diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index d2911b0..31e935c 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -1,6 +1,6 @@ diff -up policycoreutils-2.1.5/gui/booleansPage.py.gui policycoreutils-2.1.5/gui/booleansPage.py ---- policycoreutils-2.1.5/gui/booleansPage.py.gui 2011-09-06 13:15:33.016804593 -0400 -+++ policycoreutils-2.1.5/gui/booleansPage.py 2011-09-06 13:15:33.016804593 -0400 +--- policycoreutils-2.1.5/gui/booleansPage.py.gui 2011-09-07 16:58:08.229268533 -0400 ++++ policycoreutils-2.1.5/gui/booleansPage.py 2011-09-07 16:58:08.229268533 -0400 @@ -0,0 +1,247 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel @@ -250,8 +250,8 @@ diff -up policycoreutils-2.1.5/gui/booleansPage.py.gui policycoreutils-2.1.5/gui + return True + diff -up policycoreutils-2.1.5/gui/domainsPage.py.gui policycoreutils-2.1.5/gui/domainsPage.py ---- policycoreutils-2.1.5/gui/domainsPage.py.gui 2011-09-06 13:15:33.016804593 -0400 -+++ policycoreutils-2.1.5/gui/domainsPage.py 2011-09-06 13:15:33.017804594 -0400 +--- policycoreutils-2.1.5/gui/domainsPage.py.gui 2011-09-07 16:58:08.230268533 -0400 ++++ policycoreutils-2.1.5/gui/domainsPage.py 2011-09-07 16:58:08.230268533 -0400 @@ -0,0 +1,154 @@ +## domainsPage.py - show selinux domains +## Copyright (C) 2009 Red Hat, Inc. @@ -408,8 +408,8 @@ diff -up policycoreutils-2.1.5/gui/domainsPage.py.gui policycoreutils-2.1.5/gui/ + except ValueError, e: + self.error(e.args[0]) diff -up policycoreutils-2.1.5/gui/fcontextPage.py.gui policycoreutils-2.1.5/gui/fcontextPage.py ---- policycoreutils-2.1.5/gui/fcontextPage.py.gui 2011-09-06 13:15:33.017804594 -0400 -+++ policycoreutils-2.1.5/gui/fcontextPage.py 2011-09-06 13:15:33.018804595 -0400 +--- policycoreutils-2.1.5/gui/fcontextPage.py.gui 2011-09-07 16:58:08.230268533 -0400 ++++ policycoreutils-2.1.5/gui/fcontextPage.py 2011-09-07 16:58:08.231268533 -0400 @@ -0,0 +1,223 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -635,8 +635,8 @@ diff -up policycoreutils-2.1.5/gui/fcontextPage.py.gui policycoreutils-2.1.5/gui + self.store.set_value(iter, FTYPE_COL, ftype) + self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) diff -up policycoreutils-2.1.5/gui/html_util.py.gui policycoreutils-2.1.5/gui/html_util.py ---- policycoreutils-2.1.5/gui/html_util.py.gui 2011-09-06 13:15:33.018804595 -0400 -+++ policycoreutils-2.1.5/gui/html_util.py 2011-09-06 13:15:33.018804595 -0400 +--- policycoreutils-2.1.5/gui/html_util.py.gui 2011-09-07 16:58:08.231268533 -0400 ++++ policycoreutils-2.1.5/gui/html_util.py 2011-09-07 16:58:08.231268533 -0400 @@ -0,0 +1,164 @@ +# Authors: John Dennis +# @@ -803,8 +803,8 @@ diff -up policycoreutils-2.1.5/gui/html_util.py.gui policycoreutils-2.1.5/gui/ht + return doc + diff -up policycoreutils-2.1.5/gui/lockdown.glade.gui policycoreutils-2.1.5/gui/lockdown.glade ---- policycoreutils-2.1.5/gui/lockdown.glade.gui 2011-09-06 13:15:33.020804597 -0400 -+++ policycoreutils-2.1.5/gui/lockdown.glade 2011-09-06 13:15:33.020804597 -0400 +--- policycoreutils-2.1.5/gui/lockdown.glade.gui 2011-09-07 16:58:08.232268533 -0400 ++++ policycoreutils-2.1.5/gui/lockdown.glade 2011-09-07 16:58:08.232268533 -0400 @@ -0,0 +1,771 @@ + + @@ -1578,8 +1578,8 @@ diff -up policycoreutils-2.1.5/gui/lockdown.glade.gui policycoreutils-2.1.5/gui/ + + diff -up policycoreutils-2.1.5/gui/lockdown.gladep.gui policycoreutils-2.1.5/gui/lockdown.gladep ---- policycoreutils-2.1.5/gui/lockdown.gladep.gui 2011-09-06 13:15:33.021804598 -0400 -+++ policycoreutils-2.1.5/gui/lockdown.gladep 2011-09-06 13:15:33.021804598 -0400 +--- policycoreutils-2.1.5/gui/lockdown.gladep.gui 2011-09-07 16:58:08.233268533 -0400 ++++ policycoreutils-2.1.5/gui/lockdown.gladep 2011-09-07 16:58:08.233268533 -0400 @@ -0,0 +1,7 @@ + + @@ -1589,10 +1589,10 @@ diff -up policycoreutils-2.1.5/gui/lockdown.gladep.gui policycoreutils-2.1.5/gui + + diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/lockdown.py ---- policycoreutils-2.1.5/gui/lockdown.py.gui 2011-09-06 13:15:33.022804599 -0400 -+++ policycoreutils-2.1.5/gui/lockdown.py 2011-09-06 13:15:33.022804599 -0400 -@@ -0,0 +1,382 @@ -+#!/usr/bin/python -Es +--- policycoreutils-2.1.5/gui/lockdown.py.gui 2011-09-07 16:58:08.234268533 -0400 ++++ policycoreutils-2.1.5/gui/lockdown.py 2011-09-08 09:42:14.245334273 -0400 +@@ -0,0 +1,375 @@ ++#!/usr/bin/python +# +# lockdown.py - GUI for Booleans page in system-config-securitylevel +# @@ -1623,7 +1623,7 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc +import sys +import selinux +import seobject -+import gtkhtml2 ++import webkit +import commands +import tempfile + @@ -1714,18 +1714,14 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc + col.set_resizable(True) + self.view.append_column(col) + -+ self.html_view, self.doc = self.create_htmlview(self.html_scrolledwindow) ++ self.html_view = self.create_htmlview(self.html_scrolledwindow) + self.load() + self.view.get_selection().select_path ((0,)) + + def create_htmlview(self, container): -+ view = gtkhtml2.View() -+ doc = gtkhtml2.Document() -+ container.set_hadjustment(view.get_hadjustment()) -+ container.set_vadjustment(view.get_vadjustment()) -+ view.set_document(doc) ++ view = webkit.WebView() + container.add(view) -+ return (view, doc) ++ return (view) + + def wait(self): + self.window.set_cursor(self.busy_cursor) @@ -1922,9 +1918,7 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc + self.cat = None + + self.name = store.get_value(iter, BOOLEAN) -+ self.doc.clear() -+ self.doc.open_stream("text/html") -+ ++ + html = '' + + self.radiobox.hide() @@ -1956,8 +1950,7 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc + self.default_radiobutton.set_active(True) + html_doc= html_document(html) + -+ self.doc.write_stream(html_doc) -+ self.doc.close_stream() ++ self.html_view.load_html_string(html, "") + + def stand_alone(self): + desktopName = _("Lockdown SELinux Booleans") @@ -1975,8 +1968,8 @@ diff -up policycoreutils-2.1.5/gui/lockdown.py.gui policycoreutils-2.1.5/gui/loc + app = booleanWindow() + app.stand_alone() diff -up policycoreutils-2.1.5/gui/loginsPage.py.gui policycoreutils-2.1.5/gui/loginsPage.py ---- policycoreutils-2.1.5/gui/loginsPage.py.gui 2011-09-06 13:15:33.023804600 -0400 -+++ policycoreutils-2.1.5/gui/loginsPage.py 2011-09-06 13:15:33.023804600 -0400 +--- policycoreutils-2.1.5/gui/loginsPage.py.gui 2011-09-07 16:58:08.234268533 -0400 ++++ policycoreutils-2.1.5/gui/loginsPage.py 2011-09-07 16:58:08.234268533 -0400 @@ -0,0 +1,185 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2164,9 +2157,9 @@ diff -up policycoreutils-2.1.5/gui/loginsPage.py.gui policycoreutils-2.1.5/gui/l + self.store.set_value(iter, 2, seobject.translate(serange)) + diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefile ---- policycoreutils-2.1.5/gui/Makefile.gui 2011-09-06 13:15:33.023804600 -0400 -+++ policycoreutils-2.1.5/gui/Makefile 2011-09-06 13:16:40.940907544 -0400 -@@ -0,0 +1,38 @@ +--- policycoreutils-2.1.5/gui/Makefile.gui 2011-09-07 16:58:08.235268532 -0400 ++++ policycoreutils-2.1.5/gui/Makefile 2011-09-08 09:43:07.615249107 -0400 +@@ -0,0 +1,40 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr +BINDIR ?= $(PREFIX)/bin @@ -2182,13 +2175,14 @@ diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefi +modulesPage.py \ +polgen.glade \ +portsPage.py \ ++lockdown.glade \ +semanagePage.py \ +statusPage.py \ +system-config-selinux.glade \ +usersPage.py \ +selinux.tbl + -+all: $(TARGETS) system-config-selinux.py polgengui.py templates polgen.py ++all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py polgen.py + +install: all + -mkdir -p $(SHAREDIR)/templates @@ -2197,6 +2191,7 @@ diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefi + install -m 755 polgengui.py $(SHAREDIR) + install -m 755 polgen.py $(SHAREDIR) + (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen) ++ install -m 755 lockdown.py $(SHAREDIR) + install -m 644 $(TARGETS) $(SHAREDIR) + install -m 644 templates/*.py $(SHAREDIR)/templates/ + @@ -2206,8 +2201,8 @@ diff -up policycoreutils-2.1.5/gui/Makefile.gui policycoreutils-2.1.5/gui/Makefi + +relabel: diff -up policycoreutils-2.1.5/gui/mappingsPage.py.gui policycoreutils-2.1.5/gui/mappingsPage.py ---- policycoreutils-2.1.5/gui/mappingsPage.py.gui 2011-09-06 13:15:33.024804601 -0400 -+++ policycoreutils-2.1.5/gui/mappingsPage.py 2011-09-06 13:15:33.024804601 -0400 +--- policycoreutils-2.1.5/gui/mappingsPage.py.gui 2011-09-07 16:58:08.235268532 -0400 ++++ policycoreutils-2.1.5/gui/mappingsPage.py 2011-09-07 16:58:08.236268531 -0400 @@ -0,0 +1,56 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2266,8 +2261,8 @@ diff -up policycoreutils-2.1.5/gui/mappingsPage.py.gui policycoreutils-2.1.5/gui + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + diff -up policycoreutils-2.1.5/gui/modulesPage.py.gui policycoreutils-2.1.5/gui/modulesPage.py ---- policycoreutils-2.1.5/gui/modulesPage.py.gui 2011-09-06 13:15:33.025804602 -0400 -+++ policycoreutils-2.1.5/gui/modulesPage.py 2011-09-06 13:15:33.025804602 -0400 +--- policycoreutils-2.1.5/gui/modulesPage.py.gui 2011-09-07 16:58:08.236268531 -0400 ++++ policycoreutils-2.1.5/gui/modulesPage.py 2011-09-07 16:58:08.236268531 -0400 @@ -0,0 +1,190 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006-2009 Red Hat, Inc. @@ -2460,8 +2455,8 @@ diff -up policycoreutils-2.1.5/gui/modulesPage.py.gui policycoreutils-2.1.5/gui/ + except ValueError, e: + self.error(e.args[0]) diff -up policycoreutils-2.1.5/gui/polgen.glade.gui policycoreutils-2.1.5/gui/polgen.glade ---- policycoreutils-2.1.5/gui/polgen.glade.gui 2011-09-06 13:15:33.028804605 -0400 -+++ policycoreutils-2.1.5/gui/polgen.glade 2011-09-06 13:15:33.030804607 -0400 +--- policycoreutils-2.1.5/gui/polgen.glade.gui 2011-09-07 16:58:08.239268531 -0400 ++++ policycoreutils-2.1.5/gui/polgen.glade 2011-09-07 16:58:08.240268531 -0400 @@ -0,0 +1,3432 @@ + + @@ -5896,8 +5891,8 @@ diff -up policycoreutils-2.1.5/gui/polgen.glade.gui policycoreutils-2.1.5/gui/po + + diff -up policycoreutils-2.1.5/gui/polgen.gladep.gui policycoreutils-2.1.5/gui/polgen.gladep ---- policycoreutils-2.1.5/gui/polgen.gladep.gui 2011-09-06 13:15:33.030804607 -0400 -+++ policycoreutils-2.1.5/gui/polgen.gladep 2011-09-06 13:15:33.031804608 -0400 +--- policycoreutils-2.1.5/gui/polgen.gladep.gui 2011-09-07 16:58:08.241268531 -0400 ++++ policycoreutils-2.1.5/gui/polgen.gladep 2011-09-07 16:58:08.241268531 -0400 @@ -0,0 +1,7 @@ + + @@ -5907,8 +5902,8 @@ diff -up policycoreutils-2.1.5/gui/polgen.gladep.gui policycoreutils-2.1.5/gui/p + + diff -up policycoreutils-2.1.5/gui/polgengui.py.gui policycoreutils-2.1.5/gui/polgengui.py ---- policycoreutils-2.1.5/gui/polgengui.py.gui 2011-09-06 13:15:33.032804609 -0400 -+++ policycoreutils-2.1.5/gui/polgengui.py 2011-09-06 13:15:33.032804609 -0400 +--- policycoreutils-2.1.5/gui/polgengui.py.gui 2011-09-07 16:58:08.242268530 -0400 ++++ policycoreutils-2.1.5/gui/polgengui.py 2011-09-07 16:58:08.242268530 -0400 @@ -0,0 +1,750 @@ +#!/usr/bin/python -Es +# @@ -6661,8 +6656,8 @@ diff -up policycoreutils-2.1.5/gui/polgengui.py.gui policycoreutils-2.1.5/gui/po + app = childWindow() + app.stand_alone() diff -up policycoreutils-2.1.5/gui/polgen.py.gui policycoreutils-2.1.5/gui/polgen.py ---- policycoreutils-2.1.5/gui/polgen.py.gui 2011-09-06 13:15:33.034804611 -0400 -+++ policycoreutils-2.1.5/gui/polgen.py 2011-09-06 13:15:33.034804611 -0400 +--- policycoreutils-2.1.5/gui/polgen.py.gui 2011-09-07 16:58:08.243268529 -0400 ++++ policycoreutils-2.1.5/gui/polgen.py 2011-09-07 16:58:08.244268529 -0400 @@ -0,0 +1,1346 @@ +#!/usr/bin/python -Es +# @@ -8011,8 +8006,8 @@ diff -up policycoreutils-2.1.5/gui/polgen.py.gui policycoreutils-2.1.5/gui/polge + except ValueError, e: + usage(e) diff -up policycoreutils-2.1.5/gui/portsPage.py.gui policycoreutils-2.1.5/gui/portsPage.py ---- policycoreutils-2.1.5/gui/portsPage.py.gui 2011-09-06 13:15:33.035804612 -0400 -+++ policycoreutils-2.1.5/gui/portsPage.py 2011-09-06 13:15:33.035804612 -0400 +--- policycoreutils-2.1.5/gui/portsPage.py.gui 2011-09-07 16:58:08.244268529 -0400 ++++ policycoreutils-2.1.5/gui/portsPage.py 2011-09-07 16:58:08.244268529 -0400 @@ -0,0 +1,259 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -8274,8 +8269,8 @@ diff -up policycoreutils-2.1.5/gui/portsPage.py.gui policycoreutils-2.1.5/gui/po + return True + diff -up policycoreutils-2.1.5/gui/selinux.tbl.gui policycoreutils-2.1.5/gui/selinux.tbl ---- policycoreutils-2.1.5/gui/selinux.tbl.gui 2011-09-06 13:15:33.036804613 -0400 -+++ policycoreutils-2.1.5/gui/selinux.tbl 2011-09-06 13:15:33.036804613 -0400 +--- policycoreutils-2.1.5/gui/selinux.tbl.gui 2011-09-07 16:58:08.245268529 -0400 ++++ policycoreutils-2.1.5/gui/selinux.tbl 2011-09-07 16:58:08.246268529 -0400 @@ -0,0 +1,234 @@ +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") @@ -8512,8 +8507,8 @@ diff -up policycoreutils-2.1.5/gui/selinux.tbl.gui policycoreutils-2.1.5/gui/sel +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories") + diff -up policycoreutils-2.1.5/gui/semanagePage.py.gui policycoreutils-2.1.5/gui/semanagePage.py ---- policycoreutils-2.1.5/gui/semanagePage.py.gui 2011-09-06 13:15:33.037804614 -0400 -+++ policycoreutils-2.1.5/gui/semanagePage.py 2011-09-06 13:15:33.037804614 -0400 +--- policycoreutils-2.1.5/gui/semanagePage.py.gui 2011-09-07 16:58:08.246268529 -0400 ++++ policycoreutils-2.1.5/gui/semanagePage.py 2011-09-07 16:58:08.246268529 -0400 @@ -0,0 +1,168 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -8684,8 +8679,8 @@ diff -up policycoreutils-2.1.5/gui/semanagePage.py.gui policycoreutils-2.1.5/gui + return True + diff -up policycoreutils-2.1.5/gui/statusPage.py.gui policycoreutils-2.1.5/gui/statusPage.py ---- policycoreutils-2.1.5/gui/statusPage.py.gui 2011-09-06 13:15:33.038804615 -0400 -+++ policycoreutils-2.1.5/gui/statusPage.py 2011-09-06 13:15:33.038804615 -0400 +--- policycoreutils-2.1.5/gui/statusPage.py.gui 2011-09-07 16:58:08.247268528 -0400 ++++ policycoreutils-2.1.5/gui/statusPage.py 2011-09-07 16:58:08.247268528 -0400 @@ -0,0 +1,190 @@ +# statusPage.py - show selinux status +## Copyright (C) 2006-2009 Red Hat, Inc. @@ -8878,9 +8873,9 @@ diff -up policycoreutils-2.1.5/gui/statusPage.py.gui policycoreutils-2.1.5/gui/s + + diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreutils-2.1.5/gui/system-config-selinux.glade ---- policycoreutils-2.1.5/gui/system-config-selinux.glade.gui 2011-09-06 13:15:33.041804618 -0400 -+++ policycoreutils-2.1.5/gui/system-config-selinux.glade 2011-09-06 13:16:15.397861323 -0400 -@@ -0,0 +1,3005 @@ +--- policycoreutils-2.1.5/gui/system-config-selinux.glade.gui 2011-09-07 16:58:08.249268527 -0400 ++++ policycoreutils-2.1.5/gui/system-config-selinux.glade 2011-09-08 09:44:04.498161457 -0400 +@@ -0,0 +1,3024 @@ + + + @@ -10112,6 +10107,7 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreuti + + True + True ++ 0 + + + @@ -10508,6 +10504,24 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreuti + True + + ++ ++ ++ ++ True ++ Run booleans lockdown wizard ++ Lockdown... ++ True ++ gtk-print-error ++ True ++ True ++ False ++ ++ ++ ++ False ++ True ++ ++ + + + 0 @@ -11887,8 +11901,8 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.glade.gui policycoreuti + + diff -up policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui policycoreutils-2.1.5/gui/system-config-selinux.gladep ---- policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui 2011-09-06 13:15:33.042804619 -0400 -+++ policycoreutils-2.1.5/gui/system-config-selinux.gladep 2011-09-06 13:15:33.043804620 -0400 +--- policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui 2011-09-07 16:58:08.250268527 -0400 ++++ policycoreutils-2.1.5/gui/system-config-selinux.gladep 2011-09-07 16:58:08.250268527 -0400 @@ -0,0 +1,7 @@ + + @@ -11898,8 +11912,8 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.gladep.gui policycoreut + + diff -up policycoreutils-2.1.5/gui/system-config-selinux.py.gui policycoreutils-2.1.5/gui/system-config-selinux.py ---- policycoreutils-2.1.5/gui/system-config-selinux.py.gui 2011-09-06 13:15:33.043804620 -0400 -+++ policycoreutils-2.1.5/gui/system-config-selinux.py 2011-09-06 13:15:33.043804620 -0400 +--- policycoreutils-2.1.5/gui/system-config-selinux.py.gui 2011-09-07 16:58:08.251268527 -0400 ++++ policycoreutils-2.1.5/gui/system-config-selinux.py 2011-09-07 16:58:08.251268527 -0400 @@ -0,0 +1,187 @@ +#!/usr/bin/python -Es +# @@ -12089,8 +12103,8 @@ diff -up policycoreutils-2.1.5/gui/system-config-selinux.py.gui policycoreutils- + app = childWindow() + app.stand_alone() diff -up policycoreutils-2.1.5/gui/templates/boolean.py.gui policycoreutils-2.1.5/gui/templates/boolean.py ---- policycoreutils-2.1.5/gui/templates/boolean.py.gui 2011-09-06 13:15:33.044804621 -0400 -+++ policycoreutils-2.1.5/gui/templates/boolean.py 2011-09-06 13:15:33.044804621 -0400 +--- policycoreutils-2.1.5/gui/templates/boolean.py.gui 2011-09-07 16:58:08.252268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/boolean.py 2011-09-07 16:58:08.252268527 -0400 @@ -0,0 +1,40 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -12133,8 +12147,8 @@ diff -up policycoreutils-2.1.5/gui/templates/boolean.py.gui policycoreutils-2.1. +""" + diff -up policycoreutils-2.1.5/gui/templates/etc_rw.py.gui policycoreutils-2.1.5/gui/templates/etc_rw.py ---- policycoreutils-2.1.5/gui/templates/etc_rw.py.gui 2011-09-06 13:15:33.045804622 -0400 -+++ policycoreutils-2.1.5/gui/templates/etc_rw.py 2011-09-06 13:15:33.045804622 -0400 +--- policycoreutils-2.1.5/gui/templates/etc_rw.py.gui 2011-09-07 16:58:08.252268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/etc_rw.py 2011-09-07 16:58:08.252268527 -0400 @@ -0,0 +1,112 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -12249,8 +12263,8 @@ diff -up policycoreutils-2.1.5/gui/templates/etc_rw.py.gui policycoreutils-2.1.5 +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/executable.py.gui policycoreutils-2.1.5/gui/templates/executable.py ---- policycoreutils-2.1.5/gui/templates/executable.py.gui 2011-09-06 13:15:33.046804623 -0400 -+++ policycoreutils-2.1.5/gui/templates/executable.py 2011-09-06 13:15:33.046804623 -0400 +--- policycoreutils-2.1.5/gui/templates/executable.py.gui 2011-09-07 16:58:08.253268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/executable.py 2011-09-07 16:58:08.253268527 -0400 @@ -0,0 +1,451 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -12704,8 +12718,8 @@ diff -up policycoreutils-2.1.5/gui/templates/executable.py.gui policycoreutils-2 +EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/__init__.py.gui policycoreutils-2.1.5/gui/templates/__init__.py ---- policycoreutils-2.1.5/gui/templates/__init__.py.gui 2011-09-06 13:15:33.046804623 -0400 -+++ policycoreutils-2.1.5/gui/templates/__init__.py 2011-09-06 13:15:33.047804624 -0400 +--- policycoreutils-2.1.5/gui/templates/__init__.py.gui 2011-09-07 16:58:08.254268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/__init__.py 2011-09-07 16:58:08.254268527 -0400 @@ -0,0 +1,18 @@ +# +# Copyright (C) 2007-2011 Red Hat @@ -12726,8 +12740,8 @@ diff -up policycoreutils-2.1.5/gui/templates/__init__.py.gui policycoreutils-2.1 +# + diff -up policycoreutils-2.1.5/gui/templates/network.py.gui policycoreutils-2.1.5/gui/templates/network.py ---- policycoreutils-2.1.5/gui/templates/network.py.gui 2011-09-06 13:15:33.047804624 -0400 -+++ policycoreutils-2.1.5/gui/templates/network.py 2011-09-06 13:15:33.047804624 -0400 +--- policycoreutils-2.1.5/gui/templates/network.py.gui 2011-09-07 16:58:08.254268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/network.py 2011-09-07 16:58:08.255268527 -0400 @@ -0,0 +1,102 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -12832,8 +12846,8 @@ diff -up policycoreutils-2.1.5/gui/templates/network.py.gui policycoreutils-2.1. +""" + diff -up policycoreutils-2.1.5/gui/templates/rw.py.gui policycoreutils-2.1.5/gui/templates/rw.py ---- policycoreutils-2.1.5/gui/templates/rw.py.gui 2011-09-06 13:15:33.048804625 -0400 -+++ policycoreutils-2.1.5/gui/templates/rw.py 2011-09-06 13:15:33.048804625 -0400 +--- policycoreutils-2.1.5/gui/templates/rw.py.gui 2011-09-07 16:58:08.255268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/rw.py 2011-09-07 16:58:08.255268527 -0400 @@ -0,0 +1,129 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -12965,8 +12979,8 @@ diff -up policycoreutils-2.1.5/gui/templates/rw.py.gui policycoreutils-2.1.5/gui +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/script.py.gui policycoreutils-2.1.5/gui/templates/script.py ---- policycoreutils-2.1.5/gui/templates/script.py.gui 2011-09-06 13:15:33.049804626 -0400 -+++ policycoreutils-2.1.5/gui/templates/script.py 2011-09-06 13:15:33.049804626 -0400 +--- policycoreutils-2.1.5/gui/templates/script.py.gui 2011-09-07 16:58:08.256268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/script.py 2011-09-07 16:58:08.256268527 -0400 @@ -0,0 +1,126 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13095,8 +13109,8 @@ diff -up policycoreutils-2.1.5/gui/templates/script.py.gui policycoreutils-2.1.5 +fi +""" diff -up policycoreutils-2.1.5/gui/templates/semodule.py.gui policycoreutils-2.1.5/gui/templates/semodule.py ---- policycoreutils-2.1.5/gui/templates/semodule.py.gui 2011-09-06 13:15:33.050804627 -0400 -+++ policycoreutils-2.1.5/gui/templates/semodule.py 2011-09-06 13:15:33.050804627 -0400 +--- policycoreutils-2.1.5/gui/templates/semodule.py.gui 2011-09-07 16:58:08.256268527 -0400 ++++ policycoreutils-2.1.5/gui/templates/semodule.py 2011-09-07 16:58:08.256268527 -0400 @@ -0,0 +1,41 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13140,8 +13154,8 @@ diff -up policycoreutils-2.1.5/gui/templates/semodule.py.gui policycoreutils-2.1 +""" + diff -up policycoreutils-2.1.5/gui/templates/tmp.py.gui policycoreutils-2.1.5/gui/templates/tmp.py ---- policycoreutils-2.1.5/gui/templates/tmp.py.gui 2011-09-06 13:15:33.050804627 -0400 -+++ policycoreutils-2.1.5/gui/templates/tmp.py 2011-09-06 13:15:33.050804627 -0400 +--- policycoreutils-2.1.5/gui/templates/tmp.py.gui 2011-09-07 16:58:08.257268526 -0400 ++++ policycoreutils-2.1.5/gui/templates/tmp.py 2011-09-07 16:58:08.257268526 -0400 @@ -0,0 +1,102 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13246,8 +13260,8 @@ diff -up policycoreutils-2.1.5/gui/templates/tmp.py.gui policycoreutils-2.1.5/gu + admin_pattern($1, TEMPLATETYPE_tmp_t) +""" diff -up policycoreutils-2.1.5/gui/templates/user.py.gui policycoreutils-2.1.5/gui/templates/user.py ---- policycoreutils-2.1.5/gui/templates/user.py.gui 2011-09-06 13:15:33.051804628 -0400 -+++ policycoreutils-2.1.5/gui/templates/user.py 2011-09-06 13:15:33.051804628 -0400 +--- policycoreutils-2.1.5/gui/templates/user.py.gui 2011-09-07 16:58:08.257268526 -0400 ++++ policycoreutils-2.1.5/gui/templates/user.py 2011-09-07 16:58:08.257268526 -0400 @@ -0,0 +1,204 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13454,8 +13468,8 @@ diff -up policycoreutils-2.1.5/gui/templates/user.py.gui policycoreutils-2.1.5/g +seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r) +""" diff -up policycoreutils-2.1.5/gui/templates/var_cache.py.gui policycoreutils-2.1.5/gui/templates/var_cache.py ---- policycoreutils-2.1.5/gui/templates/var_cache.py.gui 2011-09-06 13:15:33.052804629 -0400 -+++ policycoreutils-2.1.5/gui/templates/var_cache.py 2011-09-06 13:15:33.052804629 -0400 +--- policycoreutils-2.1.5/gui/templates/var_cache.py.gui 2011-09-07 16:58:08.258268525 -0400 ++++ policycoreutils-2.1.5/gui/templates/var_cache.py 2011-09-07 16:58:08.258268525 -0400 @@ -0,0 +1,132 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13590,8 +13604,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_cache.py.gui policycoreutils-2. +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/var_lib.py.gui policycoreutils-2.1.5/gui/templates/var_lib.py ---- policycoreutils-2.1.5/gui/templates/var_lib.py.gui 2011-09-06 13:15:33.052804629 -0400 -+++ policycoreutils-2.1.5/gui/templates/var_lib.py 2011-09-06 13:15:33.053804630 -0400 +--- policycoreutils-2.1.5/gui/templates/var_lib.py.gui 2011-09-07 16:58:08.258268525 -0400 ++++ policycoreutils-2.1.5/gui/templates/var_lib.py 2011-09-07 16:58:08.259268525 -0400 @@ -0,0 +1,160 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13754,8 +13768,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_lib.py.gui policycoreutils-2.1. +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/var_log.py.gui policycoreutils-2.1.5/gui/templates/var_log.py ---- policycoreutils-2.1.5/gui/templates/var_log.py.gui 2011-09-06 13:15:33.053804630 -0400 -+++ policycoreutils-2.1.5/gui/templates/var_log.py 2011-09-06 13:15:33.053804630 -0400 +--- policycoreutils-2.1.5/gui/templates/var_log.py.gui 2011-09-07 16:58:08.259268525 -0400 ++++ policycoreutils-2.1.5/gui/templates/var_log.py 2011-09-07 16:58:08.259268525 -0400 @@ -0,0 +1,114 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13872,8 +13886,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_log.py.gui policycoreutils-2.1. +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/var_run.py.gui policycoreutils-2.1.5/gui/templates/var_run.py ---- policycoreutils-2.1.5/gui/templates/var_run.py.gui 2011-09-06 13:15:33.054804631 -0400 -+++ policycoreutils-2.1.5/gui/templates/var_run.py 2011-09-06 13:15:33.054804631 -0400 +--- policycoreutils-2.1.5/gui/templates/var_run.py.gui 2011-09-07 16:58:08.260268525 -0400 ++++ policycoreutils-2.1.5/gui/templates/var_run.py 2011-09-07 16:58:08.260268525 -0400 @@ -0,0 +1,101 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -13977,8 +13991,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_run.py.gui policycoreutils-2.1. +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" diff -up policycoreutils-2.1.5/gui/templates/var_spool.py.gui policycoreutils-2.1.5/gui/templates/var_spool.py ---- policycoreutils-2.1.5/gui/templates/var_spool.py.gui 2011-09-06 13:15:33.055804632 -0400 -+++ policycoreutils-2.1.5/gui/templates/var_spool.py 2011-09-06 13:15:33.055804632 -0400 +--- policycoreutils-2.1.5/gui/templates/var_spool.py.gui 2011-09-07 16:58:08.261268525 -0400 ++++ policycoreutils-2.1.5/gui/templates/var_spool.py 2011-09-07 16:58:08.261268525 -0400 @@ -0,0 +1,131 @@ +# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information @@ -14112,8 +14126,8 @@ diff -up policycoreutils-2.1.5/gui/templates/var_spool.py.gui policycoreutils-2. +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) +""" diff -up policycoreutils-2.1.5/gui/usersPage.py.gui policycoreutils-2.1.5/gui/usersPage.py ---- policycoreutils-2.1.5/gui/usersPage.py.gui 2011-09-06 13:15:33.055804632 -0400 -+++ policycoreutils-2.1.5/gui/usersPage.py 2011-09-06 13:15:33.056804633 -0400 +--- policycoreutils-2.1.5/gui/usersPage.py.gui 2011-09-07 16:58:08.261268525 -0400 ++++ policycoreutils-2.1.5/gui/usersPage.py 2011-09-07 16:58:08.261268525 -0400 @@ -0,0 +1,150 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006,2007,2008 Red Hat, Inc. diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index c1b3b60..637150a 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -3616,15 +3616,21 @@ index 0000000..1ce37b0 + return 0; +} diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index 48ffcad..c1e6e24 100644 +index 48ffcad..7cff7e4 100644 --- a/policycoreutils/setfiles/restore.c +++ b/policycoreutils/setfiles/restore.c -@@ -33,7 +33,7 @@ struct edir { +@@ -1,5 +1,6 @@ + #include "restore.h" + #include ++#include + + #define SKIP -2 + #define ERR -1 +@@ -33,7 +34,6 @@ struct edir { static file_spec_t *fl_head; static int filespec_add(ino_t ino, const security_context_t con, const char *file); -static int only_changed_user(const char *a, const char *b); -+static int match_type(const security_context_t oldcon, security_context_t *newcon); struct restore_opts *r_opts = NULL; static void filespec_destroy(void); static void filespec_eval(void); @@ -3647,11 +3653,11 @@ index 48ffcad..c1e6e24 100644 int ret; - char *context, *newcon; - int user_only_changed = 0; -+ security_context_t curcon, newcon; ++ security_context_t curcon = NULL, newcon = NULL; if (match(my_file, ftsent->fts_statp, &newcon) < 0) /* Check for no matching specification. */ -@@ -143,74 +143,82 @@ static int restore(FTSENT *ftsent) +@@ -143,74 +143,105 @@ static int restore(FTSENT *ftsent) printf("%s: %s matched by %s\n", r_opts->progname, my_file, newcon); } @@ -3696,7 +3702,6 @@ index 48ffcad..c1e6e24 100644 - (context && (strcmp(context, newcon) == 0))) { - freecon(context); + if (curcon && (strcmp(curcon, newcon) == 0)) { -+ freecon(curcon); goto out; } @@ -3709,32 +3714,59 @@ index 48ffcad..c1e6e24 100644 + r_opts->progname, my_file, curcon); } - freecon(context); -+ freecon(curcon); -+ goto out; -+ } -+ -+ /* -+ * Do not change label unless this is a force or the type is different -+ */ -+ if (!r_opts->force && match_type(curcon, &newcon)) { -+ freecon(curcon); goto out; } - if (r_opts->verbose) { +- if (r_opts->verbose) { - /* If we're just doing "-v", trim out any relabels where - * the user has r_opts->changed but the role and type are the - * same. For "-vv", emit everything. */ - if (r_opts->verbose > 1 || !user_only_changed) { - printf("%s reset %s context %s->%s\n", - r_opts->progname, my_file, context ?: "", newcon); -- } -+ printf("%s reset %s context %s->%s\n", -+ r_opts->progname, my_file, curcon ?: "", newcon); ++ /* ++ * Do not change label unless this is a force or the type is different ++ */ ++ if (!r_opts->force && curcon) { ++ int types_differ = 0; ++ context_t cona; ++ context_t conb; ++ int err = 0; ++ cona = context_new(curcon); ++ if (! cona) { ++ goto out; ++ } ++ conb = context_new(newcon); ++ if (! conb) { ++ context_free(cona); ++ goto out; ++ } ++ ++ types_differ = strcmp(context_type_get(cona), context_type_get(conb)); ++ if (types_differ) { ++ err |= context_user_set(conb, context_user_get(cona)); ++ err |= context_role_set(conb, context_role_get(cona)); ++ err |= context_range_set(conb, context_range_get(cona)); ++ if (!err) { ++ freecon(newcon); ++ newcon = strdup(context_str(conb)); ++ } ++ } ++ context_free(cona); ++ context_free(conb); ++ ++ if (!types_differ || err) { ++ goto out; + } } - if (r_opts->logging && !user_only_changed) { - if (context) ++ if (r_opts->verbose) { ++ printf("%s reset %s context %s->%s\n", ++ r_opts->progname, my_file, curcon ?: "", newcon); ++ } ++ + if (r_opts->logging) { + if (curcon) syslog(LOG_INFO, "relabeling %s from %s to %s\n", @@ -3751,9 +3783,7 @@ index 48ffcad..c1e6e24 100644 - if (context) - freecon(context); -+ if (curcon) -+ freecon(curcon); - +- /* * Do not relabel the file if -n was used. */ @@ -3762,7 +3792,7 @@ index 48ffcad..c1e6e24 100644 goto out; /* -@@ -318,11 +326,16 @@ static int process_one(char *name, int recurse_this_path) +@@ -318,11 +349,16 @@ static int process_one(char *name, int recurse_this_path) ftsent = fts_read(fts_handle); @@ -3782,7 +3812,7 @@ index 48ffcad..c1e6e24 100644 do { rc = 0; /* Skip the post order nodes. */ -@@ -390,7 +403,7 @@ int process_one_realpath(char *name, int recurse) +@@ -390,7 +426,7 @@ int process_one_realpath(char *name, int recurse) { int rc = 0; char *p; @@ -3791,7 +3821,7 @@ index 48ffcad..c1e6e24 100644 if (r_opts == NULL){ fprintf(stderr, -@@ -401,7 +414,7 @@ int process_one_realpath(char *name, int recurse) +@@ -401,7 +437,7 @@ int process_one_realpath(char *name, int recurse) if (!r_opts->expand_realpath) { return process_one(name, recurse); } else { @@ -3800,22 +3830,14 @@ index 48ffcad..c1e6e24 100644 if (rc < 0) { if (r_opts->ignore_enoent && errno == ENOENT) return 0; -@@ -486,20 +499,46 @@ int add_exclude(const char *directory) +@@ -486,22 +522,6 @@ int add_exclude(const char *directory) return 0; } -/* Compare two contexts to see if their differences are "significant", - * or whether the only difference is in the user. */ -static int only_changed_user(const char *a, const char *b) -+#include -+ -+/* Compare two contexts to see if their types differ; if they do, return 1 -+ * and replace the the new context with the the current context user, role -+ * and range -+ */ -+ -+static int match_type(const security_context_t oldcon, security_context_t *newcon) - { +-{ - char *rest_a, *rest_b; /* Rest of the context after the user */ - if (r_opts->force) - return 0; @@ -3826,41 +3848,12 @@ index 48ffcad..c1e6e24 100644 - if (!rest_a || !rest_b) - return 0; - return (strcmp(rest_a, rest_b) == 0); -+ int match = 0; -+ context_t cona; -+ context_t conb; -+ if (!oldcon || !*newcon) -+ return match; -+ cona = context_new(oldcon); -+ if (! cona) { -+ return match; -+ } -+ conb = context_new(*newcon); -+ if (! conb) { -+ context_free(cona); -+ return match; -+ } -+ -+ match = strcmp(context_type_get(cona), context_type_get(conb)) == 0; -+ if (! match) { -+ if (context_user_set(conb, context_user_get(cona)) < 0) -+ goto out; -+ if (context_role_set(conb, context_role_get(cona)) < 0) -+ goto out; -+ if (context_range_set(conb, context_range_get(cona)) < 0) -+ goto out; -+ free(*newcon); -+ *newcon = strdup(context_str(conb)); -+ } -+ -+out: -+ context_free(cona); -+ context_free(conb); -+ return match; - } - +-} +- /* -@@ -568,7 +607,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil + * Evaluate the association hash table distribution. + */ +@@ -568,7 +588,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil { file_spec_t *prevfl, *fl; int h, ret; @@ -3869,7 +3862,7 @@ index 48ffcad..c1e6e24 100644 if (!fl_head) { fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); -@@ -581,7 +620,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil +@@ -581,7 +601,7 @@ static int filespec_add(ino_t ino, const security_context_t con, const char *fil for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; prevfl = fl, fl = fl->next) { if (ino == fl->ino) { @@ -3891,10 +3884,10 @@ index ac27222..3909d15 100644 void restore_init(struct restore_opts *opts); diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 -index c8ea4bb..6cb7d3d 100644 +index c8ea4bb..0eb7293 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 -@@ -4,10 +4,10 @@ restorecon \- restore file(s) default SELinux security contexts. +@@ -4,22 +4,27 @@ restorecon \- restore file(s) default SELinux security contexts. .SH "SYNOPSIS" .B restorecon @@ -3907,7 +3900,25 @@ index c8ea4bb..6cb7d3d 100644 .SH "DESCRIPTION" This manual page describes the -@@ -32,6 +32,12 @@ infilename contains a list of files to be processed by application. Use \- for s + .BR restorecon + program. + .P +-This program is primarily used to set the security context ++This program is primarily used to reset the security context (type) + (extended attributes) on one or more files. + .P + It can be run at any time to correct errors, to add support for + new policy, or with the \-n option it can just check whether the file + contexts are all as you expect. ++.P ++If a file object does not have a context, restorecon will write the default ++context to the file object's extended attributes. If a file object has a ++context, restorecon will only modify the type portion of the security context. ++The -F option will force a replacement of the entire context. + + .SH "OPTIONS" + .TP +@@ -32,6 +37,12 @@ infilename contains a list of files to be processed by application. Use \- for s .B \-e directory directory to exclude (repeat option for more than one directory.) .TP @@ -3920,8 +3931,21 @@ index c8ea4bb..6cb7d3d 100644 .B \-R \-r change files and directories file labels recursively .TP +@@ -47,11 +58,8 @@ show progress by printing * every 1000 files. + .B \-v + show changes in file labels. + .TP +-.B \-vv +-show changes in file labels, if type, role, or user are changing. +-.TP + .B \-F +-Force reset of context to match file_context for customizable files, or the user section, if it has changed. ++Force reset of context to match file_context for customizable files, and the default file context, changing the user, role, range portion as well as the type. + .TP + .SH "ARGUMENTS" + .B pathname... diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index 7f700ca..c77431a 100644 +index 7f700ca..5902e8e 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 @@ -4,7 +4,7 @@ setfiles \- set file SELinux security contexts. @@ -3929,20 +3953,46 @@ index 7f700ca..c77431a 100644 .SH "SYNOPSIS" .B setfiles -.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... -+.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-vv] [\-W] [\-F] spec_file pathname... ++.I [\-c policy ] [\-d] [\-l] [\-n] [\-e directory ] [\-o filename ] [\-L labelprefix ] [\-q] [\-s] [\-v] [\-W] [\-F] spec_file pathname... .SH "DESCRIPTION" This manual page describes the .BR setfiles -@@ -47,6 +47,9 @@ directory to exclude (repeat option for more than one directory.) - .B \-F - Force reset of context to match file_context for customizable files +@@ -17,6 +17,11 @@ program is initially run as part of the SE Linux installation process. + It can also be run at any time to correct errors, to add support for + new policy, or with the \-n option it can just check whether the file + contexts are all as you expect. ++.P ++If a file object does not have a context, setfiles will write the default ++context to the file object's extended attributes. If a file object has a ++context, setfiles will only modify the type portion of the security context. ++The -F option will force a replacement of the entire context. + + .SH "OPTIONS" .TP +@@ -45,7 +50,10 @@ use an alternate root path + directory to exclude (repeat option for more than one directory.) + .TP + .B \-F +-Force reset of context to match file_context for customizable files ++Force reset of context to match file_context for customizable files, and the default file context, changing the user, role, range portion as well as the type. ++.TP +.B \-L labelprefix +Tells selinux to only use the file context that match this prefix for labeling, -L can be called multiple times. Can speed up labeling if you are only doing one directory. -+.TP + .TP .B \-o filename save list of files with incorrect context in filename. +@@ -55,10 +63,7 @@ take a list of files from standard input instead of using a pathname on the + command line. + .TP + .B \-v +-show changes in file labels, if type or role are changing. +-.TP +-.B \-vv +-show changes in file labels, if type, role, or user are changing. ++show changes in file labels .TP + .B \-W + display warnings about entries that had no matching files. diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index fa0cd6a..590a4e0 100644 --- a/policycoreutils/setfiles/setfiles.c diff --git a/policycoreutils.spec b/policycoreutils.spec index 605ed37..2d5a8cf 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.5 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -222,7 +222,7 @@ Summary: SELinux configuration GUI Group: System Environment/Base Requires: policycoreutils-python = %{version}-%{release} Requires: gnome-python2-gnome, pygtk2, pygtk2-libglade, gnome-python2-canvas -Requires: usermode-gtk +Requires: usermode-gtk pywebkitgtk Requires: setools-console Requires: selinux-policy Requires: python >= 2.6 @@ -352,6 +352,9 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Thu Sep 8 2011 Dan Walsh - 2.1.5-5 +- Add back lockdown wizard for booleans using pywebkitgtk + * Wed Sep 7 2011 Dan Walsh - 2.1.5-4 - Maintain the LANG environment Variable into the sandbox - Change restorecon/setfiles to only change type part of the context unless