Add back lockdown wizard for booleans using pywebkitgtk
This commit is contained in:
Dan Walsh
parent
78175de296
commit
2d6eafee19
@ -1,6 +1,6 @@
|
||||
diff -up policycoreutils-2.1.5/gui/booleansPage.py.gui policycoreutils-2.1.5/gui/booleansPage.py
|
||||
--- policycoreutils-2.1.5/gui/booleansPage.py.gui 2011-09-06 13:15:33.016804593 -0400
|
||||
+++ policycoreutils-2.1.5/gui/booleansPage.py 2011-09-06 13:15:33.016804593 -0400
|
||||
--- policycoreutils-2.1.5/gui/booleansPage.py.gui 2011-09-07 16:58:08.229268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/booleansPage.py 2011-09-07 16:58:08.229268533 -0400
|
||||
@@ -0,0 +1,247 @@
|
||||
+#
|
||||
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
|
||||
@ -250,8 +250,8 @@ diff -up policycoreutils-2.1.5/gui/booleansPage.py.gui policycoreutils-2.1.5/gui
|
||||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/domainsPage.py.gui policycoreutils-2.1.5/gui/domainsPage.py
|
||||
--- policycoreutils-2.1.5/gui/domainsPage.py.gui 2011-09-06 13:15:33.016804593 -0400
|
||||
+++ policycoreutils-2.1.5/gui/domainsPage.py 2011-09-06 13:15:33.017804594 -0400
|
||||
--- policycoreutils-2.1.5/gui/domainsPage.py.gui 2011-09-07 16:58:08.230268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/domainsPage.py 2011-09-07 16:58:08.230268533 -0400
|
||||
@@ -0,0 +1,154 @@
|
||||
+## domainsPage.py - show selinux domains
|
||||
+## Copyright (C) 2009 Red Hat, Inc.
|
||||
@ -408,8 +408,8 @@ diff -up policycoreutils-2.1.5/gui/domainsPage.py.gui policycoreutils-2.1.5/gui/
|
||||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff -up policycoreutils-2.1.5/gui/fcontextPage.py.gui policycoreutils-2.1.5/gui/fcontextPage.py
|
||||
--- policycoreutils-2.1.5/gui/fcontextPage.py.gui 2011-09-06 13:15:33.017804594 -0400
|
||||
+++ policycoreutils-2.1.5/gui/fcontextPage.py 2011-09-06 13:15:33.018804595 -0400
|
||||
--- policycoreutils-2.1.5/gui/fcontextPage.py.gui 2011-09-07 16:58:08.230268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/fcontextPage.py 2011-09-07 16:58:08.231268533 -0400
|
||||
@@ -0,0 +1,223 @@
|
||||
+## fcontextPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
@ -635,8 +635,8 @@ diff -up policycoreutils-2.1.5/gui/fcontextPage.py.gui policycoreutils-2.1.5/gui
|
||||
+ self.store.set_value(iter, FTYPE_COL, ftype)
|
||||
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
|
||||
diff -up policycoreutils-2.1.5/gui/html_util.py.gui policycoreutils-2.1.5/gui/html_util.py
|
||||
--- policycoreutils-2.1.5/gui/html_util.py.gui 2011-09-06 13:15:33.018804595 -0400
|
||||
+++ policycoreutils-2.1.5/gui/html_util.py 2011-09-06 13:15:33.018804595 -0400
|
||||
--- policycoreutils-2.1.5/gui/html_util.py.gui 2011-09-07 16:58:08.231268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/html_util.py 2011-09-07 16:58:08.231268533 -0400
|
||||
@@ -0,0 +1,164 @@
|
||||
+# Authors: John Dennis <jdennis@redhat.com>
|
||||
+#
|
||||
@ -803,8 +803,8 @@ diff -up policycoreutils-2.1.5/gui/html_util.py.gui policycoreutils-2.1.5/gui/ht
|
||||
+ return doc
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/lockdown.glade.gui policycoreutils-2.1.5/gui/lockdown.glade
|
||||
--- policycoreutils-2.1.5/gui/lockdown.glade.gui 2011-09-06 13:15:33.020804597 -0400
|
||||
+++ policycoreutils-2.1.5/gui/lockdown.glade 2011-09-06 13:15:33.020804597 -0400
|
||||
--- policycoreutils-2.1.5/gui/lockdown.glade.gui 2011-09-07 16:58:08.232268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/lockdown.glade 2011-09-07 16:58:08.232268533 -0400
|
||||
@@ -0,0 +1,771 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
@ -1578,8 +1578,8 @@ diff -up policycoreutils-2.1.5/gui/lockdown.glade.gui policycoreutils-2.1.5/gui/
|
||||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.1.5/gui/lockdown.gladep.gui policycoreutils-2.1.5/gui/lockdown.gladep
|
||||
--- policycoreutils-2.1.5/gui/lockdown.gladep.gui 2011-09-06 13:15:33.021804598 -0400
|
||||
+++ policycoreutils-2.1.5/gui/lockdown.gladep 2011-09-06 13:15:33.021804598 -0400
|
||||
--- policycoreutils-2.1.5/gui/lockdown.gladep.gui 2011-09-07 16:58:08.233268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/lockdown.gladep 2011-09-07 16:58:08.233268533 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
@ -1589,10 +1589,10 @@ diff -up policycoreutils-2.1.5/gui/lockdown.gladep.gui policycoreutils-2.1.5/gui
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/lockdown.py
|
||||
--- policycoreutils-2.1.5/gui/lockdown.py.gui 2011-09-06 13:15:33.022804599 -0400
|
||||
+++ policycoreutils-2.1.5/gui/lockdown.py 2011-09-06 13:15:33.022804599 -0400
|
||||
@@ -0,0 +1,382 @@
|
||||
+#!/usr/bin/python -Es
|
||||
--- policycoreutils-2.1.5/gui/lockdown.py.gui 2011-09-07 16:58:08.234268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/lockdown.py 2011-09-08 09:42:14.245334273 -0400
|
||||
@@ -0,0 +1,375 @@
|
||||
+#!/usr/bin/python
|
||||
+#
|
||||
+# lockdown.py - GUI for Booleans page in system-config-securitylevel
|
||||
+#
|
||||
@ -1623,7 +1623,7 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc
|
||||
+import sys
|
||||
+import selinux
|
||||
+import seobject
|
||||
+import gtkhtml2
|
||||
+import webkit
|
||||
+import commands
|
||||
+import tempfile
|
||||
+
|
||||
@ -1714,18 +1714,14 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc
|
||||
+ col.set_resizable(True)
|
||||
+ self.view.append_column(col)
|
||||
+
|
||||
+ self.html_view, self.doc = self.create_htmlview(self.html_scrolledwindow)
|
||||
+ self.html_view = self.create_htmlview(self.html_scrolledwindow)
|
||||
+ self.load()
|
||||
+ self.view.get_selection().select_path ((0,))
|
||||
+
|
||||
+ def create_htmlview(self, container):
|
||||
+ view = gtkhtml2.View()
|
||||
+ doc = gtkhtml2.Document()
|
||||
+ container.set_hadjustment(view.get_hadjustment())
|
||||
+ container.set_vadjustment(view.get_vadjustment())
|
||||
+ view.set_document(doc)
|
||||
+ view = webkit.WebView()
|
||||
+ container.add(view)
|
||||
+ return (view, doc)
|
||||
+ return (view)
|
||||
+
|
||||
+ def wait(self):
|
||||
+ self.window.set_cursor(self.busy_cursor)
|
||||
@ -1922,9 +1918,7 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc
|
||||
+ self.cat = None
|
||||
+
|
||||
+ self.name = store.get_value(iter, BOOLEAN)
|
||||
+ self.doc.clear()
|
||||
+ self.doc.open_stream("text/html")
|
||||
+
|
||||
+
|
||||
+ html = ''
|
||||
+
|
||||
+ self.radiobox.hide()
|
||||
@ -1956,8 +1950,7 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc
|
||||
+ self.default_radiobutton.set_active(True)
|
||||
+ html_doc= html_document(html)
|
||||
+
|
||||
+ self.doc.write_stream(html_doc)
|
||||
+ self.doc.close_stream()
|
||||
+ self.html_view.load_html_string(html, "")
|
||||
+
|
||||
+ def stand_alone(self):
|
||||
+ desktopName = _("Lockdown SELinux Booleans")
|
||||
@ -1975,8 +1968,8 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc
|
||||
+ app = booleanWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.1.5/gui/loginsPage.py.gui policycoreutils-2.1.5/gui/loginsPage.py
|
||||
--- policycoreutils-2.1.5/gui/loginsPage.py.gui 2011-09-06 13:15:33.023804600 -0400
|
||||
+++ policycoreutils-2.1.5/gui/loginsPage.py 2011-09-06 13:15:33.023804600 -0400
|
||||
--- policycoreutils-2.1.5/gui/loginsPage.py.gui 2011-09-07 16:58:08.234268533 -0400
|
||||
+++ policycoreutils-2.1.5/gui/loginsPage.py 2011-09-07 16:58:08.234268533 -0400
|
||||
@@ -0,0 +1,185 @@
|
||||
+## loginsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
@ -2164,9 +2157,9 @@ diff -up policycoreutils-2.1.5/gui/loginsPage.py.gui policycoreutils-2.1.5/gui/l
|
||||
+ self.store.set_value(iter, 2, seobject.translate(serange))
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefile
|
||||
--- policycoreutils-2.1.5/gui/Makefile.gui 2011-09-06 13:15:33.023804600 -0400
|
||||
+++ policycoreutils-2.1.5/gui/Makefile 2011-09-06 13:16:40.940907544 -0400
|
||||
@@ -0,0 +1,38 @@
|
||||
--- policycoreutils-2.1.5/gui/Makefile.gui 2011-09-07 16:58:08.235268532 -0400
|
||||
+++ policycoreutils-2.1.5/gui/Makefile 2011-09-08 09:43:07.615249107 -0400
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Installation directories.
|
||||
+PREFIX ?= ${DESTDIR}/usr
|
||||
+BINDIR ?= $(PREFIX)/bin
|
||||
@ -2182,13 +2175,14 @@ diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefi
|
||||
+modulesPage.py \
|
||||
+polgen.glade \
|
||||
+portsPage.py \
|
||||
+lockdown.glade \
|
||||
+semanagePage.py \
|
||||
+statusPage.py \
|
||||
+system-config-selinux.glade \
|
||||
+usersPage.py \
|
||||
+selinux.tbl
|
||||
+
|
||||
+all: $(TARGETS) system-config-selinux.py polgengui.py templates polgen.py
|
||||
+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py polgen.py
|
||||
+
|
||||
+install: all
|
||||
+ -mkdir -p $(SHAREDIR)/templates
|
||||
@ -2197,6 +2191,7 @@ diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefi
|
||||
+ install -m 755 polgengui.py $(SHAREDIR)
|
||||
+ install -m 755 polgen.py $(SHAREDIR)
|
||||
+ (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen)
|
||||
+ install -m 755 lockdown.py $(SHAREDIR)
|
||||
+ install -m 644 $(TARGETS) $(SHAREDIR)
|
||||
+ install -m 644 templates/*.py $(SHAREDIR)/templates/
|
||||
+
|
||||
@ -2206,8 +2201,8 @@ diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefi
|
||||
+
|
||||
+relabel:
|
||||
diff -up policycoreutils-2.1.5/gui/mappingsPage.py.gui policycoreutils-2.1.5/gui/mappingsPage.py
|
||||
--- policycoreutils-2.1.5/gui/mappingsPage.py.gui 2011-09-06 13:15:33.024804601 -0400
|
||||
+++ policycoreutils-2.1.5/gui/mappingsPage.py 2011-09-06 13:15:33.024804601 -0400
|
||||
--- policycoreutils-2.1.5/gui/mappingsPage.py.gui 2011-09-07 16:58:08.235268532 -0400
|
||||
+++ policycoreutils-2.1.5/gui/mappingsPage.py 2011-09-07 16:58:08.236268531 -0400
|
||||
@@ -0,0 +1,56 @@
|
||||
+## mappingsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
@ -2266,8 +2261,8 @@ diff -up policycoreutils-2.1.5/gui/mappingsPage.py.gui policycoreutils-2.1.5/gui
|
||||
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/modulesPage.py.gui policycoreutils-2.1.5/gui/modulesPage.py
|
||||
--- policycoreutils-2.1.5/gui/modulesPage.py.gui 2011-09-06 13:15:33.025804602 -0400
|
||||
+++ policycoreutils-2.1.5/gui/modulesPage.py 2011-09-06 13:15:33.025804602 -0400
|
||||
--- policycoreutils-2.1.5/gui/modulesPage.py.gui 2011-09-07 16:58:08.236268531 -0400
|
||||
+++ policycoreutils-2.1.5/gui/modulesPage.py 2011-09-07 16:58:08.236268531 -0400
|
||||
@@ -0,0 +1,190 @@
|
||||
+## modulesPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
@ -2460,8 +2455,8 @@ diff -up policycoreutils-2.1.5/gui/modulesPage.py.gui policycoreutils-2.1.5/gui/
|
||||
+ except ValueError, e:
|
||||
+ self.error(e.args[0])
|
||||
diff -up policycoreutils-2.1.5/gui/polgen.glade.gui policycoreutils-2.1.5/gui/polgen.glade
|
||||
--- policycoreutils-2.1.5/gui/polgen.glade.gui 2011-09-06 13:15:33.028804605 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgen.glade 2011-09-06 13:15:33.030804607 -0400
|
||||
--- policycoreutils-2.1.5/gui/polgen.glade.gui 2011-09-07 16:58:08.239268531 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgen.glade 2011-09-07 16:58:08.240268531 -0400
|
||||
@@ -0,0 +1,3432 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
@ -5896,8 +5891,8 @@ diff -up policycoreutils-2.1.5/gui/polgen.glade.gui policycoreutils-2.1.5/gui/po
|
||||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.1.5/gui/polgen.gladep.gui policycoreutils-2.1.5/gui/polgen.gladep
|
||||
--- policycoreutils-2.1.5/gui/polgen.gladep.gui 2011-09-06 13:15:33.030804607 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgen.gladep 2011-09-06 13:15:33.031804608 -0400
|
||||
--- policycoreutils-2.1.5/gui/polgen.gladep.gui 2011-09-07 16:58:08.241268531 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgen.gladep 2011-09-07 16:58:08.241268531 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
@ -5907,8 +5902,8 @@ diff -up policycoreutils-2.1.5/gui/polgen.gladep.gui policycoreutils-2.1.5/gui/p
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.1.5/gui/polgengui.py.gui policycoreutils-2.1.5/gui/polgengui.py
|
||||
--- policycoreutils-2.1.5/gui/polgengui.py.gui 2011-09-06 13:15:33.032804609 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgengui.py 2011-09-06 13:15:33.032804609 -0400
|
||||
--- policycoreutils-2.1.5/gui/polgengui.py.gui 2011-09-07 16:58:08.242268530 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgengui.py 2011-09-07 16:58:08.242268530 -0400
|
||||
@@ -0,0 +1,750 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
@ -6661,8 +6656,8 @@ diff -up policycoreutils-2.1.5/gui/polgengui.py.gui policycoreutils-2.1.5/gui/po
|
||||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.1.5/gui/polgen.py.gui policycoreutils-2.1.5/gui/polgen.py
|
||||
--- policycoreutils-2.1.5/gui/polgen.py.gui 2011-09-06 13:15:33.034804611 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgen.py 2011-09-06 13:15:33.034804611 -0400
|
||||
--- policycoreutils-2.1.5/gui/polgen.py.gui 2011-09-07 16:58:08.243268529 -0400
|
||||
+++ policycoreutils-2.1.5/gui/polgen.py 2011-09-07 16:58:08.244268529 -0400
|
||||
@@ -0,0 +1,1346 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
@ -8011,8 +8006,8 @@ diff -up policycoreutils-2.1.5/gui/polgen.py.gui policycoreutils-2.1.5/gui/polge
|
||||
+ except ValueError, e:
|
||||
+ usage(e)
|
||||
diff -up policycoreutils-2.1.5/gui/portsPage.py.gui policycoreutils-2.1.5/gui/portsPage.py
|
||||
--- policycoreutils-2.1.5/gui/portsPage.py.gui 2011-09-06 13:15:33.035804612 -0400
|
||||
+++ policycoreutils-2.1.5/gui/portsPage.py 2011-09-06 13:15:33.035804612 -0400
|
||||
--- policycoreutils-2.1.5/gui/portsPage.py.gui 2011-09-07 16:58:08.244268529 -0400
|
||||
+++ policycoreutils-2.1.5/gui/portsPage.py 2011-09-07 16:58:08.244268529 -0400
|
||||
@@ -0,0 +1,259 @@
|
||||
+## portsPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
@ -8274,8 +8269,8 @@ diff -up policycoreutils-2.1.5/gui/portsPage.py.gui policycoreutils-2.1.5/gui/po
|
||||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/selinux.tbl.gui policycoreutils-2.1.5/gui/selinux.tbl
|
||||
--- policycoreutils-2.1.5/gui/selinux.tbl.gui 2011-09-06 13:15:33.036804613 -0400
|
||||
+++ policycoreutils-2.1.5/gui/selinux.tbl 2011-09-06 13:15:33.036804613 -0400
|
||||
--- policycoreutils-2.1.5/gui/selinux.tbl.gui 2011-09-07 16:58:08.245268529 -0400
|
||||
+++ policycoreutils-2.1.5/gui/selinux.tbl 2011-09-07 16:58:08.246268529 -0400
|
||||
@@ -0,0 +1,234 @@
|
||||
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
|
||||
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
|
||||
@ -8512,8 +8507,8 @@ diff -up policycoreutils-2.1.5/gui/selinux.tbl.gui policycoreutils-2.1.5/gui/sel
|
||||
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/semanagePage.py.gui policycoreutils-2.1.5/gui/semanagePage.py
|
||||
--- policycoreutils-2.1.5/gui/semanagePage.py.gui 2011-09-06 13:15:33.037804614 -0400
|
||||
+++ policycoreutils-2.1.5/gui/semanagePage.py 2011-09-06 13:15:33.037804614 -0400
|
||||
--- policycoreutils-2.1.5/gui/semanagePage.py.gui 2011-09-07 16:58:08.246268529 -0400
|
||||
+++ policycoreutils-2.1.5/gui/semanagePage.py 2011-09-07 16:58:08.246268529 -0400
|
||||
@@ -0,0 +1,168 @@
|
||||
+## semanagePage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
@ -8684,8 +8679,8 @@ diff -up policycoreutils-2.1.5/gui/semanagePage.py.gui policycoreutils-2.1.5/gui
|
||||
+ return True
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/statusPage.py.gui policycoreutils-2.1.5/gui/statusPage.py
|
||||
--- policycoreutils-2.1.5/gui/statusPage.py.gui 2011-09-06 13:15:33.038804615 -0400
|
||||
+++ policycoreutils-2.1.5/gui/statusPage.py 2011-09-06 13:15:33.038804615 -0400
|
||||
--- policycoreutils-2.1.5/gui/statusPage.py.gui 2011-09-07 16:58:08.247268528 -0400
|
||||
+++ policycoreutils-2.1.5/gui/statusPage.py 2011-09-07 16:58:08.247268528 -0400
|
||||
@@ -0,0 +1,190 @@
|
||||
+# statusPage.py - show selinux status
|
||||
+## Copyright (C) 2006-2009 Red Hat, Inc.
|
||||
@ -8878,9 +8873,9 @@ diff -up policycoreutils-2.1.5/gui/statusPage.py.gui policycoreutils-2.1.5/gui/s
|
||||
+
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreutils-2.1.5/gui/system-config-selinux.glade
|
||||
--- policycoreutils-2.1.5/gui/system-config-selinux.glade.gui 2011-09-06 13:15:33.041804618 -0400
|
||||
+++ policycoreutils-2.1.5/gui/system-config-selinux.glade 2011-09-06 13:16:15.397861323 -0400
|
||||
@@ -0,0 +1,3005 @@
|
||||
--- policycoreutils-2.1.5/gui/system-config-selinux.glade.gui 2011-09-07 16:58:08.249268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/system-config-selinux.glade 2011-09-08 09:44:04.498161457 -0400
|
||||
@@ -0,0 +1,3024 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
+
|
||||
@ -10112,6 +10107,7 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreuti
|
||||
+ <widget class="GtkHPaned" id="hpaned1">
|
||||
+ <property name="visible">True</property>
|
||||
+ <property name="can_focus">True</property>
|
||||
+ <property name="position">0</property>
|
||||
+
|
||||
+ <child>
|
||||
+ <widget class="GtkFrame" id="frame1">
|
||||
@ -10508,6 +10504,24 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreuti
|
||||
+ <property name="homogeneous">True</property>
|
||||
+ </packing>
|
||||
+ </child>
|
||||
+
|
||||
+ <child>
|
||||
+ <widget class="GtkToolButton" id="toolbutton36">
|
||||
+ <property name="visible">True</property>
|
||||
+ <property name="tooltip" translatable="yes">Run booleans lockdown wizard</property>
|
||||
+ <property name="label" translatable="yes">Lockdown...</property>
|
||||
+ <property name="use_underline">True</property>
|
||||
+ <property name="stock_id">gtk-print-error</property>
|
||||
+ <property name="visible_horizontal">True</property>
|
||||
+ <property name="visible_vertical">True</property>
|
||||
+ <property name="is_important">False</property>
|
||||
+ <signal name="clicked" handler="on_lockdown_clicked" last_modification_time="Thu, 03 Jul 2008 16:51:17 GMT"/>
|
||||
+ </widget>
|
||||
+ <packing>
|
||||
+ <property name="expand">False</property>
|
||||
+ <property name="homogeneous">True</property>
|
||||
+ </packing>
|
||||
+ </child>
|
||||
+ </widget>
|
||||
+ <packing>
|
||||
+ <property name="padding">0</property>
|
||||
@ -11887,8 +11901,8 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreuti
|
||||
+
|
||||
+</glade-interface>
|
||||
diff -up policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui policycoreutils-2.1.5/gui/system-config-selinux.gladep
|
||||
--- policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui 2011-09-06 13:15:33.042804619 -0400
|
||||
+++ policycoreutils-2.1.5/gui/system-config-selinux.gladep 2011-09-06 13:15:33.043804620 -0400
|
||||
--- policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui 2011-09-07 16:58:08.250268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/system-config-selinux.gladep 2011-09-07 16:58:08.250268527 -0400
|
||||
@@ -0,0 +1,7 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
|
||||
@ -11898,8 +11912,8 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui policycoreut
|
||||
+ <program_name></program_name>
|
||||
+</glade-project>
|
||||
diff -up policycoreutils-2.1.5/gui/system-config-selinux.py.gui policycoreutils-2.1.5/gui/system-config-selinux.py
|
||||
--- policycoreutils-2.1.5/gui/system-config-selinux.py.gui 2011-09-06 13:15:33.043804620 -0400
|
||||
+++ policycoreutils-2.1.5/gui/system-config-selinux.py 2011-09-06 13:15:33.043804620 -0400
|
||||
--- policycoreutils-2.1.5/gui/system-config-selinux.py.gui 2011-09-07 16:58:08.251268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/system-config-selinux.py 2011-09-07 16:58:08.251268527 -0400
|
||||
@@ -0,0 +1,187 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
@ -12089,8 +12103,8 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.py.gui policycoreutils-
|
||||
+ app = childWindow()
|
||||
+ app.stand_alone()
|
||||
diff -up policycoreutils-2.1.5/gui/templates/boolean.py.gui policycoreutils-2.1.5/gui/templates/boolean.py
|
||||
--- policycoreutils-2.1.5/gui/templates/boolean.py.gui 2011-09-06 13:15:33.044804621 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/boolean.py 2011-09-06 13:15:33.044804621 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/boolean.py.gui 2011-09-07 16:58:08.252268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/boolean.py 2011-09-07 16:58:08.252268527 -0400
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -12133,8 +12147,8 @@ diff -up policycoreutils-2.1.5/gui/templates/boolean.py.gui policycoreutils-2.1.
|
||||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/templates/etc_rw.py.gui policycoreutils-2.1.5/gui/templates/etc_rw.py
|
||||
--- policycoreutils-2.1.5/gui/templates/etc_rw.py.gui 2011-09-06 13:15:33.045804622 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/etc_rw.py 2011-09-06 13:15:33.045804622 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/etc_rw.py.gui 2011-09-07 16:58:08.252268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/etc_rw.py 2011-09-07 16:58:08.252268527 -0400
|
||||
@@ -0,0 +1,112 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -12249,8 +12263,8 @@ diff -up policycoreutils-2.1.5/gui/templates/etc_rw.py.gui policycoreutils-2.1.5
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/executable.py.gui policycoreutils-2.1.5/gui/templates/executable.py
|
||||
--- policycoreutils-2.1.5/gui/templates/executable.py.gui 2011-09-06 13:15:33.046804623 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/executable.py 2011-09-06 13:15:33.046804623 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/executable.py.gui 2011-09-07 16:58:08.253268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/executable.py 2011-09-07 16:58:08.253268527 -0400
|
||||
@@ -0,0 +1,451 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -12704,8 +12718,8 @@ diff -up policycoreutils-2.1.5/gui/templates/executable.py.gui policycoreutils-2
|
||||
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/__init__.py.gui policycoreutils-2.1.5/gui/templates/__init__.py
|
||||
--- policycoreutils-2.1.5/gui/templates/__init__.py.gui 2011-09-06 13:15:33.046804623 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/__init__.py 2011-09-06 13:15:33.047804624 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/__init__.py.gui 2011-09-07 16:58:08.254268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/__init__.py 2011-09-07 16:58:08.254268527 -0400
|
||||
@@ -0,0 +1,18 @@
|
||||
+#
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
@ -12726,8 +12740,8 @@ diff -up policycoreutils-2.1.5/gui/templates/__init__.py.gui policycoreutils-2.1
|
||||
+#
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/templates/network.py.gui policycoreutils-2.1.5/gui/templates/network.py
|
||||
--- policycoreutils-2.1.5/gui/templates/network.py.gui 2011-09-06 13:15:33.047804624 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/network.py 2011-09-06 13:15:33.047804624 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/network.py.gui 2011-09-07 16:58:08.254268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/network.py 2011-09-07 16:58:08.255268527 -0400
|
||||
@@ -0,0 +1,102 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -12832,8 +12846,8 @@ diff -up policycoreutils-2.1.5/gui/templates/network.py.gui policycoreutils-2.1.
|
||||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/templates/rw.py.gui policycoreutils-2.1.5/gui/templates/rw.py
|
||||
--- policycoreutils-2.1.5/gui/templates/rw.py.gui 2011-09-06 13:15:33.048804625 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/rw.py 2011-09-06 13:15:33.048804625 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/rw.py.gui 2011-09-07 16:58:08.255268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/rw.py 2011-09-07 16:58:08.255268527 -0400
|
||||
@@ -0,0 +1,129 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -12965,8 +12979,8 @@ diff -up policycoreutils-2.1.5/gui/templates/rw.py.gui policycoreutils-2.1.5/gui
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/script.py.gui policycoreutils-2.1.5/gui/templates/script.py
|
||||
--- policycoreutils-2.1.5/gui/templates/script.py.gui 2011-09-06 13:15:33.049804626 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/script.py 2011-09-06 13:15:33.049804626 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/script.py.gui 2011-09-07 16:58:08.256268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/script.py 2011-09-07 16:58:08.256268527 -0400
|
||||
@@ -0,0 +1,126 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13095,8 +13109,8 @@ diff -up policycoreutils-2.1.5/gui/templates/script.py.gui policycoreutils-2.1.5
|
||||
+fi
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/semodule.py.gui policycoreutils-2.1.5/gui/templates/semodule.py
|
||||
--- policycoreutils-2.1.5/gui/templates/semodule.py.gui 2011-09-06 13:15:33.050804627 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/semodule.py 2011-09-06 13:15:33.050804627 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/semodule.py.gui 2011-09-07 16:58:08.256268527 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/semodule.py 2011-09-07 16:58:08.256268527 -0400
|
||||
@@ -0,0 +1,41 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13140,8 +13154,8 @@ diff -up policycoreutils-2.1.5/gui/templates/semodule.py.gui policycoreutils-2.1
|
||||
+"""
|
||||
+
|
||||
diff -up policycoreutils-2.1.5/gui/templates/tmp.py.gui policycoreutils-2.1.5/gui/templates/tmp.py
|
||||
--- policycoreutils-2.1.5/gui/templates/tmp.py.gui 2011-09-06 13:15:33.050804627 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/tmp.py 2011-09-06 13:15:33.050804627 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/tmp.py.gui 2011-09-07 16:58:08.257268526 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/tmp.py 2011-09-07 16:58:08.257268526 -0400
|
||||
@@ -0,0 +1,102 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13246,8 +13260,8 @@ diff -up policycoreutils-2.1.5/gui/templates/tmp.py.gui policycoreutils-2.1.5/gu
|
||||
+ admin_pattern($1, TEMPLATETYPE_tmp_t)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/user.py.gui policycoreutils-2.1.5/gui/templates/user.py
|
||||
--- policycoreutils-2.1.5/gui/templates/user.py.gui 2011-09-06 13:15:33.051804628 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/user.py 2011-09-06 13:15:33.051804628 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/user.py.gui 2011-09-07 16:58:08.257268526 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/user.py 2011-09-07 16:58:08.257268526 -0400
|
||||
@@ -0,0 +1,204 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13454,8 +13468,8 @@ diff -up policycoreutils-2.1.5/gui/templates/user.py.gui policycoreutils-2.1.5/g
|
||||
+seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/var_cache.py.gui policycoreutils-2.1.5/gui/templates/var_cache.py
|
||||
--- policycoreutils-2.1.5/gui/templates/var_cache.py.gui 2011-09-06 13:15:33.052804629 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_cache.py 2011-09-06 13:15:33.052804629 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/var_cache.py.gui 2011-09-07 16:58:08.258268525 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_cache.py 2011-09-07 16:58:08.258268525 -0400
|
||||
@@ -0,0 +1,132 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13590,8 +13604,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_cache.py.gui policycoreutils-2.
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/var_lib.py.gui policycoreutils-2.1.5/gui/templates/var_lib.py
|
||||
--- policycoreutils-2.1.5/gui/templates/var_lib.py.gui 2011-09-06 13:15:33.052804629 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_lib.py 2011-09-06 13:15:33.053804630 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/var_lib.py.gui 2011-09-07 16:58:08.258268525 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_lib.py 2011-09-07 16:58:08.259268525 -0400
|
||||
@@ -0,0 +1,160 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13754,8 +13768,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_lib.py.gui policycoreutils-2.1.
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/var_log.py.gui policycoreutils-2.1.5/gui/templates/var_log.py
|
||||
--- policycoreutils-2.1.5/gui/templates/var_log.py.gui 2011-09-06 13:15:33.053804630 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_log.py 2011-09-06 13:15:33.053804630 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/var_log.py.gui 2011-09-07 16:58:08.259268525 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_log.py 2011-09-07 16:58:08.259268525 -0400
|
||||
@@ -0,0 +1,114 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13872,8 +13886,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_log.py.gui policycoreutils-2.1.
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/var_run.py.gui policycoreutils-2.1.5/gui/templates/var_run.py
|
||||
--- policycoreutils-2.1.5/gui/templates/var_run.py.gui 2011-09-06 13:15:33.054804631 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_run.py 2011-09-06 13:15:33.054804631 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/var_run.py.gui 2011-09-07 16:58:08.260268525 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_run.py 2011-09-07 16:58:08.260268525 -0400
|
||||
@@ -0,0 +1,101 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -13977,8 +13991,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_run.py.gui policycoreutils-2.1.
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/templates/var_spool.py.gui policycoreutils-2.1.5/gui/templates/var_spool.py
|
||||
--- policycoreutils-2.1.5/gui/templates/var_spool.py.gui 2011-09-06 13:15:33.055804632 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_spool.py 2011-09-06 13:15:33.055804632 -0400
|
||||
--- policycoreutils-2.1.5/gui/templates/var_spool.py.gui 2011-09-07 16:58:08.261268525 -0400
|
||||
+++ policycoreutils-2.1.5/gui/templates/var_spool.py 2011-09-07 16:58:08.261268525 -0400
|
||||
@@ -0,0 +1,131 @@
|
||||
+# Copyright (C) 2007-2011 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
@ -14112,8 +14126,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_spool.py.gui policycoreutils-2.
|
||||
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
|
||||
+"""
|
||||
diff -up policycoreutils-2.1.5/gui/usersPage.py.gui policycoreutils-2.1.5/gui/usersPage.py
|
||||
--- policycoreutils-2.1.5/gui/usersPage.py.gui 2011-09-06 13:15:33.055804632 -0400
|
||||
+++ policycoreutils-2.1.5/gui/usersPage.py 2011-09-06 13:15:33.056804633 -0400
|
||||
--- policycoreutils-2.1.5/gui/usersPage.py.gui 2011-09-07 16:58:08.261268525 -0400
|
||||
+++ policycoreutils-2.1.5/gui/usersPage.py 2011-09-07 16:58:08.261268525 -0400
|
||||
@@ -0,0 +1,150 @@
|
||||
+## usersPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.
|
||||
|
||||
@ -3616,15 +3616,21 @@ index 0000000..1ce37b0
|
||||
+ return 0;
|
||||
+}
|
||||
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
|
||||
index 48ffcad..c1e6e24 100644
|
||||
index 48ffcad..7cff7e4 100644
|
||||
--- a/policycoreutils/setfiles/restore.c
|
||||
+++ b/policycoreutils/setfiles/restore.c
|
||||
@@ -33,7 +33,7 @@ struct edir {
|
||||
@@ -1,5 +1,6 @@
|
||||
#include "restore.h"
|
||||
#include <glob.h>
|
||||
+#include <selinux/context.h>
|
||||
|
||||
#define SKIP -2
|
||||
#define ERR -1
|
||||
@@ -33,7 +34,6 @@ struct edir {
|
||||
|
||||
static file_spec_t *fl_head;
|
||||
static int filespec_add(ino_t ino, const security_context_t con, const char *file);
|
||||
-static int only_changed_user(const char *a, const char *b);
|
||||
+static int match_type(const security_context_t oldcon, security_context_t *newcon);
|
||||
struct restore_opts *r_opts = NULL;
|
||||
static void filespec_destroy(void);
|
||||
static void filespec_eval(void);
|
||||
@ -3647,11 +3653,11 @@ index 48ffcad..c1e6e24 100644
|
||||
int ret;
|
||||
- char *context, *newcon;
|
||||
- int user_only_changed = 0;
|
||||
+ security_context_t curcon, newcon;
|
||||
+ security_context_t curcon = NULL, newcon = NULL;
|
||||
|
||||
if (match(my_file, ftsent->fts_statp, &newcon) < 0)
|
||||
/* Check for no matching specification. */
|
||||
@@ -143,74 +143,82 @@ static int restore(FTSENT *ftsent)
|
||||
@@ -143,74 +143,105 @@ static int restore(FTSENT *ftsent)
|
||||
printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon);
|
||||
}
|
||||
|
||||
@ -3696,7 +3702,6 @@ index 48ffcad..c1e6e24 100644
|
||||
- (context && (strcmp(context, newcon) == 0))) {
|
||||
- freecon(context);
|
||||
+ if (curcon && (strcmp(curcon, newcon) == 0)) {
|
||||
+ freecon(curcon);
|
||||
goto out;
|
||||
}
|
||||
|
||||
@ -3709,32 +3714,59 @@ index 48ffcad..c1e6e24 100644
|
||||
+ r_opts->progname, my_file, curcon);
|
||||
}
|
||||
- freecon(context);
|
||||
+ freecon(curcon);
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Do not change label unless this is a force or the type is different
|
||||
+ */
|
||||
+ if (!r_opts->force && match_type(curcon, &newcon)) {
|
||||
+ freecon(curcon);
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (r_opts->verbose) {
|
||||
- if (r_opts->verbose) {
|
||||
- /* If we're just doing "-v", trim out any relabels where
|
||||
- * the user has r_opts->changed but the role and type are the
|
||||
- * same. For "-vv", emit everything. */
|
||||
- if (r_opts->verbose > 1 || !user_only_changed) {
|
||||
- printf("%s reset %s context %s->%s\n",
|
||||
- r_opts->progname, my_file, context ?: "", newcon);
|
||||
- }
|
||||
+ printf("%s reset %s context %s->%s\n",
|
||||
+ r_opts->progname, my_file, curcon ?: "", newcon);
|
||||
+ /*
|
||||
+ * Do not change label unless this is a force or the type is different
|
||||
+ */
|
||||
+ if (!r_opts->force && curcon) {
|
||||
+ int types_differ = 0;
|
||||
+ context_t cona;
|
||||
+ context_t conb;
|
||||
+ int err = 0;
|
||||
+ cona = context_new(curcon);
|
||||
+ if (! cona) {
|
||||
+ goto out;
|
||||
+ }
|
||||
+ conb = context_new(newcon);
|
||||
+ if (! conb) {
|
||||
+ context_free(cona);
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ types_differ = strcmp(context_type_get(cona), context_type_get(conb));
|
||||
+ if (types_differ) {
|
||||
+ err |= context_user_set(conb, context_user_get(cona));
|
||||
+ err |= context_role_set(conb, context_role_get(cona));
|
||||
+ err |= context_range_set(conb, context_range_get(cona));
|
||||
+ if (!err) {
|
||||
+ freecon(newcon);
|
||||
+ newcon = strdup(context_str(conb));
|
||||
+ }
|
||||
+ }
|
||||
+ context_free(cona);
|
||||
+ context_free(conb);
|
||||
+
|
||||
+ if (!types_differ || err) {
|
||||
+ goto out;
|
||||
}
|
||||
}
|
||||
|
||||
- if (r_opts->logging && !user_only_changed) {
|
||||
- if (context)
|
||||
+ if (r_opts->verbose) {
|
||||
+ printf("%s reset %s context %s->%s\n",
|
||||
+ r_opts->progname, my_file, curcon ?: "", newcon);
|
||||
+ }
|
||||
+
|
||||
+ if (r_opts->logging) {
|
||||
+ if (curcon)
|
||||
syslog(LOG_INFO, "relabeling %s from %s to %s\n",
|
||||
@ -3751,9 +3783,7 @@ index 48ffcad..c1e6e24 100644
|
||||
|
||||
- if (context)
|
||||
- freecon(context);
|
||||
+ if (curcon)
|
||||
+ freecon(curcon);
|
||||
|
||||
-
|
||||
/*
|
||||
* Do not relabel the file if -n was used.
|
||||
*/
|
||||
@ -3762,7 +3792,7 @@ index 48ffcad..c1e6e24 100644
|
||||
goto out;
|
||||
|
||||
/*
|
||||
@@ -318,11 +326,16 @@ static int process_one(char *name, int recurse_this_path)
|
||||
@@ -318,11 +349,16 @@ static int process_one(char *name, int recurse_this_path)
|
||||
|
||||
|
||||
ftsent = fts_read(fts_handle);
|
||||
@ -3782,7 +3812,7 @@ index 48ffcad..c1e6e24 100644
|
||||
do {
|
||||
rc = 0;
|
||||
/* Skip the post order nodes. */
|
||||
@@ -390,7 +403,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
@@ -390,7 +426,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
{
|
||||
int rc = 0;
|
||||
char *p;
|
||||
@ -3791,7 +3821,7 @@ index 48ffcad..c1e6e24 100644
|
||||
|
||||
if (r_opts == NULL){
|
||||
fprintf(stderr,
|
||||
@@ -401,7 +414,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
@@ -401,7 +437,7 @@ int process_one_realpath(char *name, int recurse)
|
||||
if (!r_opts->expand_realpath) {
|
||||
return process_one(name, recurse);
|
||||
} else {
|
||||
@ -3800,22 +3830,14 @@ index 48ffcad..c1e6e24 100644
|
||||
if (rc < 0) {
|
||||
if (r_opts->ignore_enoent && errno == ENOENT)
|
||||
return 0;
|
||||
@@ -486,20 +499,46 @@ int add_exclude(const char *directory)
|
||||
@@ -486,22 +522,6 @@ int add_exclude(const char *directory)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-/* Compare two contexts to see if their differences are "significant",
|
||||
- * or whether the only difference is in the user. */
|
||||
-static int only_changed_user(const char *a, const char *b)
|
||||
+#include <selinux/context.h>
|
||||
+
|
||||
+/* Compare two contexts to see if their types differ; if they do, return 1
|
||||
+ * and replace the the new context with the the current context user, role
|
||||
+ * and range
|
||||
+ */
|
||||
+
|
||||
+static int match_type(const security_context_t oldcon, security_context_t *newcon)
|
||||
{
|
||||
-{
|
||||
- char *rest_a, *rest_b; /* Rest of the context after the user */
|
||||
- if (r_opts->force)
|
||||
- return 0;
|
||||
@ -3826,41 +3848,12 @@ index 48ffcad..c1e6e24 100644
|
||||
- if (!rest_a || !rest_b)
|
||||
- return 0;
|
||||
- return (strcmp(rest_a, rest_b) == 0);
|
||||
+ int match = 0;
|
||||
+ context_t cona;
|
||||
+ context_t conb;
|
||||
+ if (!oldcon || !*newcon)
|
||||
+ return match;
|
||||
+ cona = context_new(oldcon);
|
||||
+ if (! cona) {
|
||||
+ return match;
|
||||
+ }
|
||||
+ conb = context_new(*newcon);
|
||||
+ if (! conb) {
|
||||
+ context_free(cona);
|
||||
+ return match;
|
||||
+ }
|
||||
+
|
||||
+ match = strcmp(context_type_get(cona), context_type_get(conb)) == 0;
|
||||
+ if (! match) {
|
||||
+ if (context_user_set(conb, context_user_get(cona)) < 0)
|
||||
+ goto out;
|
||||
+ if (context_role_set(conb, context_role_get(cona)) < 0)
|
||||
+ goto out;
|
||||
+ if (context_range_set(conb, context_range_get(cona)) < 0)
|
||||
+ goto out;
|
||||
+ free(*newcon);
|
||||
+ *newcon = strdup(context_str(conb));
|
||||
+ }
|
||||
+
|
||||
+out:
|
||||
+ context_free(cona);
|
||||
+ context_free(conb);
|
||||
+ return match;
|
||||
}
|
||||
|
||||
-}
|
||||
-
|
||||
/*
|
||||
@@ -568,7 +607,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
* Evaluate the association hash table distribution.
|
||||
*/
|
||||
@@ -568,7 +588,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
{
|
||||
file_spec_t *prevfl, *fl;
|
||||
int h, ret;
|
||||
@ -3869,7 +3862,7 @@ index 48ffcad..c1e6e24 100644
|
||||
|
||||
if (!fl_head) {
|
||||
fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
|
||||
@@ -581,7 +620,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
@@ -581,7 +601,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil
|
||||
for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
|
||||
prevfl = fl, fl = fl->next) {
|
||||
if (ino == fl->ino) {
|
||||
@ -3891,10 +3884,10 @@ index ac27222..3909d15 100644
|
||||
|
||||
void restore_init(struct restore_opts *opts);
|
||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||
index c8ea4bb..6cb7d3d 100644
|
||||
index c8ea4bb..0eb7293 100644
|
||||
--- a/policycoreutils/setfiles/restorecon.8
|
||||
+++ b/policycoreutils/setfiles/restorecon.8
|
||||
@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts.
|
||||
@@ -4,22 +4,27 @@ restorecon \- restore file(s) default SELinux security contexts.
|
||||
|
||||
.SH "SYNOPSIS"
|
||||
.B restorecon
|
||||
@ -3907,7 +3900,25 @@ index c8ea4bb..6cb7d3d 100644
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
This manual page describes the
|
||||
@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s
|
||||
.BR restorecon
|
||||
program.
|
||||
.P
|
||||
-This program is primarily used to set the security context
|
||||
+This program is primarily used to reset the security context (type)
|
||||
(extended attributes) on one or more files.
|
||||
.P
|
||||
It can be run at any time to correct errors, to add support for
|
||||
new policy, or with the \-n option it can just check whether the file
|
||||
contexts are all as you expect.
|
||||
+.P
|
||||
+If a file object does not have a context, restorecon will write the default
|
||||
+context to the file object's extended attributes. If a file object has a
|
||||
+context, restorecon will only modify the type portion of the security context.
|
||||
+The -F option will force a replacement of the entire context.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
@@ -32,6 +37,12 @@ infilename contains a list of files to be processed by application. Use \- for s
|
||||
.B \-e directory
|
||||
directory to exclude (repeat option for more than one directory.)
|
||||
.TP
|
||||
@ -3920,8 +3931,21 @@ index c8ea4bb..6cb7d3d 100644
|
||||
.B \-R \-r
|
||||
change files and directories file labels recursively
|
||||
.TP
|
||||
@@ -47,11 +58,8 @@ show progress by printing * every 1000 files.
|
||||
.B \-v
|
||||
show changes in file labels.
|
||||
.TP
|
||||
-.B \-vv
|
||||
-show changes in file labels, if type, role, or user are changing.
|
||||
-.TP
|
||||
.B \-F
|
||||
-Force reset of context to match file_context for customizable files, or the user section, if it has changed.
|
||||
+Force reset of context to match file_context for customizable files, and the default file context, changing the user, role, range portion as well as the type.
|
||||
.TP
|
||||
.SH "ARGUMENTS"
|
||||
.B pathname...
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index 7f700ca..c77431a 100644
|
||||
index 7f700ca..5902e8e 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts.
|
||||
@ -3929,20 +3953,46 @@ index 7f700ca..c77431a 100644
|
||||
.SH "SYNOPSIS"
|
||||
.B setfiles
|
||||
-.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
||||
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname...
|
||||
+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-W] [\-F] spec_file pathname...
|
||||
.SH "DESCRIPTION"
|
||||
This manual page describes the
|
||||
.BR setfiles
|
||||
@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.)
|
||||
.B \-F
|
||||
Force reset of context to match file_context for customizable files
|
||||
@@ -17,6 +17,11 @@ program is initially run as part of the SE Linux installation process.
|
||||
It can also be run at any time to correct errors, to add support for
|
||||
new policy, or with the \-n option it can just check whether the file
|
||||
contexts are all as you expect.
|
||||
+.P
|
||||
+If a file object does not have a context, setfiles will write the default
|
||||
+context to the file object's extended attributes. If a file object has a
|
||||
+context, setfiles will only modify the type portion of the security context.
|
||||
+The -F option will force a replacement of the entire context.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
@@ -45,7 +50,10 @@ use an alternate root path
|
||||
directory to exclude (repeat option for more than one directory.)
|
||||
.TP
|
||||
.B \-F
|
||||
-Force reset of context to match file_context for customizable files
|
||||
+Force reset of context to match file_context for customizable files, and the default file context, changing the user, role, range portion as well as the type.
|
||||
+.TP
|
||||
+.B \-L labelprefix
|
||||
+Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory.
|
||||
+.TP
|
||||
.TP
|
||||
.B \-o filename
|
||||
save list of files with incorrect context in filename.
|
||||
@@ -55,10 +63,7 @@ take a list of files from standard input instead of using a pathname on the
|
||||
command line.
|
||||
.TP
|
||||
.B \-v
|
||||
-show changes in file labels, if type or role are changing.
|
||||
-.TP
|
||||
-.B \-vv
|
||||
-show changes in file labels, if type, role, or user are changing.
|
||||
+show changes in file labels
|
||||
.TP
|
||||
.B \-W
|
||||
display warnings about entries that had no matching files.
|
||||
diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c
|
||||
index fa0cd6a..590a4e0 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.c
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.5
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -222,7 +222,7 @@ Summary: SELinux configuration GUI
|
||||
Group: System Environment/Base
|
||||
Requires: policycoreutils-python = %{version}-%{release}
|
||||
Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas
|
||||
Requires: usermode-gtk
|
||||
Requires: usermode-gtk pywebkitgtk
|
||||
Requires: setools-console
|
||||
Requires: selinux-policy
|
||||
Requires: python >= 2.6
|
||||
@ -352,6 +352,9 @@ fi
|
||||
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Sep 8 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-5
|
||||
- Add back lockdown wizard for booleans using pywebkitgtk
|
||||
|
||||
* Wed Sep 7 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-4
|
||||
- Maintain the LANG environment Variable into the sandbox
|
||||
- Change restorecon/setfiles to only change type part of the context unless
|
||||
|
||||
Loading…
Reference in New Issue
Block a user