* Wed Sep 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-9
- Bump libsemanage version for disable dontaudit - New gui features for creating admin users
This commit is contained in:
parent
7683888461
commit
35a05d0eef
@ -914,8 +914,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.25/gui/polgen.glade
|
||||
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/polgen.glade 2007-08-31 15:06:49.000000000 -0400
|
||||
@@ -0,0 +1,2313 @@
|
||||
+++ policycoreutils-2.0.25/gui/polgen.glade 2007-09-05 22:33:12.000000000 -0400
|
||||
@@ -0,0 +1,2312 @@
|
||||
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
|
||||
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
|
||||
+
|
||||
@ -1028,8 +1028,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
|
||||
+ <child>
|
||||
+ <widget class="GtkNotebook" id="notebook1">
|
||||
+ <property name="visible">True</property>
|
||||
+ <property name="can_focus">True</property>
|
||||
+ <property name="show_tabs">True</property>
|
||||
+ <property name="show_tabs">False</property>
|
||||
+ <property name="show_border">True</property>
|
||||
+ <property name="tab_pos">GTK_POS_TOP</property>
|
||||
+ <property name="scrollable">False</property>
|
||||
@ -3231,8 +3230,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
|
||||
+</glade-interface>
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.25/gui/polgengui.py
|
||||
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/polgengui.py 2007-08-31 15:06:45.000000000 -0400
|
||||
@@ -0,0 +1,444 @@
|
||||
+++ policycoreutils-2.0.25/gui/polgengui.py 2007-09-05 22:33:06.000000000 -0400
|
||||
@@ -0,0 +1,432 @@
|
||||
+#!/usr/bin/python
|
||||
+#
|
||||
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
|
||||
@ -3265,8 +3264,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
||||
+import gnome
|
||||
+import sys
|
||||
+import polgen
|
||||
+import sepolgen.interfaces as interfaces
|
||||
+import sepolgen.defaults as defaults
|
||||
+import re
|
||||
+
|
||||
+##
|
||||
@ -3305,13 +3302,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
||||
+else:
|
||||
+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
|
||||
+
|
||||
+fn = defaults.interface_info()
|
||||
+try:
|
||||
+ fd = open(fn)
|
||||
+except:
|
||||
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+FILE = 1
|
||||
+DIR = 2
|
||||
+
|
||||
@ -3400,11 +3390,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
||||
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
|
||||
+ self.admin_treeview.append_column(col)
|
||||
+
|
||||
+ # List of per_role_template interfaces
|
||||
+ ifs = interfaces.InterfaceSet()
|
||||
+ ifs.from_file(fd)
|
||||
+ fd.close()
|
||||
+ for i in ifs.interfaces.keys():
|
||||
+ for i in polgen.methods:
|
||||
+ print i
|
||||
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
|
||||
+ if len(m) > 0:
|
||||
+ iter = self.transition_store.append()
|
||||
@ -3442,7 +3429,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
||||
+ self.forward_button.set_label(gtk.STOCK_APPLY)
|
||||
+
|
||||
+ def back(self,arg):
|
||||
+ type = self.confine_application()
|
||||
+ type = self.get_type()
|
||||
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
|
||||
+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
|
||||
+
|
||||
@ -3679,8 +3666,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
||||
+ app.stand_alone()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.25/gui/polgen.py
|
||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/polgen.py 2007-08-31 15:06:41.000000000 -0400
|
||||
@@ -0,0 +1,656 @@
|
||||
+++ policycoreutils-2.0.25/gui/polgen.py 2007-09-05 22:26:53.000000000 -0400
|
||||
@@ -0,0 +1,715 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
@ -3715,6 +3702,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+from templates import script
|
||||
+from templates import user
|
||||
+import seobject
|
||||
+import sepolgen.interfaces as interfaces
|
||||
+import sepolgen.defaults as defaults
|
||||
+
|
||||
+##
|
||||
+## I18N
|
||||
@ -3733,6 +3722,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ import __builtin__
|
||||
+ __builtin__.__dict__['_'] = unicode
|
||||
+
|
||||
+methods = []
|
||||
+fn = defaults.interface_info()
|
||||
+try:
|
||||
+ fd = open(fn)
|
||||
+ # List of per_role_template interfaces
|
||||
+ ifs = interfaces.InterfaceSet()
|
||||
+ ifs.from_file(fd)
|
||||
+ fd.close()
|
||||
+ methods = ifs.interfaces.keys()
|
||||
+except:
|
||||
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
|
||||
+ sys.exit(1)
|
||||
+
|
||||
+
|
||||
+ALL = 0
|
||||
+RESERVED = 1
|
||||
+UNRESERVED = 2
|
||||
@ -3792,6 +3795,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ self.need_udp_type=False
|
||||
+ self.admin_domains = []
|
||||
+ self.transition_domains = []
|
||||
+ self.roles = []
|
||||
+
|
||||
+ def __isnetset(self, l):
|
||||
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
|
||||
@ -3799,6 +3803,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ def set_admin_domains(self, admin_domains):
|
||||
+ self.admin_domains = admin_domains
|
||||
+
|
||||
+ def set_admin_roles(self, roles):
|
||||
+ self.roles = roles
|
||||
+
|
||||
+ def set_transition_domains(self, transition_domains):
|
||||
+ self.transition_domains = transition_domains
|
||||
+
|
||||
@ -3906,7 +3913,21 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ if self.use_pam:
|
||||
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
|
||||
+ return newte
|
||||
+
|
||||
+
|
||||
+ def generate_network_action(self, protocol, action, port_name):
|
||||
+ line = ""
|
||||
+ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
|
||||
+ if method in methods:
|
||||
+ line = "%s(%s_t)\n" % (method, self.name)
|
||||
+ else:
|
||||
+ line = """
|
||||
+gen_require(`
|
||||
+ type %s_t;
|
||||
+')
|
||||
+allow %s_t %s_t:%s_socket name_%s;
|
||||
+""" % (port_name, self.name, port_name, protocol, action)
|
||||
+ return line
|
||||
+
|
||||
+ def generate_network_types(self):
|
||||
+ for i in self.in_tcp[PORTS]:
|
||||
+ rec = self.find_port(int(i))
|
||||
@ -3914,7 +3935,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ self.need_tcp_type = True;
|
||||
+ else:
|
||||
+ port_name = rec[0][:-2]
|
||||
+ line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
|
||||
+ line = self.generate_network_action("tcp", "bind", port_name)
|
||||
+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
|
||||
+ if line not in self.found_tcp_ports:
|
||||
+ self.found_tcp_ports.append(line)
|
||||
+
|
||||
@ -3924,7 +3946,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ self.need_tcp_type = True;
|
||||
+ else:
|
||||
+ port_name = rec[0][:-2]
|
||||
+ line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
|
||||
+ line = self.generate_network_action("tcp", "connect", port_name)
|
||||
+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
|
||||
+ if line not in self.found_tcp_ports:
|
||||
+ self.found_tcp_ports.append(line)
|
||||
+
|
||||
@ -3934,7 +3957,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ self.need_udp_type = True;
|
||||
+ else:
|
||||
+ port_name = rec[0][:-2]
|
||||
+ line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
|
||||
+ line = self.generate_network_action("udp", "bind", port_name)
|
||||
+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
|
||||
+ if line not in self.found_udp_ports:
|
||||
+ self.found_udp_ports.append(line)
|
||||
+
|
||||
@ -4022,8 +4046,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+
|
||||
+ def generate_admin_rules(self):
|
||||
+ newte = ""
|
||||
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
|
||||
+
|
||||
+ for app in self.admin_domains:
|
||||
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
|
||||
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
|
||||
+ newte += re.sub("APPLICATION", app, tmp)
|
||||
+ return newte
|
||||
+
|
||||
@ -4132,6 +4158,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ def generate_default_rules(self):
|
||||
+ return self.DEFAULT_TYPES[self.type][1]()
|
||||
+
|
||||
+ def generate_roles_rules(self):
|
||||
+ newte = ""
|
||||
+ if self.type in ( TUSER, XUSER):
|
||||
+ roles = ""
|
||||
+ if len(self.roles) > 0:
|
||||
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
|
||||
+ for role in self.roles:
|
||||
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
|
||||
+ newte += re.sub("ROLE", role, tmp)
|
||||
+ return newte
|
||||
+
|
||||
+ def generate_te(self):
|
||||
+ newte = self.generate_default_types()
|
||||
+ for d in self.DEFAULT_DIRS:
|
||||
@ -4157,6 +4194,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ newte += self.generate_uid_rules()
|
||||
+ newte += self.generate_syslog_rules()
|
||||
+ newte += self.generate_pam_rules()
|
||||
+ newte += self.generate_roles_rules()
|
||||
+ newte += self.generate_transition_rules()
|
||||
+ newte += self.generate_admin_rules()
|
||||
+ return newte
|
||||
@ -4188,6 +4226,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+
|
||||
+ return newfc
|
||||
+
|
||||
+ def generate_user_sh(self):
|
||||
+ newsh = ""
|
||||
+ if self.type in ( TUSER, XUSER):
|
||||
+ roles = ""
|
||||
+ for role in self.roles:
|
||||
+ roles += " %s_r" % role
|
||||
+ if roles != "":
|
||||
+ roles += " system_r"
|
||||
+ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
|
||||
+ newsh += re.sub("ROLES", roles, tmp)
|
||||
+ return newsh
|
||||
+
|
||||
+ def generate_sh(self):
|
||||
+ newsh = re.sub("TEMPLATETYPE", self.name, script.compile)
|
||||
+ newsh = re.sub("PACKAGEFILENAME", self.file_name, newsh)
|
||||
@ -4208,6 +4258,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ if self.find_port(i) == None:
|
||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||
+
|
||||
+ newsh += self.generate_user_sh()
|
||||
+
|
||||
+ return newsh
|
||||
+
|
||||
@ -4265,7 +4317,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ mypolicy.set_use_syslog(True)
|
||||
+ mypolicy.set_use_pam(True)
|
||||
+ mypolicy.set_out_tcp(0,"8000")
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+ mypolicy = policy("myuser", USER)
|
||||
+ mypolicy.set_program("/usr/bin/myuser")
|
||||
@ -4277,7 +4329,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ mypolicy.set_use_pam(True)
|
||||
+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
|
||||
+ mypolicy.set_out_tcp(0,"8000")
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+
|
||||
+ mypolicy = policy("myrwho", DAEMON)
|
||||
@ -4290,7 +4342,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ mypolicy.set_use_pam(True)
|
||||
+ mypolicy.add_dir("/var/run/myrwho")
|
||||
+ mypolicy.add_dir("/var/lib/myrwho")
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+ mypolicy = policy("myinetd", INETD)
|
||||
+ mypolicy.set_program("/usr/bin/mytest")
|
||||
@ -4308,16 +4360,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ mypolicy.add_dir("/etc/daemon")
|
||||
+ mypolicy.add_dir("/etc/daemon/special")
|
||||
+ mypolicy.set_out_tcp(0,"8000")
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+ mypolicy = policy("mytuser", TUSER)
|
||||
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
||||
+ mypolicy.set_in_udp(1, 0, 0, "1513")
|
||||
+ mypolicy.set_use_uid(True)
|
||||
+ mypolicy.set_use_syslog(True)
|
||||
+ mypolicy.set_use_pam(True)
|
||||
+ mypolicy.set_transition_domains(["mozilla", "ssh"])
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ mypolicy.set_transition_domains(["sudo"])
|
||||
+ mypolicy.set_admin_roles(["mydbadm"])
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+ mypolicy = policy("myxuser", XUSER)
|
||||
+ mypolicy.set_in_tcp(1, 1, 1, "")
|
||||
@ -4326,13 +4374,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
||||
+ mypolicy.set_use_syslog(True)
|
||||
+ mypolicy.set_use_pam(True)
|
||||
+ mypolicy.set_transition_domains(["mozilla"])
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+ mypolicy = policy("myruser", RUSER)
|
||||
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
||||
+ mypolicy.set_in_udp(1, 0, 0, "1513")
|
||||
+ mypolicy.set_admin_domains(["postgresql", "mysql", "apache"])
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+ mypolicy = policy("mydbadm", RUSER)
|
||||
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
|
||||
+ print mypolicy.generate("/var/tmp")
|
||||
+
|
||||
+ sys.exit(0)
|
||||
+
|
||||
@ -8762,8 +8808,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
|
||||
+ app.stand_alone()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.25/gui/templates/executable.py
|
||||
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-08-31 15:41:21.000000000 -0400
|
||||
@@ -0,0 +1,222 @@
|
||||
+++ policycoreutils-2.0.25/gui/templates/executable.py 2007-09-05 22:25:10.000000000 -0400
|
||||
@@ -0,0 +1,229 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
@ -8906,7 +8952,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
||||
+#
|
||||
+interface(`TEMPLATETYPE_domtrans',`
|
||||
+ gen_require(`
|
||||
+ type TEMPLATETYPE_t, TEMPLATETYPE_exec_t;
|
||||
+ type TEMPLATETYPE_t;
|
||||
+ type TEMPLATETYPE_exec_t;
|
||||
+ ')
|
||||
+
|
||||
+ domain_auto_trans($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
|
||||
@ -8961,13 +9008,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
||||
+## <rolecap/>
|
||||
+#
|
||||
+interface(`TEMPLATETYPE_admin',`
|
||||
+ gen_require(`
|
||||
+ type TEMPLATETYPE_t;
|
||||
+ ')
|
||||
+
|
||||
+ allow $1 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
|
||||
+ read_files_pattern($1, TEMPLATETYPE_t, TEMPLATETYPE_t)
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+if_initscript_admin="""
|
||||
+ # Allow $1 to restart the apache service
|
||||
+ TEMPLATETYPE_script_domtrans($1)
|
||||
+ domain_role_change_exemption($1)
|
||||
+ domain_obj_id_change_exemption($1)
|
||||
+ domain_system_change_exemption($1)
|
||||
+ role_transition $2 TEMPLATETYPE_script_exec_t system_r;
|
||||
+ allow $2 system_r;
|
||||
+"""
|
||||
@ -9226,8 +9279,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.25/gui/templates/script.py
|
||||
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/templates/script.py 2007-08-31 15:07:36.000000000 -0400
|
||||
@@ -0,0 +1,42 @@
|
||||
+++ policycoreutils-2.0.25/gui/templates/script.py 2007-09-05 22:25:46.000000000 -0400
|
||||
@@ -0,0 +1,45 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
@ -9270,6 +9323,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
|
||||
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
|
||||
+"""
|
||||
+
|
||||
+users="""\
|
||||
+/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
|
||||
+"""
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.25/gui/templates/semodule.py
|
||||
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/templates/semodule.py 2007-08-31 15:07:36.000000000 -0400
|
||||
@ -9418,8 +9474,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.25/gui/templates/user.py
|
||||
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.25/gui/templates/user.py 2007-08-31 15:07:36.000000000 -0400
|
||||
@@ -0,0 +1,97 @@
|
||||
+++ policycoreutils-2.0.25/gui/templates/user.py 2007-09-05 22:25:03.000000000 -0400
|
||||
@@ -0,0 +1,139 @@
|
||||
+# Copyright (C) 2007 Red Hat
|
||||
+# see file 'COPYING' for use and warranty information
|
||||
+#
|
||||
@ -9511,11 +9567,53 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po
|
||||
+"""
|
||||
+
|
||||
+te_admin_rules="""
|
||||
+allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
|
||||
+files_dontaudit_search_all_dirs(TEMPLATETYPE_t)
|
||||
+
|
||||
+selinux_get_enforce_mode(TEMPLATETYPE_t)
|
||||
+seutil_domtrans_restorecon(TEMPLATETYPE_t)
|
||||
+seutil_search_default_contexts(mydbadm_t)
|
||||
+
|
||||
+logging_send_syslog_msg(TEMPLATETYPE_t)
|
||||
+
|
||||
+kernel_read_system_state(TEMPLATETYPE_t)
|
||||
+
|
||||
+domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t)
|
||||
+domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t)
|
||||
+
|
||||
+userdom_dontaudit_search_sysadm_home_dirs(TEMPLATETYPE_t)
|
||||
+userdom_dontaudit_search_generic_user_home_dirs(TEMPLATETYPE_t)
|
||||
+
|
||||
+bool TEMPLATETYPE_read_user_files false;
|
||||
+bool TEMPLATETYPE_manage_user_files false;
|
||||
+
|
||||
+if (TEMPLATETYPE_read_user_files) {
|
||||
+ userdom_read_unpriv_users_home_content_files(TEMPLATETYPE_t)
|
||||
+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
|
||||
+}
|
||||
+
|
||||
+if (TEMPLATETYPE_manage_user_files) {
|
||||
+ userdom_manage_unpriv_users_home_content_dirs(TEMPLATETYPE_t)
|
||||
+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
|
||||
+ userdom_write_unpriv_users_tmp_files(TEMPLATETYPE_t)
|
||||
+}
|
||||
+
|
||||
+"""
|
||||
+
|
||||
+te_admin_domain_rules="""
|
||||
+optional_policy(`
|
||||
+ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r, { TEMPLATETYPE_tty_device_t TEMPLATETYPE_devpts_t })
|
||||
+')
|
||||
+"""
|
||||
+
|
||||
+te_roles_rules="""
|
||||
+userdom_role_change_template(TEMPLATETYPE, ROLE)
|
||||
+"""
|
||||
+
|
||||
+te_newrole_rules="""
|
||||
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
|
||||
+"""
|
||||
+
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.25/gui/templates/var_lib.py
|
||||
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
|
||||
|
@ -1,12 +1,12 @@
|
||||
%define libauditver 1.4.2-1
|
||||
%define libsepolver 2.0.6-1
|
||||
%define libsemanagever 2.0.4-1
|
||||
%define libsepolver 2.0.9-1
|
||||
%define libsemanagever 2.0.5-1
|
||||
%define libselinuxver 2.0.23-3
|
||||
%define sepolgenver 1.0.9
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.25
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -200,6 +200,10 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Wed Sep 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-9
|
||||
- Bump libsemanage version for disable dontaudit
|
||||
- New gui features for creating admin users
|
||||
|
||||
* Fri Aug 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-8
|
||||
- Fix generated code for admin policy
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user