REALPATH */ -- r_opts.abort_on_error = SELINUX_RESTORECON_ABORT_ON_ERROR; - r_opts.add_assoc = SELINUX_RESTORECON_ADD_ASSOC; - /* FTS_PHYSICAL and FTS_NOCHDIR are always set by selinux_restorecon(3) */ - r_opts.xdev = SELINUX_RESTORECON_XDEV; -@@ -226,7 +225,6 @@ int main(int argc, char **argv) - iamrestorecon = 1; - r_opts.recurse = 0; - r_opts.userealpath = SELINUX_RESTORECON_REALPATH; -- r_opts.abort_on_error = 0; - r_opts.add_assoc = 0; - r_opts.xdev = 0; - r_opts.ignore_mounts = 0; --- -2.30.0 - diff --git a/SOURCES/0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch b/SOURCES/0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch deleted file mode 100644 index 349c675..0000000 --- a/SOURCES/0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 2f135022f4372dc34198c48cfd67b91044e6dfd7 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 13 Jan 2021 22:09:48 +0100 -Subject: [PATCH] setfiles: drop ABORT_ON_ERRORS and related code - -`setfiles -d` doesn't have any impact on number of errors before it -aborts. It always aborts on first invalid context in spec file. - -Signed-off-by: Petr Lautrbach ---- - policycoreutils/setfiles/Makefile | 3 --- - policycoreutils/setfiles/ru/setfiles.8 | 2 +- - policycoreutils/setfiles/setfiles.8 | 3 +-- - policycoreutils/setfiles/setfiles.c | 18 ------------------ - 4 files changed, 2 insertions(+), 24 deletions(-) - -diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile -index bc5a8db789a5..a3bbbe116b7f 100644 ---- a/policycoreutils/setfiles/Makefile -+++ b/policycoreutils/setfiles/Makefile -@@ -5,8 +5,6 @@ SBINDIR ?= /sbin - MANDIR = $(PREFIX)/share/man - AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) - --ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }') -- - CFLAGS ?= -g -Werror -Wall -W - override LDLIBS += -lselinux -lsepol - -@@ -26,7 +24,6 @@ restorecon_xattr: restorecon_xattr.o restore.o - - man: - @cp -af setfiles.8 setfiles.8.man -- @sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man - - install: all - [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8 -diff --git a/policycoreutils/setfiles/ru/setfiles.8 b/policycoreutils/setfiles/ru/setfiles.8 -index 27815a3f1eee..910101452625 100644 ---- a/policycoreutils/setfiles/ru/setfiles.8 -+++ b/policycoreutils/setfiles/ru/setfiles.8 -@@ -47,7 +47,7 @@ setfiles \- установить SELinux-контексты безопаснос - проверить действительность контекстов относительно указанной двоичной политики. - .TP - .B \-d --показать, какая спецификация соответствует каждому из файлов (не прекращать проверку после получения ошибок ABORT_ON_ERRORS). -+показать, какая спецификация соответствует каждому из файлов. - .TP - .BI \-e \ directory - исключить каталог (чтобы исключить более одного каталога, этот параметр необходимо использовать соответствующее количество раз). -diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index a8a76c860dac..b7d3cefb96ff 100644 ---- a/policycoreutils/setfiles/setfiles.8 -+++ b/policycoreutils/setfiles/setfiles.8 -@@ -56,8 +56,7 @@ option will force a replacement of the entire context. - check the validity of the contexts against the specified binary policy. - .TP - .B \-d --show what specification matched each file (do not abort validation --after ABORT_ON_ERRORS errors). Not affected by "\-q" -+show what specification matched each file. Not affected by "\-q" - .TP - .BI \-e \ directory - directory to exclude (repeat option for more than one directory). -diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index 68eab45aa2b4..bcbdfbfe53e2 100644 ---- a/policycoreutils/setfiles/setfiles.c -+++ b/policycoreutils/setfiles/setfiles.c -@@ -23,14 +23,6 @@ static int nerr; - - #define STAT_BLOCK_SIZE 1 - --/* setfiles will abort its operation after reaching the -- * following number of errors (e.g. invalid contexts), -- * unless it is used in "debug" mode (-d option). -- */ --#ifndef ABORT_ON_ERRORS --#define ABORT_ON_ERRORS 10 --#endif -- - #define SETFILES "setfiles" - #define RESTORECON "restorecon" - static int iamrestorecon; -@@ -57,15 +49,6 @@ static __attribute__((__noreturn__)) void usage(const char *const name) - exit(-1); - } - --void inc_err(void) --{ -- nerr++; -- if (nerr > ABORT_ON_ERRORS - 1 && !r_opts.debug) { -- fprintf(stderr, "Exiting after %d errors.\n", ABORT_ON_ERRORS); -- exit(-1); -- } --} -- - void set_rootpath(const char *arg) - { - if (strlen(arg) == 1 && strncmp(arg, "/", 1) == 0) { -@@ -98,7 +81,6 @@ int canoncon(char **contextp) - *contextp = tmpcon; - } else if (errno != ENOENT) { - rc = -1; -- inc_err(); - } - - return rc; --- -2.30.0 - diff --git a/SOURCES/0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch b/SOURCES/0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch deleted file mode 100644 index 31b9a34..0000000 --- a/SOURCES/0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch +++ /dev/null @@ -1,44 +0,0 @@ -From a691da617a2d3c864786ff2742d9a9f87ecc7d05 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 1 Feb 2021 15:24:32 +0100 -Subject: [PATCH] policycoreutils/setfiles: Drop unused nerr variable - -Suggested-by: Nicolas Iooss -Signed-off-by: Petr Lautrbach ---- - policycoreutils/setfiles/setfiles.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index bcbdfbfe53e2..82d0aaa75893 100644 ---- a/policycoreutils/setfiles/setfiles.c -+++ b/policycoreutils/setfiles/setfiles.c -@@ -19,7 +19,6 @@ static int warn_no_match; - static int null_terminated; - static int request_digest; - static struct restore_opts r_opts; --static int nerr; - - #define STAT_BLOCK_SIZE 1 - -@@ -162,7 +161,6 @@ int main(int argc, char **argv) - warn_no_match = 0; - request_digest = 0; - policyfile = NULL; -- nerr = 0; - - r_opts.abort_on_error = 0; - r_opts.progname = strdup(argv[0]); -@@ -417,9 +415,6 @@ int main(int argc, char **argv) - r_opts.selabel_opt_digest = (request_digest ? (char *)1 : NULL); - r_opts.selabel_opt_path = altpath; - -- if (nerr) -- exit(-1); -- - restore_init(&r_opts); - - if (use_input_file) { --- -2.30.0 - diff --git a/SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch b/SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch deleted file mode 100644 index b1f95a2..0000000 --- a/SOURCES/0039-selinux-8-5-Describe-fcontext-regular-expressions.patch +++ /dev/null @@ -1,62 +0,0 @@ -From c556c6ad0b94cf3ba4b441a1a0930f2468434227 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 10 Feb 2021 18:05:29 +0100 -Subject: [PATCH] selinux(8,5): Describe fcontext regular expressions - -Describe which type of regular expression is used in file context -definitions and which flags are in effect. - -Explain how local file context modifications are processed. - -Signed-off-by: Vit Mojzis -Acked-by: Petr Lautrbach ---- - python/semanage/semanage | 2 +- - python/semanage/semanage-fcontext.8 | 18 ++++++++++++++++++ - 2 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 781e8645..ebb93ea5 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -366,7 +366,7 @@ If you do not specify a file type, the file type will default to "all files". - parser_add_seuser(fcontextParser, "fcontext") - parser_add_type(fcontextParser, "fcontext") - parser_add_range(fcontextParser, "fcontext") -- fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('file_spec')) -+ fcontextParser.add_argument('file_spec', nargs='?', default=None, help=_('Path to be labeled (may be in the form of a Perl compatible regular expression)')) - fcontextParser.set_defaults(func=handleFcontext) - - -diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8 -index 561123af..49635ba7 100644 ---- a/python/semanage/semanage-fcontext.8 -+++ b/python/semanage/semanage-fcontext.8 -@@ -11,6 +11,24 @@ SELinux policy without requiring modification to or recompilation - from policy sources. semanage fcontext is used to manage the default - file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels. - -+FILE_SPEC may contain either a fully qualified path, -+or a Perl compatible regular expression (PCRE), -+describing fully qualified path(s). The only PCRE flag in use is PCRE2_DOTALL, -+which causes a wildcard '.' to match anything, including a new line. -+Strings representing paths are processed as bytes (as opposed to Unicode), -+meaning that non-ASCII characters are not matched by a single wildcard. -+ -+Note, that file context definitions specified using 'semanage fcontext' -+(i.e. local file context modifications stored in file_contexts.local) -+have higher priority than those specified in policy modules. -+This means that whenever a match for given file path is found in -+file_contexts.local, no other file context definitions are considered. -+Entries in file_contexts.local are processed from most recent one to the oldest, -+with first match being used (as opposed to the most specific match, -+which is used when matching other file context definitions). -+All regular expressions should therefore be as specific as possible, -+to avoid unintentionally impacting other parts of the filesystem. -+ - .SH "OPTIONS" - .TP - .I \-h, \-\-help --- -2.29.2 - diff --git a/SOURCES/0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch b/SOURCES/0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch deleted file mode 100644 index 3f7a839..0000000 --- a/SOURCES/0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch +++ /dev/null @@ -1,69 +0,0 @@ -From d10e773c014a12b17fefd9caef0bd02528d75d18 Mon Sep 17 00:00:00 2001 -From: Antoine Tenart -Date: Tue, 7 Jul 2020 16:35:01 +0200 -Subject: [PATCH] policycoreutils: setfiles: do not restrict checks against a - binary policy - -The -c option allows to check the validity of contexts against a -specified binary policy. Its use is restricted: no pathname can be used -when a binary policy is given to setfiles. It's not clear if this is -intentional as the built-in help and the man page are not stating the -same thing about this (the man page document -c as a normal option, -while the built-in help shows it is restricted). - -When generating full system images later used with SELinux in enforcing -mode, the extended attributed of files have to be set by the build -machine. The issue is setfiles always checks the contexts against a -policy (ctx_validate = 1) and using an external binary policy is not -currently possible when using a pathname. This ends up in setfiles -failing early as the contexts of the target image are not always -compatible with the ones of the build machine. - -This patch reworks a check on optind only made when -c is used, that -enforced the use of a single argument to allow 1+ arguments, allowing to -use setfiles with an external binary policy and pathnames. The following -command is then allowed, as already documented in the man page: - - $ setfiles -m -r target/ -c policy.32 file_contexts target/ - -Signed-off-by: Antoine Tenart -Acked-by: Stephen Smalley - -(cherry-picked from SElinuxProject - commit: c94e542c98da2f26863c1cbd9d7ad9bc5cca6aff ) ---- - policycoreutils/setfiles/setfiles.c | 11 +++++------ - 1 file changed, 5 insertions(+), 6 deletions(-) - -diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index 82d0aaa7..4fd3d756 100644 ---- a/policycoreutils/setfiles/setfiles.c -+++ b/policycoreutils/setfiles/setfiles.c -@@ -39,11 +39,10 @@ static __attribute__((__noreturn__)) void usage(const char *const name) - name, name); - } else { - fprintf(stderr, -- "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file pathname...\n" -- "usage: %s [-diIDlmnpqvFW] [-e excludedir] [-r alt_root_path] spec_file -f filename\n" -- "usage: %s -s [-diIDlmnpqvFW] spec_file\n" -- "usage: %s -c policyfile spec_file\n", -- name, name, name, name); -+ "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname...\n" -+ "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename\n" -+ "usage: %s -s [-diIDlmnpqvFW] spec_file\n", -+ name, name, name); - } - exit(-1); - } -@@ -376,7 +375,7 @@ int main(int argc, char **argv) - - if (!iamrestorecon) { - if (policyfile) { -- if (optind != (argc - 1)) -+ if (optind > (argc - 1)) - usage(argv[0]); - } else if (use_input_file) { - if (optind != (argc - 1)) { --- -2.30.2 - diff --git a/SOURCES/0041-semodule-add-m-checksum-option.patch b/SOURCES/0041-semodule-add-m-checksum-option.patch deleted file mode 100644 index 0fa0c54..0000000 --- a/SOURCES/0041-semodule-add-m-checksum-option.patch +++ /dev/null @@ -1,674 +0,0 @@ -From e748832819b781507903838483376d308c90ca79 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 16 Nov 2021 14:27:11 +0100 -Subject: [PATCH] semodule: add -m | --checksum option - -Since cil doesn't store module name and module version in module itself, -there's no simple way how to compare that installed module is the same -version as the module which is supposed to be installed. Even though the -version was not used by semodule itself, it was apparently used by some -team. - -With `semodule -l --checksum` users get SHA256 hashes of modules and -could compare them with their files which is faster than installing -modules again and again. - -E.g. - - # time ( - semodule -l --checksum | grep localmodule - /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum - ) - localmodule db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd - db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd - - - real 0m0.876s - user 0m0.849s - sys 0m0.028s - -vs - - # time semodule -i localmodule.pp - - real 0m6.147s - user 0m5.800s - sys 0m0.231s - -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - policycoreutils/semodule/Makefile | 2 +- - policycoreutils/semodule/semodule.8 | 6 + - policycoreutils/semodule/semodule.c | 95 ++++++++- - policycoreutils/semodule/sha256.c | 294 ++++++++++++++++++++++++++++ - policycoreutils/semodule/sha256.h | 89 +++++++++ - 5 files changed, 480 insertions(+), 6 deletions(-) - create mode 100644 policycoreutils/semodule/sha256.c - create mode 100644 policycoreutils/semodule/sha256.h - -diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile -index 73801e487a76..9875ac383280 100644 ---- a/policycoreutils/semodule/Makefile -+++ b/policycoreutils/semodule/Makefile -@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man - - CFLAGS ?= -Werror -Wall -W - override LDLIBS += -lsepol -lselinux -lsemanage --SEMODULE_OBJS = semodule.o -+SEMODULE_OBJS = semodule.o sha256.o - - all: semodule genhomedircon - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index 18d4f708661c..3a2fb21c2481 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -95,6 +95,9 @@ only modules listed in \-\-extract after this option. - .B \-H,\-\-hll - Extract module as an HLL file. This only affects the \-\-extract option and - only modules listed in \-\-extract after this option. -+.TP -+.B \-m,\-\-checksum -+Add SHA256 checksum of modules to the list output. - - .SH EXAMPLE - .nf -@@ -130,6 +133,9 @@ $ semodule \-B \-S "/tmp/var/lib/selinux" - # Write the HLL version of puppet and the CIL version of wireshark - # modules at priority 400 to the current working directory - $ semodule \-X 400 \-\-hll \-E puppet \-\-cil \-E wireshark -+# Check whether a module in "localmodule.pp" file is same as installed module "localmodule" -+$ /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum -+$ semodule -l -m | grep localmodule - .fi - - .SH SEE ALSO -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index a76797f505cd..300a97d735cc 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -24,6 +24,8 @@ - - #include - -+#include "sha256.h" -+ - enum client_modes { - NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M, - LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M -@@ -56,6 +58,7 @@ static semanage_handle_t *sh = NULL; - static char *store; - static char *store_root; - int extract_cil = 0; -+static int checksum = 0; - - extern char *optarg; - extern int optind; -@@ -146,6 +149,7 @@ static void usage(char *progname) - printf(" -S,--store-path use an alternate path for the policy store root\n"); - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); -+ printf(" -m, --checksum print module checksum (SHA256).\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -199,6 +203,7 @@ static void parse_command_line(int argc, char **argv) - {"disable", required_argument, NULL, 'd'}, - {"path", required_argument, NULL, 'p'}, - {"store-path", required_argument, NULL, 'S'}, -+ {"checksum", 0, NULL, 'm'}, - {NULL, 0, NULL, 0} - }; - int extract_selected = 0; -@@ -209,7 +214,7 @@ static void parse_command_line(int argc, char **argv) - no_reload = 0; - priority = 400; - while ((i = -- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cH", opts, -+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts, - NULL)) != -1) { - switch (i) { - case 'b': -@@ -286,6 +291,9 @@ static void parse_command_line(int argc, char **argv) - case 'd': - set_mode(DISABLE_M, optarg); - break; -+ case 'm': -+ checksum = 1; -+ break; - case '?': - default:{ - usage(argv[0]); -@@ -337,6 +345,61 @@ static void parse_command_line(int argc, char **argv) - } - } - -+/* Get module checksum */ -+static char *hash_module_data(const char *module_name, const int prio) { -+ semanage_module_info_t *extract_info = NULL; -+ semanage_module_key_t *modkey = NULL; -+ Sha256Context context; -+ uint8_t sha256_hash[SHA256_HASH_SIZE]; -+ char *sha256_buf = NULL; -+ void *data; -+ size_t data_len = 0, i; -+ int result; -+ -+ result = semanage_module_key_create(sh, &modkey); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ result = semanage_module_key_set_name(sh, modkey, module_name); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ result = semanage_module_key_set_priority(sh, modkey, prio); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ result = semanage_module_extract(sh, modkey, 1, &data, &data_len, -+ &extract_info); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ Sha256Initialise(&context); -+ Sha256Update(&context, data, data_len); -+ -+ Sha256Finalise(&context, (SHA256_HASH *)sha256_hash); -+ -+ sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1); -+ -+ if (sha256_buf == NULL) -+ goto cleanup_extract; -+ -+ for (i = 0; i < SHA256_HASH_SIZE; i++) { -+ sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]); -+ } -+ sha256_buf[i * 2] = 0; -+ -+cleanup_extract: -+ semanage_module_info_destroy(sh, extract_info); -+ free(extract_info); -+ semanage_module_key_destroy(sh, modkey); -+ free(modkey); -+ return sha256_buf; -+} -+ - int main(int argc, char *argv[]) - { - int i, commit = 0; -@@ -544,6 +607,8 @@ cleanup_extract: - int modinfos_len = 0; - semanage_module_info_t *m = NULL; - int j = 0; -+ char *module_checksum = NULL; -+ uint16_t pri = 0; - - if (verbose) { - printf -@@ -568,7 +633,18 @@ cleanup_extract: - result = semanage_module_info_get_name(sh, m, &name); - if (result != 0) goto cleanup_list; - -- printf("%s\n", name); -+ result = semanage_module_info_get_priority(sh, m, &pri); -+ if (result != 0) goto cleanup_list; -+ -+ printf("%s", name); -+ if (checksum) { -+ module_checksum = hash_module_data(name, pri); -+ if (module_checksum) { -+ printf(" %s", module_checksum); -+ free(module_checksum); -+ } -+ } -+ printf("\n"); - } - } - else if (strcmp(mode_arg, "full") == 0) { -@@ -583,11 +659,12 @@ cleanup_extract: - } - - /* calculate column widths */ -- size_t column[4] = { 0, 0, 0, 0 }; -+ size_t column[5] = { 0, 0, 0, 0, 0 }; - - /* fixed width columns */ - column[0] = sizeof("000") - 1; - column[3] = sizeof("disabled") - 1; -+ column[4] = 64; /* SHA256_HASH_SIZE * 2 */ - - /* variable width columns */ - const char *tmp = NULL; -@@ -610,7 +687,6 @@ cleanup_extract: - - /* print out each module */ - for (j = 0; j < modinfos_len; j++) { -- uint16_t pri = 0; - const char *name = NULL; - int enabled = 0; - const char *lang_ext = NULL; -@@ -629,11 +705,20 @@ cleanup_extract: - result = semanage_module_info_get_lang_ext(sh, m, &lang_ext); - if (result != 0) goto cleanup_list; - -- printf("%0*u %-*s %-*s %-*s\n", -+ printf("%0*u %-*s %-*s %-*s", - (int)column[0], pri, - (int)column[1], name, - (int)column[2], lang_ext, - (int)column[3], enabled ? "" : "disabled"); -+ if (checksum) { -+ module_checksum = hash_module_data(name, pri); -+ if (module_checksum) { -+ printf(" %-*s", (int)column[4], module_checksum); -+ free(module_checksum); -+ } -+ } -+ printf("\n"); -+ - } - } - else { -diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c -new file mode 100644 -index 000000000000..fe2aeef07f53 ---- /dev/null -+++ b/policycoreutils/semodule/sha256.c -@@ -0,0 +1,294 @@ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// WjCryptLib_Sha256 -+// -+// Implementation of SHA256 hash function. -+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org -+// Modified by WaterJuice retaining Public Domain license. -+// -+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// IMPORTS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#include "sha256.h" -+#include -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// MACROS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) -+ -+#define MIN(x, y) ( ((x)<(y))?(x):(y) ) -+ -+#define STORE32H(x, y) \ -+ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ -+ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } -+ -+#define LOAD32H(x, y) \ -+ { x = ((uint32_t)((y)[0] & 255)<<24) | \ -+ ((uint32_t)((y)[1] & 255)<<16) | \ -+ ((uint32_t)((y)[2] & 255)<<8) | \ -+ ((uint32_t)((y)[3] & 255)); } -+ -+#define STORE64H(x, y) \ -+ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ -+ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ -+ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ -+ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// CONSTANTS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+// The K array -+static const uint32_t K[64] = { -+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, -+ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, -+ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, -+ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, -+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, -+ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, -+ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, -+ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, -+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, -+ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, -+ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, -+ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, -+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -+}; -+ -+#define BLOCK_SIZE 64 -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// INTERNAL FUNCTIONS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+// Various logical functions -+#define Ch( x, y, z ) (z ^ (x & (y ^ z))) -+#define Maj( x, y, z ) (((x | y) & z) | (x & y)) -+#define S( x, n ) ror((x),(n)) -+#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) -+#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) -+#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) -+#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) -+#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) -+ -+#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ -+ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ -+ t1 = Sigma0(a) + Maj(a, b, c); \ -+ d += t0; \ -+ h = t0 + t1; -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// TransformFunction -+// -+// Compress 512-bits -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+static -+void -+ TransformFunction -+ ( -+ Sha256Context* Context, -+ uint8_t const* Buffer -+ ) -+{ -+ uint32_t S[8]; -+ uint32_t W[64]; -+ uint32_t t0; -+ uint32_t t1; -+ uint32_t t; -+ int i; -+ -+ // Copy state into S -+ for( i=0; i<8; i++ ) -+ { -+ S[i] = Context->state[i]; -+ } -+ -+ // Copy the state into 512-bits into W[0..15] -+ for( i=0; i<16; i++ ) -+ { -+ LOAD32H( W[i], Buffer + (4*i) ); -+ } -+ -+ // Fill W[16..63] -+ for( i=16; i<64; i++ ) -+ { -+ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; -+ } -+ -+ // Compress -+ for( i=0; i<64; i++ ) -+ { -+ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); -+ t = S[7]; -+ S[7] = S[6]; -+ S[6] = S[5]; -+ S[5] = S[4]; -+ S[4] = S[3]; -+ S[3] = S[2]; -+ S[2] = S[1]; -+ S[1] = S[0]; -+ S[0] = t; -+ } -+ -+ // Feedback -+ for( i=0; i<8; i++ ) -+ { -+ Context->state[i] = Context->state[i] + S[i]; -+ } -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// PUBLIC FUNCTIONS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Initialise -+// -+// Initialises a SHA256 Context. Use this to initialise/reset a context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Initialise -+ ( -+ Sha256Context* Context // [out] -+ ) -+{ -+ Context->curlen = 0; -+ Context->length = 0; -+ Context->state[0] = 0x6A09E667UL; -+ Context->state[1] = 0xBB67AE85UL; -+ Context->state[2] = 0x3C6EF372UL; -+ Context->state[3] = 0xA54FF53AUL; -+ Context->state[4] = 0x510E527FUL; -+ Context->state[5] = 0x9B05688CUL; -+ Context->state[6] = 0x1F83D9ABUL; -+ Context->state[7] = 0x5BE0CD19UL; -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Update -+// -+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on -+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Update -+ ( -+ Sha256Context* Context, // [in out] -+ void const* Buffer, // [in] -+ uint32_t BufferSize // [in] -+ ) -+{ -+ uint32_t n; -+ -+ if( Context->curlen > sizeof(Context->buf) ) -+ { -+ return; -+ } -+ -+ while( BufferSize > 0 ) -+ { -+ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) -+ { -+ TransformFunction( Context, (uint8_t*)Buffer ); -+ Context->length += BLOCK_SIZE * 8; -+ Buffer = (uint8_t*)Buffer + BLOCK_SIZE; -+ BufferSize -= BLOCK_SIZE; -+ } -+ else -+ { -+ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); -+ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); -+ Context->curlen += n; -+ Buffer = (uint8_t*)Buffer + n; -+ BufferSize -= n; -+ if( Context->curlen == BLOCK_SIZE ) -+ { -+ TransformFunction( Context, Context->buf ); -+ Context->length += 8*BLOCK_SIZE; -+ Context->curlen = 0; -+ } -+ } -+ } -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Finalise -+// -+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After -+// calling this, Sha256Initialised must be used to reuse the context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Finalise -+ ( -+ Sha256Context* Context, // [in out] -+ SHA256_HASH* Digest // [out] -+ ) -+{ -+ int i; -+ -+ if( Context->curlen >= sizeof(Context->buf) ) -+ { -+ return; -+ } -+ -+ // Increase the length of the message -+ Context->length += Context->curlen * 8; -+ -+ // Append the '1' bit -+ Context->buf[Context->curlen++] = (uint8_t)0x80; -+ -+ // if the length is currently above 56 bytes we append zeros -+ // then compress. Then we can fall back to padding zeros and length -+ // encoding like normal. -+ if( Context->curlen > 56 ) -+ { -+ while( Context->curlen < 64 ) -+ { -+ Context->buf[Context->curlen++] = (uint8_t)0; -+ } -+ TransformFunction(Context, Context->buf); -+ Context->curlen = 0; -+ } -+ -+ // Pad up to 56 bytes of zeroes -+ while( Context->curlen < 56 ) -+ { -+ Context->buf[Context->curlen++] = (uint8_t)0; -+ } -+ -+ // Store length -+ STORE64H( Context->length, Context->buf+56 ); -+ TransformFunction( Context, Context->buf ); -+ -+ // Copy output -+ for( i=0; i<8; i++ ) -+ { -+ STORE32H( Context->state[i], Digest->bytes+(4*i) ); -+ } -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Calculate -+// -+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the -+// buffer. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Calculate -+ ( -+ void const* Buffer, // [in] -+ uint32_t BufferSize, // [in] -+ SHA256_HASH* Digest // [in] -+ ) -+{ -+ Sha256Context context; -+ -+ Sha256Initialise( &context ); -+ Sha256Update( &context, Buffer, BufferSize ); -+ Sha256Finalise( &context, Digest ); -+} -diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h -new file mode 100644 -index 000000000000..406ed869cd82 ---- /dev/null -+++ b/policycoreutils/semodule/sha256.h -@@ -0,0 +1,89 @@ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// WjCryptLib_Sha256 -+// -+// Implementation of SHA256 hash function. -+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org -+// Modified by WaterJuice retaining Public Domain license. -+// -+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#pragma once -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// IMPORTS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#include -+#include -+ -+typedef struct -+{ -+ uint64_t length; -+ uint32_t state[8]; -+ uint32_t curlen; -+ uint8_t buf[64]; -+} Sha256Context; -+ -+#define SHA256_HASH_SIZE ( 256 / 8 ) -+ -+typedef struct -+{ -+ uint8_t bytes [SHA256_HASH_SIZE]; -+} SHA256_HASH; -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// PUBLIC FUNCTIONS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Initialise -+// -+// Initialises a SHA256 Context. Use this to initialise/reset a context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Initialise -+ ( -+ Sha256Context* Context // [out] -+ ); -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Update -+// -+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on -+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Update -+ ( -+ Sha256Context* Context, // [in out] -+ void const* Buffer, // [in] -+ uint32_t BufferSize // [in] -+ ); -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Finalise -+// -+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After -+// calling this, Sha256Initialised must be used to reuse the context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Finalise -+ ( -+ Sha256Context* Context, // [in out] -+ SHA256_HASH* Digest // [out] -+ ); -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Calculate -+// -+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the -+// buffer. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Calculate -+ ( -+ void const* Buffer, // [in] -+ uint32_t BufferSize, // [in] -+ SHA256_HASH* Digest // [in] -+ ); --- -2.33.1 - diff --git a/SOURCES/0042-semodule-Fix-lang_ext-column-index.patch b/SOURCES/0042-semodule-Fix-lang_ext-column-index.patch deleted file mode 100644 index 2fa24dc..0000000 --- a/SOURCES/0042-semodule-Fix-lang_ext-column-index.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 14084bad4f5bcfdb769ba39c9a6f12e4787ab909 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 16 Nov 2021 16:11:22 +0100 -Subject: [PATCH] semodule: Fix lang_ext column index - -lang_ext is 3. column - index number 2. - -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - policycoreutils/semodule/semodule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 300a97d735cc..c677cc4f1d81 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -682,7 +682,7 @@ cleanup_extract: - if (result != 0) goto cleanup_list; - - size = strlen(tmp); -- if (size > column[3]) column[3] = size; -+ if (size > column[2]) column[2] = size; - } - - /* print out each module */ --- -2.33.1 - diff --git a/SOURCES/0043-semodule-Don-t-forget-to-munmap-data.patch b/SOURCES/0043-semodule-Don-t-forget-to-munmap-data.patch deleted file mode 100644 index 799c7e5..0000000 --- a/SOURCES/0043-semodule-Don-t-forget-to-munmap-data.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 61f05b6d26063e1ebdc06609c29a067d44579b41 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 23 Nov 2021 17:38:51 +0100 -Subject: [PATCH] semodule: Don't forget to munmap() data - -semanage_module_extract() mmap()'s the module raw data but it leaves on -the caller to munmap() them. - -Reported-by: Ondrej Mosnacek -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - policycoreutils/semodule/semodule.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index c677cc4f1d81..dc227058b073 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -393,6 +393,9 @@ static char *hash_module_data(const char *module_name, const int prio) { - sha256_buf[i * 2] = 0; - - cleanup_extract: -+ if (data_len > 0) { -+ munmap(data, data_len); -+ } - semanage_module_info_destroy(sh, extract_info); - free(extract_info); - semanage_module_key_destroy(sh, modkey); --- -2.33.1 - diff --git a/SOURCES/0044-policycoreutils-Improve-error-message-when-selabel_o.patch b/SOURCES/0044-policycoreutils-Improve-error-message-when-selabel_o.patch deleted file mode 100644 index 634a69b..0000000 --- a/SOURCES/0044-policycoreutils-Improve-error-message-when-selabel_o.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 69da6239d8505a9d6ca547187f71a351df17f157 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 10 Jan 2022 18:35:27 +0100 -Subject: [PATCH] policycoreutils: Improve error message when selabel_open - fails - -When selabel_open fails to locate file_context files and -selabel_opt_path is not specified (e.g. when the policy type is -missconfigured in /etc/selinux/config), perror only prints -"No such file or directory". -This can be confusing in case of "restorecon" since it's -not apparent that the issue is in policy store. - -Before: - \# restorecon -v /tmp/foo.txt - No such file or directory -After: - \# restorecon -v /tmp/foo.txt - /etc/selinux/yolo/contexts/files/file_contexts: No such file or directory - -Signed-off-by: Vit Mojzis ---- - policycoreutils/setfiles/restore.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index d3335d1a..ba2668b3 100644 ---- a/policycoreutils/setfiles/restore.c -+++ b/policycoreutils/setfiles/restore.c -@@ -29,7 +29,7 @@ void restore_init(struct restore_opts *opts) - - opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); - if (!opts->hnd) { -- perror(opts->selabel_opt_path); -+ perror(opts->selabel_opt_path ? opts->selabel_opt_path : selinux_file_context_path()); - exit(1); - } - --- -2.30.2 - diff --git a/SOURCES/0045-semodule-libsemanage-move-module-hashing-into-libsem.patch b/SOURCES/0045-semodule-libsemanage-move-module-hashing-into-libsem.patch deleted file mode 100644 index 1c5d05b..0000000 --- a/SOURCES/0045-semodule-libsemanage-move-module-hashing-into-libsem.patch +++ /dev/null @@ -1,539 +0,0 @@ -From 066007029b3dd250305d7fac0bfd53aa1e4543cf Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 3 Feb 2022 17:53:23 +0100 -Subject: [PATCH] semodule,libsemanage: move module hashing into libsemanage - -The main goal of this move is to have the SHA-256 implementation under -libsemanage, since upcoming patches will make use of SHA-256 for a -different (but similar) purpose in libsemanage. Having the hashing code -in libsemanage will reduce code duplication and allow for easier hash -algorithm upgrade in the future. - -Note that libselinux currently also contains a hash function -implementation (for yet another different purpose). This patch doesn't -make any effort to address that duplicity yet. - -This patch also changes the format of the hash string printed by -semodule to include the name of the hash. The intent is to avoid -ambiguity and potential collisions when the algorithm is potentially -changed in the future. - -Signed-off-by: Ondrej Mosnacek ---- - policycoreutils/semodule/Makefile | 2 +- - policycoreutils/semodule/semodule.c | 53 ++--- - policycoreutils/semodule/sha256.c | 294 ---------------------------- - policycoreutils/semodule/sha256.h | 89 --------- - 4 files changed, 17 insertions(+), 421 deletions(-) - delete mode 100644 policycoreutils/semodule/sha256.c - delete mode 100644 policycoreutils/semodule/sha256.h - -diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile -index 9875ac38..73801e48 100644 ---- a/policycoreutils/semodule/Makefile -+++ b/policycoreutils/semodule/Makefile -@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man - - CFLAGS ?= -Werror -Wall -W - override LDLIBS += -lsepol -lselinux -lsemanage --SEMODULE_OBJS = semodule.o sha256.o -+SEMODULE_OBJS = semodule.o - - all: semodule genhomedircon - -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index dc227058..243b1add 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -24,8 +24,6 @@ - - #include - --#include "sha256.h" -- - enum client_modes { - NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M, - LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M -@@ -347,60 +345,38 @@ static void parse_command_line(int argc, char **argv) - - /* Get module checksum */ - static char *hash_module_data(const char *module_name, const int prio) { -- semanage_module_info_t *extract_info = NULL; - semanage_module_key_t *modkey = NULL; -- Sha256Context context; -- uint8_t sha256_hash[SHA256_HASH_SIZE]; -- char *sha256_buf = NULL; -- void *data; -- size_t data_len = 0, i; -+ char *hash_str = NULL; -+ void *hash = NULL; -+ size_t hash_len = 0; - int result; - - result = semanage_module_key_create(sh, &modkey); - if (result != 0) { -- goto cleanup_extract; -+ goto cleanup; - } - - result = semanage_module_key_set_name(sh, modkey, module_name); - if (result != 0) { -- goto cleanup_extract; -+ goto cleanup; - } - - result = semanage_module_key_set_priority(sh, modkey, prio); - if (result != 0) { -- goto cleanup_extract; -+ goto cleanup; - } - -- result = semanage_module_extract(sh, modkey, 1, &data, &data_len, -- &extract_info); -+ result = semanage_module_compute_checksum(sh, modkey, 1, &hash_str, -+ &hash_len); - if (result != 0) { -- goto cleanup_extract; -- } -- -- Sha256Initialise(&context); -- Sha256Update(&context, data, data_len); -- -- Sha256Finalise(&context, (SHA256_HASH *)sha256_hash); -- -- sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1); -- -- if (sha256_buf == NULL) -- goto cleanup_extract; -- -- for (i = 0; i < SHA256_HASH_SIZE; i++) { -- sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]); -+ goto cleanup; - } -- sha256_buf[i * 2] = 0; - --cleanup_extract: -- if (data_len > 0) { -- munmap(data, data_len); -- } -- semanage_module_info_destroy(sh, extract_info); -- free(extract_info); -+cleanup: -+ free(hash); - semanage_module_key_destroy(sh, modkey); - free(modkey); -- return sha256_buf; -+ return hash_str; - } - - int main(int argc, char *argv[]) -@@ -667,7 +643,10 @@ cleanup_extract: - /* fixed width columns */ - column[0] = sizeof("000") - 1; - column[3] = sizeof("disabled") - 1; -- column[4] = 64; /* SHA256_HASH_SIZE * 2 */ -+ -+ result = semanage_module_compute_checksum(sh, NULL, 0, NULL, -+ &column[4]); -+ if (result != 0) goto cleanup_list; - - /* variable width columns */ - const char *tmp = NULL; -diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c -deleted file mode 100644 -index fe2aeef0..00000000 ---- a/policycoreutils/semodule/sha256.c -+++ /dev/null -@@ -1,294 +0,0 @@ --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// WjCryptLib_Sha256 --// --// Implementation of SHA256 hash function. --// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org --// Modified by WaterJuice retaining Public Domain license. --// --// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// IMPORTS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#include "sha256.h" --#include -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// MACROS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) -- --#define MIN(x, y) ( ((x)<(y))?(x):(y) ) -- --#define STORE32H(x, y) \ -- { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ -- (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } -- --#define LOAD32H(x, y) \ -- { x = ((uint32_t)((y)[0] & 255)<<24) | \ -- ((uint32_t)((y)[1] & 255)<<16) | \ -- ((uint32_t)((y)[2] & 255)<<8) | \ -- ((uint32_t)((y)[3] & 255)); } -- --#define STORE64H(x, y) \ -- { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ -- (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ -- (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ -- (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// CONSTANTS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --// The K array --static const uint32_t K[64] = { -- 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, -- 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, -- 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, -- 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, -- 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, -- 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, -- 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, -- 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, -- 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, -- 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, -- 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, -- 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, -- 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL --}; -- --#define BLOCK_SIZE 64 -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// INTERNAL FUNCTIONS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --// Various logical functions --#define Ch( x, y, z ) (z ^ (x & (y ^ z))) --#define Maj( x, y, z ) (((x | y) & z) | (x & y)) --#define S( x, n ) ror((x),(n)) --#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) --#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) --#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) --#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) --#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) -- --#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ -- t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ -- t1 = Sigma0(a) + Maj(a, b, c); \ -- d += t0; \ -- h = t0 + t1; -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// TransformFunction --// --// Compress 512-bits --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --static --void -- TransformFunction -- ( -- Sha256Context* Context, -- uint8_t const* Buffer -- ) --{ -- uint32_t S[8]; -- uint32_t W[64]; -- uint32_t t0; -- uint32_t t1; -- uint32_t t; -- int i; -- -- // Copy state into S -- for( i=0; i<8; i++ ) -- { -- S[i] = Context->state[i]; -- } -- -- // Copy the state into 512-bits into W[0..15] -- for( i=0; i<16; i++ ) -- { -- LOAD32H( W[i], Buffer + (4*i) ); -- } -- -- // Fill W[16..63] -- for( i=16; i<64; i++ ) -- { -- W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; -- } -- -- // Compress -- for( i=0; i<64; i++ ) -- { -- Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); -- t = S[7]; -- S[7] = S[6]; -- S[6] = S[5]; -- S[5] = S[4]; -- S[4] = S[3]; -- S[3] = S[2]; -- S[2] = S[1]; -- S[1] = S[0]; -- S[0] = t; -- } -- -- // Feedback -- for( i=0; i<8; i++ ) -- { -- Context->state[i] = Context->state[i] + S[i]; -- } --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// PUBLIC FUNCTIONS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Initialise --// --// Initialises a SHA256 Context. Use this to initialise/reset a context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Initialise -- ( -- Sha256Context* Context // [out] -- ) --{ -- Context->curlen = 0; -- Context->length = 0; -- Context->state[0] = 0x6A09E667UL; -- Context->state[1] = 0xBB67AE85UL; -- Context->state[2] = 0x3C6EF372UL; -- Context->state[3] = 0xA54FF53AUL; -- Context->state[4] = 0x510E527FUL; -- Context->state[5] = 0x9B05688CUL; -- Context->state[6] = 0x1F83D9ABUL; -- Context->state[7] = 0x5BE0CD19UL; --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Update --// --// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on --// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Update -- ( -- Sha256Context* Context, // [in out] -- void const* Buffer, // [in] -- uint32_t BufferSize // [in] -- ) --{ -- uint32_t n; -- -- if( Context->curlen > sizeof(Context->buf) ) -- { -- return; -- } -- -- while( BufferSize > 0 ) -- { -- if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) -- { -- TransformFunction( Context, (uint8_t*)Buffer ); -- Context->length += BLOCK_SIZE * 8; -- Buffer = (uint8_t*)Buffer + BLOCK_SIZE; -- BufferSize -= BLOCK_SIZE; -- } -- else -- { -- n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); -- memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); -- Context->curlen += n; -- Buffer = (uint8_t*)Buffer + n; -- BufferSize -= n; -- if( Context->curlen == BLOCK_SIZE ) -- { -- TransformFunction( Context, Context->buf ); -- Context->length += 8*BLOCK_SIZE; -- Context->curlen = 0; -- } -- } -- } --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Finalise --// --// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After --// calling this, Sha256Initialised must be used to reuse the context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Finalise -- ( -- Sha256Context* Context, // [in out] -- SHA256_HASH* Digest // [out] -- ) --{ -- int i; -- -- if( Context->curlen >= sizeof(Context->buf) ) -- { -- return; -- } -- -- // Increase the length of the message -- Context->length += Context->curlen * 8; -- -- // Append the '1' bit -- Context->buf[Context->curlen++] = (uint8_t)0x80; -- -- // if the length is currently above 56 bytes we append zeros -- // then compress. Then we can fall back to padding zeros and length -- // encoding like normal. -- if( Context->curlen > 56 ) -- { -- while( Context->curlen < 64 ) -- { -- Context->buf[Context->curlen++] = (uint8_t)0; -- } -- TransformFunction(Context, Context->buf); -- Context->curlen = 0; -- } -- -- // Pad up to 56 bytes of zeroes -- while( Context->curlen < 56 ) -- { -- Context->buf[Context->curlen++] = (uint8_t)0; -- } -- -- // Store length -- STORE64H( Context->length, Context->buf+56 ); -- TransformFunction( Context, Context->buf ); -- -- // Copy output -- for( i=0; i<8; i++ ) -- { -- STORE32H( Context->state[i], Digest->bytes+(4*i) ); -- } --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Calculate --// --// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the --// buffer. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Calculate -- ( -- void const* Buffer, // [in] -- uint32_t BufferSize, // [in] -- SHA256_HASH* Digest // [in] -- ) --{ -- Sha256Context context; -- -- Sha256Initialise( &context ); -- Sha256Update( &context, Buffer, BufferSize ); -- Sha256Finalise( &context, Digest ); --} -diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h -deleted file mode 100644 -index 406ed869..00000000 ---- a/policycoreutils/semodule/sha256.h -+++ /dev/null -@@ -1,89 +0,0 @@ --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// WjCryptLib_Sha256 --// --// Implementation of SHA256 hash function. --// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org --// Modified by WaterJuice retaining Public Domain license. --// --// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#pragma once -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// IMPORTS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#include --#include -- --typedef struct --{ -- uint64_t length; -- uint32_t state[8]; -- uint32_t curlen; -- uint8_t buf[64]; --} Sha256Context; -- --#define SHA256_HASH_SIZE ( 256 / 8 ) -- --typedef struct --{ -- uint8_t bytes [SHA256_HASH_SIZE]; --} SHA256_HASH; -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// PUBLIC FUNCTIONS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Initialise --// --// Initialises a SHA256 Context. Use this to initialise/reset a context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Initialise -- ( -- Sha256Context* Context // [out] -- ); -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Update --// --// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on --// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Update -- ( -- Sha256Context* Context, // [in out] -- void const* Buffer, // [in] -- uint32_t BufferSize // [in] -- ); -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Finalise --// --// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After --// calling this, Sha256Initialised must be used to reuse the context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Finalise -- ( -- Sha256Context* Context, // [in out] -- SHA256_HASH* Digest // [out] -- ); -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Calculate --// --// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the --// buffer. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Calculate -- ( -- void const* Buffer, // [in] -- uint32_t BufferSize, // [in] -- SHA256_HASH* Digest // [in] -- ); --- -2.30.2 - diff --git a/SOURCES/0046-semodule-add-command-line-option-to-detect-module-ch.patch b/SOURCES/0046-semodule-add-command-line-option-to-detect-module-ch.patch deleted file mode 100644 index f280b9f..0000000 --- a/SOURCES/0046-semodule-add-command-line-option-to-detect-module-ch.patch +++ /dev/null @@ -1,144 +0,0 @@ -From e3fc737e43561ecadcb977ce4c9a1db44be636ae Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 3 Feb 2022 17:53:27 +0100 -Subject: [PATCH] semodule: add command-line option to detect module changes - -Add a new command-line option "--rebuild-if-modules-changed" to control -the newly introduced check_ext_changes libsemanage flag. - -For example, running `semodule --rebuild-if-modules-changed` will ensure -that any externally added/removed modules (e.g. by an RPM transaction) -are reflected in the compiled policy, while skipping the most expensive -part of the rebuild if no module change was deteceted since the last -libsemanage transaction. - -Signed-off-by: Ondrej Mosnacek ---- - policycoreutils/semodule/semodule.8 | 7 +++++++ - policycoreutils/semodule/semodule.c | 32 ++++++++++++++++++++++------- - 2 files changed, 32 insertions(+), 7 deletions(-) - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index 3a2fb21c..d1735d21 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -23,6 +23,13 @@ force a reload of policy - .B \-B, \-\-build - force a rebuild of policy (also reloads unless \-n is used) - .TP -+.B \-\-rebuild-if-modules-changed -+Force a rebuild of the policy if any changes to module content are detected -+(by comparing with checksum from the last transaction). One can use this -+instead of \-B to ensure that any changes to the module store done by an -+external tool (e.g. a package manager) are applied, while automatically -+skipping the rebuild if there are no new changes. -+.TP - .B \-D, \-\-disable_dontaudit - Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt - .TP -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 243b1add..22a42a75 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -46,6 +46,7 @@ static int verbose; - static int reload; - static int no_reload; - static int build; -+static int check_ext_changes; - static int disable_dontaudit; - static int preserve_tunables; - static int ignore_module_cache; -@@ -148,6 +149,9 @@ static void usage(char *progname) - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); - printf(" -m, --checksum print module checksum (SHA256).\n"); -+ printf(" --rebuild-if-modules-changed\n" -+ " force policy rebuild if module content changed since\n" -+ " last rebuild (based on checksum)\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -179,6 +183,7 @@ static void set_mode(enum client_modes new_mode, char *arg) - static void parse_command_line(int argc, char **argv) - { - static struct option opts[] = { -+ {"rebuild-if-modules-changed", 0, NULL, '\0'}, - {"store", required_argument, NULL, 's'}, - {"base", required_argument, NULL, 'b'}, - {"help", 0, NULL, 'h'}, -@@ -206,15 +211,26 @@ static void parse_command_line(int argc, char **argv) - }; - int extract_selected = 0; - int cil_hll_set = 0; -- int i; -+ int i, longind; - verbose = 0; - reload = 0; - no_reload = 0; -+ check_ext_changes = 0; - priority = 400; - while ((i = -- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts, -- NULL)) != -1) { -+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", -+ opts, &longind)) != -1) { - switch (i) { -+ case '\0': -+ switch(longind) { -+ case 0: /* --rebuild-if-modules-changed */ -+ check_ext_changes = 1; -+ break; -+ default: -+ usage(argv[0]); -+ exit(1); -+ } -+ break; - case 'b': - fprintf(stderr, "The --base option is deprecated. Use --install instead.\n"); - set_mode(INSTALL_M, optarg); -@@ -299,13 +315,13 @@ static void parse_command_line(int argc, char **argv) - } - } - } -- if ((build || reload) && num_commands) { -+ if ((build || reload || check_ext_changes) && num_commands) { - fprintf(stderr, - "build or reload should not be used with other commands\n"); - usage(argv[0]); - exit(1); - } -- if (num_commands == 0 && reload == 0 && build == 0) { -+ if (num_commands == 0 && reload == 0 && build == 0 && check_ext_changes == 0) { - fprintf(stderr, "At least one mode must be specified.\n"); - usage(argv[0]); - exit(1); -@@ -392,7 +408,7 @@ int main(int argc, char *argv[]) - } - parse_command_line(argc, argv); - -- if (build) -+ if (build || check_ext_changes) - commit = 1; - - sh = semanage_handle_create(); -@@ -431,7 +447,7 @@ int main(int argc, char *argv[]) - } - } - -- if (build) { -+ if (build || check_ext_changes) { - if ((result = semanage_begin_transaction(sh)) < 0) { - fprintf(stderr, "%s: Could not begin transaction: %s\n", - argv[0], errno ? strerror(errno) : ""); -@@ -805,6 +821,8 @@ cleanup_disable: - semanage_set_reload(sh, 0); - if (build) - semanage_set_rebuild(sh, 1); -+ if (check_ext_changes) -+ semanage_set_check_ext_changes(sh, 1); - if (disable_dontaudit) - semanage_set_disable_dontaudit(sh, 1); - else if (build) --- -2.30.2 - diff --git a/SOURCES/0047-python-Split-semanage-import-into-two-transactions.patch b/SOURCES/0047-python-Split-semanage-import-into-two-transactions.patch deleted file mode 100644 index 8a915b6..0000000 --- a/SOURCES/0047-python-Split-semanage-import-into-two-transactions.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 09c944561c76146b1fc11e99e95b6a674366cddf Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 30 May 2022 14:20:21 +0200 -Subject: [PATCH] python: Split "semanage import" into two transactions - -First transaction applies all deletion operations, so that there are no -collisions when applying the rest of the changes. - -Fixes: - # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 - # semanage export | semanage import - ValueError: Port tcp/3024 already defined - -Signed-off-by: Vit Mojzis ---- - python/semanage/semanage | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index ebb93ea5..b8842d28 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -841,10 +841,29 @@ def handleImport(args): - trans = seobject.semanageRecords(args) - trans.start() - -+ deleteCommands = [] -+ commands = [] -+ # separate commands for deletion from the rest so they can be -+ # applied in a separate transaction - for l in sys.stdin.readlines(): - if len(l.strip()) == 0: - continue -+ if "-d" in l or "-D" in l: -+ deleteCommands.append(l) -+ else: -+ commands.append(l) -+ -+ if deleteCommands: -+ importHelper(deleteCommands) -+ trans.finish() -+ trans.start() -+ -+ importHelper(commands) -+ trans.finish() - -+ -+def importHelper(commands): -+ for l in commands: - try: - commandParser = createCommandParser() - args = commandParser.parse_args(mkargv(l)) -@@ -858,8 +877,6 @@ def handleImport(args): - except KeyboardInterrupt: - sys.exit(0) - -- trans.finish() -- - - def setupImportParser(subparsers): - importParser = subparsers.add_parser('import', help=_('Import local customizations')) --- -2.35.3 - diff --git a/SOURCES/0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch b/SOURCES/0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch deleted file mode 100644 index 5aeb379..0000000 --- a/SOURCES/0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch +++ /dev/null @@ -1,81 +0,0 @@ -From c0ca652dce6b1d5d11e697cc3a4695d87944f9ad Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Wed, 8 Jun 2022 19:09:54 +0200 -Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh - -After the last commit this option's name and description no longer -matches the semantic, so give it a new one and update the descriptions. -The old name is still recognized and aliased to the new one for -backwards compatibility. - -Signed-off-by: Ondrej Mosnacek -Acked-by: Nicolas Iooss ---- - policycoreutils/semodule/semodule.8 | 12 ++++++------ - policycoreutils/semodule/semodule.c | 13 ++++++++++--- - 2 files changed, 16 insertions(+), 9 deletions(-) - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index d1735d21..c56e580f 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -23,12 +23,12 @@ force a reload of policy - .B \-B, \-\-build - force a rebuild of policy (also reloads unless \-n is used) - .TP --.B \-\-rebuild-if-modules-changed --Force a rebuild of the policy if any changes to module content are detected --(by comparing with checksum from the last transaction). One can use this --instead of \-B to ensure that any changes to the module store done by an --external tool (e.g. a package manager) are applied, while automatically --skipping the rebuild if there are no new changes. -+.B \-\-refresh -+Like \-\-build, but reuses existing linked policy if no changes to module -+files are detected (by comparing with checksum from the last transaction). -+One can use this instead of \-B to ensure that any changes to the module -+store done by an external tool (e.g. a package manager) are applied, while -+automatically skipping the module re-linking if there are no module changes. - .TP - .B \-D, \-\-disable_dontaudit - Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 22a42a75..324ec9fb 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -149,9 +149,12 @@ static void usage(char *progname) - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); - printf(" -m, --checksum print module checksum (SHA256).\n"); -- printf(" --rebuild-if-modules-changed\n" -- " force policy rebuild if module content changed since\n" -- " last rebuild (based on checksum)\n"); -+ printf(" --refresh like --build, but reuses existing linked policy if no\n" -+ " changes to module files are detected (via checksum)\n"); -+ printf("Deprecated options:\n"); -+ printf(" -b,--base same as --install\n"); -+ printf(" --rebuild-if-modules-changed\n" -+ " same as --refresh\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -184,6 +187,7 @@ static void parse_command_line(int argc, char **argv) - { - static struct option opts[] = { - {"rebuild-if-modules-changed", 0, NULL, '\0'}, -+ {"refresh", 0, NULL, '\0'}, - {"store", required_argument, NULL, 's'}, - {"base", required_argument, NULL, 'b'}, - {"help", 0, NULL, 'h'}, -@@ -224,6 +228,9 @@ static void parse_command_line(int argc, char **argv) - case '\0': - switch(longind) { - case 0: /* --rebuild-if-modules-changed */ -+ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n"); -+ /* fallthrough */ -+ case 1: /* --refresh */ - check_ext_changes = 1; - break; - default: --- -2.35.3 - diff --git a/SOURCES/0049-python-Harden-tools-against-rogue-modules.patch b/SOURCES/0049-python-Harden-tools-against-rogue-modules.patch deleted file mode 100644 index 8796c90..0000000 --- a/SOURCES/0049-python-Harden-tools-against-rogue-modules.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 72c7e9123980b003a21d51e2805529a3e90b2460 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Thu, 13 Oct 2022 17:33:18 +0200 -Subject: [PATCH] python: Harden tools against "rogue" modules - -Python scripts present in "/usr/sbin" override regular modules. -Make sure /usr/sbin is not present in PYTHONPATH. - -Fixes: - #cat > /usr/sbin/audit.py < ---- - python/audit2allow/audit2allow | 2 +- - python/audit2allow/sepolgen-ifgen | 2 +- - python/chcat/chcat | 2 +- - python/semanage/semanage | 2 +- - python/sepolicy/sepolicy.py | 2 +- - 5 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow -index 09b06f66..eafeea88 100644 ---- a/python/audit2allow/audit2allow -+++ b/python/audit2allow/audit2allow -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # Authors: Karl MacMillan - # Authors: Dan Walsh - # -diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen -index be2d093b..f25f8af1 100644 ---- a/python/audit2allow/sepolgen-ifgen -+++ b/python/audit2allow/sepolgen-ifgen -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # - # Authors: Karl MacMillan - # -diff --git a/python/chcat/chcat b/python/chcat/chcat -index df2509f2..5671cec6 100755 ---- a/python/chcat/chcat -+++ b/python/chcat/chcat -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # Copyright (C) 2005 Red Hat - # see file 'COPYING' for use and warranty information - # -diff --git a/python/semanage/semanage b/python/semanage/semanage -index b8842d28..1f170f60 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # Copyright (C) 2012-2013 Red Hat - # AUTHOR: Miroslav Grepl - # AUTHOR: David Quigley -diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py -index 8bd6a579..0c1d9641 100755 ---- a/python/sepolicy/sepolicy.py -+++ b/python/sepolicy/sepolicy.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # Copyright (C) 2012 Red Hat - # AUTHOR: Dan Walsh - # see file 'COPYING' for use and warranty information --- -2.37.3 - diff --git a/SOURCES/0050-python-Do-not-query-the-local-database-if-the-fconte.patch b/SOURCES/0050-python-Do-not-query-the-local-database-if-the-fconte.patch deleted file mode 100644 index eb08953..0000000 --- a/SOURCES/0050-python-Do-not-query-the-local-database-if-the-fconte.patch +++ /dev/null @@ -1,65 +0,0 @@ -From f33e40265d192e5d725e7b82e5f14f603e1fba48 Mon Sep 17 00:00:00 2001 -From: James Carter -Date: Wed, 19 Oct 2022 14:20:11 -0400 -Subject: [PATCH] python: Do not query the local database if the fcontext is - non-local - -Vit Mojzis reports that an error message is produced when modifying -a non-local fcontext. - -He gives the following example: - # semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd - libsemanage.dbase_llist_query: could not query record value (No such file or directory). - -When modifying an fcontext, the non-local database is checked for the -key and then, if it is not found there, the local database is checked. -If the key doesn't exist, then an error is raised. If the key exists -then the local database is queried first and, if that fails, the non- -local database is queried. - -The error is from querying the local database when the fcontext is in -the non-local database. - -Instead, if the fcontext is in the non-local database, just query -the non-local database. Only query the local database if the -fcontext was found in it. - -Reported-by: Vit Mojzis -Signed-off-by: James Carter ---- - python/semanage/seobject.py | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 70ebfd08..0e923a0d 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -2490,16 +2490,19 @@ class fcontextRecords(semanageRecords): - (rc, exists) = semanage_fcontext_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if file context for %s is defined") % target) -- if not exists: -+ if exists: -+ try: -+ (rc, fcontext) = semanage_fcontext_query(self.sh, k) -+ except OSError: -+ raise ValueError(_("Could not query file context for %s") % target) -+ else: - (rc, exists) = semanage_fcontext_exists_local(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if file context for %s is defined") % target) - if not exists: - raise ValueError(_("File context for %s is not defined") % target) -- -- try: -- (rc, fcontext) = semanage_fcontext_query_local(self.sh, k) -- except OSError: - try: -- (rc, fcontext) = semanage_fcontext_query(self.sh, k) -+ (rc, fcontext) = semanage_fcontext_query_local(self.sh, k) - except OSError: - raise ValueError(_("Could not query file context for %s") % target) - --- -2.37.3 - diff --git a/SOURCES/0051-python-sepolicy-add-missing-booleans-to-man-pages.patch b/SOURCES/0051-python-sepolicy-add-missing-booleans-to-man-pages.patch deleted file mode 100644 index ccfe7da..0000000 --- a/SOURCES/0051-python-sepolicy-add-missing-booleans-to-man-pages.patch +++ /dev/null @@ -1,112 +0,0 @@ -From f3ddbd8220d9646072c9a4c9ed37f2dff998a53c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 10 Jan 2023 11:37:26 +0100 -Subject: [PATCH] python/sepolicy: add missing booleans to man pages - -get_bools should return a list of booleans that can affect given type, -but it did not handle non trivial conditional statements properly -(returning the whole conditional statement instead of a list of booleans -in the statement). - -e.g. for -allow httpd_t spamc_t:process transition; [ httpd_can_check_spam && httpd_can_sendmail ]:True -get_bools used to return [("httpd_can_check_spam && httpd_can_sendmail", False)] instead of -[("httpd_can_check_spam", False), ("httpd_can_sendmail", False)] - -- rename "boolean" in sepolicy rule dictionary to "booleans" to suggest - it can contain multiple values and make sure it is populated correctly -- add "conditional" key to the rule dictionary to accommodate - get_conditionals, which requires the whole conditional statement -- extend get_bools search to dontaudit rules so that it covers booleans - like httpd_dontaudit_search_dirs - -Note: get_bools uses security_get_boolean_active to get the boolean - value, but the value is later used to represent the default. - Not ideal, but I'm not aware of a way to get the actual defaults. - -Fixes: - "sepolicy manpage" generates man pages that are missing booleans - which are included in non trivial conditional expressions - e.g. httpd_selinux(8) does not include httpd_can_check_spam, - httpd_tmp_exec, httpd_unified, or httpd_use_gpg - - This fix, however, also adds some not strictly related booleans - to some man pages. e.g. use_nfs_home_dirs and - use_samba_home_dirs are added to httpd_selinux(8) - -Signed-off-by: Vit Mojzis -Acked-by: Jason Zaman ---- - python/sepolicy/sepolicy/__init__.py | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index b6ca57c3..0f51174d 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -324,7 +324,12 @@ def _setools_rule_to_dict(rule): - pass - - try: -- d['boolean'] = [(str(rule.conditional), enabled)] -+ d['booleans'] = [(str(b), b.state) for b in rule.conditional.booleans] -+ except AttributeError: -+ pass -+ -+ try: -+ d['conditional'] = str(rule.conditional) - except AttributeError: - pass - -@@ -426,12 +431,12 @@ def get_conditionals(src, dest, tclass, perm): - x['source'] in src_list and - x['target'] in dest_list and - set(perm).issubset(x[PERMS]) and -- 'boolean' in x, -+ 'conditional' in x, - get_all_allow_rules())) - - try: - for i in allows: -- tdict.update({'source': i['source'], 'boolean': i['boolean']}) -+ tdict.update({'source': i['source'], 'conditional': (i['conditional'], i['enabled'])}) - if tdict not in tlist: - tlist.append(tdict) - tdict = {} -@@ -445,10 +450,10 @@ def get_conditionals_format_text(cond): - - enabled = False - for x in cond: -- if x['boolean'][0][1]: -+ if x['conditional'][1]: - enabled = True - break -- return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['boolean'][0][0], x['boolean'][0][1]), cond)))) -+ return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['conditional'][0], x['conditional'][1]), cond)))) - - - def get_types_from_attribute(attribute): -@@ -703,9 +708,9 @@ def get_boolean_rules(setype, boolean): - boollist = [] - permlist = search([ALLOW], {'source': setype}) - for p in permlist: -- if "boolean" in p: -+ if "booleans" in p: - try: -- for b in p["boolean"]: -+ for b in p["booleans"]: - if boolean in b: - boollist.append(p) - except: -@@ -1124,7 +1129,7 @@ def get_bools(setype): - bools = [] - domainbools = [] - domainname, short_name = gen_short_name(setype) -- for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x and x['source'] == setype, get_all_allow_rules())): -+ for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))): - for b in i: - if not isinstance(b, tuple): - continue --- -2.37.3 - diff --git a/SOURCES/0052-python-sepolicy-Cache-conditional-rule-queries.patch b/SOURCES/0052-python-sepolicy-Cache-conditional-rule-queries.patch deleted file mode 100644 index 0dac123..0000000 --- a/SOURCES/0052-python-sepolicy-Cache-conditional-rule-queries.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 25373db5cac520b85350db91b8a7ed0737d3316c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Tue, 24 Jan 2023 21:05:05 +0100 -Subject: [PATCH] python/sepolicy: Cache conditional rule queries - -Commit 7506771e4b630fe0ab853f96574e039055cb72eb -"add missing booleans to man pages" dramatically slowed down -"sepolicy manpage -a" by removing caching of setools rule query. -Re-add said caching and update the query to only return conditional -rules. - -Before commit 7506771e: - #time sepolicy manpage -a - real 1m43.153s - # time sepolicy manpage -d httpd_t - real 0m4.493s - -After commit 7506771e: - #time sepolicy manpage -a - real 1h56m43.153s - # time sepolicy manpage -d httpd_t - real 0m8.352s - -After this commit: - #time sepolicy manpage -a - real 1m41.074s - # time sepolicy manpage -d httpd_t - real 0m7.358s - -Signed-off-by: Vit Mojzis ---- - python/sepolicy/sepolicy/__init__.py | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 0f51174d..f48231e9 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -114,6 +114,7 @@ all_attributes = None - booleans = None - booleans_dict = None - all_allow_rules = None -+all_bool_rules = None - all_transitions = None - - -@@ -1119,6 +1120,14 @@ def get_all_allow_rules(): - all_allow_rules = search([ALLOW]) - return all_allow_rules - -+def get_all_bool_rules(): -+ global all_bool_rules -+ if not all_bool_rules: -+ q = setools.TERuleQuery(_pol, boolean=".*", boolean_regex=True, -+ ruletype=[ALLOW, DONTAUDIT]) -+ all_bool_rules = [_setools_rule_to_dict(x) for x in q.results()] -+ return all_bool_rules -+ - def get_all_transitions(): - global all_transitions - if not all_transitions: -@@ -1129,7 +1138,7 @@ def get_bools(setype): - bools = [] - domainbools = [] - domainname, short_name = gen_short_name(setype) -- for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))): -+ for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, get_all_bool_rules())): - for b in i: - if not isinstance(b, tuple): - continue --- -2.37.3 - diff --git a/SOURCES/0053-python-Harden-more-tools-against-rogue-modules.patch b/SOURCES/0053-python-Harden-more-tools-against-rogue-modules.patch deleted file mode 100644 index 06db59d..0000000 --- a/SOURCES/0053-python-Harden-more-tools-against-rogue-modules.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 7aef364bc6607953a34cb9e8fe9ea51c88379a5c Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 6 Dec 2023 15:31:51 +0100 -Subject: [PATCH] python: Harden more tools against "rogue" modules - -Python scripts present in the same directory as the tool -override regular modules. - -Fixes: - #cat > /usr/bin/signal.py < -Acked-by: James Carter ---- - dbus/selinux_server.py | 2 +- - gui/polgengui.py | 2 +- - gui/system-config-selinux.py | 6 +++--- - sandbox/sandbox | 2 +- - sandbox/start | 2 +- - 5 files changed, 7 insertions(+), 7 deletions(-) - -diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py -index 97bf91ba..eae38de5 100644 ---- a/dbus/selinux_server.py -+++ b/dbus/selinux_server.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -+#!/usr/bin/python3 -EsI - - import dbus - import dbus.service -diff --git a/gui/polgengui.py b/gui/polgengui.py -index 46a1bd2c..0402e82c 100644 ---- a/gui/polgengui.py -+++ b/gui/polgengui.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # - # polgengui.py - GUI for SELinux Config tool in system-config-selinux - # -diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py -index 1e0d5eb1..c344c076 100644 ---- a/gui/system-config-selinux.py -+++ b/gui/system-config-selinux.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # - # system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux - # -@@ -32,6 +32,8 @@ except RuntimeError as e: - print("This is a graphical application and requires DISPLAY to be set.") - sys.exit(1) - -+sys.path.append('/usr/share/system-config-selinux') -+ - from gi.repository import GObject - import statusPage - import booleansPage -@@ -65,8 +67,6 @@ except: - - version = "1.0" - --sys.path.append('/usr/share/system-config-selinux') -- - - ## - ## Pull in the Glade file -diff --git a/sandbox/sandbox b/sandbox/sandbox -index 707959a6..e276e594 100644 ---- a/sandbox/sandbox -+++ b/sandbox/sandbox -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - # Authors: Dan Walsh - # Authors: Thomas Liu - # Authors: Josh Cogliati -diff --git a/sandbox/start b/sandbox/start -index 4ed3cb5c..3c1a1783 100644 ---- a/sandbox/start -+++ b/sandbox/start -@@ -1,4 +1,4 @@ --#!/usr/bin/python3 -Es -+#!/usr/bin/python3 -EsI - try: - from subprocess import getstatusoutput - except ImportError: --- -2.43.0 - diff --git a/SOURCES/0054-sepolicy-port-to-dnf4-python-API.patch b/SOURCES/0054-sepolicy-port-to-dnf4-python-API.patch deleted file mode 100644 index 587caea..0000000 --- a/SOURCES/0054-sepolicy-port-to-dnf4-python-API.patch +++ /dev/null @@ -1,95 +0,0 @@ -From ea93da38a16eb44307b522f8a26f2d8f967fcc01 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 22 Nov 2023 12:29:43 +0100 -Subject: [PATCH] sepolicy: port to dnf4 python API - -yum module is not available since RHEL 7. - -Drop -systemd related code as it's obsoleted these days - only 2 -packages ship their .service in -systemd subpackage - -Signed-off-by: Petr Lautrbach -Acked-by: James Carter -Acked-by: Ondrej Mosnacek ---- - python/sepolicy/sepolicy/generate.py | 56 +++++++++++++--------------- - 1 file changed, 25 insertions(+), 31 deletions(-) - -diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 93caedee..c841a499 100644 ---- a/python/sepolicy/sepolicy/generate.py -+++ b/python/sepolicy/sepolicy/generate.py -@@ -1265,24 +1265,20 @@ allow %s_t %s_t:%s_socket name_%s; - return fcfile - - def __extract_rpms(self): -- import yum -- yb = yum.YumBase() -- yb.setCacheDir() -- -- for pkg in yb.rpmdb.searchProvides(self.program): -- self.rpms.append(pkg.name) -- for fname in pkg.dirlist + pkg.filelist + pkg.ghostlist: -- for b in self.DEFAULT_DIRS: -- if b == "/etc": -- continue -- if fname.startswith(b): -- if os.path.isfile(fname): -- self.add_file(fname) -- else: -- self.add_dir(fname) -+ import dnf -+ -+ with dnf.Base() as base: -+ base.read_all_repos() -+ base.fill_sack(load_system_repo=True) -+ -+ query = base.sack.query() - -- for bpkg in yb.rpmdb.searchNames([pkg.base_package_name]): -- for fname in bpkg.dirlist + bpkg.filelist + bpkg.ghostlist: -+ pq = query.available() -+ pq = pq.filter(file=self.program) -+ -+ for pkg in pq: -+ self.rpms.append(pkg.name) -+ for fname in pkg.files: - for b in self.DEFAULT_DIRS: - if b == "/etc": - continue -@@ -1291,20 +1287,18 @@ allow %s_t %s_t:%s_socket name_%s; - self.add_file(fname) - else: - self.add_dir(fname) -- -- # some packages have own systemd subpackage -- # tor-systemd for example -- binary_name = self.program.split("/")[-1] -- for bpkg in yb.rpmdb.searchNames(["%s-systemd" % binary_name]): -- for fname in bpkg.filelist + bpkg.ghostlist + bpkg.dirlist: -- for b in self.DEFAULT_DIRS: -- if b == "/etc": -- continue -- if fname.startswith(b): -- if os.path.isfile(fname): -- self.add_file(fname) -- else: -- self.add_dir(fname) -+ sq = query.available() -+ sq = sq.filter(provides=pkg.source_name) -+ for bpkg in sq: -+ for fname in bpkg.files: -+ for b in self.DEFAULT_DIRS: -+ if b == "/etc": -+ continue -+ if fname.startswith(b): -+ if os.path.isfile(fname): -+ self.add_file(fname) -+ else: -+ self.add_dir(fname) - - def gen_writeable(self): - try: --- -2.43.0 - diff --git a/SOURCES/0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch b/SOURCES/0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch deleted file mode 100644 index f3f6b32..0000000 --- a/SOURCES/0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b6fa6e77d5d40a5c1b5f4be95500aa1a05147e5b Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 7 Feb 2024 15:46:23 +0100 -Subject: [PATCH] python/semanage: Do not sort local fcontext definitions - -Entries in file_contexts.local are processed from the most recent one to -the oldest, with first match being used. Therefore it is important to -preserve their order when listing (semanage fcontext -lC) and exporting -(semanage export). - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - gui/fcontextPage.py | 6 +++++- - python/semanage/seobject.py | 9 +++++++-- - 2 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py -index e424366d..01a403a2 100644 ---- a/gui/fcontextPage.py -+++ b/gui/fcontextPage.py -@@ -125,7 +125,11 @@ class fcontextPage(semanagePage): - self.fcontext = seobject.fcontextRecords() - self.store.clear() - fcon_dict = self.fcontext.get_all(self.local) -- for k in sorted(fcon_dict.keys()): -+ if self.local: -+ fkeys = fcon_dict.keys() -+ else: -+ fkeys = sorted(fcon_dict.keys()) -+ for k in fkeys: - if not self.match(fcon_dict, k, filter): - continue - iter = self.store.append() -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 0e923a0d..dd915a69 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -2644,7 +2644,7 @@ class fcontextRecords(semanageRecords): - def customized(self): - l = [] - fcon_dict = self.get_all(True) -- for k in sorted(fcon_dict.keys()): -+ for k in fcon_dict.keys(): - if fcon_dict[k]: - if fcon_dict[k][3]: - l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0])) -@@ -2661,7 +2661,12 @@ class fcontextRecords(semanageRecords): - if len(fcon_dict) != 0: - if heading: - print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context"))) -- for k in sorted(fcon_dict.keys()): -+ # do not sort local customizations since they are evaluated based on the order they where added in -+ if locallist: -+ fkeys = fcon_dict.keys() -+ else: -+ fkeys = sorted(fcon_dict.keys()) -+ for k in fkeys: - if fcon_dict[k]: - if is_mls_enabled: - print("%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3], False))) --- -2.43.0 - diff --git a/SOURCES/0056-python-semanage-Allow-modifying-records-on-add.patch b/SOURCES/0056-python-semanage-Allow-modifying-records-on-add.patch deleted file mode 100644 index 8a18710..0000000 --- a/SOURCES/0056-python-semanage-Allow-modifying-records-on-add.patch +++ /dev/null @@ -1,396 +0,0 @@ -From 108a7d43dd8fa4f5cb682f9df9c15304fa4eddea Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 14 Feb 2024 13:08:40 +0100 -Subject: [PATCH] python/semanage: Allow modifying records on "add" - -When trying to add a record with a key that already exists, modify -the existing record instead. - -Also, fix "semanage -m -e" (add_equal was called instead of -modify_equal), which meant that existing local equivalency couldn't be -modified (though a user could remove it and add a modified -equivalency). - -Fixes: - https://github.com/SELinuxProject/selinux/issues/412 - When a port or login definition present in the policy is modified - using "semanage port -m", "semanage export" exports the command as - "port -a" instead of "port -m". This results in "semanage import" - failing (port already defined). The same is true for port, user, - login, ibpkey, ibendport, node, interface and fcontext. - -Signed-off-by: Vit Mojzis -Acked-by: James Carter ---- - python/semanage/semanage | 2 +- - python/semanage/seobject.py | 208 +++++++++++++++++++++++++----------- - 2 files changed, 147 insertions(+), 63 deletions(-) - -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 1f170f60..f55751b6 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -316,7 +316,7 @@ def handleFcontext(args): - OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser) - if args.action == "modify": - if args.equal: -- OBJECT.add_equal(args.file_spec, args.equal) -+ OBJECT.modify_equal(args.file_spec, args.equal) - else: - OBJECT.modify(args.file_spec, args.type, args.ftype, args.range, args.seuser) - if args.action == "delete": -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index dd915a69..f6c559a7 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -560,11 +560,6 @@ class loginRecords(semanageRecords): - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc, exists) = semanage_seuser_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if login mapping for %s is defined") % name) -- if exists: -- raise ValueError(_("Login mapping for %s is already defined") % name) - if name[0] == '%': - try: - grp.getgrnam(name[1:]) -@@ -603,11 +598,29 @@ class loginRecords(semanageRecords): - def add(self, name, sename, serange): - try: - self.begin() -- self.__add(name, sename, serange) -+ # Add a new mapping, or modify an existing one -+ if self.__exists(name): -+ print(_("Login mapping for %s is already defined, modifying instead") % name) -+ self.__modify(name, sename, serange) -+ else: -+ self.__add(name, sename, serange) - self.commit() - except ValueError as error: - raise error - -+ # check if login mapping for given user exists -+ def __exists(self, name): -+ (rc, k) = semanage_seuser_key_create(self.sh, name) -+ if rc < 0: -+ raise ValueError(_("Could not create a key for %s") % name) -+ -+ (rc, exists) = semanage_seuser_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if login mapping for %s is defined") % name) -+ semanage_seuser_key_free(k) -+ -+ return exists -+ - def __modify(self, name, sename="", serange=""): - rec, self.oldsename, self.oldserange = selinux.getseuserbyname(name) - if sename == "" and serange == "": -@@ -824,12 +837,6 @@ class seluserRecords(semanageRecords): - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - -- (rc, exists) = semanage_user_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if SELinux user %s is defined") % name) -- if exists: -- raise ValueError(_("SELinux user %s is already defined") % name) -- - (rc, u) = semanage_user_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create SELinux user for %s") % name) -@@ -869,12 +876,28 @@ class seluserRecords(semanageRecords): - def add(self, name, roles, selevel, serange, prefix): - try: - self.begin() -- self.__add(name, roles, selevel, serange, prefix) -+ if self.__exists(name): -+ print(_("SELinux user %s is already defined, modifying instead") % name) -+ self.__modify(name, roles, selevel, serange, prefix) -+ else: -+ self.__add(name, roles, selevel, serange, prefix) - self.commit() - except ValueError as error: - self.mylog.commit(0) - raise error - -+ def __exists(self, name): -+ (rc, k) = semanage_user_key_create(self.sh, name) -+ if rc < 0: -+ raise ValueError(_("Could not create a key for %s") % name) -+ -+ (rc, exists) = semanage_user_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if SELinux user %s is defined") % name) -+ semanage_user_key_free(k) -+ -+ return exists -+ - def __modify(self, name, roles=[], selevel="", serange="", prefix=""): - oldserole = "" - oldserange = "" -@@ -1102,12 +1125,6 @@ class portRecords(semanageRecords): - - (k, proto_d, low, high) = self.__genkey(port, proto) - -- (rc, exists) = semanage_port_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port)) -- if exists: -- raise ValueError(_("Port %s/%s already defined") % (proto, port)) -- - (rc, p) = semanage_port_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create port for %s/%s") % (proto, port)) -@@ -1151,9 +1168,23 @@ class portRecords(semanageRecords): - - def add(self, port, proto, serange, type): - self.begin() -- self.__add(port, proto, serange, type) -+ if self.__exists(port, proto): -+ print(_("Port {proto}/{port} already defined, modifying instead").format(proto=proto, port=port)) -+ self.__modify(port, proto, serange, type) -+ else: -+ self.__add(port, proto, serange, type) - self.commit() - -+ def __exists(self, port, proto): -+ (k, proto_d, low, high) = self.__genkey(port, proto) -+ -+ (rc, exists) = semanage_port_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if port {proto}/{port} is defined").format(proto=proto, port=port)) -+ semanage_port_key_free(k) -+ -+ return exists -+ - def __modify(self, port, proto, serange, setype): - if serange == "" and setype == "": - if is_mls_enabled == 1: -@@ -1376,12 +1407,6 @@ class ibpkeyRecords(semanageRecords): - - (k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix) - -- (rc, exists) = semanage_ibpkey_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if ibpkey %s/%s is defined") % (subnet_prefix, pkey)) -- if exists: -- raise ValueError(_("ibpkey %s/%s already defined") % (subnet_prefix, pkey)) -- - (rc, p) = semanage_ibpkey_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create ibpkey for %s/%s") % (subnet_prefix, pkey)) -@@ -1423,9 +1448,23 @@ class ibpkeyRecords(semanageRecords): - - def add(self, pkey, subnet_prefix, serange, type): - self.begin() -- self.__add(pkey, subnet_prefix, serange, type) -+ if self.__exists(pkey, subnet_prefix): -+ print(_("ibpkey {subnet_prefix}/{pkey} already defined, modifying instead").format(subnet_prefix=subnet_prefix, pkey=pkey)) -+ self.__modify(pkey, subnet_prefix, serange, type) -+ else: -+ self.__add(pkey, subnet_prefix, serange, type) - self.commit() - -+ def __exists(self, pkey, subnet_prefix): -+ (k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix) -+ -+ (rc, exists) = semanage_ibpkey_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if ibpkey {subnet_prefix}/{pkey} is defined").formnat(subnet_prefix=subnet_prefix, pkey=pkey)) -+ semanage_ibpkey_key_free(k) -+ -+ return exists -+ - def __modify(self, pkey, subnet_prefix, serange, setype): - if serange == "" and setype == "": - if is_mls_enabled == 1: -@@ -1630,12 +1669,6 @@ class ibendportRecords(semanageRecords): - raise ValueError(_("Type %s is invalid, must be an ibendport type") % type) - (k, ibendport, port) = self.__genkey(ibendport, ibdev_name) - -- (rc, exists) = semanage_ibendport_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if ibendport %s/%s is defined") % (ibdev_name, port)) -- if exists: -- raise ValueError(_("ibendport %s/%s already defined") % (ibdev_name, port)) -- - (rc, p) = semanage_ibendport_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create ibendport for %s/%s") % (ibdev_name, port)) -@@ -1677,9 +1710,23 @@ class ibendportRecords(semanageRecords): - - def add(self, ibendport, ibdev_name, serange, type): - self.begin() -- self.__add(ibendport, ibdev_name, serange, type) -+ if self.__exists(ibendport, ibdev_name): -+ print(_("ibendport {ibdev_name}/{port} already defined, modifying instead").format(ibdev_name=ibdev_name, port=port)) -+ self.__modify(ibendport, ibdev_name, serange, type) -+ else: -+ self.__add(ibendport, ibdev_name, serange, type) - self.commit() - -+ def __exists(self, ibendport, ibdev_name): -+ (k, ibendport, port) = self.__genkey(ibendport, ibdev_name) -+ -+ (rc, exists) = semanage_ibendport_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if ibendport {ibdev_name}/{port} is defined").format(ibdev_name=ibdev_name, port=port)) -+ semanage_ibendport_key_free(k) -+ -+ return exists -+ - def __modify(self, ibendport, ibdev_name, serange, setype): - if serange == "" and setype == "": - if is_mls_enabled == 1: -@@ -1891,12 +1938,6 @@ class nodeRecords(semanageRecords): - (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) - if rc < 0: - raise ValueError(_("Could not create key for %s") % addr) -- if rc < 0: -- raise ValueError(_("Could not check if addr %s is defined") % addr) -- -- (rc, exists) = semanage_node_exists(self.sh, k) -- if exists: -- raise ValueError(_("Addr %s already defined") % addr) - - (rc, node) = semanage_node_create(self.sh) - if rc < 0: -@@ -1945,9 +1986,27 @@ class nodeRecords(semanageRecords): - - def add(self, addr, mask, proto, serange, ctype): - self.begin() -- self.__add(addr, mask, proto, serange, ctype) -+ if self.__exists(addr, mask, proto): -+ print(_("Addr %s already defined, modifying instead") % addr) -+ self.__modify(addr, mask, proto, serange, ctype) -+ else: -+ self.__add(addr, mask, proto, serange, ctype) - self.commit() - -+ def __exists(self, addr, mask, proto): -+ addr, mask, proto = self.validate(addr, mask, proto) -+ -+ (rc, k) = semanage_node_key_create(self.sh, addr, mask, proto) -+ if rc < 0: -+ raise ValueError(_("Could not create key for %s") % addr) -+ -+ (rc, exists) = semanage_node_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if addr %s is defined") % addr) -+ semanage_node_key_free(k) -+ -+ return exists -+ - def __modify(self, addr, mask, proto, serange, setype): - addr, mask, proto = self.validate(addr, mask, proto) - -@@ -2102,12 +2161,6 @@ class interfaceRecords(semanageRecords): - if rc < 0: - raise ValueError(_("Could not create key for %s") % interface) - -- (rc, exists) = semanage_iface_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if interface %s is defined") % interface) -- if exists: -- raise ValueError(_("Interface %s already defined") % interface) -- - (rc, iface) = semanage_iface_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create interface for %s") % interface) -@@ -2154,9 +2207,25 @@ class interfaceRecords(semanageRecords): - - def add(self, interface, serange, ctype): - self.begin() -- self.__add(interface, serange, ctype) -+ if self.__exists(interface): -+ print(_("Interface %s already defined, modifying instead") % interface) -+ self.__modify(interface, serange, ctype) -+ else: -+ self.__add(interface, serange, ctype) - self.commit() - -+ def __exists(self, interface): -+ (rc, k) = semanage_iface_key_create(self.sh, interface) -+ if rc < 0: -+ raise ValueError(_("Could not create key for %s") % interface) -+ -+ (rc, exists) = semanage_iface_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if interface %s is defined") % interface) -+ semanage_iface_key_free(k) -+ -+ return exists -+ - def __modify(self, interface, serange, setype): - if serange == "" and setype == "": - raise ValueError(_("Requires setype or serange")) -@@ -2344,7 +2413,13 @@ class fcontextRecords(semanageRecords): - raise ValueError(_("Substitute %s is not valid. Substitute is not allowed to end with '/'") % substitute) - - if target in self.equiv.keys(): -- raise ValueError(_("Equivalence class for %s already exists") % target) -+ print(_("Equivalence class for %s already exists, modifying instead") % target) -+ self.equiv[target] = substitute -+ self.equal_ind = True -+ self.mylog.log_change("resrc=fcontext op=modify-equal %s %s" % (audit.audit_encode_nv_string("sglob", target, 0), audit.audit_encode_nv_string("tglob", substitute, 0))) -+ self.commit() -+ return -+ - self.validate(target) - - for fdict in (self.equiv, self.equiv_dist): -@@ -2420,18 +2495,6 @@ class fcontextRecords(semanageRecords): - if rc < 0: - raise ValueError(_("Could not create key for %s") % target) - -- (rc, exists) = semanage_fcontext_exists(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if file context for %s is defined") % target) -- -- if not exists: -- (rc, exists) = semanage_fcontext_exists_local(self.sh, k) -- if rc < 0: -- raise ValueError(_("Could not check if file context for %s is defined") % target) -- -- if exists: -- raise ValueError(_("File context for %s already defined") % target) -- - (rc, fcontext) = semanage_fcontext_create(self.sh) - if rc < 0: - raise ValueError(_("Could not create file context for %s") % target) -@@ -2470,9 +2533,30 @@ class fcontextRecords(semanageRecords): - - def add(self, target, type, ftype="", serange="", seuser="system_u"): - self.begin() -- self.__add(target, type, ftype, serange, seuser) -+ if self.__exists(target, ftype): -+ print(_("File context for %s already defined, modifying instead") % target) -+ self.__modify(target, type, ftype, serange, seuser) -+ else: -+ self.__add(target, type, ftype, serange, seuser) - self.commit() - -+ def __exists(self, target, ftype): -+ (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype]) -+ if rc < 0: -+ raise ValueError(_("Could not create key for %s") % target) -+ -+ (rc, exists) = semanage_fcontext_exists(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if file context for %s is defined") % target) -+ -+ if not exists: -+ (rc, exists) = semanage_fcontext_exists_local(self.sh, k) -+ if rc < 0: -+ raise ValueError(_("Could not check if file context for %s is defined") % target) -+ semanage_fcontext_key_free(k) -+ -+ return exists -+ - def __modify(self, target, setype, ftype, serange, seuser): - if serange == "" and setype == "" and seuser == "": - raise ValueError(_("Requires setype, serange or seuser")) --- -2.43.0 - diff --git a/bachradsusi.gpg b/bachradsusi.gpg new file mode 100644 index 0000000..aa060bb --- /dev/null +++ b/bachradsusi.gpg @@ -0,0 +1,438 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno +qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A +vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3 +K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU +lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw +CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K +AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et +3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi +kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX +TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW +Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB +tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6JAjgEEwECACIF +Ak97JQcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGOorUuYLENzy1MP +/2c4fH8eXWbqoot/vLE+hJ14k0leYOQhVSo4lNlxRlbKNd5MQSX/QjkQgJNECbB3 +LM0KxE/zwVOZ+umvmxLxNskOxjubE6NzoF7Sm9ydoqjwzenIpR9BVtg71mfjBOoL +PNrst7tHRE5btSnnnOS9ddt/y9JOIvQpkjtBTI2TfVcp2b4Domg7i4qU/hJ7hu45 +5oAi6rPPkr0pcGiDKTqi46l7+9orsj9Mxs1XTmrTMMB/eV6PCU7Fo4WJNXS8SXd3 +sEVxXvpyYjUTTnDuewjT1q8NL7anrsckS16WYSVGKzRhqtP1Vudt1F/D5cWKVqQp +vQl/XW/uQS2IsgEWsbRmIAEZIUOy4TnuF494C/A+1BbJBdUr4Nl9zPH2bjrJeqYk +TsvGQr1icgO4pUg5oC456htkqCxCuPRqqrGDAZBx54TldgPwvCo31+aPQJlOlWvI +uWD/depp0De3oTK9FDnHh3swE0vyn4Ht96+vM+KNnDYgJ1FEaw1efYePFACobvEB +o2ZpLbnDyqAT4MzfHpHSbwzUOk52ZOnkl/KrUIOxhXtf4dxRS6J70Rzb+HWS3rY/ +LgaMO5Q0BJfbvknguKmE8dO8jx0pTlVER9ujqp+bVPXmFMha1j8vyGhJ3eLJZaRL +k3jgfRjiUUb4lNp+hXpvBwIYeFWl5kFVKg2aPywgnnFWiEYEExECAAYFAlBq4WgA +CgkQ4J/vJdlkhKxmjQCfevlawFaGTx58nDFN+4j/2U6uaGcAn2g1sZcTUrEEYHdL +byAyw1GNLksOiF4EEBEIAAYFAk99mCMACgkQ/2iSBAM3HxDivAD+Lu8U54iGgL5+ +h9KpeV+ZlHgIpj4cD+BVL85L6AQ3GP0A/1TwZ1tS6Ag3ut2G6AL2wewR3v9Mgu68 +E0M5esz5of4oiQEcBBMBAgAGBQJPh9ZuAAoJEBliWhMliBCHMSUH/30V/E930OTT +oWeq+QKkTJuMF0lrA5NaAy+xWtrynMKoiAuM0KFNGPfrPehkoxR4D+MKXH+xh0j2 +bHl6fXOHJCKZLhCtsC/o8j7kkjIJjixBlwYMul21rxecke7Zt4XpxHARJx4208Lk +ztpzOd7ZnDP6KYav3itpxK8Eyj4g8N2omoTQ2Dcd+sCa0jgRkyskpPxdt0fK0D04 +XW7b1LZkxwzwrAGSpjAZVzpKBXANcSmUQDAaIhGvYSKoiwVe2eaE5lUmvAaJQaTr +Ud/LCIwFofTLSaBRX8fEOe+UwvW36VtynPyETyROeTMp//Cm5e2CQVPoDv79soyi +E/oUW9DFDhCJARwEEwECAAYFAk+Oe6EACgkQlGXZM5TcxIlIRwf/VjfbN3eVf648 +vXvDctsXfucl37i6Yue2COJiGYuZOrN7wYxVvH2to8P3V53YV9OqDpJl2NXUro1V +iUjFHuIKp23VbtyBAYsrLeTMmHLjnXlaUPSr6JUDHUQhCF34BTk17e9y7tXlEshF +YVyPlGum7JhyarHB2rRdjQk8kyTqmQ4yHjw/nP/HlvVxdgb+mTmudTPVBafOT1R9 +MJ/SN2x4bclT4cQ0hjNEy/TsFzVduQj8yNOMFG9r6p1Vb+u1wn3BTANIh55R9aDh +3JFFIV/jBTkxukxR5iyGQiR53nl0e0qnQFxpfhFGclh0RktjrHZ3DBAzcuYXp540 +Vu9aq9QuPIkCHAQQAQIABgUCT4bdRgAKCRDCPZG7HYJE34FtEACfqPwWSItk1lNX +E0HOM1YuHXFfMGURF1AotskJatwtjGy9oDUQkjfsPROnWjgH9s0xD2UmlTrjJfWi +BdH0kTLiExVUOmvnM9VFMRhYxQZMwiHecm4FZ5IWUz4e05oGCkHFbMswXEoEG+qq +btOfLNpX67yy/JM6We+8PiXV/c2vaErpH5S8YChb5wD9lEWNM2aPBOUmbzONM1/f +EFd8AF6fUVYN7htuyG1n5zTv+oowmO2c0terJRGmMgVuLugIEnKKhaQ+H1K6bdZJ +7mX4xxx5izEyYeYhi9DhBHSwCLhWR+Yilqkc5U0nrF+3Z+Cb9THHppi071OIQ7pX +rGsQSpDzGRXCw0nKEBm0Li13re8cOoHMlPD0RHWZEIRZGSYX1YKBtVuv4kpSq8GN +85lZSDKGRNtbJBS7Qj4vyOlOrBO1eyyd4lepQCe2Ri3gU97rek52tOM+fAIibz7V +b4a0qbbphrz6PVMbDGiBxM92+YpdDyZGyL7wJ4g6DhRRcEUQahlZ1n7y+YQ60ETs +zt7+kD08Zi2BoJpiMHsFfoas2pot7VePFxGutwvq0p+OHSVlwkLgOaORPHumLA8u +J3BGlJTHsErUB2EEgdc/Tv1vsZzEI3Zi+hqw1gcbke21Ii8aDfshbeKW9hYJAhnW +m8VdF3n80UX5Eg56iybrLCjEyiAEYYkCHAQQAQIABgUCT7yYRAAKCRBOBfZjp6Qb +nnyTD/4gVbq8H5ka7fVdSAnX65/kFn5xkqGzbpCkjcqe/5uI2CvdYtjeQ4K6sm7I +5RLoyu/EE/JPbCRHiucsEak42WAZSRte/Wn2yTQpIb0mQ0wXJvuM+Hx7DSx2R12P +9rIZ4mGo/rEtdG7Y9Vog9M/XGx7w5IqSw2DF2yiYQJXsOzHjphfYB8JfoqjW/73k +n4E2IRJtCuWhfiJZJ+GEGceSBIredH3o01ThtbAeh/gzPRF3FU1361zyA1sXtmGe +qwnhNL1spHRlpub3cvAXQ8RSYrNdiFZB5zohNt+iL+qzVWaUJo+vYZal1Co5/roI +HN5nJef8kp1ngaYKvf1hIVvsdQsilVQIXKFWMd47aU6W8gPr1W2+U4yw+q+OXari +eo7gpH7/OvMSe/3wOhGVD8KJrMwAVnr3M4wo2CM6zlwxPGdltQI+IxDD8NTGTmNT +rRARYRQaFQyqd1SrVt4sSkeoegrpOG4oWXya/v4SeXHD4vt8vvvX3A4szB73a355 +IfbyRXDER3EfFfW5c+BnR3bxhfATTE6T0AKz1Gq30Xm2ycTGYCAZ2yBKewaegTpx +3O/E6APTXUnVWTIPQay8T4iVUiLFs7W1UFMY/RvmIvKKFIQWcm5O0L+27PJK+YSx +Uoo1Ivt1pclTuetbRbN8VnR3K9Pp5uZ4KLz6ZkffmJg2sOSu74kCHAQSAQgABgUC +WWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0nr47rA12X6dJ6+KIBE+XB +QxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVdzvUa1m2yeNCFHOTjln6Q +GjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaqZt38I2u0Pi+/qHDt0kLy +RSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk2HUerg8VCAyQrxYtZtHc +coyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROFm257MiH6gvG/V8CTrJfz +lpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erxe+biBauFErYQPw3bg6xL +1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZRHwRUPGRN07SbbEO1lDk5 +uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4V9d4uVDX3SsktOLMvtWg +nL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zjq5eqotVq90HMBO9kqcjC +YsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBprk5DSjD7F0/wnQPoq8PY +HIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ8fvo6B91COe9jTF/H/i3 +A7NjR4kCHAQTAQgABgUCUQZ8hwAKCRDZsFd72T6Y/MoUD/9xxmXbPL2Zto6qECXs +Q1GFuydiYlURxDsVUiuc1tSgEoDb8XcXl37l/IKX1QmcpvHMPzeT0g8sNwIXSnL6 +BNCnFcfrd0tEz8uBPxVnzMiGwaHP1kB6Vs6sNV31+CJcTz8BHHbOdXZnhHqXSb02 +SonqAYeWVSlE08Ejvq0HIWRn6NIGdGqv6icBExryJjS3ZChRFpvgAJwsVO5f6BKH +oZnEn79uQR4XPHwuxRbm4hf6iYEbOhE7Hod6kTzS9vYIhyuTFTz5Kz/YxlMoZX/j +TIYsX0nZ3r+Tshur8iUXJhKvvXVlGyrGO2HXfEuIpJqEx4/qM9jUNP0EE7aPzZ6f +BP7Xq49Dx9lnZuSQ1jeXxEEpO+AND2xmnjCHr3EfgYZrrhCSxMQhvJh7wypkzu30 +D41BHPOPSotmM7WLceHWmYui0Wuq9X2hom5jq11XwACEtmNiP/odXjF0ovfK0d8l +j/kivgrXAZdN/ONJapVSLkRMS71S6eln+urR9HfswEfM7IPt0cRwN1oNIhXmK14+ +XBWvvwvalfuxG2UfxD8K0JXMwARlpGlV8lXpuzDV8EcrvLipKpqiQWaJer64kaQb +8qHEtT6+JNoGkymohrfeVagxKmPzDWR4v1a9lgZwY1FTRHNVPM0P8LWlN9q0CrYc +poBwkhTMV1YJ1OBSrkM9IM2vsokCMwQTAQgAHRYhBGMZHOlBgwmGicq4237xN+yT +Ww6vBQJjLRkzAAoJEH7xN+yTWw6vZSYP/36Bt4QhRtIh6HPWbHraFSl4omnuISu6 +lTHsqhik81nbIUiLZ5e/KN6ONSgD2jfMVQOLiPTQFOoxVZvOjaHmHvMuF7BCbr90 +Afh1qXW9txuPbVkhtC6hqIMn87b8UHEnt1l5MiafQnPHhoociqaqwfls/iu0nJGu +Jf5eVMXpdeWRk+ckGkqP+tXp/0G933jibSdYqwG1Tsw9D98xnGV3a/+zIqRtJflp +HPEjHPT6rVKAZxk7gkYSSsv6ONBwZHqwe9W1I+U4t6OPkGo5kNbMPBORB6/7B2Qo +LHx3+KYZs1j6glI+F/8IX2+JSFs07saMnsDhE7w5FzmwWV2JcUt42RSf8DVub438 +jgA/Ht5yPROEJ87de78aD/t/gPq/Gm3bnUz1BW0jxBidjqg1qPOMYjC7n4dH8X0N +cRfX6tWOdSXmDBbPg/vQi6CEIhsGVisKlnrgYi1wDZExU6UVMnBNvllUu9PXye+7 +51cIbrb+fwAWiwmu+AsL0qsjxZYo+9ozOLh9wLUhxOY5MZM82alN/mlUGzEiXN3R +i7D3rDrNFHdI4LGGLbO2hjPYrG4hdNHS+6WbU6qYcpBEhrqBtnUjoVqIKP2boBLR +ara7hHqVO120s8kgGtf/AoYpggD0H4qqUy4EFNjVdcL5T08w6ldQIYo7CEa1iHFt +ML4bsPcJh8lciQIzBBIBCAAdFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAmMsvIwA +CgkQVeRaWujKfIqNXA//fjCpyIPPd6RnJhagWH8XCp5NB4cCT+LqAIR5yZfz1QE8 +Qbzpoobz9ysgXZ5XjLp/lbVffGyg986j0wUtSW1+g3kJcYXBUKjSWoBwwmZgyZky +95U+uklY8CdPjSeuzr2I5X/LogHNH1378d9aEmQXBfX1uW5g4Aqgnl0OOgkCVzgs +FFOO2o1j6svrrDVG52/mwXhNRm0yYK/hFB8T3PO2IvMQGDGJLHl6N5Kl7P2jtkyF +Isi4AEzJeop/2GJYXQ+VkUTSNRKQj8oOS5qe9/0RkF9uqeamoc81n2But8MZN2fv +R7ug2EuG2LHp9/pwu5ekohXmY8EtMbVbU7TYKgduK0FMBaK36jXN4Bapakfxr1z5 +pwdDjN4QiqUefBQlG1CJ6fGrqbdAupzRRDqN974rs5HafnbxioYRYjoo4H0zC8XN +UwgmA2wrwIIY/cyNCSnUuT8yVAnroPiFgmMoL8RM7C5pHQYh0u3fXPfvNBswjXmR +pJ6mhTqG6SS4qIaPhqoZqA1iyA6+Ua3YLBDT5wqvuqNMnfLtLUvMuridmlj97cRc +srQIr022NdpafDQVAiVhZO0CRyFd/++XT35iiDoiv20+LewC0VVza466AE1fkAme +rKlurlET8U/+U0JB6IP77ErjMgCzotV8e1DJkp/M37nMeNzazAb//ovsdkNM6P6J +AjMEEwEIAB0WIQRFaBEoRJtl+IDGF5c6hKlGtLpirgUCYy3RvAAKCRA6hKlGtLpi +rvhHD/99Lvgf+CjbhwC87CoKX84MyAyBlYACCSuySQBnEsVigz8sCVyTYDx52h1h +/SEj7XfTylAfIl1CjUedH4w3hk+7IN4scmhf5eeEMvQd8q+Q/hWQcXIUpwgKOcVD +NbUgYcbakJAPtilK1CeQvDdBD+aYoMsJTsII/f7FJzwjPM1XGf5EoODUC8BtQf/W +KAVoESwwAUwN6Y5XeYSwMqu1s7IHs3yNYLV8C6A7EQPVaVVlORqI+33rKyqAhK5X +ErNvAREQPYJMfRnQlIW7alSORwdG0JBgVLgV+jvoFo4a1AQImHDDtKxs2X5BCVG1 +I687uYDBy5Assl/VxRMIUpx5+zWvXyDZX/6nlL7AMokTlyosgP4iiifBS+5KMhan +phMgnDXYIJE10V46Bdw2tjd7wMKey6BcKgfbZSvU5z+SuVnQXCyl3/blRML54I5o +EomXPg6lgVxSb6BBnaJXzx4JKgLer5uom1OGsLgPMqEHRoO3bucr2xFdtq1Zegw4 +9S3qDhQ3bn8pg9JlYwmAAhBd3Xy5cPv01mV6ompOQ38SlMCJzcAGASdMw5scaxUl +7MloV2Nl32HIzPjK47bF7aVOFX7Tz+rEFLmJCchqmUSdxi42rJyHKVRqiAlNfZ9S +9FeaEfU+vBxOHsLNqVO7ErvrTafT5fjphZqvUTqZGCUiJUjPnYkCMwQTAQgAHRYh +BOJeJUyO5NMDVUv1r+xwGh2klMXrBQJjL1NOAAoJEOxwGh2klMXrYaIP/ifHM9eU +UT6JD0m6Oa3P3T161NhOvNqr71LDSztClsWo3XX0+ZK3wpjoC6vKqgx0Cc8OL1S2 +GqwCaxb5JqWpsoqR3NW6bTqTTUGREj/e0JHDeBzv57OEUTe4ea7qzqjhCX6iyzHa +qDP9fiAogMQ7uT2oCghDV5yo4JUrG5brw8GkMLEvRSs2BEv7xFAySRaGwNj+oziZ +VzL7sBzp1bCr5cwNZVYxoo3VAv6FUcExp1TydxzPVB8/VvxOa4zrht+hFTn6mjUi +NHBc7DYECgh4jlDR6TnAdvpg0FsujTXiN6A0obOUl9jGz2uFmdY+2ojlVtzqKXoP ++PDz8o2zMrRoQYkni9VyIc536E4OFIhfO6CrThMjJjPNn22Tq+fzRYkWTrlJom9b +nOldQ1BdUXQt2QNigdzqjhZTIgF5OEOTERh80dvwIbZ+7vN00BOsuncR5GUBQerU +F6+SksVRAaOg2lyoDdxUQ+Z28RU8R/n7VjMV8ctFkQvHHLBqKkpET8LRh0C/jSNh +gB8zLPc3Oa4wTf2xZWO58S18esbYMr74vRYrsACbmwxH5Tz+L6Br70Fmcz608+IQ +ESKW3657gemZgFud3AGokzKG5AuWykSinydiZbK8MRGLsdfPUojaVIgXFqnWKtkH +At9gkD8YbqGYzuVwBnljBNRdTUMk0ClgV6pjuQINBFom2R0BEAC9k1Ky6AIe9sPP +xrgsrXRe0dyYcoHufzeU3jFssl3+S4cRuvYCzdZfRfdjfHa4n+CxTaOd7xkefwJg +GpaR9KJbu8dqHm61GIiS5ZbMCRU8FAW6ohVeDqEwFrPAzZjtO41OTpeXCrPu5H5A +Tg/kDnabzlD2H8JWAqr0DYRRhFtJUihXUey9zK03wSjUi5E1+YHUC/fOpbS+msNN +945CeQNBN4Ljap9Q183Fkh0Wm4Q8C0OS1WN8a0XtqSALRCGAZ+EV6UrmQVP9PCC4 +/J0hoKQPv2bfpBAsrUGAO3Fnsw7804i2TY7O3JA8gGDYX6fwOVJMUXdD7FX7LM2P +pESqAdPrjqmPqHT8cPfq27GYgqHv3N4hP9Rjt9wxmHYFbJT0YCHw2ZMiAO/VcvvN +miGr590ZFiQEb1MJN1r+h5UDE1CtF6nTieirSXi9oMilHlo2NY5nAItv/T9PKk4X ++kaH3UoicMxrkT34tACGwxi4VIRYWL+ZquxE+bwXqAvbGJ0p3XbyREURCaO96J/2 +w951EvZErpFRQu4zzClmoMiNbwkQ8QdesSaqjMirlHyFI8T9BZrXbPazdVNUwfyR +LFil1q/kgXjXeJDoje73UiyGhqhlVOlEbunGzCwEBzrtQdPTDeFQr476/4pe0v4u +gdNYkL/gY8Izodn47d1XH68AuRSrzwARAQABiQI2BBgBCgAgFiEE6FPBhIsBhc9C +hk3zY6itS5gsQ3MFAlom2R0CGyAACgkQY6itS5gsQ3PQSA/8CZGTxQDbD2oLkGb6 +tyECIs5A1RsfwJ9aj0R/HuEO39ki8yM88fwi8F5AfzNcmYwp0rxyYDDYM0itObSv +A9WBB8YFZ2PKT1YHrwTzWbne+spmQYDRdFt+0Kx0JLvgv7SYvQ1jNdCazixH1SAM +9O+Tn5oFybVHjRavWsQYHp1CvXY5kOHOEDHhz37pGwFvyVyFdSYS5PWT0+0XU/g6 +Uq2HeFCurhUGuDXJ6WA6Ipvmu0vbi8GpyeiWCRoG76sqbBfQ7dd0oDMUHitewWGq +LP1Kioke9hu5p9CbkjYwGZjJWZEV6WHxOmICfFcBRPeIJyO8Kfa/vVBfQZj9fhqs +3sHSfAGIdKIB3tX0qKhMRdu/QoM14YQ1yK80JTUUOcrKLDt6QJinF1UQ/OcYQqGB +CXaRk1OKGFuuij16QudnX56+aYbNPltf7cLs1O7aodQcRxmMSgxSE/2ckthPYBsX +PWuDMYZCb3e6JMWsdnCI7iPpoPFAJmId7SWJebXZxntoX6YwZ7Tx58/QMLEqxMfE +ExQTAFg8/owvxCG12KaharLr4GpLx0aU39QEJenG1LqGLwiQh9Vxsejw+MkebZJE +6zhs7XBpenrd5c9OFOtb/Goxwal/6UXz7a62jZ7wDNpJw9xOfC3/eX/56+6dLVef +RFj/LOIu9reM4boTiY2dmGj1QC25Ag0EWibSSgEQAMhQB2Q329FSozPk7V6dYBO+ +jDBMr1jHWvNMCR/2DkwXfDAKK3haSWSqr51/wua9skFRezQvc9PhgvOIJi1jsxRf +xNoM82a2OpYJdj16FG5RVQ/ApojiywNvp1YPJbmq4DfXSuUA6q+OephsFLrx2cPY +nyDQaI6mrqTBecET4cdQTZK0nKKUPj3U2bI96zTBIYK8Kr7GMKXm8R1eV8bktwHT +HyDjI7hN5EjZViYqZYDQ3jt2vC1Aj6XpFw5K7Sv6f0l91zyjfcu6Llsfo8xtRhAl +lub8EBuO6ljJ5uWqDgjqTOkDXcIAUkhUCg8ztweR15zgJQQ/On0XDcHLtyi7zuQd +xNaKYKkD3oROTqce+YbNN3qnP4bV0qa0JLlTOrE/0/zmif7Q1zYOidcmMgGeF6Gp +pGQkkxY4gSKet8kD8h4AZXGlpFu4e9sue1ENDRmgWaqSzIWudMRZ3z0/s9EGNNiW +60nwJ1NBoySeQEmnwMzAHXneRM9pRGQ1S3/CKttq/0eWEH3Y/Td9xi4DNvTXcvgJ +uUUwoclWP2PCPg3zE+EQ1q/Kt2oYrT8NcemM9EO8btNzJ/Y1wSDLFAFNikHwYjTM +86jWoeGhSM3fD9HJjfqoB41gDKvNIVlhQavhe6df4+AoCo/mGosLYAPFaHHdkmqn +eT0Y0BnTRIS9yLcO8CBVABEBAAGJBGwEGAEIACAWIQToU8GEiwGFz0KGTfNjqK1L +mCxDcwUCWibSSgIbAgJACRBjqK1LmCxDc8F0IAQZAQgAHRYhBNalthyaVTQWgpLb +Z74iCR4+9iJ1BQJaJtJKAAoJEL4iCR4+9iJ1D2AP/1VMC8KOmzPYyiFY+1xHu2rv +siB0f80GH1jXwDSM/IKvsH1axCD0hMV5sSi52epCov37czSlR3MpQjo0xK32wJB9 +26AgbzJYZO48qulDUXUhPWJ9bxiyIcxI/3KEspY1RMoWv8AfYA/qSma1cSdT4IMo +SGJzPh3RyrUpeFP5QT02oGa5TuSQPiJwy/b9u+RVOi1SSqzHMJdKzZehGays65Pd +jC8Xtf4ipdYRBr6mIyUISOB+FBkY2MttFzNDUBdDrOepyjStQLZ1vUXnYKIiSRHX +o3XTW/W8fh72o26zeDbQcALywQMZqnwtrZluzKHZxF07whKmXvw9pUHXX6hbJDvm +GVMxnB/F6grPNi/V+Bv75sKOdImgnJBUp1Jz7288SPbNQwrqFKV2ZD3f0PFmolFj +Cz/Oc+UUk+swfnsT3pV6LClTThsOH8WlKJYxZLneX75HuVx4CmT+qv6GlFQuixjc +H0LtsbbSjAx7J2LRNVtfI+2DfMcIi8KJxe69MAKGqqxDyDPSWeFrs0MHmyD6/6m+ +GTovgUT5jOZbR6GVKelW054bmby0zQevWnRieANVeFoFsnwclJnqKIRzQiGod1p1 +b8HhSCw4nOeOQSifaOf3zcnFhYyByDMOtl3/AqGoLp/61u3Bk9h+BP4VPR3RUWzc +ggjmxJM0MrLzjaSXSedjzuQQAIq9g35FGpnaB8d/EjufED1TVSOkvNK/qJ+dD4Xz +f5RvnbprofMnzfEyy8jJ1Vqc3QZQU3IDQt/Un2ZywX0OboKGAIn/gyfwdkpnxJ0j +JoxRBuMplNpfNBw+oe0nFuozO9idFozKM+SWoE051/jvGHp1FqEPLnAAGeSbWB0L +RlAsnMjc5u6+SKHeFGRKYg7U0sO7ZKbVIT4ZmRnsQLDakHwbAgfcIakh9Whj0Ou5 +r78Cs+DcM3XAdtZ04d81jV5TsveR8/Cn473c6dvPIfnA2P4uClTCaCDv+jXG2f9a +FIuJhYCO+TdYs7qjAsXWngJUebRFiHbfSuYDw92/eqLdKD1Hoff4MnW5YOtDpp6E +sdCDuINeRtUtnidw2vIPezX+xdmycXIq9Fb+GvKrIDsKu0VO8HObVviLa/RE11ds +EHYlrarj4mqzS2MhvmU79Bazg9rDDB4WVs502n3uJaf6Sod/+ke1c3ff7AUPox2n +pjH/bVmkZJsOq5EqcvlH3m2FZUHSFWS/yTR1rPuJoHBMHVc4OPlTuSqT3qmKL2vb +vD1l3D4zHZs1paRLddYXiaex4qPU/0YpP61XU070MmFGYE8Z43TbMPHu/6LYBpw9 +p5Vj3VZwn2edNl4LGx+05hIABzM23I7JoQ44uPoTbohmYXF/DUGJ6h2LYdp81AVC +lSFWuQINBE97JQcBEACpbBqvDl8J65jEhPjOWczcDVB+WfG7GBHB7T6RxSNFIahy +mDqzx73zZD6n4NnZogPDPopYdRJ56u5AfF0bDZlgebl8+VEgPHGoay74Gf6k0B+c +pEkp5PaWQHHEqXINotVg29hTsf1u0sb+yjgcc+9WHw3MtpChsgk8Rc5N8Xvr1FJc +L+xynSvUCcLIwfgvLHYPPBYGIRpvz4ek/zgHvaGftDfnyMwrMbgi8kadrSb7PQgc +eWeTL7CQN1B88TPJFqKt/QxMdXaPy+Cr3P4XVy5V3/QEVFUizrtCCqJgxHMAeCP5 +QxwYEWmA2zxUzGA/t/QUDFbccKt2BdpdKBFtHLliE+yn9FHw98JayjhAJxxeCkrp +MED9N2aGHI1q44sbmeLKQ8EuIbCamfq7fqLXgkEy8jgivv2J9YfXejjjEobGLkss +Jlxaq9JeQgFEVl6f0jJ0PgkYPd11RxTcVLy4RB417cxc9LHcoKdAtcgBTcZXPPYO +L+eM9S7rTvFTna9IdF4bbnJFNjHDMhb/9XomxxBsekpTUXEm2DGoTpO2W/jwWcZY +LVrdhikkkF8b88EdWk94fUTcFA90I+Ch0YbS8XGM/WIklrMGa0JpA4OQW5oMhKDn +gqAcV7gxRYt6ylBPVh94/AIMz++wmfqBxETFP8HMgTVEApLBLjwru9B/4lRStwAR +AQABiQIfBBgBAgAJBQJPeyUHAhsMAAoJEGOorUuYLENzegsQAL6NuhGuzQf2GELc +O5J8/BW2yF9sxHWDLrw0Pntq8D35kgGfZLB52tN3DI4NwL0vE931bXC7ovi4kHPS +sazv+WPUckYfJ7qskWVD1yDtHsADduwudJpAflfZ4VIvMJqJ7FUw5Fy9ennw/Idp +H7LC+ubn6XT6Kh9oKvVmp+BQEOsdisjVw848Thik+gS08WvAjK9m+g7++FFwKy08 +5iXuuqZpvi94eU1QPvzxzzRZz6M4gQaz+pCq/5yf6I+Hu8G+5nq2foFN+G7FRkx7 +KJmJ3SAEsG3M23V9MKWON49ZbhTe5xW+1at/TKKoNGzNIYs07jApR2/E4J57yMWj +zsAqg77hTDRiV0jhHl0DJw3RHFi3z+SrK+6ie6mrq8WEPj62q9qdM8dFs+y5X3UT +x0nxly7GjOxxhi+Nt83PAG2wVFpqmhVLuyPnruvxzyrVFc8Dvx46DiKCzt4PPK/Y ++jnVIQ7Jr2Jm2ZCpzZZT5QNJuDp46mKHlNBkvSy3q3+pM6cM8vKSuCFd9+dw3dX/ +GptLebMrPOvLVDl4Bm9hSmG7rLpJy8U8Ns8pYSS1zaxHM8KqMaPuS/Zlx1SRIj/E +afefnHd5fIlmsH9C2O5fb18SFjmD14FCLcVTG7bwh3ZfbGo9sOJSShPxppPW2OoT +jwfANmj1cSg/VFr1d4HAEc83jFgumQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa +/Fvc4T49tqxcc/sY4uVlGo6oSi4fQcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6L +yYFmX2U9VRTcyITdmJs8itkEaDwq8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1Gx +uV44Ihlh6v2YyqSzDG/rZur771hke8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYq +OeQhxGIxDOHo7QhzTG+SlX+uQq6mzACKygVJJl33toaUwVAX5R02a0u67A5wC0wh +AoLSHInc3P7ayivWV/iESAz+gMIkuvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQSc +qA8F0x4OChCixbZGZn6Mr0u8+01VCEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20L +GHSbjJLcnqLLFx3LDpI5dAxo5K2kFvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpU +maPnMTiD5yvnFzEihM5L9DuaWqSK3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMt +aKWf0HkAsCP0BLJcS9Oc1/0I0+gC4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+ +gi34CxWMl2Q34OSqtS37mzzBu+UZxffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoy +eG4J2ox9JRANZXLh/i7mNwARAQABtCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNo +QHJlZGhhdC5jb20+iQJXBBMBCABBFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZ +jyYCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUX +nPGeAA//ScQ3kJMqI6FRULXo0aF7CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXR +BSjstWkmOXP/UqkN7bNeXH/S3D3GCJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kW +vuBuLvUdm23cntv49gAzj+ElDqCxtT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK +9Dt8tHriQyI410qFRMbi3QxU+iTJ79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4 +knt9E6zhegUWN6zErl2HY8FBM2P9eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1R +UUl1V9WFEaMiLg/Z2rmbD8LX9YtfYlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsq +I/2XS3BTLPyjuqAYnXxrk+T/Cydcg4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46V +SDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCk +Dczs1rxd/o8Wfjo1vwRHW84jZrCP3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwl +V103RpRUK4JidwHsmYDVk6pgeUH69hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7 +hBj2l+pV/uzeA0akL2dkgfJc9pAf6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPJgEQ +AMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0P1/I7SfcJU9D3wX8c4vm +xkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9XQEuU9OtJsZn1ZJ+Ynh6i +5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64G2u8Xtxr5yqlQJEUThV6 +280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3QhlWhHVjJlJ5hCLiktwF +DyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJMoADqBThf4B69BxjJ7Yg +7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO17w1qScrOPRj6G1IXP1R +5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvCJvPctDE6EV2vaiRy5N1f +QjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQlDdeHRRd1q03TKAg/byP +auAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XTxMOjB34SzqPRWzmLPLF6 +YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd7w+/qUYbfKwO9eJOWzuU +WajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQpABEBAAGJAjwEGAEIACYW +IQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJA8JnAAAKCRC8OQXyNRec +8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB56Cu7ElIpr74sk0R98Ia +1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKThz33waTru9IfLhCrRSNd0 +ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzYeikqVUYzS143cSzMEwtv +PSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3q5OlpYxxw+X62vslZ2OM +iKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKhC/BcWpEYSjfPpVua2oKb +ccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDyBGOAxBeiOaOnZ8vLBzy7 +2HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62FG3I4zK985GtrXAHEzN/F +fd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutYzVE8lF+uqcduPuq/rTcU +BuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1xpPueDBTzvoGDQRqc2eoX +pJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr6RFgWdD008PsGxUevIDg +MAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBiTakEP7kCDQRjWY9xARAA +rEkjlUH4hoSQAkVJCWWk+nF+daAP5IszrGEQH7TyOVwXbRZndSPFSUqKU2kEgHbM +m+wFYoZe95h9tjDh2sLCs338pVu5Chhz3dNseTF7/rbckw2rCU+JbalEiwck7tKL +qobvbh77jnrbQnkrZNc+nMeHHLrYyc5gHW6cSn4UlU42MKmTlSeOG4Ly9wXhgaKC +heIXNX3U/D682Tffl7Gopcm7pPZF92dwY4nIpCxU2ATimkSyulbhzk2CjZ1JYUJ1 +LHctMHm9F0LEGtc1GxDShzVZP8dOWpDs9BBwZDLXxCzC4rvZ+z5BJCDFbuNTKZQ5 +JEoW2sM8yP1LLZGXz44hsab1aPrvB3vcdS5ETP6bqT5267ZiotdhUifU/pTV5ze4 +7wNuaZenQtGd9olyh2dAqOk2DQrcBQFA0gRp55b4U62hLTYXxT+7jEbSVAxeXDPR +qPvqh/4kVn86llYjV6dAoASN1wWz423QH3u4ZK+S6g8HZ0HrY2+NBYgqthb6H/X6 +FiF5VcHWstkk967g4Xt0PgN/rlCtpXh4WK9sScX/CFdOURsHlb78ZN2LexaYaVBq +QuqvfHaAPJaIElXqMheZ8aYrO6Df4yzJ+6eTs3s4PqM6EMir5waFonx5Gh50X4xL +9p7IVqgNPhQsU8Z5U5hGYbmUH766GtENv4CI1upFA1cAEQEAAYkCPAQYAQgAJhYh +BLhoKEd2TfYN9S2ZLLw5BfI1F5zxBQJjWY9xAhsgBQkDwmcAAAoJELw5BfI1F5zx +4cMP+wbjKu2xCr63oyn+lo7NqMDLBYl4zHunYTZhG/egDakVWp5Ikj5/k3i+hVSY +fUyUhqQ/b/H096ropB7GA6EzS44GS+hLMdQOJOmEbjvAP/9dJDX2FQnYZzaA2f/e +Ikgaw283oOLnmYz0x7YAW/oxlnPn+7Sg7DGGqqn3nKofDUUrowfX0tQGwkGmJJqQ +gOH/ZfU4t51UCKzF6hWRbberBI8ezp24vYngA2kGef1fCUC+EIFhoYcdHHCtC1Ti +KmOUaeB9ZMiVXkP60fmCLKObwcKTyYpAFPqM05xgsMPFaXN+fQ7YVAGpCdthk53N +5Go+QqehwLoJk77CHZxIWJIf43p3UiuH1FsuXF7OdExzIhUSiUum6MoCI8BpVwn9 +uSKfXKLOdGDR6IJI8jqdC9LYoXqxZtDhpcqD70hFWJwJzZg+U2SvxZyhOqwtKXtD +TDtee3yGzPacSAJD7mFURc/DRi62UBMiFcqO1YW/5LgC4yjtzo7MTQPkaGbQLduH +IlCKa8pHWPqaLFdMawwqNrTNHWXCD4XxijJYwdAue3NUG/utekNm82mqnbbWw/AX +URIzefQsbyqiNYMztudJ9hAS8yCdkfb9SKVIvWYPQ77tHltOZF7K/NzOGeJaJr8l +vqZCfXpWmOduTpWaD2kIvU2Kx7gB4jXdMa2ai9N+/Hdr3lLouQINBGNZj8YBEADg +Y6HOawiThxQVI+0uvAAU9yisew1SSVO6mAsQtZM7s7BpLA3RGPj3UGojZIeejA+k +fq7A+PVLBhz/kSBTtw9/s3o4rlqNzz7SLaix6XKWCpHOBs84n3/LF6u9KMMVk9vT +sjKz8iDF9mBR2bmCfLvEk0HDiMyApv5SbOsZMB8k5PWyK8HYPyMI5umEaOsaC3tA +eihO3nzAxEf3oZl53J1pIw+ecdrQLbWbH0aqKngfCddD8Q0oMr/Iwly3W49+5eqJ +oelR9/dut/dg0a3Nn1wIGYRzC62CCsF5IZwKdyPh7nilEUFpA5Vlz+HfIFch2LfR +F3Q/GZD8fKzKxhjDIdgyaWSTsMbityKxX2G/pcjshyMsZT7I3Hx7SwQfFro58s2D +FsFLEZgBhJv+nW/HckeedaveXmXdHKjtsa8+rvGADti4wohOl+N5tbpYW3/zR3AY +qlh47hG0ikUJ8Tusnu865j3Z5mE+KqS68ypRVBMRrdJl2lGPDCnXGhl2720VPNMC +/jB2Mgm/L1mvQM1jPfdC3KgokDAH5NMzKvav6A71aLSUJli3UdkGHkX5d5urs3k3 +WmCt7XeTb30MBvNzBcSYTbw2UGIRE8G0CFc3wtiWWiQKPeFXYhn0+COCoW/EXpIC +VaAuMPMgcsldM13bKGyGo3NngsNEdopNFfr0KKW5XwARAQABiQRyBBgBCAAmFiEE +uGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj8YCGwIFCQPCZwACQAkQvDkF8jUXnPHB +dCAEGQEIAB0WIQQb4sD/CJSWIxAv0lZGlYgcJUUI0QUCY1mPxgAKCRBGlYgcJUUI +0ZkHD/9TlRvAaZETf+pv4/IceeL3KHwj5lrC/gojXxN0AjhAXljLSRCu0EyICxZy +3158h4k0vwjdv8699yHEN97PdF84m81mqxOz+juKBRHFK/EwAAgOdSlzGnUYgNkm +mCROFWtjeneNWaFdEnq9MItx1OascPeyxnWMjq7LLYMSESP4tgUV5KdlaVAXR6q/ +833u27/NodkDcNH2UK+IyT+Kt/uCOoIIL4ttxo/PvZTphzV8n6s0sJJE3/BrRxgv +CTkVU6zosyJsyau8/vayQYGPuBuEQVs4Tr+vZ42izbkHgElcZv9oYjJsxaqZqqMz +fWPte7m6Pl/pvtmlhPmpZ+ej7y8SRysBV+3aHNXaE1J3sIOmYxighlgZapSjHl/A +9N/KXdoLAjIZtBAOQ2ZFyRz/c2+VUqJgwiwdxoaFaYn2eUM+HSTbZfdGXBS/yyZL +YsM+L4M2aizQvDIRXzy8vG0vpHQEvPlXL0Gg0gyk0fox0OsAP5CfXmHC/AvYOHM8 +y81X2QqDf33Au1RIgog4cLqq2wpXEARWbAj0BAMIeJoCDCu9Mz2juK1ui2wr8AZ0 +42PCUgZK6CdUI18AsvApUhPsNunF7ZOc5mFMuaEGjjWJvrTG3qyrCY73ySBiGXWo +92ZB7FXu2MzgujPBEigByqeF6IV2x0EBHw/VrcxXq6Slgmik6G0SD/48l5mGCxM0 +Wr91raB9zQlwDbtD3PCbjA6DtkMrRyAq+81g75N6uiztGPCVw9n1HoGOSjN1hAhe +SgQQlcXbDLpzfdPFowDEHclFFfUODCIOuF+FgmxlAz5Exr9JkJdozBFqRZ4iF/tf +E5sHB0rzeUcY3J6VjTsjULjE4GSg5trsOc8GHUnFn9wwwkf9nR/Mr1RYcX0GkTcy +iUskw+AoRz6svOfAWIDJY450wgD0MHZK08IfUUsYTGecoXcvWf/hITtv/Af5MpQA +wuGEDltVDeu9EAu65SZlMkkMuQD1h3KOQjUJ6nY4a4M2CQ51ggs/c+vsemxsuYlG +vSuhrfXt6HGD3dhsOEeyEvIcjjpP1Ku5mqrPhqXFli1swfohhYGGVO+fM7G3l7wF +kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6 +5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu +IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv +1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4 +TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfpkCDQRnKRF7ARAAo5H9/6cStbyjWFeb +G6qDn6pT+4v1rlbRZo0rYwWkDmEAjOZMRC9SJipTCdQeNFlv6HEiiCvl3bmZIqrZ ++zvLI6U1+2dH7k06xNqIFLTV0zbr+tUkOwspg5nr59KsuNP01WBS0ELzunO/zHj+ +BOEdPg1KvB0IQFtqAwaAfuny67YvTr9O7Yz07ZCfTxPtHf6FJ80FPeRa0LoZYnW4 +UmSGtm1f59VD9+qe4yhRtNanamXUKjf8BTw0rQwjoJhVT5Mg0Z6hW6fhFrD57Lgd +8fBi5ZHHUlR4z1+nqGCUoHlHjc0JVyK8j8fofKafow/79ITaOqBzv+P3psY9ecBg +7wGaOHrqzRzRxAfKYRO2IaFHRGnsEE8FnwSEL00uPVxpiiTavrLJFEjku9GmP3OY +3rbwIPXbw1m9mZG1yAVbSEEf58WSWeoBp0O6qrwAdIbdgUX4BkQ8bX5MtUjXp5tm +0StmjQiZ7O91cg0VuWtrfj/I4E3xtloNzhtG2QLI4s7iAL1orhClxEuZRO9alUCS +cnRvhmw2Dh6sB6i56evcZdUFwxMXOByxfWr0fxX4QlR8jYqMPj7UMNj2PccTBOQX +umIW2cdGEeni9vrE9cLfZRSNCwPWAXWtr1zQW54Jx5DjCGHobQk53Z7kE+MZVAje +gOaT0u50cljBNfJootuln4+gbGMAEQEAAbQlUGV0ciBMYXV0cmJhY2ggPGxhdXRy +YmFjaEByZWRoYXQuY29tPokCVwQTAQgAQRYhBGjSGCM0KhNoOus+TvtMaFtdwcE+ +BQJnKRF7AhsDBQkDwmcABQsJCAcCAiICBhUKCQgLAgQWAgMBAh4HAheAAAoJEPtM +aFtdwcE+doMQAI5mnNA8aH0dfeOZnz/NrMwY6H7jK/+lYatCx05e1TfK+zz9feRK +sxgP3Pjj0p9igo3jIdPcN5/YnlmVEeplDmSiKOOdendviy+sA8sukMo07Q+m1pYW +NzFtyiZd+c44mp9I1l7h6rktIY9XDedrlAkNog1VlUet9eNpmgXt2OmJNDmYftWc +KIpyw/ZLaubjRcAmxwsn7I6dWnT66Ffg9H8trcRlWipVWP8imO0EIpwC8RbhuNgk +xjt/cVf3CEpzokF4n0k3nqYmt90NNtGc0kG5QAlTvlUuHpNWzuzvdAPtMy3KEaXI +fu3IEZeIKCxSgWXTm7zRKUn0F6jKAsLXhK/WOA1Aa7NdAUwMxrEndfNoqBrusaLD +lpzWU7USv2YT+Pf3aQ7u1szg2J8V5eqRP+E8wwe54RNCgQrcDgUq5abyncsvull3 +GqJvzvZC7/Q3Th/g5Wc+dRaGBz0O9FBuRPQwjrnB932xW1fDf17cScpVKAvV/jwn +tpWXf7nSv2M0o9fihnTBl4d2c2EBKtTdp5W0IpeRl5uLad3AYoouP6RoZ+/Id/Zg +NeaQKH/ZlCxk5S9GLzYhm665ysOYRkh7NfoThRtvAqAeDcTKWGDG1nQok2KKOSyq +S81PT2AlMz7A26R0vsH/9lQ1uZFIhIGbxZXlGERZwXd1s+lgfWTbB5K+iQIzBBAB +CAAdFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmcpGAUACgkQvDkF8jUXnPFdGQ/+ +L7uA7EMB+Yh0urhZuOltZSNtge6b+UbLZTd8DRsf044e+Z0NJWdQ2saLBptGhIcn +as4Qd0gS+QkWB7lMrJ31uux15ZBjFsGtyqK+VoH8JIPvV8Mr5XojqA+UYUpXP6ns +ILrdkUvNzpeA51IxYuVMWcut8SUVYzjD11YG1P8LFzydsImaYe7se+RE85F3/2Po +kZNe0d0Gh36uyfJSND80XrrxLpROgabQgHNG0drL/DHjdoa3F0V5EUoG7NBwUrmB +RlWKYCLUFfW+8mQn6RVK8JIV9WaHrzi/KAZLonZb5dCjO0e+Ol16pyUofLA8SN7B +aqjens8ho297GtE3darkXmj5p3p4YPur/D+oZCNIH+BYMsht46VtE3v6V10P8KA2 +6MgNo5qME1Q0kC1DUYi68cPeDgrQBMWa+nF+m9i2aGeAyi3qDhZu03JLhOYAhv45 +OVRawm9vFqyKiBRANVogTRr+ch4zywaapwfVLQ+xiwVLqlT5n/iIzWCQ0hA15eKZ +gJV0kTXL4OWKBeJqSNnnLVm4AhZ2OpKHMsjE7BEopvCe9JZWFIrjtQ9TrriByOx0 +3anWkmm7b4lZ1HKDOI/Cxyz8BZvYizo7hSOdGjLrFBTD/Wk0swvpzB4NKh5I6N7k +gppXMTaWp36+KmQx66JzaZjepGl1VMNFdgiP6Sw6pO+5Ag0EZykRewEQAK4EY+06 +GeuX4wLlUqAMWCnbFELuhBZGWFLEIvP6WJS1WOvee45RVcpVfYMp3AqymiNRahAl +RMtSQ9YtXSdlBPkhtNcoV/hqjcNywMdbsy+Rs27pRk/DJVC0yVL4ABrSSlwhfNa4 +6X4ZvPr8GGDvjAUhK6NXQ7WrZJxYR9/U0nqRGtGuPBLhFey1H60n5axP8+2f9pFC +NbDJ13HbrhVju+RUeE8Gq5WJI5dea5SfYnXFERsT/zO+pw7ZaaSDmWKR1a88P6Bk +DD7e63ZIaAa849M/Dz+OgzNEgbyRjvgbO0OEIrS2x61lGoW7F9prEgzj97NIiBu6 +qpNCYJefkpfPENrk+wmOUthJfh6E7uphlliQams6dqXAc3Z+xBN9jFf74RpzVmIP +K/MFNr0EcUMFgURpBtaTrk4dGMh++v5i4qKxxwJHf4RsGCDsgH9ZZDemKz5q8uFN +TI1kbTnsKNt+d7L45U+3/mRm4l22g8eu+AvD6R4GfKjsyzEFCyGK7TmVYj0Y+EGR +9+YbRQ1GahXqtrR/aLC09LSyxQTqYfKU8KusnoceEbBOigEZUNPybpzibwHl1VEV +9crR5eT8MPHgs8xdpjQ7gRuPi12fvc83unpUsNIHSCxZqXoilGsz2+zpX2si3PxB +tK/tTo6ZFRLijhHs250Y1agp4MyXYq91A2VTABEBAAGJAjwEGAEIACYWIQRo0hgj +NCoTaDrrPk77TGhbXcHBPgUCZykRewIbDAUJA8JnAAAKCRD7TGhbXcHBPozGD/0Y +fkktGwGq2vPZUI/Fscv+VnEqVt94dBnS0/6GyYvhI7Tf81v+72URlQeX8TUQox9B +8d3Aru5b2+iSkPcvH70PbY8jt/yTwHtSlFzf6+YPIl+oyTz7DoiILSjrO51ntl8g +KmIb8Q9W74xV6VFIJ4m8rH04MKFpIlzUDq660JYQIGtOUFugSfg7aLVU/0j4WKKE +KfAfg93wYTKKd+JgRFy4FZPriem7HvlUSi2VKffdrrUF/PX35X74iKdPQoEADZi8 +KkMZULDtyQ6ZOu2hiDpArjo5hDadKM314Z65VnM11hjiEhmTF3IyGBllb0qBIk0L +nBVHuMYmiqBNJEbaqHLqIju8/RvFlYV+AMISeA7B68knbJcao13ogtDpuJ4hpgCj +j2B1n0NWMcju0gteu1sfsIaQbWHevH2vgl5LJDCNtUJN/NoWB2Uov27wEvsongwY +3du40TnM+5ejwf4r8D3wX+JpVCAhfr3Oc0knw14nRqFPAe1E7DNURJ8xfEV9iPRA +swo6qoh7IIxNETUG1rywRExNt6tHsojx0Wb0I0IB7CnWRK9F6oNRp0S4kVgp+Jeh +a9NGXFK2hn8qBD/rpUPsj/OdkiBN+C7Ai07rCNez+IKdnUfXkOJqLCOyeUwC9WPl +uFPB9RnnghYM4xhMWf8XvSLOOk/vgPxiqR5ANLObsbkCDQRnKRLhARAAuh+b2Oxj +9q+RRZ+pkDVf/M6P01yDmDhwtYHzi/LW8PFHC6iQlzMReyv1R5n3uCEpAZ++mdUe +Cgo2TmFnYdpmxEgdaMIW98uqe4fuHhoXU2Mh4eiN7jyJvXQCsijCDYzifoj03HY7 +nTVjw4+BSSu9kA3/vEqU9A5YjG01MmVSMaIaTrqZqsnypK6r2exJa7YVRYwRqpLY +C5ksikDVK9ftdfhjnsnYGS4pYyfMNSHY1KBMpHjT7wEkM+KZ2WRpjTZZ7nP9u4Lf +fJMKgcclRgf+13CeSaJfVIhjJlxGVLkloE8XJbOeh2vkK257e9BenEFgQnyLCpGJ +8YNsnsJVhxU1aA62dT7jmnOVMBhnGoNhMyzzfvUw0REz2VbpZBkiwZRfZ9MWUBsy +bneH8NwzZMQQLCc/yo/jnPrmDS+tgl4CXGzBtpxPUZSMuY4tHZZ2vBb0zcfhY7P1 +CrHuylXLFzkOO/XRP3w1F8I1UqJCjdTKjdjCDF/VWtedHee1iEsSHxPGH8fHp4Qp +rBDDwZ4NnfilYNHMDWm6U1bzhX2ynqcGArQSd1Ny/oL7JzE1qoH/nNrwVvOSSNWF +UTXFXeLy+SOXJdFJpGP+/wV+gYfyczoUP6vmCdK1Hs15WQvKzyP/nmLS5uLilfxV +KrxZDI6SNrS4f/XkHcGnYByFKUhq5gVN0ZcAEQEAAYkEcgQYAQgAJhYhBGjSGCM0 +KhNoOus+TvtMaFtdwcE+BQJnKRLhAhsCBQkDwmcAAkAJEPtMaFtdwcE+wXQgBBkB +CAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmcpEuEACgkQzcroySfGvjExiQ// +TKQ2Ci+sqNSVIcwg/k0Go1i4cA7lhKNdYRBCaIThB9jMqNg2zgPzgELBcaVJL8xw +0E2x2ZvBejM4X+eTrmkdufcxHR8B/zBF8oPlD2pgs/zZmZEO1gq4Cdab7yIoVNNr +foCZShxOCPR2wIixcYZtt5f7Z3zSXqkjIec6sTOedT75ZXrpQbvINeUkvOJfMCOi +ailauvDfv8k5iJUVbP+Dx1vOc88bvewVJcbLID4HIRr/PS+k1D10zGbnF71TnxGZ +r7anMZCSFCHJ5WV+BSwHHKtxRy+bJ1x9ML45Jcr1anTXeaHIeSKNzFBigJQSgHv0 +euegkD3Rmw+IcxNb4l536selaNR0UAwx1DC1qpjBtnE9/pXdTEsZQxq9kMrj0d+f +VKFjOKADVIpkx7o0dZ1jmbUmdjQVyGDgHE+Emgdd726/2ftWriW2uPeUC6YZiqbt +vBnCnwF+aV6P1nrE0BWJchLyBjDCe5Y2oXBAYF6xwpDPfMPr4oscqzPV4TWVULBi +brtRWgSxmvinIGFx9T9wQCVfX254dqBaAEhRMImoT/YP+6evRZKqQODRhI44OG7u +V71IVAJ8BHEBN8hxvQM3WPs1fhwMBFCyGfr/x/U4/c78R9JhxkU9VwmMbLGQP7VP +1QgfiHqZpHMk8ZUmQn6KLeurzWcnwPFkwgFPZED8OQOMXxAAio3DhWr5KDd3mICH +ALNY0A2ipb/JH6LSHxu0S3MLa/bF6PbqRY1+fKMT/cFVxln99rNUrX+hDRbc7qbh +KkxvGmcnXnkcTHah9bfUghEanlKkBr1g1ik3zgEnpO/x3+X39Ov+ge92MDawV0nq +k9R/9tS+ZD/ph72Q9kx3ZfVNSL0eWxjuwBzFW0Zwh5TAX4raSmyQCmAXi05O3YmN +iq4arSUg5oAOMRZ+d96DsrAS4Sdtlx6/CuKTBzEaGPQLQ9wJNB0Vmd/eQWTP99KY +cAdIwj5BJ5P0Z7+xhsVjQOntn4otnP6vN6RuDtYrS6M7TCN/ZeKCvN/G0nRac4D+ +IJX3CYYtYXgaoDuoetUWtc7O5PzHRETaBt/46ob2lzf6cT5QyVujTfz+i0rGEc63 +pvXK8mV+K7BFY/DHpdEhl1pDw2YYLbBmUthQWdsL6/TVvpMe/wZadvJ/by3AeRzQ +eusUucuSo9UNN7Yj8u3dRhxNgsSiU96A/SFlAoB5s3Onh5K4WEVCBu/INjdi+r2B +LJePSnA3I7VkRE9Haf1D28jtBzm3Xbft2rs3lO18FcCqw6kd7Ih3e0tZ8uUG9UDv +qTDHTUHLAWvwrq38gKKAu2RMaU06A5kR87RcQiizxOwBIwiHuUWMU4/Hyx6fXsOD +hEs0O6AFDarNDZGee2amKTAyZpG5Ag0EZykTxQEQAOwGV1boBD3vDLsoAT62nGxb +SqXiBsObxnpWbNifOzM9BUGPOIpHsSH32PZGG/+LNjNdECfyyP1RysH5OT7j92Q8 +vgRQoG3X985gbOjYyZc0xvAkTSvWxOiy5CuF3X8sJ3NSerQDXwjP9qVqLVj/3FB8 +nka1HFS7KzC3Zo/kzCoxeZ3/hV3PTWIjcoJvtBSCKPZyOJxnRqWfi5BNJo3S2SR1 +mxV967zawXiZ8MeeBl6rLhOfCBtz9g+bqrXZYoenuMn5Js2mcH0haYeMSV3UWIC4 +kinzr1EJxs+L1/hVCVBNiiDc6DXcFXoz9ZVc9kjpZTOMoZVDkRkyOeen+5Sya9wK +4teLmDLME4+pgeHCS/Wa4KrYyEWe7NpG1VTkSJnRS+fyYGTWtwEiuwT6J9U0t1d5 +hbxhM7YAhlnOEnNVmqa3Bq3yqJs9G/7gicZ7CIJ9JBHKTJzOnKfpGhxBSOgOoCOa +WW6uVCzDqfrYPmCUIKQmanB441xJFGuHVPMLBjVjswoMKGkK3gM6KMRCDYQ53u6s +FK+Jcl8HobBSezVIUKpKVX3IW9d506cE0FhSW/NvWJv0FIMVloyC2BpOjSWVgEwX +tk/m3SKPsgCAcCqzi7xlloR8+E9C2xci9cdGG5faghgSjaP6j0qDww/slRPQJc5A +DIeukkOYTCiSiDwQtblJABEBAAGJAjMEGAEIACcWIQRo0hgjNCoTaDrrPk77TGhb +XcHBPgUCZykTxQMbIAQFCQPCZwAAADcWD/4qJRLn7TcMtRMF43Yn+dX+O13YrxBC +T4n1QVmiPsGrUca4Vg1J+trV6IMsGrhktpiaV0qeL/km0h02m4gEDZKDyWWXdeWh +EXFaTVy9yCpSXUWJl5gSXTSwxrqBWyWLlLLk4UT9l9sk5mMdy0JA8unobV4M/eXQ +ggR11DL3ji7aO0hsqxyxXkJcawWjVGW5KL1EaoDKIJ/CwxOI5ipFueMIRQjQvw9A +o/w2fq11qVXY9zknk6pFkp/RDHLes+wVHDtebZfJ9xV7Mb1mf/k03dT56GaA/U3E +XvJ2FdgWR+zf+YMEa9MPDHYo2UNEvk9mOk247M8s+OeexdlkPgyKW5A8mtYuY/dR +j8W6C4pLcMWa+d/vIUpm5Guw0F5q0AWk9/FbBe9HLztEevvRnuHXmfTZeto/nCAi +Yg4pCj6p3JoN5CLebR8YtWm9AJBbX1kgVvqSU2VgwYIFsxBEz8Wu2h7z/eSCSeIg +ARFbTlJ6cBrRkXCVyhbv0LPWWUfAUqiEtdGxrA4Xx/jKrI02JjRdW/bZkXjSka8K ++cDlpcr9ixBWW5LkWsOdiL8jExfTGw25FA7Wd1HiHnBv36Mu/zb+0/I63d+fLq93 +e3lmmVx9qQF8p5Okf4ojY9YoIHVkLS7t9AgFjm/ucmpEGbXxyPk2Cr3l+b5R41x3 +dBW9kxiuWpZN3Q== +=iuRK +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/SPECS/policycoreutils.spec b/policycoreutils.spec similarity index 92% rename from SPECS/policycoreutils.spec rename to policycoreutils.spec index 114c965..32fda7d 100644 --- a/SPECS/policycoreutils.spec +++ b/policycoreutils.spec @@ -1,8 +1,12 @@ +## START: Set by rpmautospec +## (rpmautospec version 0.6.5) +## RPMAUTOSPEC: autochangelog +## END: Set by rpmautospec + %global libauditver 3.0 -%global libsepolver 2.9-1 -%global libsemanagever 2.9-7 -%global libselinuxver 2.9-1 -%global sepolgenver 2.9 +%global libsepolver 3.8-1 +%global libsemanagever 3.8-1 +%global libselinuxver 3.8-1 %global generatorsdir %{_prefix}/lib/systemd/system-generators @@ -11,17 +15,13 @@ Summary: SELinux policy core utilities Name: policycoreutils -Version: 2.9 -Release: 26%{?dist} -License: GPLv2 +Version: 3.8 +Release: 1%{?dist} +License: GPL-2.0-or-later # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz -Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz -Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz -Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz -Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz -Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz -Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-%{version}.tar.gz +Source1: https://github.com/SELinuxProject/selinux/releases/download/%{version}/selinux-%{version}.tar.gz.asc +Source2: https://github.com/bachradsusi.gpg URL: https://github.com/SELinuxProject/selinux Source13: system-config-selinux.png Source14: sepolicy-icons.tgz @@ -30,70 +30,25 @@ Source16: selinux-autorelabel.service Source17: selinux-autorelabel-mark.service Source18: selinux-autorelabel.target Source19: selinux-autorelabel-generator.sh -Source20: policycoreutils-po.tgz -Source21: python-po.tgz -Source22: gui-po.tgz -Source23: sandbox-po.tgz -# https://gitlab.cee.redhat.com/SELinux/selinux -# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond +# Drop this when upstream updates translations and the package is rebased +# wlc --key --url https://translate.fedoraproject.org/api/ download selinux/policycoreutils --output ./ +Source20: selinux-policycoreutils.zip +# wlc --key --url https://translate.fedoraproject.org/api/ download selinux/python --output ./ +Source21: selinux-python.zip +# wlc --key --url https://translate.fedoraproject.org/api/ download selinux/gui --output ./ +Source22: selinux-gui.zip +# wlc --key --url https://translate.fedoraproject.org/api/ download selinux/sandbox --output ./ +Source23: selinux-sandbox.zip +# https://github.com/fedora-selinux/selinux +# $ git format-patch -N 3.8 -- policycoreutils python gui sandbox dbus semodule-utils restorecond # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done -Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch -Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch -Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch -Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch -Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch -Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch -Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch -Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch -Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch -Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch -Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch -Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch -Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch -Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch -# this is too big and it's covered by sources 20 - 23 -# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch -Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch -Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch -Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch -Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch -Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch -Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch -Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch -Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch -Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch -Patch0025: 0025-gui-Fix-remove-module-in-system-config-selinux.patch -Patch0026: 0026-python-semanage-Do-not-use-default-s0-range-in-seman.patch -Patch0027: 0027-policycoreutils-fixfiles-Fix-verify-option.patch -Patch0028: 0028-python-semanage-Improve-handling-of-permissive-state.patch -Patch0029: 0029-python-semanage-fix-moduleRecords.customized.patch -Patch0030: 0030-python-semanage-Add-support-for-DCCP-and-SCTP-protoc.patch -Patch0031: 0031-dbus-Fix-FileNotFoundError-in-org.selinux.relabel_on.patch -Patch0032: 0032-restorecond-Fix-redundant-console-log-output-error.patch -Patch0033: 0033-python-semanage-empty-stdout-before-exiting-on-Broke.patch -Patch0034: 0034-python-semanage-Sort-imports-in-alphabetical-order.patch -Patch0035: 0035-python-sepolgen-allow-any-policy-statement-in-if-n-d.patch -Patch0036: 0036-setfiles-Do-not-abort-on-labeling-error.patch -Patch0037: 0037-setfiles-drop-ABORT_ON_ERRORS-and-related-code.patch -Patch0038: 0038-policycoreutils-setfiles-Drop-unused-nerr-variable.patch -Patch0039: 0039-selinux-8-5-Describe-fcontext-regular-expressions.patch -Patch0040: 0040-policycoreutils-setfiles-do-not-restrict-checks-agai.patch -Patch0041: 0041-semodule-add-m-checksum-option.patch -Patch0042: 0042-semodule-Fix-lang_ext-column-index.patch -Patch0043: 0043-semodule-Don-t-forget-to-munmap-data.patch -Patch0044: 0044-policycoreutils-Improve-error-message-when-selabel_o.patch -Patch0045: 0045-semodule-libsemanage-move-module-hashing-into-libsem.patch -Patch0046: 0046-semodule-add-command-line-option-to-detect-module-ch.patch -Patch0047: 0047-python-Split-semanage-import-into-two-transactions.patch -Patch0048: 0048-semodule-rename-rebuild-if-modules-changed-to-refres.patch -Patch0049: 0049-python-Harden-tools-against-rogue-modules.patch -Patch0050: 0050-python-Do-not-query-the-local-database-if-the-fconte.patch -Patch0051: 0051-python-sepolicy-add-missing-booleans-to-man-pages.patch -Patch0052: 0052-python-sepolicy-Cache-conditional-rule-queries.patch -Patch0053: 0053-python-Harden-more-tools-against-rogue-modules.patch -Patch0054: 0054-sepolicy-port-to-dnf4-python-API.patch -Patch0056: 0055-python-semanage-Do-not-sort-local-fcontext-definitio.patch -Patch0057: 0056-python-semanage-Allow-modifying-records-on-add.patch +# Patch list start +Patch0001: 0001-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +Patch0002: 0002-sepolicy-generate-Handle-more-reserved-port-types.patch +Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch +Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch +# Patch list end Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 @@ -102,12 +57,13 @@ Conflicts: initscripts < 9.66 Provides: /sbin/fixfiles Provides: /sbin/restorecon -BuildRequires: gcc -BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext -BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel -BuildRequires: python3-devel +BuildRequires: gcc make +BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-devel >= %{libsemanagever} libselinux-devel >= %{libselinuxver} libcap-devel audit-libs-devel >= %{libauditver} gettext +BuildRequires: desktop-file-utils dbus-devel glib2-devel +BuildRequires: python3-devel python3-setuptools python3-wheel python3-pip BuildRequires: systemd -BuildRequires: git +BuildRequires: git-core +BuildRequires: gnupg2 Requires: util-linux grep gawk diffutils rpm sed Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver} @@ -128,44 +84,31 @@ load_policy to load policies, setfiles to label filesystems, newrole to switch roles. %prep -p /usr/bin/bash -# create selinux/ directory and extract sources -%autosetup -S git -N -c -n selinux -%autosetup -S git -N -T -D -a 1 -n selinux -%autosetup -S git -N -T -D -a 2 -n selinux -%autosetup -S git -N -T -D -a 3 -n selinux -%autosetup -S git -N -T -D -a 4 -n selinux -%autosetup -S git -N -T -D -a 5 -n selinux -%autosetup -S git -N -T -D -a 6 -n selinux - -for i in *; do - git mv $i ${i/-%{version}/} - git commit -q --allow-empty -a --author 'rpm-build ' -m "$i -> ${i/-%{version}/}" -done - -for i in selinux-*; do - git mv $i ${i#selinux-} - git commit -q --allow-empty -a --author 'rpm-build ' -m "$i -> ${i#selinux-}" -done - -git am %{_sourcedir}/[0-9]*.patch +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' +%autosetup -p 1 -n selinux-%{version} cp %{SOURCE13} gui/ tar -xvf %{SOURCE14} -C python/sepolicy/ +# Temporary disabled since upstream updated translations in this release # Since patches containing translation changes were too big, translations were moved to separate tarballs # For more information see README.translations # First remove old translation files -rm -f policycoreutils/po/*.po python/po/*.po gui/po/*.po sandbox/po/*.po -tar -x -f %{SOURCE20} -C policycoreutils -z -tar -x -f %{SOURCE21} -C python -z -tar -x -f %{SOURCE22} -C gui -z -tar -x -f %{SOURCE23} -C sandbox -z +# rm -f policycoreutils/po/*.po python/po/*.po gui/po/*.po sandbox/po/*.po +# unzip %{SOURCE20} +# cp -r selinux/policycoreutils/po policycoreutils +# unzip %{SOURCE21} +# cp -r selinux/python/po python +# unzip %{SOURCE22} +# cp -r selinux/gui/po gui +# unzip %{SOURCE23} +# cp -r selinux/sandbox/po sandbox %build %set_build_flags export PYTHON=%{__python3} -make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all +make -C policycoreutils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all @@ -181,19 +124,19 @@ mkdir -p %{buildroot}%{_mandir}/man5 mkdir -p %{buildroot}%{_mandir}/man8 %{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/ -make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" -make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C python PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" -make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C gui PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" -make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C sandbox PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" -make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C dbus PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" -make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C semodule-utils PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" -make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install +%make_install -C restorecond PYTHON=%{__python3} SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" # Fix perms on newrole so that objcopy can process it chmod 0755 %{buildroot}%{_bindir}/newrole @@ -201,13 +144,9 @@ chmod 0755 %{buildroot}%{_bindir}/newrole # Systemd rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond -rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz -rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8* -rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8 rm -f %{buildroot}/usr/sbin/open_init_pty rm -f %{buildroot}/usr/sbin/run_init -rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8* rm -f %{buildroot}/usr/share/man/man8/run_init.8* rm -f %{buildroot}/etc/pam.d/run_init* @@ -218,27 +157,6 @@ install -m 644 -p %{SOURCE18} %{buildroot}/%{_unitdir}/ install -m 755 -p %{SOURCE19} %{buildroot}/%{generatorsdir}/ install -m 755 -p %{SOURCE15} %{buildroot}/%{_libexecdir}/selinux/ -# change /usr/bin/python to %%{__python3} in policycoreutils-python3 -pathfix.py -i "%{__python3} -Es" -p %{buildroot}%{python3_sitelib} - -# change /usr/bin/python to %%{__python3} in policycoreutils-python-utils -pathfix.py -i "%{__python3} -EsI" -p \ - %{buildroot}%{_sbindir}/semanage \ - %{buildroot}%{_bindir}/chcat \ - %{buildroot}%{_bindir}/sandbox \ - %{buildroot}%{_datadir}/sandbox/start \ - %{buildroot}%{_bindir}/audit2allow \ - %{buildroot}%{_bindir}/sepolicy \ - %{buildroot}%{_bindir}/sepolgen-ifgen \ - %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \ - %{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \ - %nil - -# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990 -find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \ - %{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \ - -type f -name '*~' | xargs rm -f - # Manually invoke the python byte compile macro for each path that needs byte # compilation. %py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux @@ -261,26 +179,20 @@ an SELinux environment. %files python-utils %{_sbindir}/semanage %{_bindir}/chcat -%{_bindir}/sandbox %{_bindir}/audit2allow %{_bindir}/audit2why %{_mandir}/man1/audit2allow.1* -%{_mandir}/ru/man1/audit2allow.1* %{_mandir}/man1/audit2why.1* -%{_mandir}/ru/man1/audit2why.1* %{_sysconfdir}/dbus-1/system.d/org.selinux.conf %{_mandir}/man8/chcat.8* -%{_mandir}/ru/man8/chcat.8* -%{_mandir}/man8/sandbox.8* -%{_mandir}/ru/man8/sandbox.8* %{_mandir}/man8/semanage*.8* -%{_mandir}/ru/man8/semanage*.8* %{_datadir}/bash-completion/completions/semanage %package dbus Summary: SELinux policy core DBUS api Requires: python3-policycoreutils = %{version}-%{release} -Requires: python3-slip-dbus +Requires: python3-gobject-base +Requires: polkit BuildArch: noarch %description dbus @@ -308,7 +220,8 @@ Requires:python3-libsemanage >= %{libsemanagever} python3-libselinux # no python3-audit-libs yet Requires:audit-libs-python3 >= %{libauditver} Requires: checkpolicy -Requires: python3-setools >= 4.1.1 +Requires: python3-setools >= 4.4.0 +Requires: python3-distro BuildArch: noarch %description -n python3-policycoreutils @@ -332,14 +245,14 @@ by python 3 in an SELinux environment. %{python3_sitelib}/sepolicy/network.py* %{python3_sitelib}/sepolicy/transition.py* %{python3_sitelib}/sepolicy/sedbus.py* -%{python3_sitelib}/sepolicy*.egg-info +%{python3_sitelib}/sepolicy*.dist-info/ %{python3_sitelib}/sepolicy/__pycache__ %package devel Summary: SELinux policy core policy devel utilities Requires: policycoreutils-python-utils = %{version}-%{release} -Requires: /usr/bin/make dnf -Requires: selinux-policy-devel +Requires: /usr/bin/make python3-dnf +Requires: (selinux-policy-devel if selinux-policy) %description devel The policycoreutils-devel package contains the management tools use to develop policy in an SELinux environment. @@ -352,7 +265,6 @@ The policycoreutils-devel package contains the management tools use to develop p /var/lib/sepolgen/perm_map %{_bindir}/sepolicy %{_mandir}/man8/sepolgen.8* -%{_mandir}/ru/man8/sepolgen.8* %{_mandir}/man8/sepolicy-booleans.8* %{_mandir}/man8/sepolicy-generate.8* %{_mandir}/man8/sepolicy-interface.8* @@ -361,15 +273,18 @@ The policycoreutils-devel package contains the management tools use to develop p %{_mandir}/man8/sepolicy-communicate.8* %{_mandir}/man8/sepolicy-manpage.8* %{_mandir}/man8/sepolicy-transition.8* -%{_mandir}/ru/man8/sepolicy*.8* %{_usr}/share/bash-completion/completions/sepolicy %package sandbox Summary: SELinux sandbox utilities Requires: python3-policycoreutils = %{version}-%{release} -Requires: xorg-x11-server-Xephyr >= 1.14.1-2 /usr/bin/rsync /usr/bin/xmodmap +%if 0%{?fedora} || 0%{?rhel} <= 9 +Requires: xorg-x11-server-Xephyr >= 1.14.1-2 +Requires: xmodmap Requires: matchbox-window-manager +%endif +Requires: rsync BuildRequires: libcap-ng-devel %description sandbox @@ -382,9 +297,9 @@ sandboxes %{_datadir}/sandbox/start %caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare %{_mandir}/man8/seunshare.8* -%{_mandir}/ru/man8/seunshare.8* +%{_bindir}/sandbox %{_mandir}/man5/sandbox.5* -%{_mandir}/ru/man5/sandbox.5* +%{_mandir}/man8/sandbox.8* %package newrole Summary: The newrole application for RBAC/MLS @@ -397,7 +312,6 @@ or level of a logged in user. %files newrole %attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole %{_mandir}/man1/newrole.1.gz -%{_mandir}/ru/man1/newrole.1.gz %config(noreplace) %{_sysconfdir}/pam.d/newrole %package gui @@ -432,11 +346,8 @@ system-config-selinux is a utility for managing the SELinux environment %{_datadir}/icons/hicolor/*/apps/sepolicy.png %{_datadir}/pixmaps/sepolicy.png %{_mandir}/man8/system-config-selinux.8* -%{_mandir}/ru/man8/system-config-selinux.8* %{_mandir}/man8/selinux-polgengui.8* -%{_mandir}/ru/man8/selinux-polgengui.8* %{_mandir}/man8/sepolicy-gui.8* -%{_mandir}/ru/man8/sepolicy-gui.8* %files -f %{name}.lang %{_sbindir}/restorecon @@ -447,12 +358,15 @@ system-config-selinux is a utility for managing the SELinux environment %{_sbindir}/genhomedircon %{_sbindir}/setsebool %{_sbindir}/semodule +%{_sbindir}/unsetfiles +# symlink to %%{_bindir}/sestatus %{_sbindir}/sestatus %{_bindir}/secon %{_bindir}/semodule_expand %{_bindir}/semodule_link %{_bindir}/semodule_package %{_bindir}/semodule_unpackage +%{_bindir}/sestatus %{_libexecdir}/selinux/hll %{_libexecdir}/selinux/selinux-autorelabel %{_unitdir}/selinux-autorelabel-mark.service @@ -461,41 +375,26 @@ system-config-selinux is a utility for managing the SELinux environment %{generatorsdir}/selinux-autorelabel-generator.sh %config(noreplace) %{_sysconfdir}/sestatus.conf %{_mandir}/man5/selinux_config.5.gz -%{_mandir}/ru/man5/selinux_config.5.gz %{_mandir}/man5/sestatus.conf.5.gz -%{_mandir}/ru/man5/sestatus.conf.5.gz %{_mandir}/man8/fixfiles.8* -%{_mandir}/ru/man8/fixfiles.8* %{_mandir}/man8/load_policy.8* -%{_mandir}/ru/man8/load_policy.8* %{_mandir}/man8/restorecon.8* -%{_mandir}/ru/man8/restorecon.8* %{_mandir}/man8/restorecon_xattr.8* -%{_mandir}/ru/man8/restorecon_xattr.8* %{_mandir}/man8/semodule.8* -%{_mandir}/ru/man8/semodule.8* %{_mandir}/man8/sestatus.8* -%{_mandir}/ru/man8/sestatus.8* %{_mandir}/man8/setfiles.8* -%{_mandir}/ru/man8/setfiles.8* %{_mandir}/man8/setsebool.8* -%{_mandir}/ru/man8/setsebool.8* %{_mandir}/man1/secon.1* -%{_mandir}/ru/man1/secon.1* +%{_mandir}/man1/unsetfiles.1* %{_mandir}/man8/genhomedircon.8* -%{_mandir}/ru/man8/genhomedircon.8* %{_mandir}/man8/semodule_expand.8* -%{_mandir}/ru/man8/semodule_expand.8* %{_mandir}/man8/semodule_link.8* -%{_mandir}/ru/man8/semodule_link.8* %{_mandir}/man8/semodule_unpackage.8* -%{_mandir}/ru/man8/semodule_unpackage.8* %{_mandir}/man8/semodule_package.8* -%{_mandir}/ru/man8/semodule_package.8* %dir %{_datadir}/bash-completion %{_datadir}/bash-completion/completions/setsebool %{!?_licensedir:%global license %%doc} -%license policycoreutils/COPYING +%license policycoreutils/LICENSE %doc %{_usr}/share/doc/%{name} %package restorecond @@ -508,14 +407,15 @@ The policycoreutils-restorecond package contains the restorecond service. %files restorecond %{_sbindir}/restorecond %{_unitdir}/restorecond.service +%{_userunitdir}/restorecond_user.service %config(noreplace) %{_sysconfdir}/selinux/restorecond.conf %config(noreplace) %{_sysconfdir}/selinux/restorecond_user.conf %{_sysconfdir}/xdg/autostart/restorecond.desktop %{_datadir}/dbus-1/services/org.selinux.Restorecond.service %{_mandir}/man8/restorecond.8* -%{_mandir}/ru/man8/restorecond.8* + %{!?_licensedir:%global license %%doc} -%license policycoreutils/COPYING +%license policycoreutils/LICENSE %post %systemd_post selinux-autorelabel-mark.service @@ -533,171 +433,370 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog -* Wed Mar 06 2024 Vit Mojzis - 2.9-26 -- python/semanage: Allow modifying records on "add" (RHEL-28167) -- python/semanage: Do not sort local fcontext definitions (RHEL-24461) +## START: Generated by rpmautospec +* Fri Jan 31 2025 Petr Lautrbach - 3.8-1 +- SELinux userspace 3.8 release -* Tue Feb 06 2024 Vit Mojzis - 2.9-25 -- Harden more tools against "rogue" modules (RHEL-17351) -- sepolicy: port to dnf4 python API (RHEL-17398) +* Wed Dec 18 2024 Petr Lautrbach - 3.8-0.rc3.1 +- SELinux userspace 3.8-rc3 release -* Wed Feb 15 2023 Vit Mojzis - 2.9-24 -- Update translations (#2124826) +* Thu Dec 05 2024 Petr Lautrbach - 3.8-0.rc1.1 +- SELinux userspace 3.8-rc1 release -* Wed Feb 08 2023 Vit Mojzis - 2.9-23 -- python/sepolicy: Cache conditional rule queries (#2155540) +* Tue Oct 29 2024 Troy Dawson - 3.7-3 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 -* Mon Jan 09 2023 Vit Mojzis - 2.9-22 -- python/sepolicy: add missing booleans to man pages (#2155540) +* Tue Aug 20 2024 Petr Lautrbach - 3.7-2 +- sepolgen-ifgen: allow M4 escaped filenames -* Mon Dec 19 2022 Vit Mojzis - 2.9-21.1 -- python: Harden tools against "rogue" modules (#2128976) -- Update "pathfix" arguments to match ^^^ (#2128976) -- python: Do not query the local database if the fcontext is non-local (#2124825) +* Thu Jun 27 2024 Petr Lautrbach - 3.7-1 +- SELinux userspace 3.7 release -* Thu Jul 07 2022 Vit Mojzis - 2.9-20 +* Mon Jun 24 2024 Troy Dawson - 3.6-5 +- Bump release for June 2024 mass rebuild + +* Thu May 09 2024 Petr Lautrbach - 3.6-4 +- Add Wayland support + +* Thu Jan 25 2024 Fedora Release Engineering - 3.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sun Jan 21 2024 Fedora Release Engineering - 3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Thu Dec 14 2023 Petr Lautrbach - 3.6-1 +- SELinux userspace 3.6 release + +* Thu Nov 23 2023 Petr Lautrbach - 3.6-0.rc2.1 +- SELinux userspace 3.6-rc2 release + +* Tue Nov 14 2023 Petr Lautrbach - 3.6-0.rc1.1 +- SELinux userspace 3.6-rc1 release + +* Mon Oct 30 2023 Petr Lautrbach - 3.5-8 +- Update translations + https://translate.fedoraproject.org/projects/selinux/ + +* Tue Aug 1 2023 Petr Lautrbach - 3.5-7 +- python: improve format strings for proper localization +- python: Drop hard formating from localized strings +- sepolicy: port to dnf4 python API (rhbz#2209404) + +* Fri Jul 21 2023 Fedora Release Engineering - 3.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jun 21 2023 Vit Mojzis - 3.5-5 +- python/sepolicy: Fix spec file dependencies +- python/sepolicy: Fix template for confined user policy modules +- Improve man pages and add examples + +* Tue Jun 13 2023 Python Maint - 3.5-4 +- Rebuilt for Python 3.12 + +* Fri May 26 2023 Miro Hrončok - 3.5-3 +- Fix build with pip 23.1.2+ +- Fixes: rhbz#2209016 + +* Wed May 10 2023 Tomas Popela - 3.5-2 +- Drop unused BR on dbus-glib and explicitly BR glib2 + +* Fri Feb 24 2023 Petr Lautrbach - 3.5-1 +- SELinux userspace 3.5 release + +* Mon Feb 13 2023 Petr Lautrbach - 3.5-0.rc3.1 +- SELinux userspace 3.5-rc3 release + +* Wed Feb 8 2023 Petr Lautrbach - 3.5-0.rc2.3 +- Attach tty to selinux-autorelabel.service when AUTORELABEL=0 + +* Thu Jan 26 2023 Vit Mojzis - 3.5-0.rc2.2 +- python/sepolicy: Cache conditional rule queries + +* Fri Jan 20 2023 Fedora Release Engineering - 3.5-0.rc2.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Mon Jan 16 2023 Petr Lautrbach - 3.5-0.rc2.1 +- SELinux userspace 3.5-rc2 release + +* Fri Dec 23 2022 Petr Lautrbach - 3.5-0.rc1.1 +- SELinux userspace 3.5-rc1 release + +* Mon Nov 21 2022 Petr Lautrbach - 3.4-7.1 +- Rebase on upstream f56a72ac9e86 +- sepolicy: fix sepolicy manpage -w +- sandbox: add -R option to alternate XDG_RUNTIME_DIR +- Remove dependency on the Python module distutils + +* Tue Aug 2 2022 Petr Lautrbach - 3.4-6 +- Run autorelabel in parallel by default + https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel + +* Mon Jul 25 2022 Petr Lautrbach - 3.4-5 +- gettext: handle unsupported languages properly (#2100378) +- semodule: rename --rebuild-if-modules-changed to --refresh - python: Split "semanage import" into two transactions (#2063353) -- semodule: rename --rebuild-if-modules-changed to --refresh (#2089802) - selinux-autorelabel: Do not force reboot (#2093133) -* Thu Feb 17 2022 Vit Mojzis - 2.9-19 -- semodule: move module hashing into libsemanage (requires libsemanage-2.9-7) -- semodule: add command-line option to detect module changes (#2049189) +* Fri Jul 22 2022 Fedora Release Engineering - 3.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -* Fri Jan 14 2022 Vit Mojzis - 2.9-18 -- Improve error message when selabel_open fails (#1926511) +* Mon Jun 13 2022 Python Maint - 3.4-3 +- Rebuilt for Python 3.11 -* Tue Nov 30 2021 Petr Lautrbach - 2.9-17 +* Wed May 25 2022 Petr Lautrbach - 3.4-2 +- rebuilt + +* Thu May 19 2022 Petr Lautrbach - 3.4-1 +- SELinux userspace 3.4 release + +* Tue May 10 2022 Petr Lautrbach - 3.4-0.rc3.1 +- SELinux userspace 3.4-rc3 release + +* Thu Apr 21 2022 Petr Lautrbach - 3.4-0.rc.1 +- SELinux userspace 3.4-rc2 release + +* Wed Apr 13 2022 Petr Lautrbach - 3.4-0.rc.1 +- SELinux userspace 3.4-rc1 release + +* Tue Feb 22 2022 Petr Lautrbach - 3.3-5 +- Improve error message when selabel_open fails + +* Sat Feb 19 2022 Petr Lautrbach - 3.3-4 +- semodule: add command-line option to detect module changes +- fixfiles: Use parallel relabeling + +* Fri Jan 21 2022 Fedora Release Engineering - 3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Mon Nov 29 2021 Petr Lautrbach - 3.3-2 +- setfiles/restorecon: support parallel relabeling with -T option - semodule: add -m | --checksum option -* Thu Sep 16 2021 Vit Mojzis - 2.9-16 -- Update translations (#1962009) +* Fri Oct 22 2021 Petr Lautrbach - 3.3-1 +- SELinux userspace 3.3 release -* Mon Jul 19 2021 Vit Mojzis - 2.9-15 -- setfiles: do not restrict checks against a binary policy (#1973754) +* Mon Oct 11 2021 Petr Lautrbach - 3.3-0.rc3.1 +- SELinux userspace 3.3-rc3 release -* Tue Mar 09 2021 Vit Mojzis - 2.9-14 -- Update translations (#1899695) +* Wed Sep 29 2021 Petr Lautrbach - 3.3-0.rc2.1 +- SELinux userspace 3.3-rc2 release -* Mon Feb 22 2021 Vit Mojzis - 2.9-13 -- selinux(8,5): Describe fcontext regular expressions (#1904059) +* Tue Aug 3 2021 Petr Lautrbach - 3.2-6 +- Drop forgotten ru/ man pages from -restorecond -* Tue Feb 2 2021 Petr Lautrbach - 2.9-12 -- setfiles: Do not abort on labeling error (#1794518) +* Wed Jul 28 2021 Petr Lautrbach - 3.2-5 +- Rebase on upstream commit 32611aea6543 -* Wed Jan 27 2021 Vit Mojzis - 2.9-11 -- python/sepolgen: allow any policy statement in if(n)def (#1868717) +* Fri Jul 23 2021 Fedora Release Engineering - 3.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -* Sat Jan 16 2021 Vit Mojzis - 2.9-10 -- python/semanage: Sort imports in alphabetical order -- python/semanage: empty stdout before exiting on BrokenPipeError (#1822100) +* Thu Jun 03 2021 Python Maint - 3.2-3 +- Rebuilt for Python 3.10 -* Fri Jan 17 2020 Vit Mojzis - 2.9-9 -- Update translations (#1754978) +* Mon May 10 2021 Petr Lautrbach - 3.2-2 +- Do not use Python slip +- fixfiles: do not exclude /dev and /run in -C mode +- dbus: use GLib.MainLoop -* Thu Nov 21 2019 Vit Mojzis - 2.9-8 -- restorecond: Fix redundant console log output error (#1626468) +* Mon Mar 8 2021 Petr Lautrbach - 3.2-1 +- SELinux userspace 3.2 release -* Tue Nov 19 2019 Petr Lautrbach - 2.9-7 -- dbus: Fix FileNotFoundError in org.selinux.relabel_on_boot (#1754873) +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.2-0.rc2.1.1 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. -* Tue Nov 12 2019 Petr Lautrbach - 2.9-6 -- Configure autorelabel service to output to journal and to console if set (#1766578) +* Fri Feb 5 2021 Petr Lautrbach - 3.2-0.rc2.1 +- SELinux userspace 3.2-rc2 release -* Wed Nov 06 2019 Vit Mojzis - 2.9-5 -- fixfiles: Fix "verify" option (#1647532) -- semanage: Improve handling of "permissive" statements (#1417455) -- semanage: fix moduleRecords.customized() -- semanage: Add support for DCCP and SCTP protocols (#1563742) +* Wed Jan 27 2021 Fedora Release Engineering - 3.2-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -* Wed Sep 4 2019 Petr Lautrbach - 2.9-4 -- semanage: Do not use default s0 range in "semanage login -a" (#1554360) -- gui: Fix remove module in system-config-selinux (#1748763) +* Wed Jan 20 2021 Petr Lautrbach - 3.2-0.rc1.1 +- SELinux userspace 3.2-rc1 release -* Thu Aug 22 2019 Vit Mojzis - 2.9-3 -- fixfiles: Fix unbound variable problem (#1743213) +* Tue Nov 24 2020 Petr Lautrbach - 3.1-8 +- Fix BuildRequires to libsemanage-devel -* Tue Jul 2 2019 Petr Lautrbach - 2.9-2 -- Update transition +* Fri Nov 20 2020 Petr Lautrbach - 3.1-7 +- python/sepolicy: allow to override manpage date +- selinux_config(5): add a note that runtime disable is deprecated + +* Mon Nov 9 2020 Petr Lautrbach - 3.1-6 +- Require latest setools + +* Fri Oct 30 2020 Petr Lautrbach - 3.1-5 +- Build with libsepol.so.1 and libsemanage.so.2 +- Set X-GNOME-HiddenUnderSystemd=true in restorecond.desktop file +- fixfiles: correctly restore context of mountpoints +- sepolgen: print extended permissions in hexadecimal + +* Sat Aug 01 2020 Fedora Release Engineering - 3.1-4 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Tom Stellard - 3.1-2 +- Use make macros +- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro + +* Fri Jul 10 2020 Petr Lautrbach - 3.1-1 +- SELinux userspace 3.1 release + +* Mon Jun 1 2020 Petr Lautrbach - 3.0-4 +- policycoreutils-dbus requires python3-gobject-base + +* Sat May 23 2020 Miro Hrončok - 3.0-3 +- Rebuilt for Python 3.9 + +* Thu Jan 30 2020 Fedora Release Engineering - 3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Dec 6 2019 Petr Lautrbach - 3.0-1 +- SELinux userspace 3.0 release + +* Wed Sep 4 2019 Petr Lautrbach - 2.9-7 +- semanage: Do not use default s0 range in "semanage login -a" (#1312283) + +* Thu Aug 29 2019 Petr Lautrbach - 2.9-6 +- gui: Fix remove module in system-config-selinux (#1740936) + +* Fri Aug 23 2019 Petr Lautrbach - 2.9-5 +- fixfiles: Fix unbound variable problem + +* Fri Aug 16 2019 Miro Hrončok - 2.9-4 +- Rebuilt for Python 3.8 + +* Mon Aug 5 2019 Petr Lautrbach - 2.9-3 +- Drop python2-policycoreutils +- Update ru man page translations - fixfiles: Fix [-B] [-F] onboot +* Fri Jul 26 2019 Fedora Release Engineering - 2.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Mon Mar 18 2019 Petr Lautrbach - 2.9-1 - SELinux userspace 2.9 release -* Fri Dec 14 2018 Petr Lautrbach - 2.8-16.1 -- semanage: move valid_types initialisations to class constructors -- semanage: import sepolicy only when it's needed -- sepolicy: Add sepolicy.load_store_policy(store) +* Mon Mar 11 2019 Petr Lautrbach - 2.9-0.rc2.1 +- SELinux userspace 2.9-rc2 release + +* Sat Feb 02 2019 Fedora Release Engineering - 2.9-0.rc1.1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jan 25 2019 Petr Lautrbach - 2.9-0.rc1.1 +- SELinux userspace 2.9-rc1 release candidate + +* Fri Jan 25 2019 Petr Lautrbach - 2.8-17 +- python2-policycoreutils requires python2-ipaddress (#1669230) + +* Tue Jan 22 2019 Petr Lautrbach - 2.8-16 +- restorecond: Install DBUS service file with 644 permissions + +* Mon Jan 21 2019 Petr Lautrbach - 2.8-15 +- setsebool: support use of -P on SELinux-disabled hosts +- sepolicy: initialize mislabeled_files in __init__() +- audit2allow: use local sepolgen-ifgen-attr-helper for tests +- audit2allow: allow using audit2why as non-root user +- audit2allow/sepolgen-ifgen: show errors on stderr +- audit2allow/sepolgen-ifgen: add missing \n to error message +- sepolgen: close /etc/selinux/sepolgen.conf after parsing it +- sepolicy: Make policy files sorting more robust +- semanage: Load a store policy and set the store SELinux policy root + +* Thu Dec 20 2018 Petr Lautrbach - 2.8-14 +- chcat: fix removing categories on users with Fedora default setup +- semanage: Include MCS/MLS range when exporting local customizations - semanage: Start exporting "ibendport" and "ibpkey" entries +- semanage: do not show "None" levels when using a non-MLS policy +- sepolicy: Add sepolicy.load_store_policy(store) +- semanage: import sepolicy only when it's needed +- semanage: move valid_types initialisations to class constructors -* Wed Dec 5 2018 Petr Lautrbach - 2.8-15 +* Mon Dec 10 2018 Petr Lautrbach - 2.8-13 - chcat: use check_call instead of getstatusoutput -- semanage: Use standard argparse.error() method +- Use matchbox-window-manager instead of openbox +- Use ipaddress python module instead of IPy - semanage: Fix handling of -a/-e/-d/-r options +- semanage: Use standard argparse.error() method -* Tue Dec 4 2018 Petr Lautrbach - 2.8-14 -- Update translations - -* Mon Dec 3 2018 Petr Lautrbach - 2.8-13 -- Use ipaddress module instead of IPy - -* Tue Nov 13 2018 Petr Lautrbach - 2.8-12 -- Handle more reserved port types -- Replace aliases with corresponding type names - -* Thu Nov 8 2018 Petr Lautrbach - 2.8-11.1 +* Mon Nov 12 2018 Petr Lautrbach - 2.8-12 +- sepolicy,semanage: replace aliases with corresponding type names +- sepolicy-generate: Handle more reserved port types - Fix RESOURCE_LEAK coverity scan defects -* Thu Oct 25 2018 Petr Lautrbach - 2.8-10 -- sepolicy: Update to work with setools-4.2.0 -- gui: Make all polgen button labels translatable - -* Tue Oct 16 2018 Petr Lautrbach - 2.8-9 +* Tue Oct 16 2018 Petr Lautrbach - 2.8-11 - sepolicy: Fix get_real_type_name to handle query failure properly - -* Mon Oct 15 2018 Petr Lautrbach - 2.8-8 - sepolicy: search() for dontaudit rules as well -* Fri Sep 14 2018 Petr Lautrbach - 2.8-7 -- setfiles: Improve description of -d switch -- Fix typo in newrole.1 manpage +* Tue Oct 2 2018 Petr Lautrbach - 2.8-10 +- semanage: "semanage user" does not use -s, fix documentation +- semanage: add a missing space in ibendport help +- sepolicy: Update to work with setools-4.2.0 + +* Fri Sep 14 2018 Petr Lautrbach - 2.8-9 - semanage: Stop rejecting aliases in semanage commands - sepolicy: Stop rejecting aliases in sepolicy commands - sepolicy: Fix "info" to search aliases as well -- sepolgen: fix refpolicy parsing of "permissive" -- sepolgen: return NotImplemented instead of raising it -- semanage: fix Python syntax of catching several exceptions -- semanage: Replace bare except with specific one -- semanage: Fix logger class definition -- semanage: Stop logging loginRecords changes -- add xperms support to audit2allow -- sepolgen: fix access vector initialization -- sepolgen: print all AV rules correctly +- setfiles: Improve description of -d switch -* Thu Sep 13 2018 Petr Lautrbach - 2.8-6.1 +* Wed Sep 12 2018 Petr Lautrbach - 2.8-8 - Update translations -* Tue Jul 24 2018 Petr Lautrbach - 2.8-5 -- sandbox: Use matchbox-window-manager instead of openbox (#1568295) +* Tue Sep 4 2018 Petr Lautrbach - 2.8-7 +- Fix typo in newrole.1 manpage +- sepolgen: print all AV rules correctly +- sepolgen: fix access vector initialization +- Add xperms support to audit2allow +- semanage: Stop logging loginRecords changes +- semanage: Fix logger class definition +- semanage: Replace bare except with specific one +- semanage: fix Python syntax of catching several exceptions +- sepolgen: return NotImplemented instead of raising it +- sepolgen: fix refpolicy parsing of "permissive" -* Thu Jul 19 2018 Petr Lautrbach - 2.8-4 +* Mon Aug 6 2018 Petr Lautrbach - 2.8-6 +- Use split translation files + https://github.com/fedora-selinux/selinux/issues/43 + +* Fri Jul 13 2018 Fedora Release Engineering - 2.8-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jul 02 2018 Miro Hrončok - 2.8-4 +- Rebuilt for Python 3.7 + +* Mon Jun 18 2018 Petr Lautrbach - 2.8-3 - selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221) - selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221) -- Do not require libcgroup - it's not used anymore -* Tue Jun 26 2018 Petr Lautrbach - 2.8-3 -- Do not use symlinks to enable selinux-autorelabel-mark.service (#1589720) +* Fri Jun 15 2018 Miro Hrončok - 2.8-2 +- Rebuilt for Python 3.7 -* Wed Jun 6 2018 Petr Lautrbach - 2.8-2 -- Don't build the Python 2 subpackages (#1567354) - -* Fri May 25 2018 Petr Lautrbach - 2.8-1.1 +* Fri May 25 2018 Petr Lautrbach - 2.8-1 - SELinux userspace 2.8 release -* Tue May 22 2018 Petr Lautrbach - 2.7-19 +* Tue May 22 2018 Petr Lautrbach - 2.8-0.rc3.2 - selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent - selinux-autorelabel: synchronize cached writes before reboot (#1385272) +* Tue May 15 2018 Petr Lautrbach - 2.8-0.rc3.1 +- SELinux userspace 2.8-rc2 release candidate + +* Fri May 4 2018 Petr Lautrbach - 2.8-0.rc2.1 +- SELinux userspace 2.8-rc2 release candidate + +* Mon Apr 23 2018 Petr Lautrbach - 2.8-0.rc1.1 +- SELinux userspace 2.8-rc1 release candidate + +* Thu Apr 19 2018 Petr Lautrbach - 2.7-20 +- Drop python2 sepolicy gui files from policycoreutils-gui (#1566618) + +* Wed Apr 18 2018 Iryna Shcherbina - 2.7-19 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + * Tue Apr 3 2018 Petr Lautrbach - 2.7-18 - Move semodule_* utilities to policycoreutils package (#1562549) @@ -1088,7 +1187,7 @@ The policycoreutils-restorecond package contains the restorecond service. - If there is no executable we don't want to print a part of STANDARD FILE CONTEXT * Tue May 6 2014 Dan Walsh - 2.3-1 -- Update to upstream +- Update to upstream * Add -P semodule option to man page from Dan Walsh. * selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh. * Add new icons for sepolicy gui from Dan Walsh. @@ -1106,7 +1205,7 @@ The policycoreutils-restorecond package contains the restorecond service. - Apply patch to use setcon in seunshare from luto@mit.edu * Wed Apr 30 2014 Dan Walsh - 2.2.5-14 -- Remove requirement for systemd-units +- Remove requirement for systemd-units * Fri Apr 25 2014 Miroslav Grepl - 2.2.5-13 - Fix previous Fix-STANDARD_FILE_CONTEXT patch to exclude if non_exec does not exist @@ -1154,7 +1253,7 @@ The policycoreutils-restorecond package contains the restorecond service. - Do not require /usr/share/selinux/devel/Makefile to build permissive domains * Mon Jan 6 2014 Dan Walsh - 2.2.5-1 -- Update to upstream +- Update to upstream * Ignore selevel/serange if MLS is disabled from Sven Vermeulen. * Fri Jan 3 2014 Dan Walsh - 2.2.4-8 @@ -1184,7 +1283,7 @@ The policycoreutils-restorecond package contains the restorecond service. - ptrace should be a part of deny_ptrace boolean in TEMPLATETYPE_admin * Tue Dec 3 2013 Dan Walsh - 2.2.4-1 -- Update to upstream +- Update to upstream * Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems. - Add patches for sepolicy gui from mgrepl to Fix advanced_item_button_push() to allow to select an application in advanced search menu @@ -1192,7 +1291,7 @@ The policycoreutils-restorecond package contains the restorecond service. * Fri Nov 22 2013 Dan Walsh - 2.2.3-1 -- Update to upstream +- Update to upstream * Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh. * Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh. - Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate @@ -1203,7 +1302,7 @@ The policycoreutils-restorecond package contains the restorecond service. * Fri Nov 15 2013 Dan Walsh - 2.2.2-1 - Speed up startup time of sepolicy gui - Clean up ports screen to only show enabled ports. -- Update to upstream +- Update to upstream * Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh. * Make yum/extract_rpms optional for sepolicy generate from Dan Walsh. * Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh. @@ -1212,7 +1311,7 @@ The policycoreutils-restorecond package contains the restorecond service. - Shift around some of the files to more appropriate packages. * semodule_* packages are required for devel. * Thu Oct 31 2013 Dan Walsh - 2.2-1 -- Update to upstream +- Update to upstream * Properly build the swig exception file from Laurent Bigonville. * Fix man pages from Laurent Bigonville. * Support overriding PATH and INITDIR in Makefile from Laurent Bigonville. @@ -5529,3 +5628,5 @@ written to. fails on 64-bit archs * Mon Jun 2 2003 Dan Walsh 1.0-1 - Initial version + +## END: Generated by rpmautospec diff --git a/selinux-3.8.tar.gz.asc b/selinux-3.8.tar.gz.asc new file mode 100644 index 0000000..d6f0e38 --- /dev/null +++ b/selinux-3.8.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEcgDrLD9eSIRjwM6ezcroySfGvjEFAmeaa/8ACgkQzcroySfG +vjH2og//XNOPQw/9CCuW55KAJL2U2zU4mq9kL3WrkT4ViKhgctPFmPc77oMU+sZp +K8+FNxenNgObe9c+rv3tWMwSHRBKc+PTzrI9E2pm9ZB7JJIYwPkrJEW9DKP22E5q +3ccMuIUQbml9s7OPwHXLEHeL0WHUunTR47xgAuvVODYYuTVhumHOWY/E5cEEh4Of +GeStN6nAtCRohP7lqOWnCRgo0u8EDMX41zsE6EgUZonxZF+u5tx4FU0yBhfKhlgA +uvZYqFQdw/wOwWqKqljR22TCGJG9l1lTJVGGIICkOQNmmJa185dvRX/yTP0FIkfQ +vRkpchYicctix3rgfH6wvuYaCWyI/xZgCOakGKXoe5PBBMRsNUAW0z1gUC+Y0SQu +dukGrHlHn4jBvd0IsgxIsEac7Vt6dmlxK2CiWh+pJlKe3tItyYBerpMyMcvUQMv5 +OKtqvGoaJBiavENzjDbv7Bzo+kgZuo70y6CV7g+tljboWT29N2QimSssS4Cr81KG +WFfUTDk+vvOFwDEOePufMPR0XMeybT5DDabNYOKr2kRlbktkpZKFyTAiIvwdKgpg +DAcudeTjlVeMXu2lZ1tC1MHXppAreWSiq88J6HIrmQJ3A99OVpCHHi+rGAyjcTRV +LueGRWy4PfovMKUMSkqftLPdjEY0W9J9WxLrmLSCLxTBwYnbyNU= +=0ej6 +-----END PGP SIGNATURE----- diff --git a/SOURCES/selinux-autorelabel b/selinux-autorelabel similarity index 88% rename from SOURCES/selinux-autorelabel rename to selinux-autorelabel index f0b5cfa..5290c8c 100755 --- a/SOURCES/selinux-autorelabel +++ b/selinux-autorelabel @@ -51,9 +51,15 @@ relabel_selinux() { echo $"*** Relabeling could take a very long time, depending on file" echo $"*** system size and speed of hard drives." - FORCE=`cat /.autorelabel` - [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug - /sbin/fixfiles $FORCE restore + OPTS=`cat /.autorelabel` + # by default, use as many threads as there are available + # another -T X in $OPTS will override the default value + OPTS="-T 0 $OPTS" + + [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug + echo + echo $"Running: /sbin/fixfiles $OPTS restore" + /sbin/fixfiles $OPTS restore fi rm -f /.autorelabel diff --git a/SOURCES/selinux-autorelabel-generator.sh b/selinux-autorelabel-generator.sh similarity index 73% rename from SOURCES/selinux-autorelabel-generator.sh rename to selinux-autorelabel-generator.sh index be60487..fdb4978 100644 --- a/SOURCES/selinux-autorelabel-generator.sh +++ b/selinux-autorelabel-generator.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # This systemd.generator(7) detects if SELinux is running and if the # user requested an autorelabel, and if so sets the default target to @@ -18,6 +18,15 @@ fi set_target () { ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target" + AUTORELABEL="1" + source /etc/selinux/config + if [ "$AUTORELABEL" = "0" ]; then + mkdir -p "$earlydir/selinux-autorelabel.service.d" + cat > "$earlydir/selinux-autorelabel.service.d/tty.conf" <