Allow users with symlinked homedirs to work. call realpath on homedir

- Fix sepolicy reorganization of helper functions.
This commit is contained in:
Dan Walsh 2013-02-28 14:24:35 -05:00
parent b1cf8c69ac
commit 4cc4167518
2 changed files with 591 additions and 13 deletions

View File

@ -65,6 +65,19 @@ index 8e0c396..9bd66f5 100644
help="Translates SELinux audit messages into a description of why the access was denied") help="Translates SELinux audit messages into a description of why the access was denied")
options, args = parser.parse_args() options, args = parser.parse_args()
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
index a854a45..bc70938 100644
--- a/policycoreutils/audit2allow/audit2allow.1
+++ b/policycoreutils/audit2allow/audit2allow.1
@@ -171,7 +171,7 @@ $ semodule -i local.pp
.B Using audit2allow to generate and build module policy
$ cat /var/log/audit/audit.log | audit2allow -M local
-Generating type enforcment file: local.te
+Generating type enforcement file: local.te
Compiling policy: checkmodule -M -m -o local.mod local.te
Building package: semodule_package -o local.pp -m local.mod
diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1 diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1
new file mode 100644 new file mode 100644
index 0000000..a9e8893 index 0000000..a9e8893
@ -356,6 +369,32 @@ diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui
new file mode 100644 new file mode 100644
index 0000000..68ffcb7 index 0000000..68ffcb7
Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ
diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8
index f9ca36e..a86073f 100644
--- a/policycoreutils/load_policy/load_policy.8
+++ b/policycoreutils/load_policy/load_policy.8
@@ -19,7 +19,7 @@ values in the policy file.
suppress warning messages.
.TP
.B \-i
-inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
+initial policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
.SH "EXIT STATUS"
.TP
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
index 4963cdc..a55dbed 100644
--- a/policycoreutils/man/man5/selinux_config.5
+++ b/policycoreutils/man/man5/selinux_config.5
@@ -92,7 +92,7 @@ The binary policy name has by convention the SELinux policy version that it supp
.RS
This entry is deprecated and should be removed or set to \fI0\fR.
.sp
-If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customisation for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
+If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
.RE
.sp
.B REQUIRESEUSERS
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 8fbf2d0..3510f12 100644 index 8fbf2d0..3510f12 100644
--- a/policycoreutils/newrole/newrole.c --- a/policycoreutils/newrole/newrole.c
@ -488,6 +527,393 @@ index a377996..9c1486e 100644
refresh-po: Makefile refresh-po: Makefile
for cat in $(POFILES); do \ for cat in $(POFILES); do \
diff --git a/policycoreutils/po/es.po b/policycoreutils/po/es.po
index e84995e..a60b20e 100644
--- a/policycoreutils/po/es.po
+++ b/policycoreutils/po/es.po
@@ -3,7 +3,9 @@
# This file is distributed under the same license as the PACKAGE package.
#
# Translators:
+# Adolfo Jayme Barrientos <fitoschido@gmail.com>, 2013.
# Domingo Becker <domingobecker@gmail.com>, 2006, 2008.
+# <ehespinosa@ya.com>, 2013.
# Gladys Guerrero <gguerrer@redhat.com>, 2010,2012.
# Héctor Daniel Cabrera <logan@fedoraproject.org>, 2010.
msgid ""
@@ -11,8 +13,8 @@ msgstr ""
"Project-Id-Version: Policycoreutils\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2013-01-04 12:01-0500\n"
-"PO-Revision-Date: 2013-01-04 17:02+0000\n"
-"Last-Translator: dwalsh <dwalsh@redhat.com>\n"
+"PO-Revision-Date: 2013-02-23 11:46+0000\n"
+"Last-Translator: vareli <ehespinosa@ya.com>\n"
"Language-Team: Spanish <trans-es@lists.fedoraproject.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
@@ -288,7 +290,7 @@ msgstr "Rango MLS/MCS"
#: ../semanage/seobject.py:672
msgid "Service"
-msgstr ""
+msgstr "Servicio"
#: ../semanage/seobject.py:698 ../semanage/seobject.py:729
#: ../semanage/seobject.py:796 ../semanage/seobject.py:853
@@ -425,7 +427,7 @@ msgstr "Se requiere tipo"
#: ../semanage/seobject.py:1814
#, python-format
msgid "Type %s is invalid, must be a port type"
-msgstr ""
+msgstr "Tipo %s es no válido, debe ser un tipo de puerto"
#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062
#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123
@@ -547,12 +549,12 @@ msgstr "Falta el protocolo o es desconocido"
#: ../semanage/seobject.py:1256
msgid "SELinux node type is required"
-msgstr ""
+msgstr "Se requiere tipo de nodo SELinux"
#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327
#, python-format
msgid "Type %s is invalid, must be a node type"
-msgstr ""
+msgstr "Tipo %s es no válido, debe ser un tipo nodo"
#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331
#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465
@@ -786,7 +788,7 @@ msgstr "La especificación de archivo %s choca con la regla de equivalencia '%s
#: ../semanage/seobject.py:1755
#, python-format
msgid "Type %s is invalid, must be a file or device type"
-msgstr ""
+msgstr "Tipo %s es no válido, debe ser un tipo fichero o dispositivo"
#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768
#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906
@@ -2174,11 +2176,11 @@ msgstr "La ruta en la cual se almacenarán las páginas de manual generadas "
#: ../sepolicy/sepolicy.py:207
msgid "name of the OS for man pages"
-msgstr ""
+msgstr "nombre del SO para las páginas de manual"
#: ../sepolicy/sepolicy.py:209
msgid "Generate HTML man pages structure for selected SELinux man page"
-msgstr ""
+msgstr "General páginas de manual de estructura HTML para la página de manual SELinux seleccionada"
#: ../sepolicy/sepolicy.py:213
msgid "All domains"
@@ -2226,7 +2228,7 @@ msgstr "Solicita la política de SELinux para ver la descripción de booleanos"
#: ../sepolicy/sepolicy.py:280
msgid "get all booleans descriptions"
-msgstr ""
+msgstr "obtiene todas las descripciones booleanas"
#: ../sepolicy/sepolicy.py:282
msgid "boolean to get description"
@@ -2248,11 +2250,11 @@ msgstr "Dominio de proceso de destino"
#: ../sepolicy/sepolicy.py:327
msgid "Command required for this type of policy"
-msgstr ""
+msgstr "Comando requerido para este tipo de política"
#: ../sepolicy/sepolicy.py:347
msgid "List SELinux Policy interfaces"
-msgstr ""
+msgstr "Lista las interfaces de la Política SELinux"
#: ../sepolicy/sepolicy.py:362
msgid "Generate SELinux Policy module template"
@@ -2260,15 +2262,15 @@ msgstr "Generar plantilla para módulo de política SELinux"
#: ../sepolicy/sepolicy.py:365
msgid "Enter domain type which you will be extending"
-msgstr ""
+msgstr "Introduzca el tipo de dominio que usted estaría extendiendo"
#: ../sepolicy/sepolicy.py:368
msgid "Enter SELinux user(s) which will transition to this domain"
-msgstr ""
+msgstr "Introduzca el usuario(s) SELinux que transicionará a este dominio"
#: ../sepolicy/sepolicy.py:371
msgid "Enter domain(s) that this confined admin will administrate"
-msgstr ""
+msgstr "Introduzca el dominio(s) que este administrador confinado administrará"
#: ../sepolicy/sepolicy.py:374
msgid "name of policy to generate"
@@ -2276,7 +2278,7 @@ msgstr "Nombre de política a generar"
#: ../sepolicy/sepolicy.py:378
msgid "path in which the generated policy files will be stored"
-msgstr ""
+msgstr "ruta en la que los ficheros de política generados serán almacenados"
#: ../sepolicy/sepolicy.py:380
msgid "executable to confine"
@@ -2290,7 +2292,7 @@ msgstr "Ejecutable a confinar"
#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417
#, python-format
msgid "Generate Policy for %s"
-msgstr ""
+msgstr "Generar Política para %s"
#: ../sepolicy/sepolicy.py:422
msgid "commands"
@@ -2298,16 +2300,16 @@ msgstr "Comandos"
#: ../sepolicy/sepolicy.py:425
msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy"
-msgstr ""
+msgstr "Política SELinux suplente, por defecto a /sys/fs/selinux/policy"
#: ../sepolicy/sepolicy/__init__.py:48
msgid "No SELinux Policy installed"
-msgstr ""
+msgstr "No hay Política SELinux instalada"
#: ../sepolicy/sepolicy/__init__.py:54
#, python-format
msgid "Failed to read %s policy file"
-msgstr ""
+msgstr "Fallo al leer el fichero de política %s"
#: ../sepolicy/sepolicy/__init__.py:127
msgid "unknown"
@@ -2319,27 +2321,27 @@ msgstr "Demonio de los servicios de Internet"
#: ../sepolicy/sepolicy/generate.py:177
msgid "Existing Domain Type"
-msgstr ""
+msgstr "Tipo de Dominio Existente"
#: ../sepolicy/sepolicy/generate.py:178
msgid "Minimal Terminal Login User Role"
-msgstr ""
+msgstr "Rol de Acceso de Usuario de Terminal Mínimo"
#: ../sepolicy/sepolicy/generate.py:179
msgid "Minimal X Windows Login User Role"
-msgstr ""
+msgstr "Rol de Acceso de Usuario de X Windows Mínima"
#: ../sepolicy/sepolicy/generate.py:180
msgid "Desktop Login User Role"
-msgstr ""
+msgstr "Rol de Acceso de Usuario a Escritorio"
#: ../sepolicy/sepolicy/generate.py:181
msgid "Administrator Login User Role"
-msgstr ""
+msgstr "Rol de Acceso de Usuario Administrador"
#: ../sepolicy/sepolicy/generate.py:182
msgid "Confined Root Administrator Role"
-msgstr ""
+msgstr "Rol de Administrador Confinado Root"
#: ../sepolicy/sepolicy/generate.py:187
msgid "Valid Types:\n"
@@ -2352,12 +2354,12 @@ msgstr "Los puertos deben ser números o rangos de números entre 1 y %d"
#: ../sepolicy/sepolicy/generate.py:231
msgid "You must enter a valid policy type"
-msgstr ""
+msgstr "Debe introducir un tipo válido de política"
#: ../sepolicy/sepolicy/generate.py:234
#, python-format
msgid "You must enter a name for your policy module for your %s."
-msgstr ""
+msgstr "Debe introducir un nombre para su módulo de política para su %s."
#: ../sepolicy/sepolicy/generate.py:355
msgid ""
@@ -2396,7 +2398,7 @@ msgstr "USER Types automáticamente obtiene un tipo tmp"
#: ../sepolicy/sepolicy/generate.py:857
#, python-format
msgid "%s policy modules require existing domains"
-msgstr ""
+msgstr "%s módulo de política requieren dominios existentes"
#: ../sepolicy/sepolicy/generate.py:1059
msgid "You must enter the executable path for your confined process"
@@ -2416,7 +2418,7 @@ msgstr "Archivo de contextos de archivo"
#: ../sepolicy/sepolicy/generate.py:1324
msgid "Spec file"
-msgstr ""
+msgstr "Fichero spec"
#: ../sepolicy/sepolicy/generate.py:1325
msgid "Setup Script"
@@ -2438,11 +2440,11 @@ msgstr "Permite a amavis usar un compilador de JIT"
#: booleans.py:4
msgid "Allow antivirus programs to read non security files on a system"
-msgstr ""
+msgstr "Permitir a programas antivirus leer ficheros no asegurados sobre un sistema"
#: booleans.py:5
msgid "Allow auditadm to exec content"
-msgstr ""
+msgstr "Permitir al administrador de auditoria ejecutar contenido"
#: booleans.py:6
msgid ""
@@ -2456,11 +2458,11 @@ msgstr "Permite a usuarios iniciar sesión mediante un servidor Radius"
#: booleans.py:8
msgid "Allow users to login using a yubikey server"
-msgstr ""
+msgstr "Permite a los usuario acceder usando una servidor yubikey"
#: booleans.py:9
msgid "Allow awstats to purge Apache logs"
-msgstr ""
+msgstr "Permitir a awstats purgar los registros de Apache"
#: booleans.py:10
msgid ""
@@ -2528,11 +2530,11 @@ msgstr "Permite a todos los demonios la lectura y escritura de terminales"
#: booleans.py:25
msgid "Allow dan to manage user files"
-msgstr ""
+msgstr "Permitir a dan gestionar los archivos del usuario"
#: booleans.py:26
msgid "Allow dan to read user files"
-msgstr ""
+msgstr "Permitir a dan leer los archivos del usuario"
#: booleans.py:27
msgid "Allow dbadm to manage files in users home directories"
@@ -2599,7 +2601,7 @@ msgstr "Permite al dominio en valla ejecutar ssh."
#: booleans.py:42
msgid "Allow all domains to execute in fips_mode"
-msgstr ""
+msgstr "Permite ejecutar todos los dominios en modo fips"
#: booleans.py:43
msgid "Allow ftp to read and write files in the user home directories"
@@ -2699,7 +2701,7 @@ msgstr "Permite a GSSD leer el directorio temp. Para acceder a kerberos tgt."
#: booleans.py:64
msgid "Allow guest to exec content"
-msgstr ""
+msgstr "Permite al invitado ejecutar contenido"
#: booleans.py:65
msgid ""
@@ -2854,7 +2856,7 @@ msgstr "Permite a HTTPD acceder a puertos Openstack"
#: booleans.py:100
msgid "Allow Apache to query NS records"
-msgstr ""
+msgstr "Permite a Apache consultar registros NS"
#: booleans.py:101
msgid "Allow icecast to connect to all ports, not just sound ports."
@@ -2951,7 +2953,7 @@ msgstr "Permite a las aplicaciones confinadas usar memoria compartida NSCD "
#: booleans.py:122
msgid "Allow openshift to lockdown app"
-msgstr ""
+msgstr "Permite openshift para lockdown app"
#: booleans.py:123
msgid "Allow openvpn to read home directories"
@@ -3116,7 +3118,7 @@ msgstr "Permite a SASL leer sombra"
#: booleans.py:161
msgid "Allow secadm to exec content"
-msgstr ""
+msgstr "Permita a secadm ejecutar contenido"
#: booleans.py:162
msgid ""
@@ -3188,7 +3190,7 @@ msgstr "Permite a scripts y módulos HTTPD la conexión al puerto LDAP"
#: booleans.py:174
msgid "Allow user to use ssh chroot environment."
-msgstr ""
+msgstr "Permite al usuario usar el entorno ssh chroot"
#: booleans.py:175
msgid "Allow user music sharing"
@@ -3270,7 +3272,7 @@ msgstr "Permitir ingresos ssh como sysadm_r:sysadm_t"
#: booleans.py:191
msgid "Allow staff to exec content"
-msgstr ""
+msgstr "Permite a staff ejecutar contenido"
#: booleans.py:192
msgid "allow staff user to create and transition to svirt domains."
@@ -3278,7 +3280,7 @@ msgstr "Permite a scripts y módulos HTTPD la conexión al puerto LDAP"
#: booleans.py:193
msgid "Allow sysadm to exec content"
-msgstr ""
+msgstr "Permite a sysadm ejecutar contenido"
#: booleans.py:194
msgid ""
@@ -3297,7 +3299,7 @@ msgstr "Permite a tftp modificar los archivos públicos utilizados para servicio
#: booleans.py:197
msgid "Allow tftp to read and write files in the user home directories"
-msgstr ""
+msgstr "Permite a tftp leer y escribir archivos en los directorios home de usuario"
#: booleans.py:198
msgid "Allow tor daemon to bind tcp sockets to all unreserved ports."
@@ -3305,7 +3307,7 @@ msgstr "Permite a scripts y módulos HTTPD la conexión al puerto LDAP"
#: booleans.py:199
msgid "Allow tor to act as a relay"
-msgstr ""
+msgstr "Permite a tor actuar como relé"
#: booleans.py:200
msgid ""
@@ -3353,7 +3355,7 @@ msgstr "Soporta directorios principales de Samba"
#: booleans.py:210
msgid "Allow user to exec content"
-msgstr ""
+msgstr "Permite al usuario ejecutar contenido"
#: booleans.py:211
msgid "Allow varnishd to connect to all ports, not just HTTP."
@@ -3383,7 +3385,7 @@ msgstr "Permite a los huéspedes virtuales confinados administrar archivos NFS"
#: booleans.py:217
msgid "Allow confined virtual guests to interact with rawip sockets"
-msgstr ""
+msgstr "Permite a los invitados virtuales confinados interactuar con sockets rawip"
#: booleans.py:218
msgid "Allow confined virtual guests to manage cifs files"
@@ -3447,7 +3449,7 @@ msgstr "Permite a los usuario xguest configurar el Network Manager y conectar
#: booleans.py:232
msgid "Allow xguest to exec content"
-msgstr ""
+msgstr "Permite a xguest ejecutar contenido"
#: booleans.py:233
msgid "Allow xguest users to mount removable media"
diff --git a/policycoreutils/po/ja.po b/policycoreutils/po/ja.po diff --git a/policycoreutils/po/ja.po b/policycoreutils/po/ja.po
index 72ae12d..649d288 100644 index 72ae12d..649d288 100644
--- a/policycoreutils/po/ja.po --- a/policycoreutils/po/ja.po
@ -920,10 +1346,19 @@ index b629006..6631c2d 100644
parser.add_option("-l", "--level", dest="level", parser.add_option("-l", "--level", dest="level",
diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8 diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8
index 521afcd..a50eef2 100644 index 521afcd..ef90ce6 100644
--- a/policycoreutils/sandbox/sandbox.8 --- a/policycoreutils/sandbox/sandbox.8
+++ b/policycoreutils/sandbox/sandbox.8 +++ b/policycoreutils/sandbox/sandbox.8
@@ -70,7 +70,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz @@ -59,7 +59,7 @@ sandbox_net_t - All network ports
.TP
\fB\-T\ tmpdir
-Use alternate tempory directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
+Use alternate temporary directory to mount on /tmp. Defaults to tmpfs. Requires -X or -M.
.TP
\fB\-S
Run a full desktop session, Requires level, and home and tmpdir.
@@ -70,14 +70,14 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
\fB\-W windowmanager\fR \fB\-W windowmanager\fR
Select alternative window manager to run within Select alternative window manager to run within
.B sandbox -X. .B sandbox -X.
@ -932,6 +1367,14 @@ index 521afcd..a50eef2 100644
.TP .TP
\fB\-X\fR \fB\-X\fR
Create an X based Sandbox for gui apps, temporary files for Create an X based Sandbox for gui apps, temporary files for
$HOME and /tmp, secondary Xserver, defaults to sandbox_x_t
.TP
\fB\-d\fR
-Set the DPI value for the sanbox X Server. Defaults to the current X Sever DPI.
+Set the DPI value for the sandbox X Server. Defaults to the current X Sever DPI.
.TP
\fB\-c\fR
Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc.
diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh
index 23de6f6..171bb05 100644 index 23de6f6..171bb05 100644
--- a/policycoreutils/sandbox/sandboxX.sh --- a/policycoreutils/sandbox/sandboxX.sh
@ -958,18 +1401,40 @@ index 23de6f6..171bb05 100644
export DISPLAY=:$D export DISPLAY=:$D
cat > ~/seremote << __EOF cat > ~/seremote << __EOF
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index dbd5977..f10df39 100644 index dbd5977..68a80c7 100644
--- a/policycoreutils/sandbox/seunshare.c --- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c
@@ -962,7 +962,7 @@ int main(int argc, char **argv) { @@ -961,8 +961,9 @@ int main(int argc, char **argv) {
char *display = NULL;
char *LANG = NULL; char *LANG = NULL;
int rc = -1; int rc = -1;
+ char *resolved_path = NULL;
- if (unshare(CLONE_NEWNS) < 0) { - if (unshare(CLONE_NEWNS) < 0) {
+ if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0) { + if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0) {
perror(_("Failed to unshare")); perror(_("Failed to unshare"));
goto childerr; goto childerr;
} }
@@ -977,8 +978,10 @@ int main(int argc, char **argv) {
/* assume fsuid==ruid after this point */
if ((uid_t)setfsuid(uid) != 0) goto childerr;
+ resolved_path = realpath(pwd->pw_dir,NULL);
+ if (! resolved_path) goto childerr;
/* mount homedir and tmpdir, in this order */
- if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir,
+ if (homedir_s && seunshare_mount(homedir_s, resolved_path,
&st_homedir) != 0) goto childerr;
if (tmpdir_s && seunshare_mount(tmpdir_r, "/tmp",
&st_tmpdir_r) != 0) goto childerr;
@@ -1033,6 +1036,7 @@ int main(int argc, char **argv) {
execv(argv[optind], argv + optind);
fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno));
childerr:
+ free(resolved_path);
free(display);
free(LANG);
exit(-1);
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
index 201a988..f5d6e9d 100644 index 201a988..f5d6e9d 100644
--- a/policycoreutils/scripts/Makefile --- a/policycoreutils/scripts/Makefile
@ -998,6 +1463,28 @@ index 201a988..f5d6e9d 100644
install -m 644 chcat.8 $(MANDIR)/man8/ install -m 644 chcat.8 $(MANDIR)/man8/
clean: clean:
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
index 9ab7334..f263805 100644
--- a/policycoreutils/scripts/fixfiles.8
+++ b/policycoreutils/scripts/fixfiles.8
@@ -30,7 +30,7 @@ as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
-excluded from relabelling.
+excluded from relabeling.
.P
.B fixfiles onboot
will setup the machine to relabel on the next reboot.
@@ -56,7 +56,7 @@ Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and
.TP
.B -v
-Modify verbosity from progess to verbose. (Run restorecon with -v instead of -p)
+Modify verbosity from progress to verbose. (Run restorecon with -v instead of -p)
.SH "ARGUMENTS"
One of:
diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8 diff --git a/policycoreutils/scripts/genhomedircon.8 b/policycoreutils/scripts/genhomedircon.8
deleted file mode 100644 deleted file mode 100644
index 8ec509c..0000000 index 8ec509c..0000000
@ -1028,6 +1515,19 @@ index 8ec509c..0000000
- -
-.SH "SEE ALSO" -.SH "SEE ALSO"
-semanage.conf(5), semodule(8), semanage(8), getpwent(3), getpwent_r(3) -semanage.conf(5), semodule(8), semanage(8), getpwent(3), getpwent_r(3)
diff --git a/policycoreutils/secon/secon.1 b/policycoreutils/secon/secon.1
index 6c30734..5e7f885 100644
--- a/policycoreutils/secon/secon.1
+++ b/policycoreutils/secon/secon.1
@@ -96,7 +96,7 @@ If that argument is
.I -
then the context will be read from stdin.
.br
-If there is no arugment,
+If there is no argument,
.B secon
will try reading a context from stdin, if that is not a tty, otherwise
.B secon
diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile diff --git a/policycoreutils/semanage/default_encoding/Makefile b/policycoreutils/semanage/default_encoding/Makefile
new file mode 100644 new file mode 100644
index 0000000..e15a877 index 0000000..e15a877
@ -1350,6 +1850,18 @@ index 17b4fa5..6947b37 100644
parse_command_line(argc, argv); parse_command_line(argc, argv);
if (build) if (build)
diff --git a/policycoreutils/semodule_package/semodule_unpackage.8 b/policycoreutils/semodule_package/semodule_unpackage.8
index 62dd53e..d6e1be0 100644
--- a/policycoreutils/semodule_package/semodule_unpackage.8
+++ b/policycoreutils/semodule_package/semodule_unpackage.8
@@ -1,6 +1,6 @@
.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
.SH NAME
-semodule_unpackage \- Extract polciy module and file context file from an SELinux policy module unpackage.
+semodule_unpackage \- Extract policy module and file context file from an SELinux policy module unpackage.
.SH SYNOPSIS
.B semodule_unpackage <module> [<file contexts>]
diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile
index 11b534f..eb86eae 100644 index 11b534f..eb86eae 100644
--- a/policycoreutils/sepolicy/Makefile --- a/policycoreutils/sepolicy/Makefile
@ -1436,7 +1948,7 @@ index b6abdf5..c05c943 100644
Generate an additional HTML man pages for the specified domain(s). Generate an additional HTML man pages for the specified domain(s).
diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py diff --git a/policycoreutils/sepolicy/sepolicy.py b/policycoreutils/sepolicy/sepolicy.py
index b25d3b2..7a15d88 100755 index b25d3b2..600eee2 100755
--- a/policycoreutils/sepolicy/sepolicy.py --- a/policycoreutils/sepolicy/sepolicy.py
+++ b/policycoreutils/sepolicy/sepolicy.py +++ b/policycoreutils/sepolicy/sepolicy.py
@@ -22,6 +22,8 @@ @@ -22,6 +22,8 @@
@ -1448,12 +1960,74 @@ index b25d3b2..7a15d88 100755
from sepolicy import get_os_version from sepolicy import get_os_version
import argparse import argparse
import gettext import gettext
@@ -198,44 +200,44 @@ def network(args): @@ -45,7 +47,7 @@ class CheckPath(argparse.Action):
_print_net(d, net, "name_bind")
def manpage(args): class CheckType(argparse.Action):
- from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains def __call__(self, parser, namespace, values, option_string=None):
+ from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains, get_all_domains - from sepolicy.network import domains
+ domains = sepolicy.get_all_domains()
if isinstance(values,str):
setattr(namespace, self.dest, values)
@@ -60,7 +62,7 @@ class CheckType(argparse.Action):
class CheckDomain(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
- from sepolicy.network import domains
+ domains = sepolicy.get_all_domains()
if isinstance(values,str):
if values not in domains:
@@ -80,7 +82,6 @@ class CheckDomain(argparse.Action):
all_classes = None
class CheckClass(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
- import sepolicy
global all_classes
if not all_classes:
all_classes = map(lambda x: x['name'], sepolicy.info(sepolicy.TCLASS))
@@ -114,7 +115,7 @@ class CheckPort(argparse.Action):
class CheckPortType(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
- from sepolicy.network import port_types
+ domains = sepolicy.get_all_port_types()
newval = getattr(namespace, self.dest)
if not newval:
newval = []
@@ -140,19 +141,17 @@ class CheckPolicyType(argparse.Action):
class CheckUser(argparse.Action):
def __call__(self, parser, namespace, value, option_string=None):
- from sepolicy import get_all_users
newval = getattr(namespace, self.dest)
if not newval:
newval = []
- users = get_all_users()
+ users = sepolicy.get_all_users()
if value not in users:
raise ValueError("%s must be an SELinux user:\nValid users: %s" % (value, ", ".join(users)))
newval.append(value)
setattr(namespace, self.dest, newval)
def _print_net(src, protocol, perm):
- from sepolicy.network import get_network_connect
- portdict = get_network_connect(src, protocol, perm)
+ portdict = sepolicy.get_network_connect(src, protocol, perm)
if len(portdict) > 0:
print "%s: %s %s" % (src, protocol, perm)
for p in portdict:
@@ -160,7 +159,7 @@ def _print_net(src, protocol, perm):
print "\t" + recs
def network(args):
- from sepolicy.network import portrecsbynum, portrecs, get_network_connect
+ portrecs, portrecsbynum = sepolicy.gen_port_dict()
if args.list_ports:
all_ports = []
for i in portrecs:
@@ -201,41 +200,41 @@ def manpage(args):
from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
path = args.path path = args.path
- if args.policy: - if args.policy:
@ -1517,7 +2091,7 @@ index b25d3b2..7a15d88 100755
def gen_network_args(parser): def gen_network_args(parser):
net = parser.add_parser("network", net = parser.add_parser("network",
@@ -283,7 +285,6 @@ def gen_communicate_args(parser): @@ -283,7 +282,6 @@ def gen_communicate_args(parser):
comm.set_defaults(func=communicate) comm.set_defaults(func=communicate)
def booleans(args): def booleans(args):
@ -1525,7 +2099,7 @@ index b25d3b2..7a15d88 100755
from sepolicy import boolean_desc from sepolicy import boolean_desc
if args.all: if args.all:
rc, args.booleans = selinux.security_get_boolean_names() rc, args.booleans = selinux.security_get_boolean_names()
@@ -461,7 +462,10 @@ if __name__ == '__main__': @@ -461,7 +459,10 @@ if __name__ == '__main__':
gen_transition_args(subparsers) gen_transition_args(subparsers)
try: try:

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.14 Version: 2.1.14
Release: 13%{?dist} Release: 14%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -324,6 +324,10 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %{_bindir}/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Thu Feb 28 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-14
- Allow users with symlinked homedirs to work. call realpath on homedir
- Fix sepolicy reorganization of helper functions.
* Sun Feb 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-13 * Sun Feb 24 2013 Dan Walsh <dwalsh@redhat.com> - 2.1.14-13
- Update trans - Update trans
- Fix sepolicy reorganization of helper functions. - Fix sepolicy reorganization of helper functions.