Allow users with symlinked homedirs to work. call realpath on homedir
- Fix sepolicy reorganization of helper functions.
This commit is contained in:
parent
b1cf8c69ac
commit
4cc4167518
@ -65,6 +65,19 @@ index 8e0c396..9bd66f5 100644
|
||||
help="Translates SELinux audit messages into a description of why the access was denied")
|
||||
|
||||
options, args = parser.parse_args()
|
||||
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
|
||||
index a854a45..bc70938 100644
|
||||
--- a/policycoreutils/audit2allow/audit2allow.1
|
||||
+++ b/policycoreutils/audit2allow/audit2allow.1
|
||||
@@ -171,7 +171,7 @@ $ semodule -i local.pp
|
||||
|
||||
.B Using audit2allow to generate and build module policy
|
||||
$ cat /var/log/audit/audit.log | audit2allow -M local
|
||||
-Generating type enforcment file: local.te
|
||||
+Generating type enforcement file: local.te
|
||||
Compiling policy: checkmodule -M -m -o local.mod local.te
|
||||
Building package: semodule_package -o local.pp -m local.mod
|
||||
|
||||
diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1
|
||||
new file mode 100644
|
||||
index 0000000..a9e8893
|
||||
@ -356,6 +369,32 @@ diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui
|
||||
new file mode 100644
|
||||
index 0000000..68ffcb7
|
||||
Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ
|
||||
diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8
|
||||
index f9ca36e..a86073f 100644
|
||||
--- a/policycoreutils/load_policy/load_policy.8
|
||||
+++ b/policycoreutils/load_policy/load_policy.8
|
||||
@@ -19,7 +19,7 @@ values in the policy file.
|
||||
suppress warning messages.
|
||||
.TP
|
||||
.B \-i
|
||||
-inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
|
||||
+initial policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
|
||||
|
||||
.SH "EXIT STATUS"
|
||||
.TP
|
||||
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
|
||||
index 4963cdc..a55dbed 100644
|
||||
--- a/policycoreutils/man/man5/selinux_config.5
|
||||
+++ b/policycoreutils/man/man5/selinux_config.5
|
||||
@@ -92,7 +92,7 @@ The binary policy name has by convention the SELinux policy version that it supp
|
||||
.RS
|
||||
This entry is deprecated and should be removed or set to \fI0\fR.
|
||||
.sp
|
||||
-If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customisation for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
|
||||
+If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
|
||||
.RE
|
||||
.sp
|
||||
.B REQUIRESEUSERS
|
||||
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
|
||||
index 8fbf2d0..3510f12 100644
|
||||
--- a/policycoreutils/newrole/newrole.c
|
||||
@ -488,6 +527,393 @@ index a377996..9c1486e 100644
|
||||
|
||||
refresh-po: Makefile
|
||||
for cat in $(POFILES); do \
|
||||
diff --git a/policycoreutils/po/es.po b/policycoreutils/po/es.po
|
||||
index e84995e..a60b20e 100644
|
||||
--- a/policycoreutils/po/es.po
|
||||
+++ b/policycoreutils/po/es.po
|
||||
@@ -3,7 +3,9 @@
|
||||
# This file is distributed under the same license as the PACKAGE package.
|
||||
#
|
||||
# Translators:
|
||||
+# Adolfo Jayme Barrientos <fitoschido@gmail.com>, 2013.
|
||||
# Domingo Becker <domingobecker@gmail.com>, 2006, 2008.
|
||||
+# <ehespinosa@ya.com>, 2013.
|
||||
# Gladys Guerrero <gguerrer@redhat.com>, 2010,2012.
|
||||
# Héctor Daniel Cabrera <logan@fedoraproject.org>, 2010.
|
||||
msgid ""
|
||||
@@ -11,8 +13,8 @@ msgstr ""
|
||||
"Project-Id-Version: Policycoreutils\n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2013-01-04 12:01-0500\n"
|
||||
-"PO-Revision-Date: 2013-01-04 17:02+0000\n"
|
||||
-"Last-Translator: dwalsh <dwalsh@redhat.com>\n"
|
||||
+"PO-Revision-Date: 2013-02-23 11:46+0000\n"
|
||||
+"Last-Translator: vareli <ehespinosa@ya.com>\n"
|
||||
"Language-Team: Spanish <trans-es@lists.fedoraproject.org>\n"
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
@@ -288,7 +290,7 @@ msgstr "Rango MLS/MCS"
|
||||
|
||||
#: ../semanage/seobject.py:672
|
||||
msgid "Service"
|
||||
-msgstr ""
|
||||
+msgstr "Servicio"
|
||||
|
||||
#: ../semanage/seobject.py:698 ../semanage/seobject.py:729
|
||||
#: ../semanage/seobject.py:796 ../semanage/seobject.py:853
|
||||
@@ -425,7 +427,7 @@ msgstr "Se requiere tipo"
|
||||
#: ../semanage/seobject.py:1814
|
||||
#, python-format
|
||||
msgid "Type %s is invalid, must be a port type"
|
||||
-msgstr ""
|
||||
+msgstr "Tipo %s es no válido, debe ser un tipo de puerto"
|
||||
|
||||
#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062
|
||||
#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123
|
||||
@@ -547,12 +549,12 @@ msgstr "Falta el protocolo o es desconocido"
|
||||
|
||||
#: ../semanage/seobject.py:1256
|
||||
msgid "SELinux node type is required"
|
||||
-msgstr ""
|
||||
+msgstr "Se requiere tipo de nodo SELinux"
|
||||
|
||||
#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327
|
||||
#, python-format
|
||||
msgid "Type %s is invalid, must be a node type"
|
||||
-msgstr ""
|
||||
+msgstr "Tipo %s es no válido, debe ser un tipo nodo"
|
||||
|
||||
#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331
|
||||
#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465
|
||||
@@ -786,7 +788,7 @@ msgstr "La especificación de archivo %s choca con la regla de equivalencia '%s
|
||||
#: ../semanage/seobject.py:1755
|
||||
#, python-format
|
||||
msgid "Type %s is invalid, must be a file or device type"
|
||||
-msgstr ""
|
||||
+msgstr "Tipo %s es no válido, debe ser un tipo fichero o dispositivo"
|
||||
|
||||
#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768
|
||||
#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906
|
||||
@@ -2174,11 +2176,11 @@ msgstr "La ruta en la cual se almacenarán las páginas de manual generadas "
|
||||
|
||||
#: ../sepolicy/sepolicy.py:207
|
||||
msgid "name of the OS for man pages"
|
||||
-msgstr ""
|
||||
+msgstr "nombre del SO para las páginas de manual"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:209
|
||||
msgid "Generate HTML man pages structure for selected SELinux man page"
|
||||
-msgstr ""
|
||||
+msgstr "General páginas de manual de estructura HTML para la página de manual SELinux seleccionada"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:213
|
||||
msgid "All domains"
|
||||
@@ -2226,7 +2228,7 @@ msgstr "Solicita la política de SELinux para ver la descripción de booleanos"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:280
|
||||
msgid "get all booleans descriptions"
|
||||
-msgstr ""
|
||||
+msgstr "obtiene todas las descripciones booleanas"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:282
|
||||
msgid "boolean to get description"
|
||||
@@ -2248,11 +2250,11 @@ msgstr "Dominio de proceso de destino"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:327
|
||||
msgid "Command required for this type of policy"
|
||||
-msgstr ""
|
||||
+msgstr "Comando requerido para este tipo de política"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:347
|
||||
msgid "List SELinux Policy interfaces"
|
||||
-msgstr ""
|
||||
+msgstr "Lista las interfaces de la Política SELinux"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:362
|
||||
msgid "Generate SELinux Policy module template"
|
||||
@@ -2260,15 +2262,15 @@ msgstr "Generar plantilla para módulo de política SELinux"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:365
|
||||
msgid "Enter domain type which you will be extending"
|
||||
-msgstr ""
|
||||
+msgstr "Introduzca el tipo de dominio que usted estaría extendiendo"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:368
|
||||
msgid "Enter SELinux user(s) which will transition to this domain"
|
||||
-msgstr ""
|
||||
+msgstr "Introduzca el usuario(s) SELinux que transicionará a este dominio"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:371
|
||||
msgid "Enter domain(s) that this confined admin will administrate"
|
||||
-msgstr ""
|
||||
+msgstr "Introduzca el dominio(s) que este administrador confinado administrará"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:374
|
||||
msgid "name of policy to generate"
|
||||
@@ -2276,7 +2278,7 @@ msgstr "Nombre de política a generar"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:378
|
||||
msgid "path in which the generated policy files will be stored"
|
||||
-msgstr ""
|
||||
+msgstr "ruta en la que los ficheros de política generados serán almacenados"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:380
|
||||
msgid "executable to confine"
|
||||
@@ -2290,7 +2292,7 @@ msgstr "Ejecutable a confinar"
|
||||
#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417
|
||||
#, python-format
|
||||
msgid "Generate Policy for %s"
|
||||
-msgstr ""
|
||||
+msgstr "Generar Política para %s"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:422
|
||||
msgid "commands"
|
||||
@@ -2298,16 +2300,16 @@ msgstr "Comandos"
|
||||
|
||||
#: ../sepolicy/sepolicy.py:425
|
||||
msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy"
|
||||
-msgstr ""
|
||||
+msgstr "Política SELinux suplente, por defecto a /sys/fs/selinux/policy"
|
||||
|
||||
#: ../sepolicy/sepolicy/__init__.py:48
|
||||
msgid "No SELinux Policy installed"
|
||||
-msgstr ""
|
||||
+msgstr "No hay Política SELinux instalada"
|
||||
|
||||
#: ../sepolicy/sepolicy/__init__.py:54
|
||||
#, python-format
|
||||
msgid "Failed to read %s policy file"
|
||||
-msgstr ""
|
||||
+msgstr "Fallo al leer el fichero de política %s"
|
||||
|
||||
#: ../sepolicy/sepolicy/__init__.py:127
|
||||
msgid "unknown"
|
||||
@@ -2319,27 +2321,27 @@ msgstr "Demonio de los servicios de Internet"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:177
|
||||
msgid "Existing Domain Type"
|
||||
-msgstr ""
|
||||
+msgstr "Tipo de Dominio Existente"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:178
|
||||
msgid "Minimal Terminal Login User Role"
|
||||
-msgstr ""
|
||||
+msgstr "Rol de Acceso de Usuario de Terminal Mínimo"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:179
|
||||
msgid "Minimal X Windows Login User Role"
|
||||
-msgstr ""
|
||||
+msgstr "Rol de Acceso de Usuario de X Windows Mínima"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:180
|
||||
msgid "Desktop Login User Role"
|
||||
-msgstr ""
|
||||
+msgstr "Rol de Acceso de Usuario a Escritorio"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:181
|
||||
msgid "Administrator Login User Role"
|
||||
-msgstr ""
|
||||
+msgstr "Rol de Acceso de Usuario Administrador"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:182
|
||||
msgid "Confined Root Administrator Role"
|
||||
-msgstr ""
|
||||
+msgstr "Rol de Administrador Confinado Root"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:187
|
||||
msgid "Valid Types:\n"
|
||||
@@ -2352,12 +2354,12 @@ msgstr "Los puertos deben ser números o rangos de números entre 1 y %d"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:231
|
||||
msgid "You must enter a valid policy type"
|
||||
-msgstr ""
|
||||
+msgstr "Debe introducir un tipo válido de política"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:234
|
||||
#, python-format
|
||||
msgid "You must enter a name for your policy module for your %s."
|
||||
-msgstr ""
|
||||
+msgstr "Debe introducir un nombre para su módulo de política para su %s."
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:355
|
||||
msgid ""
|
||||
@@ -2396,7 +2398,7 @@ msgstr "USER Types automáticamente obtiene un tipo tmp"
|
||||
#: ../sepolicy/sepolicy/generate.py:857
|
||||
#, python-format
|
||||
msgid "%s policy modules require existing domains"
|
||||
-msgstr ""
|
||||
+msgstr "%s módulo de política requieren dominios existentes"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:1059
|
||||
msgid "You must enter the executable path for your confined process"
|
||||
@@ -2416,7 +2418,7 @@ msgstr "Archivo de contextos de archivo"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:1324
|
||||
msgid "Spec file"
|
||||
-msgstr ""
|
||||
+msgstr "Fichero spec"
|
||||
|
||||
#: ../sepolicy/sepolicy/generate.py:1325
|
||||
msgid "Setup Script"
|
||||
@@ -2438,11 +2440,11 @@ msgstr "Permite a amavis usar un compilador de JIT"
|
||||
|
||||
#: booleans.py:4
|
||||
msgid "Allow antivirus programs to read non security files on a system"
|
||||
-msgstr ""
|
||||
+msgstr "Permitir a programas antivirus leer ficheros no asegurados sobre un sistema"
|
||||
|
||||
#: booleans.py:5
|
||||
msgid "Allow auditadm to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permitir al administrador de auditoria ejecutar contenido"
|
||||
|
||||
#: booleans.py:6
|
||||
msgid ""
|
||||
@@ -2456,11 +2458,11 @@ msgstr "Permite a usuarios iniciar sesión mediante un servidor Radius"
|
||||
|
||||
#: booleans.py:8
|
||||
msgid "Allow users to login using a yubikey server"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a los usuario acceder usando una servidor yubikey"
|
||||
|
||||
#: booleans.py:9
|
||||
msgid "Allow awstats to purge Apache logs"
|
||||
-msgstr ""
|
||||
+msgstr "Permitir a awstats purgar los registros de Apache"
|
||||
|
||||
#: booleans.py:10
|
||||
msgid ""
|
||||
@@ -2528,11 +2530,11 @@ msgstr "Permite a todos los demonios la lectura y escritura de terminales"
|
||||
|
||||
#: booleans.py:25
|
||||
msgid "Allow dan to manage user files"
|
||||
-msgstr ""
|
||||
+msgstr "Permitir a dan gestionar los archivos del usuario"
|
||||
|
||||
#: booleans.py:26
|
||||
msgid "Allow dan to read user files"
|
||||
-msgstr ""
|
||||
+msgstr "Permitir a dan leer los archivos del usuario"
|
||||
|
||||
#: booleans.py:27
|
||||
msgid "Allow dbadm to manage files in users home directories"
|
||||
@@ -2599,7 +2601,7 @@ msgstr "Permite al dominio en valla ejecutar ssh."
|
||||
|
||||
#: booleans.py:42
|
||||
msgid "Allow all domains to execute in fips_mode"
|
||||
-msgstr ""
|
||||
+msgstr "Permite ejecutar todos los dominios en modo fips"
|
||||
|
||||
#: booleans.py:43
|
||||
msgid "Allow ftp to read and write files in the user home directories"
|
||||
@@ -2699,7 +2701,7 @@ msgstr "Permite a GSSD leer el directorio temp. Para acceder a kerberos tgt."
|
||||
|
||||
#: booleans.py:64
|
||||
msgid "Allow guest to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permite al invitado ejecutar contenido"
|
||||
|
||||
#: booleans.py:65
|
||||
msgid ""
|
||||
@@ -2854,7 +2856,7 @@ msgstr "Permite a HTTPD acceder a puertos Openstack"
|
||||
|
||||
#: booleans.py:100
|
||||
msgid "Allow Apache to query NS records"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a Apache consultar registros NS"
|
||||
|
||||
#: booleans.py:101
|
||||
msgid "Allow icecast to connect to all ports, not just sound ports."
|
||||
@@ -2951,7 +2953,7 @@ msgstr "Permite a las aplicaciones confinadas usar memoria compartida NSCD "
|
||||
|
||||
#: booleans.py:122
|
||||
msgid "Allow openshift to lockdown app"
|
||||
-msgstr ""
|
||||
+msgstr "Permite openshift para lockdown app"
|
||||
|
||||
#: booleans.py:123
|
||||
msgid "Allow openvpn to read home directories"
|
||||
@@ -3116,7 +3118,7 @@ msgstr "Permite a SASL leer sombra"
|
||||
|
||||
#: booleans.py:161
|
||||
msgid "Allow secadm to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permita a secadm ejecutar contenido"
|
||||
|
||||
#: booleans.py:162
|
||||
msgid ""
|
||||
@@ -3188,7 +3190,7 @@ msgstr "Permite a scripts y módulos HTTPD la conexión al puerto LDAP"
|
||||
|
||||
#: booleans.py:174
|
||||
msgid "Allow user to use ssh chroot environment."
|
||||
-msgstr ""
|
||||
+msgstr "Permite al usuario usar el entorno ssh chroot"
|
||||
|
||||
#: booleans.py:175
|
||||
msgid "Allow user music sharing"
|
||||
@@ -3270,7 +3272,7 @@ msgstr "Permitir ingresos ssh como sysadm_r:sysadm_t"
|
||||
|
||||
#: booleans.py:191
|
||||
msgid "Allow staff to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a staff ejecutar contenido"
|
||||
|
||||
#: booleans.py:192
|
||||
msgid "allow staff user to create and transition to svirt domains."
|
||||
@@ -3278,7 +3280,7 @@ msgstr "Permite a scripts y módulos HTTPD la conexión al puerto LDAP"
|
||||
|
||||
#: booleans.py:193
|
||||
msgid "Allow sysadm to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a sysadm ejecutar contenido"
|
||||
|
||||
#: booleans.py:194
|
||||
msgid ""
|
||||
@@ -3297,7 +3299,7 @@ msgstr "Permite a tftp modificar los archivos públicos utilizados para servicio
|
||||
|
||||
#: booleans.py:197
|
||||
msgid "Allow tftp to read and write files in the user home directories"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a tftp leer y escribir archivos en los directorios home de usuario"
|
||||
|
||||
#: booleans.py:198
|
||||
msgid "Allow tor daemon to bind tcp sockets to all unreserved ports."
|
||||
@@ -3305,7 +3307,7 @@ msgstr "Permite a scripts y módulos HTTPD la conexión al puerto LDAP"
|
||||
|
||||
#: booleans.py:199
|
||||
msgid "Allow tor to act as a relay"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a tor actuar como relé"
|
||||
|
||||
#: booleans.py:200
|
||||
msgid ""
|
||||
@@ -3353,7 +3355,7 @@ msgstr "Soporta directorios principales de Samba"
|
||||
|
||||
#: booleans.py:210
|
||||
msgid "Allow user to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permite al usuario ejecutar contenido"
|
||||
|
||||
#: booleans.py:211
|
||||
msgid "Allow varnishd to connect to all ports, not just HTTP."
|
||||
@@ -3383,7 +3385,7 @@ msgstr "Permite a los huéspedes virtuales confinados administrar archivos NFS"
|
||||
|
||||
#: booleans.py:217
|
||||
msgid "Allow confined virtual guests to interact with rawip sockets"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a los invitados virtuales confinados interactuar con sockets rawip"
|
||||
|
||||
#: booleans.py:218
|
||||
msgid "Allow confined virtual guests to manage cifs files"
|
||||
@@ -3447,7 +3449,7 @@ msgstr "Permite a los usuario xguest configurar el Network Manager y conectar
|
||||
|
||||
#: booleans.py:232
|
||||
msgid "Allow xguest to exec content"
|
||||
-msgstr ""
|
||||
+msgstr "Permite a xguest ejecutar contenido"
|
||||
|
||||
#: booleans.py:233
|
||||
msgid "Allow xguest users to mount removable media"
|
||||
diff --git a/policycoreutils/po/ja.po b/policycoreutils/po/ja.po
|
||||
index 72ae12d..649d288 100644
|
||||
--- a/policycoreutils/po/ja.po
|
||||
@ -920,10 +1346,19 @@ index b629006..6631c2d 100644
|
||||
|
||||
parser.add_option("-l", "--level", dest="level",
|
||||
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
|
||||
index 521afcd..a50eef2 100644
|
||||
index 521afcd..ef90ce6 100644
|
||||
--- a/policycoreutils/sandbox/sandbox.8
|
||||
+++ b/policycoreutils/sandbox/sandbox.8
|
||||
@@ -70,7 +70,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||
@@ -59,7 +59,7 @@ sandbox_net_t - All network ports
|
||||
|
||||
.TP
|
||||
\fB\-T\ tmpdir
|
||||
-Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
|
||||
+Use alternate temporary directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
|
||||
.TP
|
||||
\fB\-S
|
||||
Run a full desktop session, Requires level, and home and tmpdir.
|
||||
@@ -70,14 +70,14 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
|
||||
\fB\-W windowmanager\fR
|
||||
Select alternative window manager to run within
|
||||
.B sandbox -X.
|
||||
@ -932,6 +1367,14 @@ index 521afcd..a50eef2 100644
|
||||
.TP
|
||||
\fB\-X\fR
|
||||
Create an X based Sandbox for gui apps, temporary files for
|
||||
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
|
||||
.TP
|
||||
\fB\-d\fR
|
||||
-Set the DPI value for the sanbox X Server. Defaults to the current X Sever DPI.
|
||||
+Set the DPI value for the sandbox X Server. Defaults to the current X Sever DPI.
|
||||
.TP
|
||||
\fB\-c\fR
|
||||
Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
|
||||
diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
|
||||
index 23de6f6..171bb05 100644
|
||||
--- a/policycoreutils/sandbox/sandboxX.sh
|
||||
@ -958,18 +1401,40 @@ index 23de6f6..171bb05 100644
|
||||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
|
||||
index dbd5977..f10df39 100644
|
||||
index dbd5977..68a80c7 100644
|
||||
--- a/policycoreutils/sandbox/seunshare.c
|
||||
+++ b/policycoreutils/sandbox/seunshare.c
|
||||
@@ -962,7 +962,7 @@ int main(int argc, char **argv) {
|
||||
@@ -961,8 +961,9 @@ int main(int argc, char **argv) {
|
||||
char *display = NULL;
|
||||
char *LANG = NULL;
|
||||
int rc = -1;
|
||||
+ char *resolved_path = NULL;
|
||||
|
||||
- if (unshare(CLONE_NEWNS) < 0) {
|
||||
+ if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0) {
|
||||
perror(_("Failed to unshare"));
|
||||
goto childerr;
|
||||
}
|
||||
@@ -977,8 +978,10 @@ int main(int argc, char **argv) {
|
||||
/* assume fsuid==ruid after this point */
|
||||
if ((uid_t)setfsuid(uid) != 0) goto childerr;
|
||||
|
||||
+ resolved_path = realpath(pwd->pw_dir,NULL);
|
||||
+ if (! resolved_path) goto childerr;
|
||||
/* mount homedir and tmpdir, in this order */
|
||||
- if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir,
|
||||
+ if (homedir_s && seunshare_mount(homedir_s, resolved_path,
|
||||
&st_homedir) != 0) goto childerr;
|
||||
if (tmpdir_s && seunshare_mount(tmpdir_r, "/tmp",
|
||||
&st_tmpdir_r) != 0) goto childerr;
|
||||
@@ -1033,6 +1036,7 @@ int main(int argc, char **argv) {
|
||||
execv(argv[optind], argv + optind);
|
||||
fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno));
|
||||
childerr:
|
||||
+ free(resolved_path);
|
||||
free(display);
|
||||
free(LANG);
|
||||
exit(-1);
|
||||
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
|
||||
index 201a988..f5d6e9d 100644
|
||||
--- a/policycoreutils/scripts/Makefile
|
||||
@ -998,6 +1463,28 @@ index 201a988..f5d6e9d 100644
|
||||
install -m 644 chcat.8 $(MANDIR)/man8/
|
||||
|
||||
clean:
|
||||
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
||||
index 9ab7334..f263805 100644
|
||||
--- a/policycoreutils/scripts/fixfiles.8
|
||||
+++ b/policycoreutils/scripts/fixfiles.8
|
||||
@@ -30,7 +30,7 @@ as you expect. By default it will relabel all mounted ext2, ext3, xfs and
|
||||
jfs file systems as long as they do not have a security context mount
|
||||
option. You can use the -R flag to use rpmpackages as an alternative.
|
||||
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
|
||||
-excluded from relabelling.
|
||||
+excluded from relabeling.
|
||||
.P
|
||||
.B fixfiles onboot
|
||||
will setup the machine to relabel on the next reboot.
|
||||
@@ -56,7 +56,7 @@ Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and
|
||||
|
||||
.TP
|
||||
.B -v
|
||||
-Modify verbosity from progess to verbose. (Run restorecon with -v instead of -p)
|
||||
+Modify verbosity from progress to verbose. (Run restorecon with -v instead of -p)
|
||||
|
||||
.SH "ARGUMENTS"
|
||||
One of:
|
||||
diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
|
||||
deleted file mode 100644
|
||||
index 8ec509c..0000000
|
||||
@ -1028,6 +1515,19 @@ index 8ec509c..0000000
|
||||
-
|
||||
-.SH "SEE ALSO"
|
||||
-semanage.conf(5), semodule(8), semanage(8), getpwent(3), getpwent_r(3)
|
||||
diff --git a/policycoreutils/secon/secon.1 b/policycoreutils/secon/secon.1
|
||||
index 6c30734..5e7f885 100644
|
||||
--- a/policycoreutils/secon/secon.1
|
||||
+++ b/policycoreutils/secon/secon.1
|
||||
@@ -96,7 +96,7 @@ If that argument is
|
||||
.I -
|
||||
then the context will be read from stdin.
|
||||
.br
|
||||
-If there is no arugment,
|
||||
+If there is no argument,
|
||||
.B secon
|
||||
will try reading a context from stdin, if that is not a tty, otherwise
|
||||
.B secon
|
||||
diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile
|
||||
new file mode 100644
|
||||
index 0000000..e15a877
|
||||
@ -1350,6 +1850,18 @@ index 17b4fa5..6947b37 100644
|
||||
parse_command_line(argc, argv);
|
||||
|
||||
if (build)
|
||||
diff --git a/policycoreutils/semodule_package/semodule_unpackage.8 b/policycoreutils/semodule_package/semodule_unpackage.8
|
||||
index 62dd53e..d6e1be0 100644
|
||||
--- a/policycoreutils/semodule_package/semodule_unpackage.8
|
||||
+++ b/policycoreutils/semodule_package/semodule_unpackage.8
|
||||
@@ -1,6 +1,6 @@
|
||||
.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
||||
.SH NAME
|
||||
-semodule_unpackage \- Extract polciy module and file context file from an SELinux policy module unpackage.
|
||||
+semodule_unpackage \- Extract policy module and file context file from an SELinux policy module unpackage.
|
||||
|
||||
.SH SYNOPSIS
|
||||
.B semodule_unpackage <module> [<file contexts>]
|
||||
diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile
|
||||
index 11b534f..eb86eae 100644
|
||||
--- a/policycoreutils/sepolicy/Makefile
|
||||
@ -1436,7 +1948,7 @@ index b6abdf5..c05c943 100644
|
||||
Generate an additional HTML man pages for the specified domain(s).
|
||||
|
||||
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
|
||||
index b25d3b2..7a15d88 100755
|
||||
index b25d3b2..600eee2 100755
|
||||
--- a/policycoreutils/sepolicy/sepolicy.py
|
||||
+++ b/policycoreutils/sepolicy/sepolicy.py
|
||||
@@ -22,6 +22,8 @@
|
||||
@ -1448,12 +1960,74 @@ index b25d3b2..7a15d88 100755
|
||||
from sepolicy import get_os_version
|
||||
import argparse
|
||||
import gettext
|
||||
@@ -198,44 +200,44 @@ def network(args):
|
||||
_print_net(d, net, "name_bind")
|
||||
@@ -45,7 +47,7 @@ class CheckPath(argparse.Action):
|
||||
|
||||
def manpage(args):
|
||||
- from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
|
||||
+ from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains, get_all_domains
|
||||
class CheckType(argparse.Action):
|
||||
def __call__(self, parser, namespace, values, option_string=None):
|
||||
- from sepolicy.network import domains
|
||||
+ domains = sepolicy.get_all_domains()
|
||||
|
||||
if isinstance(values,str):
|
||||
setattr(namespace, self.dest, values)
|
||||
@@ -60,7 +62,7 @@ class CheckType(argparse.Action):
|
||||
|
||||
class CheckDomain(argparse.Action):
|
||||
def __call__(self, parser, namespace, values, option_string=None):
|
||||
- from sepolicy.network import domains
|
||||
+ domains = sepolicy.get_all_domains()
|
||||
|
||||
if isinstance(values,str):
|
||||
if values not in domains:
|
||||
@@ -80,7 +82,6 @@ class CheckDomain(argparse.Action):
|
||||
all_classes = None
|
||||
class CheckClass(argparse.Action):
|
||||
def __call__(self, parser, namespace, values, option_string=None):
|
||||
- import sepolicy
|
||||
global all_classes
|
||||
if not all_classes:
|
||||
all_classes = map(lambda x: x['name'], sepolicy.info(sepolicy.TCLASS))
|
||||
@@ -114,7 +115,7 @@ class CheckPort(argparse.Action):
|
||||
|
||||
class CheckPortType(argparse.Action):
|
||||
def __call__(self, parser, namespace, values, option_string=None):
|
||||
- from sepolicy.network import port_types
|
||||
+ domains = sepolicy.get_all_port_types()
|
||||
newval = getattr(namespace, self.dest)
|
||||
if not newval:
|
||||
newval = []
|
||||
@@ -140,19 +141,17 @@ class CheckPolicyType(argparse.Action):
|
||||
|
||||
class CheckUser(argparse.Action):
|
||||
def __call__(self, parser, namespace, value, option_string=None):
|
||||
- from sepolicy import get_all_users
|
||||
newval = getattr(namespace, self.dest)
|
||||
if not newval:
|
||||
newval = []
|
||||
- users = get_all_users()
|
||||
+ users = sepolicy.get_all_users()
|
||||
if value not in users:
|
||||
raise ValueError("%s must be an SELinux user:\nValid users: %s" % (value, ", ".join(users)))
|
||||
newval.append(value)
|
||||
setattr(namespace, self.dest, newval)
|
||||
|
||||
def _print_net(src, protocol, perm):
|
||||
- from sepolicy.network import get_network_connect
|
||||
- portdict = get_network_connect(src, protocol, perm)
|
||||
+ portdict = sepolicy.get_network_connect(src, protocol, perm)
|
||||
if len(portdict) > 0:
|
||||
print "%s: %s %s" % (src, protocol, perm)
|
||||
for p in portdict:
|
||||
@@ -160,7 +159,7 @@ def _print_net(src, protocol, perm):
|
||||
print "\t" + recs
|
||||
|
||||
def network(args):
|
||||
- from sepolicy.network import portrecsbynum, portrecs, get_network_connect
|
||||
+ portrecs, portrecsbynum = sepolicy.gen_port_dict()
|
||||
if args.list_ports:
|
||||
all_ports = []
|
||||
for i in portrecs:
|
||||
@@ -201,41 +200,41 @@ def manpage(args):
|
||||
from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
|
||||
|
||||
path = args.path
|
||||
- if args.policy:
|
||||
@ -1517,7 +2091,7 @@ index b25d3b2..7a15d88 100755
|
||||
|
||||
def gen_network_args(parser):
|
||||
net = parser.add_parser("network",
|
||||
@@ -283,7 +285,6 @@ def gen_communicate_args(parser):
|
||||
@@ -283,7 +282,6 @@ def gen_communicate_args(parser):
|
||||
comm.set_defaults(func=communicate)
|
||||
|
||||
def booleans(args):
|
||||
@ -1525,7 +2099,7 @@ index b25d3b2..7a15d88 100755
|
||||
from sepolicy import boolean_desc
|
||||
if args.all:
|
||||
rc, args.booleans = selinux.security_get_boolean_names()
|
||||
@@ -461,7 +462,10 @@ if __name__ == '__main__':
|
||||
@@ -461,7 +459,10 @@ if __name__ == '__main__':
|
||||
gen_transition_args(subparsers)
|
||||
|
||||
try:
|
||||
|
@ -7,7 +7,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.1.14
|
||||
Release: 13%{?dist}
|
||||
Release: 14%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
@ -324,6 +324,10 @@ The policycoreutils-restorecond package contains the restorecond service.
|
||||
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Feb 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-14
|
||||
- Allow users with symlinked homedirs to work. call realpath on homedir
|
||||
- Fix sepolicy reorganization of helper functions.
|
||||
|
||||
* Sun Feb 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-13
|
||||
- Update trans
|
||||
- Fix sepolicy reorganization of helper functions.
|
||||
|
Loading…
Reference in New Issue
Block a user