* Wed Sep 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-9
- Bump libsemanage version for disable dontaudit - New gui features for creating admin users
This commit is contained in:
parent
7683888461
commit
35a05d0eef
@ -914,8 +914,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
|
||||||
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/polgen.glade 2007-08-31 15:06:49.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/polgen.glade 2007-09-05 22:33:12.000000000 -0400
|
||||||
@@ -0,0 +1,2313 @@
|
@@ -0,0 +1,2312 @@
|
||||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||||
+
|
+
|
||||||
@ -1028,8 +1028,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
|
|||||||
+ <child>
|
+ <child>
|
||||||
+ <widget class="GtkNotebook" id="notebook1">
|
+ <widget class="GtkNotebook" id="notebook1">
|
||||||
+ <property name="visible">True</property>
|
+ <property name="visible">True</property>
|
||||||
+ <property name="can_focus">True</property>
|
+ <property name="show_tabs">False</property>
|
||||||
+ <property name="show_tabs">True</property>
|
|
||||||
+ <property name="show_border">True</property>
|
+ <property name="show_border">True</property>
|
||||||
+ <property name="tab_pos">GTK_POS_TOP</property>
|
+ <property name="tab_pos">GTK_POS_TOP</property>
|
||||||
+ <property name="scrollable">False</property>
|
+ <property name="scrollable">False</property>
|
||||||
@ -3231,8 +3230,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
|
|||||||
+</glade-interface>
|
+</glade-interface>
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
|
||||||
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/polgengui.py 2007-08-31 15:06:45.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/polgengui.py 2007-09-05 22:33:06.000000000 -0400
|
||||||
@@ -0,0 +1,444 @@
|
@@ -0,0 +1,432 @@
|
||||||
+#!/usr/bin/python
|
+#!/usr/bin/python
|
||||||
+#
|
+#
|
||||||
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
|
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
|
||||||
@ -3265,8 +3264,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+import gnome
|
+import gnome
|
||||||
+import sys
|
+import sys
|
||||||
+import polgen
|
+import polgen
|
||||||
+import sepolgen.interfaces as interfaces
|
|
||||||
+import sepolgen.defaults as defaults
|
|
||||||
+import re
|
+import re
|
||||||
+
|
+
|
||||||
+##
|
+##
|
||||||
@ -3305,13 +3302,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+else:
|
+else:
|
||||||
+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
|
+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
|
||||||
+
|
+
|
||||||
+fn = defaults.interface_info()
|
|
||||||
+try:
|
|
||||||
+ fd = open(fn)
|
|
||||||
+except:
|
|
||||||
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
|
|
||||||
+ sys.exit(1)
|
|
||||||
+
|
|
||||||
+FILE = 1
|
+FILE = 1
|
||||||
+DIR = 2
|
+DIR = 2
|
||||||
+
|
+
|
||||||
@ -3400,11 +3390,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
|
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
|
||||||
+ self.admin_treeview.append_column(col)
|
+ self.admin_treeview.append_column(col)
|
||||||
+
|
+
|
||||||
+ # List of per_role_template interfaces
|
+ for i in polgen.methods:
|
||||||
+ ifs = interfaces.InterfaceSet()
|
+ print i
|
||||||
+ ifs.from_file(fd)
|
|
||||||
+ fd.close()
|
|
||||||
+ for i in ifs.interfaces.keys():
|
|
||||||
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
|
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
|
||||||
+ if len(m) > 0:
|
+ if len(m) > 0:
|
||||||
+ iter = self.transition_store.append()
|
+ iter = self.transition_store.append()
|
||||||
@ -3442,7 +3429,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ self.forward_button.set_label(gtk.STOCK_APPLY)
|
+ self.forward_button.set_label(gtk.STOCK_APPLY)
|
||||||
+
|
+
|
||||||
+ def back(self,arg):
|
+ def back(self,arg):
|
||||||
+ type = self.confine_application()
|
+ type = self.get_type()
|
||||||
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
|
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
|
||||||
+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
|
+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
|
||||||
+
|
+
|
||||||
@ -3679,8 +3666,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ app.stand_alone()
|
+ app.stand_alone()
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
|
||||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/polgen.py 2007-08-31 15:06:41.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/polgen.py 2007-09-05 22:26:53.000000000 -0400
|
||||||
@@ -0,0 +1,656 @@
|
@@ -0,0 +1,715 @@
|
||||||
+# Copyright (C) 2007 Red Hat
|
+# Copyright (C) 2007 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
+#
|
+#
|
||||||
@ -3715,6 +3702,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+from templates import script
|
+from templates import script
|
||||||
+from templates import user
|
+from templates import user
|
||||||
+import seobject
|
+import seobject
|
||||||
|
+import sepolgen.interfaces as interfaces
|
||||||
|
+import sepolgen.defaults as defaults
|
||||||
+
|
+
|
||||||
+##
|
+##
|
||||||
+## I18N
|
+## I18N
|
||||||
@ -3733,6 +3722,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ import __builtin__
|
+ import __builtin__
|
||||||
+ __builtin__.__dict__['_'] = unicode
|
+ __builtin__.__dict__['_'] = unicode
|
||||||
+
|
+
|
||||||
|
+methods = []
|
||||||
|
+fn = defaults.interface_info()
|
||||||
|
+try:
|
||||||
|
+ fd = open(fn)
|
||||||
|
+ # List of per_role_template interfaces
|
||||||
|
+ ifs = interfaces.InterfaceSet()
|
||||||
|
+ ifs.from_file(fd)
|
||||||
|
+ fd.close()
|
||||||
|
+ methods = ifs.interfaces.keys()
|
||||||
|
+except:
|
||||||
|
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
|
||||||
|
+ sys.exit(1)
|
||||||
|
+
|
||||||
|
+
|
||||||
+ALL = 0
|
+ALL = 0
|
||||||
+RESERVED = 1
|
+RESERVED = 1
|
||||||
+UNRESERVED = 2
|
+UNRESERVED = 2
|
||||||
@ -3792,6 +3795,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.need_udp_type=False
|
+ self.need_udp_type=False
|
||||||
+ self.admin_domains = []
|
+ self.admin_domains = []
|
||||||
+ self.transition_domains = []
|
+ self.transition_domains = []
|
||||||
|
+ self.roles = []
|
||||||
+
|
+
|
||||||
+ def __isnetset(self, l):
|
+ def __isnetset(self, l):
|
||||||
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
|
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
|
||||||
@ -3799,6 +3803,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ def set_admin_domains(self, admin_domains):
|
+ def set_admin_domains(self, admin_domains):
|
||||||
+ self.admin_domains = admin_domains
|
+ self.admin_domains = admin_domains
|
||||||
+
|
+
|
||||||
|
+ def set_admin_roles(self, roles):
|
||||||
|
+ self.roles = roles
|
||||||
|
+
|
||||||
+ def set_transition_domains(self, transition_domains):
|
+ def set_transition_domains(self, transition_domains):
|
||||||
+ self.transition_domains = transition_domains
|
+ self.transition_domains = transition_domains
|
||||||
+
|
+
|
||||||
@ -3906,7 +3913,21 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ if self.use_pam:
|
+ if self.use_pam:
|
||||||
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
|
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
|
||||||
+ return newte
|
+ return newte
|
||||||
+
|
+
|
||||||
|
+ def generate_network_action(self, protocol, action, port_name):
|
||||||
|
+ line = ""
|
||||||
|
+ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
|
||||||
|
+ if method in methods:
|
||||||
|
+ line = "%s(%s_t)\n" % (method, self.name)
|
||||||
|
+ else:
|
||||||
|
+ line = """
|
||||||
|
+gen_require(`
|
||||||
|
+ type %s_t;
|
||||||
|
+')
|
||||||
|
+allow %s_t %s_t:%s_socket name_%s;
|
||||||
|
+""" % (port_name, self.name, port_name, protocol, action)
|
||||||
|
+ return line
|
||||||
|
+
|
||||||
+ def generate_network_types(self):
|
+ def generate_network_types(self):
|
||||||
+ for i in self.in_tcp[PORTS]:
|
+ for i in self.in_tcp[PORTS]:
|
||||||
+ rec = self.find_port(int(i))
|
+ rec = self.find_port(int(i))
|
||||||
@ -3914,7 +3935,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.need_tcp_type = True;
|
+ self.need_tcp_type = True;
|
||||||
+ else:
|
+ else:
|
||||||
+ port_name = rec[0][:-2]
|
+ port_name = rec[0][:-2]
|
||||||
+ line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
|
+ line = self.generate_network_action("tcp", "bind", port_name)
|
||||||
|
+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
|
||||||
+ if line not in self.found_tcp_ports:
|
+ if line not in self.found_tcp_ports:
|
||||||
+ self.found_tcp_ports.append(line)
|
+ self.found_tcp_ports.append(line)
|
||||||
+
|
+
|
||||||
@ -3924,7 +3946,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.need_tcp_type = True;
|
+ self.need_tcp_type = True;
|
||||||
+ else:
|
+ else:
|
||||||
+ port_name = rec[0][:-2]
|
+ port_name = rec[0][:-2]
|
||||||
+ line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
|
+ line = self.generate_network_action("tcp", "connect", port_name)
|
||||||
|
+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
|
||||||
+ if line not in self.found_tcp_ports:
|
+ if line not in self.found_tcp_ports:
|
||||||
+ self.found_tcp_ports.append(line)
|
+ self.found_tcp_ports.append(line)
|
||||||
+
|
+
|
||||||
@ -3934,7 +3957,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.need_udp_type = True;
|
+ self.need_udp_type = True;
|
||||||
+ else:
|
+ else:
|
||||||
+ port_name = rec[0][:-2]
|
+ port_name = rec[0][:-2]
|
||||||
+ line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
|
+ line = self.generate_network_action("udp", "bind", port_name)
|
||||||
|
+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
|
||||||
+ if line not in self.found_udp_ports:
|
+ if line not in self.found_udp_ports:
|
||||||
+ self.found_udp_ports.append(line)
|
+ self.found_udp_ports.append(line)
|
||||||
+
|
+
|
||||||
@ -4022,8 +4046,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+
|
+
|
||||||
+ def generate_admin_rules(self):
|
+ def generate_admin_rules(self):
|
||||||
+ newte = ""
|
+ newte = ""
|
||||||
|
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
|
||||||
|
+
|
||||||
+ for app in self.admin_domains:
|
+ for app in self.admin_domains:
|
||||||
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
|
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
|
||||||
+ newte += re.sub("APPLICATION", app, tmp)
|
+ newte += re.sub("APPLICATION", app, tmp)
|
||||||
+ return newte
|
+ return newte
|
||||||
+
|
+
|
||||||
@ -4132,6 +4158,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ def generate_default_rules(self):
|
+ def generate_default_rules(self):
|
||||||
+ return self.DEFAULT_TYPES[self.type][1]()
|
+ return self.DEFAULT_TYPES[self.type][1]()
|
||||||
+
|
+
|
||||||
|
+ def generate_roles_rules(self):
|
||||||
|
+ newte = ""
|
||||||
|
+ if self.type in ( TUSER, XUSER):
|
||||||
|
+ roles = ""
|
||||||
|
+ if len(self.roles) > 0:
|
||||||
|
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
|
||||||
|
+ for role in self.roles:
|
||||||
|
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
|
||||||
|
+ newte += re.sub("ROLE", role, tmp)
|
||||||
|
+ return newte
|
||||||
|
+
|
||||||
+ def generate_te(self):
|
+ def generate_te(self):
|
||||||
+ newte = self.generate_default_types()
|
+ newte = self.generate_default_types()
|
||||||
+ for d in self.DEFAULT_DIRS:
|
+ for d in self.DEFAULT_DIRS:
|
||||||
@ -4157,6 +4194,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ newte += self.generate_uid_rules()
|
+ newte += self.generate_uid_rules()
|
||||||
+ newte += self.generate_syslog_rules()
|
+ newte += self.generate_syslog_rules()
|
||||||
+ newte += self.generate_pam_rules()
|
+ newte += self.generate_pam_rules()
|
||||||
|
+ newte += self.generate_roles_rules()
|
||||||
+ newte += self.generate_transition_rules()
|
+ newte += self.generate_transition_rules()
|
||||||
+ newte += self.generate_admin_rules()
|
+ newte += self.generate_admin_rules()
|
||||||
+ return newte
|
+ return newte
|
||||||
@ -4188,6 +4226,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+
|
+
|
||||||
+ return newfc
|
+ return newfc
|
||||||
+
|
+
|
||||||
|
+ def generate_user_sh(self):
|
||||||
|
+ newsh = ""
|
||||||
|
+ if self.type in ( TUSER, XUSER):
|
||||||
|
+ roles = ""
|
||||||
|
+ for role in self.roles:
|
||||||
|
+ roles += " %s_r" % role
|
||||||
|
+ if roles != "":
|
||||||
|
+ roles += " system_r"
|
||||||
|
+ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
|
||||||
|
+ newsh += re.sub("ROLES", roles, tmp)
|
||||||
|
+ return newsh
|
||||||
|
+
|
||||||
+ def generate_sh(self):
|
+ def generate_sh(self):
|
||||||
+ newsh = re.sub("TEMPLATETYPE", self.name, script.compile)
|
+ newsh = re.sub("TEMPLATETYPE", self.name, script.compile)
|
||||||
+ newsh = re.sub("PACKAGEFILENAME", self.file_name, newsh)
|
+ newsh = re.sub("PACKAGEFILENAME", self.file_name, newsh)
|
||||||
@ -4208,6 +4258,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ if self.find_port(i) == None:
|
+ if self.find_port(i) == None:
|
||||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
||||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||||
|
+
|
||||||
|
+ newsh += self.generate_user_sh()
|
||||||
+
|
+
|
||||||
+ return newsh
|
+ return newsh
|
||||||
+
|
+
|
||||||
@ -4265,7 +4317,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_use_syslog(True)
|
+ mypolicy.set_use_syslog(True)
|
||||||
+ mypolicy.set_use_pam(True)
|
+ mypolicy.set_use_pam(True)
|
||||||
+ mypolicy.set_out_tcp(0,"8000")
|
+ mypolicy.set_out_tcp(0,"8000")
|
||||||
+ print mypolicy.generate("/tmp")
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("myuser", USER)
|
+ mypolicy = policy("myuser", USER)
|
||||||
+ mypolicy.set_program("/usr/bin/myuser")
|
+ mypolicy.set_program("/usr/bin/myuser")
|
||||||
@ -4277,7 +4329,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_use_pam(True)
|
+ mypolicy.set_use_pam(True)
|
||||||
+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
|
+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
|
||||||
+ mypolicy.set_out_tcp(0,"8000")
|
+ mypolicy.set_out_tcp(0,"8000")
|
||||||
+ print mypolicy.generate("/tmp")
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+
|
+
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("myrwho", DAEMON)
|
+ mypolicy = policy("myrwho", DAEMON)
|
||||||
@ -4290,7 +4342,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_use_pam(True)
|
+ mypolicy.set_use_pam(True)
|
||||||
+ mypolicy.add_dir("/var/run/myrwho")
|
+ mypolicy.add_dir("/var/run/myrwho")
|
||||||
+ mypolicy.add_dir("/var/lib/myrwho")
|
+ mypolicy.add_dir("/var/lib/myrwho")
|
||||||
+ print mypolicy.generate("/tmp")
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("myinetd", INETD)
|
+ mypolicy = policy("myinetd", INETD)
|
||||||
+ mypolicy.set_program("/usr/bin/mytest")
|
+ mypolicy.set_program("/usr/bin/mytest")
|
||||||
@ -4308,16 +4360,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.add_dir("/etc/daemon")
|
+ mypolicy.add_dir("/etc/daemon")
|
||||||
+ mypolicy.add_dir("/etc/daemon/special")
|
+ mypolicy.add_dir("/etc/daemon/special")
|
||||||
+ mypolicy.set_out_tcp(0,"8000")
|
+ mypolicy.set_out_tcp(0,"8000")
|
||||||
+ print mypolicy.generate("/tmp")
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("mytuser", TUSER)
|
+ mypolicy = policy("mytuser", TUSER)
|
||||||
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
+ mypolicy.set_transition_domains(["sudo"])
|
||||||
+ mypolicy.set_in_udp(1, 0, 0, "1513")
|
+ mypolicy.set_admin_roles(["mydbadm"])
|
||||||
+ mypolicy.set_use_uid(True)
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+ mypolicy.set_use_syslog(True)
|
|
||||||
+ mypolicy.set_use_pam(True)
|
|
||||||
+ mypolicy.set_transition_domains(["mozilla", "ssh"])
|
|
||||||
+ print mypolicy.generate("/tmp")
|
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("myxuser", XUSER)
|
+ mypolicy = policy("myxuser", XUSER)
|
||||||
+ mypolicy.set_in_tcp(1, 1, 1, "")
|
+ mypolicy.set_in_tcp(1, 1, 1, "")
|
||||||
@ -4326,13 +4374,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_use_syslog(True)
|
+ mypolicy.set_use_syslog(True)
|
||||||
+ mypolicy.set_use_pam(True)
|
+ mypolicy.set_use_pam(True)
|
||||||
+ mypolicy.set_transition_domains(["mozilla"])
|
+ mypolicy.set_transition_domains(["mozilla"])
|
||||||
+ print mypolicy.generate("/tmp")
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("myruser", RUSER)
|
+ mypolicy = policy("mydbadm", RUSER)
|
||||||
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
|
||||||
+ mypolicy.set_in_udp(1, 0, 0, "1513")
|
+ print mypolicy.generate("/var/tmp")
|
||||||
+ mypolicy.set_admin_domains(["postgresql", "mysql", "apache"])
|
|
||||||
+ print mypolicy.generate("/tmp")
|
|
||||||
+
|
+
|
||||||
+ sys.exit(0)
|
+ sys.exit(0)
|
||||||
+
|
+
|
||||||
@ -8762,8 +8808,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
|
|||||||
+ app.stand_alone()
|
+ app.stand_alone()
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
|
||||||
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-08-31 15:41:21.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-05 22:25:10.000000000 -0400
|
||||||
@@ -0,0 +1,222 @@
|
@@ -0,0 +1,229 @@
|
||||||
+# Copyright (C) 2007 Red Hat
|
+# Copyright (C) 2007 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
+#
|
+#
|
||||||
@ -8906,7 +8952,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||||||
+#
|
+#
|
||||||
+interface(`TEMPLATETYPE_domtrans',`
|
+interface(`TEMPLATETYPE_domtrans',`
|
||||||
+ gen_require(`
|
+ gen_require(`
|
||||||
+ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
|
+ type TEMPLATETYPE_t;
|
||||||
|
+ type TEMPLATETYPE_exec_t;
|
||||||
+ ')
|
+ ')
|
||||||
+
|
+
|
||||||
+ domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
|
+ domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
|
||||||
@ -8961,13 +9008,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||||||
+## <rolecap/>
|
+## <rolecap/>
|
||||||
+#
|
+#
|
||||||
+interface(`TEMPLATETYPE_admin',`
|
+interface(`TEMPLATETYPE_admin',`
|
||||||
|
+ gen_require(`
|
||||||
|
+ type TEMPLATETYPE_t;
|
||||||
|
+ ')
|
||||||
|
+
|
||||||
|
+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
|
||||||
|
+ read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t)
|
||||||
|
+
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+if_initscript_admin="""
|
+if_initscript_admin="""
|
||||||
+ # Allow $1 to restart the apache service
|
+ # Allow $1 to restart the apache service
|
||||||
+ TEMPLATETYPE_script_domtrans($1)
|
+ TEMPLATETYPE_script_domtrans($1)
|
||||||
+ domain_role_change_exemption($1)
|
+ domain_system_change_exemption($1)
|
||||||
+ domain_obj_id_change_exemption($1)
|
|
||||||
+ role_transition $2 TEMPLATETYPE_script_exec_t system_r;
|
+ role_transition $2 TEMPLATETYPE_script_exec_t system_r;
|
||||||
+ allow $2 system_r;
|
+ allow $2 system_r;
|
||||||
+"""
|
+"""
|
||||||
@ -9226,8 +9279,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
|
|||||||
+"""
|
+"""
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
|
||||||
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/templates/script.py 2007-08-31 15:07:36.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/templates/script.py 2007-09-05 22:25:46.000000000 -0400
|
||||||
@@ -0,0 +1,42 @@
|
@@ -0,0 +1,45 @@
|
||||||
+# Copyright (C) 2007 Red Hat
|
+# Copyright (C) 2007 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
+#
|
+#
|
||||||
@ -9270,6 +9323,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
|
|||||||
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
|
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
|
+users="""\
|
||||||
|
+/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
|
||||||
|
+"""
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
|
||||||
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-08-31 15:07:36.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-08-31 15:07:36.000000000 -0400
|
||||||
@ -9418,8 +9474,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
|
|||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
|
||||||
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.25/gui/templates/user.py 2007-08-31 15:07:36.000000000 -0400
|
+++ policycoreutils-2.0.25/gui/templates/user.py 2007-09-05 22:25:03.000000000 -0400
|
||||||
@@ -0,0 +1,97 @@
|
@@ -0,0 +1,139 @@
|
||||||
+# Copyright (C) 2007 Red Hat
|
+# Copyright (C) 2007 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
+#
|
+#
|
||||||
@ -9511,11 +9567,53 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
|
|||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
+te_admin_rules="""
|
+te_admin_rules="""
|
||||||
|
+allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
|
||||||
|
+files_dontaudit_search_all_dirs(TEMPLATETYPE_t)
|
||||||
|
+
|
||||||
|
+selinux_get_enforce_mode(TEMPLATETYPE_t)
|
||||||
|
+seutil_domtrans_restorecon(TEMPLATETYPE_t)
|
||||||
|
+seutil_search_default_contexts(mydbadm_t)
|
||||||
|
+
|
||||||
|
+logging_send_syslog_msg(TEMPLATETYPE_t)
|
||||||
|
+
|
||||||
|
+kernel_read_system_state(TEMPLATETYPE_t)
|
||||||
|
+
|
||||||
|
+domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t)
|
||||||
|
+domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t)
|
||||||
|
+
|
||||||
|
+userdom_dontaudit_search_sysadm_home_dirs(TEMPLATETYPE_t)
|
||||||
|
+userdom_dontaudit_search_generic_user_home_dirs(TEMPLATETYPE_t)
|
||||||
|
+
|
||||||
|
+bool TEMPLATETYPE_read_user_files false;
|
||||||
|
+bool TEMPLATETYPE_manage_user_files false;
|
||||||
|
+
|
||||||
|
+if (TEMPLATETYPE_read_user_files) {
|
||||||
|
+ userdom_read_unpriv_users_home_content_files(TEMPLATETYPE_t)
|
||||||
|
+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+if (TEMPLATETYPE_manage_user_files) {
|
||||||
|
+ userdom_manage_unpriv_users_home_content_dirs(TEMPLATETYPE_t)
|
||||||
|
+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
|
||||||
|
+ userdom_write_unpriv_users_tmp_files(TEMPLATETYPE_t)
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+"""
|
||||||
|
+
|
||||||
|
+te_admin_domain_rules="""
|
||||||
+optional_policy(`
|
+optional_policy(`
|
||||||
+ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r, { TEMPLATETYPE_tty_device_t TEMPLATETYPE_devpts_t })
|
+ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r, { TEMPLATETYPE_tty_device_t TEMPLATETYPE_devpts_t })
|
||||||
+')
|
+')
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
|
+te_roles_rules="""
|
||||||
|
+userdom_role_change_template(TEMPLATETYPE, ROLE)
|
||||||
|
+"""
|
||||||
|
+
|
||||||
|
+te_newrole_rules="""
|
||||||
|
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
|
||||||
|
+"""
|
||||||
|
+
|
||||||
+
|
+
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
|
||||||
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
%define libauditver 1.4.2-1
|
%define libauditver 1.4.2-1
|
||||||
%define libsepolver 2.0.6-1
|
%define libsepolver 2.0.9-1
|
||||||
%define libsemanagever 2.0.4-1
|
%define libsemanagever 2.0.5-1
|
||||||
%define libselinuxver 2.0.23-3
|
%define libselinuxver 2.0.23-3
|
||||||
%define sepolgenver 1.0.9
|
%define sepolgenver 1.0.9
|
||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.25
|
Version: 2.0.25
|
||||||
Release: 8%{?dist}
|
Release: 9%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -200,6 +200,10 @@ if [ "$1" -ge "1" ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-9
|
||||||
|
- Bump libsemanage version for disable dontaudit
|
||||||
|
- New gui features for creating admin users
|
||||||
|
|
||||||
* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-8
|
* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-8
|
||||||
- Fix generated code for admin policy
|
- Fix generated code for admin policy
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user