From 55a700506744911fd3f9f3e15d8d7bcb92d8aea5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 4 Jan 2009 19:46:52 +0000 Subject: [PATCH] * Mon Dec 15 2008 Dan Walsh 2.0.60-6 - fix audit2allow man page --- policycoreutils-gui.patch | 1514 ++++++++++++++++++------------------ policycoreutils-rhat.patch | 40 +- policycoreutils.spec | 5 +- 3 files changed, 786 insertions(+), 773 deletions(-) diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 4f1e670..a10d7eb 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -1,47 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.57/gui/Makefile ---- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/Makefile 2008-10-10 16:04:46.000000000 -0400 -@@ -0,0 +1,37 @@ -+# Installation directories. -+PREFIX ?= ${DESTDIR}/usr -+SHAREDIR ?= $(PREFIX)/share/system-config-selinux -+ -+TARGETS= \ -+booleansPage.py \ -+fcontextPage.py \ -+html_util.py \ -+loginsPage.py \ -+mappingsPage.py \ -+modulesPage.py \ -+polgen.py \ -+polgen.glade \ -+portsPage.py \ -+lockdown.glade \ -+semanagePage.py \ -+statusPage.py \ -+system-config-selinux.glade \ -+translationsPage.py \ -+usersPage.py \ -+selinux.tbl -+ -+all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py -+ -+install: all -+ -mkdir -p $(SHAREDIR)/templates -+ install -m 755 system-config-selinux.py $(SHAREDIR) -+ install -m 755 polgengui.py $(SHAREDIR) -+ install -m 755 lockdown.py $(SHAREDIR) -+ install -m 644 $(TARGETS) $(SHAREDIR) -+ install -m 644 templates/*.py $(SHAREDIR)/templates/ -+ -+clean: -+ -+indent: -+ -+relabel: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.57/gui/booleansPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.60/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/booleansPage.py 2008-10-29 12:39:48.000000000 -0400 ++++ policycoreutils-2.0.60/gui/booleansPage.py 2008-12-15 15:34:54.000000000 -0500 @@ -0,0 +1,247 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel @@ -290,9 +249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + self.load(self.filter) + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.57/gui/fcontextPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.60/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/fcontextPage.py 2008-10-29 12:39:26.000000000 -0400 ++++ policycoreutils-2.0.60/gui/fcontextPage.py 2008-12-15 15:34:54.000000000 -0500 @@ -0,0 +1,223 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -517,9 +476,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + self.store.set_value(iter, SPEC_COL, fspec) + self.store.set_value(iter, FTYPE_COL, ftype) + self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.57/gui/html_util.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.60/gui/html_util.py --- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/html_util.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/html_util.py 2008-12-15 15:34:54.000000000 -0500 @@ -0,0 +1,164 @@ +# Authors: John Dennis +# @@ -685,9 +644,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policyc + doc += tail + return doc + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.57/gui/lockdown.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.60/gui/lockdown.glade --- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/lockdown.glade 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/lockdown.glade 2008-12-15 15:34:54.000000000 -0500 @@ -0,0 +1,771 @@ + + @@ -1460,9 +1419,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.57/gui/lockdown.gladep +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.60/gui/lockdown.gladep --- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/lockdown.gladep 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/lockdown.gladep 2008-12-15 15:34:54.000000000 -0500 @@ -0,0 +1,7 @@ + + @@ -1471,9 +1430,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep poli + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.57/gui/lockdown.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.60/gui/lockdown.py --- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/lockdown.py 2008-10-29 12:39:00.000000000 -0400 ++++ policycoreutils-2.0.60/gui/lockdown.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,382 @@ +#!/usr/bin/python +# @@ -1857,9 +1816,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco + + app = booleanWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.57/gui/loginsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.60/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/loginsPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/loginsPage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,185 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2046,9 +2005,50 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.57/gui/mappingsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.60/gui/Makefile +--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.60/gui/Makefile 2008-12-15 15:34:54.000000000 -0500 +@@ -0,0 +1,37 @@ ++# Installation directories. ++PREFIX ?= ${DESTDIR}/usr ++SHAREDIR ?= $(PREFIX)/share/system-config-selinux ++ ++TARGETS= \ ++booleansPage.py \ ++fcontextPage.py \ ++html_util.py \ ++loginsPage.py \ ++mappingsPage.py \ ++modulesPage.py \ ++polgen.py \ ++polgen.glade \ ++portsPage.py \ ++lockdown.glade \ ++semanagePage.py \ ++statusPage.py \ ++system-config-selinux.glade \ ++translationsPage.py \ ++usersPage.py \ ++selinux.tbl ++ ++all: $(TARGETS) system-config-selinux.py polgengui.py templates lockdown.py ++ ++install: all ++ -mkdir -p $(SHAREDIR)/templates ++ install -m 755 system-config-selinux.py $(SHAREDIR) ++ install -m 755 polgengui.py $(SHAREDIR) ++ install -m 755 lockdown.py $(SHAREDIR) ++ install -m 644 $(TARGETS) $(SHAREDIR) ++ install -m 644 templates/*.py $(SHAREDIR)/templates/ ++ ++clean: ++ ++indent: ++ ++relabel: +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.60/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/mappingsPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/mappingsPage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,56 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2106,9 +2106,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.57/gui/modulesPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.60/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/modulesPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/modulesPage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,195 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2305,9 +2305,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.57/gui/polgen.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.60/gui/polgen.glade --- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/polgen.glade 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/polgen.glade 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,3284 @@ + + @@ -5593,9 +5593,636 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.57/gui/polgen.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.60/gui/polgengui.py +--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.60/gui/polgengui.py 2008-12-15 15:34:55.000000000 -0500 +@@ -0,0 +1,623 @@ ++#!/usr/bin/python -E ++# ++# polgengui.py - GUI for SELinux Config tool in system-config-selinux ++# ++# Dan Walsh ++# ++# Copyright 2007, 2008 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++import signal ++import string ++import gtk ++import gtk.glade ++import os ++import gobject ++import gnome ++import sys ++import polgen ++import re ++import commands ++ ++ ++## ++## I18N ++## ++PROGNAME="policycoreutils" ++ ++import gettext ++gettext.bindtextdomain(PROGNAME, "/usr/share/locale") ++gettext.textdomain(PROGNAME) ++try: ++ gettext.install(PROGNAME, ++ localedir="/usr/share/locale", ++ unicode=False, ++ codeset = 'utf-8') ++except IOError: ++ import __builtin__ ++ __builtin__.__dict__['_'] = unicode ++ ++gnome.program_init("SELinux Policy Generation Tool", "5") ++ ++version = "1.0" ++ ++sys.path.append('/usr/share/system-config-selinux') ++sys.path.append('.') ++ ++# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html ++def foreach(model, path, iter, selected): ++ selected.append(model.get_value(iter, 0)) ++ ++## ++## Pull in the Glade file ++## ++if os.access("polgen.glade", os.F_OK): ++ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME) ++else: ++ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME) ++ ++FILE = 1 ++DIR = 2 ++ ++class childWindow: ++ START_PAGE = 0 ++ SELECT_TYPE_PAGE = 1 ++ APP_PAGE = 2 ++ EXISTING_USER_PAGE = 3 ++ TRANSITION_PAGE = 4 ++ USER_TRANSITION_PAGE = 5 ++ ADMIN_PAGE = 6 ++ ROLE_PAGE = 7 ++ IN_NET_PAGE = 8 ++ OUT_NET_PAGE = 9 ++ COMMON_APPS_PAGE = 10 ++ FILES_PAGE = 11 ++ BOOLEAN_PAGE = 12 ++ SELECT_DIR_PAGE = 13 ++ GEN_POLICY_PAGE = 14 ++ GEN_USER_POLICY_PAGE = 15 ++ ++ def __init__(self): ++ self.xml = xml ++ self.all_types=polgen.get_all_types() ++ self.all_modules=polgen.get_all_modules() ++ self.name="" ++ xml.signal_connect("on_delete_clicked", self.delete) ++ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean) ++ xml.signal_connect("on_exec_select_clicked", self.exec_select) ++ xml.signal_connect("on_init_script_select_clicked", self.init_script_select) ++ xml.signal_connect("on_add_clicked", self.add) ++ xml.signal_connect("on_add_boolean_clicked", self.add_boolean) ++ xml.signal_connect("on_add_dir_clicked", self.add_dir) ++ xml.signal_connect("on_about_clicked", self.on_about_clicked) ++ xml.get_widget ("cancel_button").connect("clicked",self.quit) ++ self.forward_button = xml.get_widget ("forward_button") ++ self.forward_button.connect("clicked",self.forward) ++ self.back_button = xml.get_widget ("back_button") ++ self.back_button.connect("clicked",self.back) ++ ++ self.boolean_dialog = xml.get_widget ("boolean_dialog") ++ self.boolean_name_entry = xml.get_widget ("boolean_name_entry") ++ self.boolean_description_entry = xml.get_widget ("boolean_description_entry") ++ ++ self.notebook = xml.get_widget ("notebook1") ++ self.pages={} ++ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ] ++ for i in polgen.USERS: ++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] ++ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] ++ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] ++ ++ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] ++ ++ for i in polgen.APPLICATIONS: ++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE] ++ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE] ++ ++ self.current_page = 0 ++ self.back_button.set_sensitive(0) ++ ++ self.network_buttons = {} ++ ++ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton") ++ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton") ++ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton") ++ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry") ++ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ] ++ ++ ++ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton") ++ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton") ++ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton") ++ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry") ++ ++ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ] ++ ++ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton") ++ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton") ++ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton") ++ self.in_udp_entry = self.xml.get_widget("in_udp_entry") ++ ++ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ] ++ ++ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton") ++ self.out_udp_entry = self.xml.get_widget("out_udp_entry") ++ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ] ++ ++ for b in self.network_buttons.keys(): ++ b.connect("clicked",self.network_all_clicked) ++ ++ self.boolean_treeview = self.xml.get_widget("boolean_treeview") ++ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING) ++ self.boolean_treeview.set_model(self.boolean_store) ++ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING) ++ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0) ++ self.boolean_treeview.append_column(col) ++ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1) ++ self.boolean_treeview.append_column(col) ++ ++ self.role_treeview = self.xml.get_widget("role_treeview") ++ self.role_store = gtk.ListStore(gobject.TYPE_STRING) ++ self.role_treeview.set_model(self.role_store) ++ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) ++ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING) ++ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0) ++ self.role_treeview.append_column(col) ++ ++ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview") ++ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING) ++ self.existing_user_treeview.set_model(self.existing_user_store) ++ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING) ++ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0) ++ self.existing_user_treeview.append_column(col) ++ ++ roles = polgen.get_all_roles() ++ for i in roles: ++ iter = self.role_store.append() ++ self.role_store.set_value(iter, 0, i[:-2]) ++ ++ self.types = polgen.get_all_types() ++ ++ self.transition_treeview = self.xml.get_widget("transition_treeview") ++ self.transition_store = gtk.ListStore(gobject.TYPE_STRING) ++ self.transition_treeview.set_model(self.transition_store) ++ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) ++ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING) ++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) ++ self.transition_treeview.append_column(col) ++ ++ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview") ++ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING) ++ self.user_transition_treeview.set_model(self.user_transition_store) ++ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) ++ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING) ++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) ++ self.user_transition_treeview.append_column(col) ++ ++ for i in polgen.get_all_users(): ++ iter = self.user_transition_store.append() ++ self.user_transition_store.set_value(iter, 0, i) ++ iter = self.existing_user_store.append() ++ self.existing_user_store.set_value(iter, 0, i) ++ ++ self.admin_treeview = self.xml.get_widget("admin_treeview") ++ self.admin_store = gtk.ListStore(gobject.TYPE_STRING) ++ self.admin_treeview.set_model(self.admin_store) ++ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) ++ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING) ++ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) ++ self.admin_treeview.append_column(col) ++ ++ for i in polgen.methods: ++ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i) ++ if len(m) > 0: ++ if "%s_exec" % m[0] in self.types: ++ iter = self.transition_store.append() ++ self.transition_store.set_value(iter, 0, m[0]) ++ continue ++ ++ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i) ++ if len(m) > 0: ++ iter = self.admin_store.append() ++ self.admin_store.set_value(iter, 0, m[0]) ++ continue ++ ++ def confine_application(self): ++ return self.get_type() in polgen.APPLICATIONS ++ ++ def forward(self, arg): ++ type = self.get_type() ++ if self.current_page == self.START_PAGE: ++ self.back_button.set_sensitive(1) ++ ++ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE: ++ if self.on_select_type_page_next(): ++ return ++ ++ if self.pages[type][self.current_page] == self.IN_NET_PAGE: ++ if self.on_in_net_page_next(): ++ return ++ ++ if self.pages[type][self.current_page] == self.OUT_NET_PAGE: ++ if self.on_out_net_page_next(): ++ return ++ ++ if self.pages[type][self.current_page] == self.APP_PAGE: ++ if self.on_name_page_next(): ++ return ++ ++ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE: ++ if self.on_existing_user_page_next(): ++ return ++ ++ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE: ++ outputdir = self.output_entry.get_text() ++ if not os.path.isdir(outputdir): ++ self.error(_("%s must be a directory") % outputdir ) ++ return False ++ ++ if self.pages[type][self.current_page] in self.finish_page: ++ self.generate_policy() ++ else: ++ self.current_page = self.current_page + 1 ++ self.notebook.set_current_page(self.pages[type][self.current_page]) ++ if self.pages[type][self.current_page] in self.finish_page: ++ self.forward_button.set_label(gtk.STOCK_APPLY) ++ ++ def back(self,arg): ++ type = self.get_type() ++ if self.pages[type][self.current_page] in self.finish_page: ++ self.forward_button.set_label(gtk.STOCK_GO_FORWARD) ++ ++ self.current_page = self.current_page - 1 ++ self.notebook.set_current_page(self.pages[type][self.current_page]) ++ if self.current_page == 0: ++ self.back_button.set_sensitive(0) ++ ++ def network_all_clicked(self, button): ++ active = button.get_active() ++ for b in self.network_buttons[button]: ++ b.set_sensitive(not active) ++ ++ def verify(self, message, title="" ): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, ++ gtk.BUTTONS_YES_NO, ++ message) ++ dlg.set_title(title) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ rc = dlg.run() ++ dlg.destroy() ++ return rc ++ ++ def info(self, message): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, ++ gtk.BUTTONS_OK, ++ message) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ dlg.run() ++ dlg.destroy() ++ ++ def error(self, message): ++ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, ++ gtk.BUTTONS_CLOSE, ++ message) ++ dlg.set_position(gtk.WIN_POS_MOUSE) ++ dlg.show_all() ++ dlg.run() ++ dlg.destroy() ++ ++ def get_name(self): ++ if self.existing_user_radiobutton.get_active(): ++ store, iter = self.existing_user_treeview.get_selection().get_selected() ++ if iter == None: ++ raise(_("You must select a user")) ++ return store.get_value(iter, 0) ++ else: ++ return self.name_entry.get_text() ++ ++ def get_type(self): ++ if self.cgi_radiobutton.get_active(): ++ return polgen.CGI ++ if self.user_radiobutton.get_active(): ++ return polgen.USER ++ if self.init_radiobutton.get_active(): ++ return polgen.DAEMON ++ if self.inetd_radiobutton.get_active(): ++ return polgen.INETD ++ if self.login_user_radiobutton.get_active(): ++ return polgen.LUSER ++ if self.admin_user_radiobutton.get_active(): ++ return polgen.AUSER ++ if self.xwindows_user_radiobutton.get_active(): ++ return polgen.XUSER ++ if self.terminal_user_radiobutton.get_active(): ++ return polgen.TUSER ++ if self.root_user_radiobutton.get_active(): ++ return polgen.RUSER ++ if self.existing_user_radiobutton.get_active(): ++ return polgen.EUSER ++ ++ def generate_policy(self, *args): ++ outputdir = self.output_entry.get_text() ++ try: ++ my_policy=polgen.policy(self.get_name(), self.get_type()) ++ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text()) ++ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text()) ++ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text()) ++ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text()) ++ ++ iter= self.boolean_store.get_iter_first() ++ while(iter): ++ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) ++ iter= self.boolean_store.iter_next(iter) ++ ++ if self.get_type() in polgen.APPLICATIONS: ++ my_policy.set_program(self.exec_entry.get_text()) ++ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1) ++ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1) ++ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1) ++ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1) ++ ++ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1) ++ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1) ++ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1) ++ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) ++ if self.get_type() is polgen.DAEMON: ++ my_policy.set_init_script(self.init_script_entry.get_text()) ++ if self.get_type() == polgen.USER: ++ selected = [] ++ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) ++ my_policy.set_transition_users(selected) ++ else: ++ if self.get_type() == polgen.RUSER: ++ selected = [] ++ self.admin_treeview.get_selection().selected_foreach(foreach, selected) ++ my_policy.set_admin_domains(selected) ++ selected = [] ++ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) ++ my_policy.set_transition_users(selected) ++ else: ++ selected = [] ++ self.transition_treeview.get_selection().selected_foreach(foreach, selected) ++ my_policy.set_transition_domains(selected) ++ ++ selected = [] ++ self.role_treeview.get_selection().selected_foreach(foreach, selected) ++ my_policy.set_admin_roles(selected) ++ ++ iter= self.store.get_iter_first() ++ while(iter): ++ if self.store.get_value(iter, 1) == FILE: ++ my_policy.add_file(self.store.get_value(iter, 0)) ++ else: ++ my_policy.add_dir(self.store.get_value(iter, 0)) ++ iter= self.store.iter_next(iter) ++ ++ self.info(my_policy.generate(outputdir)) ++ return False ++ except ValueError, e: ++ self.error(e.message) ++ ++ def delete(self, args): ++ store, iter = self.view.get_selection().get_selected() ++ if iter != None: ++ store.remove(iter) ++ self.view.get_selection().select_path ((0,)) ++ ++ def delete_boolean(self, args): ++ store, iter = self.boolean_treeview.get_selection().get_selected() ++ if iter != None: ++ store.remove(iter) ++ self.boolean_treeview.get_selection().select_path ((0,)) ++ ++ def add_boolean(self,type): ++ self.boolean_name_entry.set_text("") ++ self.boolean_description_entry.set_text("") ++ rc = self.boolean_dialog.run() ++ self.boolean_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ iter = self.boolean_store.append() ++ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text()) ++ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text()) ++ ++ def __add(self,type): ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ for i in self.file_dialog.get_filenames(): ++ iter = self.store.append() ++ self.store.set_value(iter, 0, i) ++ self.store.set_value(iter, 1, type) ++ ++ def exec_select(self, args): ++ self.file_dialog.set_select_multiple(0) ++ self.file_dialog.set_title(_("Select executable file to be confined.")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) ++ self.file_dialog.set_current_folder("/usr/sbin") ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ self.exec_entry.set_text(self.file_dialog.get_filename()) ++ ++ def init_script_select(self, args): ++ self.file_dialog.set_select_multiple(0) ++ self.file_dialog.set_title(_("Select init script file to be confined.")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) ++ self.file_dialog.set_current_folder("/etc/rc.d/init.d") ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ self.init_script_entry.set_text(self.file_dialog.get_filename()) ++ ++ def add(self, args): ++ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes")) ++ self.file_dialog.set_current_folder("/") ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) ++ self.file_dialog.set_select_multiple(1) ++ self.__add(FILE) ++ ++ def add_dir(self, args): ++ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into")) ++ self.file_dialog.set_current_folder("/") ++ self.file_dialog.set_select_multiple(1) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) ++ self.__add(DIR) ++ ++ def on_about_clicked(self, args): ++ dlg = xml.get_widget ("about_dialog") ++ dlg.run () ++ dlg.hide () ++ ++ def quit(self, args): ++ gtk.main_quit() ++ ++ def setupScreen(self): ++ # Bring in widgets from glade file. ++ self.mainWindow = self.xml.get_widget("main_window") ++ self.druid = self.xml.get_widget("druid") ++ self.type = 0 ++ self.name_entry = self.xml.get_widget("name_entry") ++ self.name_entry.connect("focus_out_event",self.on_name_entry_changed) ++ self.exec_entry = self.xml.get_widget("exec_entry") ++ self.exec_button = self.xml.get_widget("exec_button") ++ self.init_script_entry = self.xml.get_widget("init_script_entry") ++ self.init_script_button = self.xml.get_widget("init_script_button") ++ self.output_entry = self.xml.get_widget("output_entry") ++ self.output_entry.set_text(os.getcwd()) ++ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked) ++ ++ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton") ++ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton") ++ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton") ++ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton") ++ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton") ++ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton") ++ ++ self.user_radiobutton = self.xml.get_widget("user_radiobutton") ++ self.init_radiobutton = self.xml.get_widget("init_radiobutton") ++ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton") ++ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton") ++ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton") ++ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton") ++ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton") ++ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton") ++ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton") ++ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton") ++ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton") ++ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton") ++ self.view = self.xml.get_widget("write_treeview") ++ self.file_dialog = self.xml.get_widget("filechooserdialog") ++ ++ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT) ++ self.view.set_model(self.store) ++ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) ++ col.set_resizable(True) ++ self.view.append_column(col) ++ self.view.get_selection().select_path ((0,)) ++ ++ def output_button_clicked(self, *args): ++ self.file_dialog.set_title(_("Select directory to generate policy files in")) ++ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) ++ self.file_dialog.set_select_multiple(0) ++ rc = self.file_dialog.run() ++ self.file_dialog.hide() ++ if rc == gtk.RESPONSE_CANCEL: ++ return ++ self.output_entry.set_text(self.file_dialog.get_filename()) ++ ++ def on_name_entry_changed(self, entry, third): ++ name = entry.get_text() ++ if self.name != name: ++ if name in self.all_types: ++ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: ++ entry.set_text("") ++ return False ++ if name in self.all_modules: ++ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: ++ entry.set_text("") ++ return False ++ ++ file = "/etc/rc.d/init.d/" + name ++ if os.path.isfile(file) and self.init_script_entry.get_text() == "": ++ self.init_script_entry.set_text(file) ++ ++ file = "/usr/sbin/" + name ++ if os.path.isfile(file) and self.exec_entry.get_text() == "": ++ self.exec_entry.set_text(file) ++ ++ self.name = name ++ return False ++ ++ def on_in_net_page_next(self, *args): ++ try: ++ polgen.verify_ports(self.in_tcp_entry.get_text()) ++ polgen.verify_ports(self.in_udp_entry.get_text()) ++ except ValueError, e: ++ self.error(e.message) ++ return True ++ ++ def on_out_net_page_next(self, *args): ++ try: ++ polgen.verify_ports(self.out_tcp_entry.get_text()) ++ polgen.verify_ports(self.out_udp_entry.get_text()) ++ except ValueError, e: ++ self.error(e.message) ++ return True ++ ++ def on_select_type_page_next(self, *args): ++ self.exec_entry.set_sensitive(self.confine_application()) ++ self.exec_button.set_sensitive(self.confine_application()) ++ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active()) ++ self.init_script_button.set_sensitive(self.init_radiobutton.get_active()) ++ ++ def on_existing_user_page_next(self, *args): ++ store, iter = self.view.get_selection().get_selected() ++ if iter != None: ++ self.error(_("You must select a user")) ++ return True ++ ++ def on_name_page_next(self, *args): ++ name=self.name_entry.get_text() ++ if name == "": ++ self.error(_("You must enter a name")) ++ return True ++ ++ if self.confine_application(): ++ exe = self.exec_entry.get_text() ++ if exe == "": ++ self.error(_("You must enter a executable")) ++ return True ++ ++ def stand_alone(self): ++ desktopName = _("Configue SELinux") ++ ++ self.setupScreen() ++ self.mainWindow.connect("destroy", self.quit) ++ ++ self.mainWindow.show_all() ++ gtk.main() ++ ++if __name__ == "__main__": ++ signal.signal (signal.SIGINT, signal.SIG_DFL) ++ ++ app = childWindow() ++ app.stand_alone() +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.60/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/polgen.py 2008-10-29 12:39:33.000000000 -0400 ++++ policycoreutils-2.0.60/gui/polgen.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,925 @@ +#!/usr/bin/python +# @@ -6522,636 +7149,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + sys.exit(0) + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.57/gui/polgengui.py ---- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/polgengui.py 2008-10-29 12:38:52.000000000 -0400 -@@ -0,0 +1,623 @@ -+#!/usr/bin/python -E -+# -+# polgengui.py - GUI for SELinux Config tool in system-config-selinux -+# -+# Dan Walsh -+# -+# Copyright 2007, 2008 Red Hat, Inc. -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+import signal -+import string -+import gtk -+import gtk.glade -+import os -+import gobject -+import gnome -+import sys -+import polgen -+import re -+import commands -+ -+ -+## -+## I18N -+## -+PROGNAME="policycoreutils" -+ -+import gettext -+gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -+gettext.textdomain(PROGNAME) -+try: -+ gettext.install(PROGNAME, -+ localedir="/usr/share/locale", -+ unicode=False, -+ codeset = 'utf-8') -+except IOError: -+ import __builtin__ -+ __builtin__.__dict__['_'] = unicode -+ -+gnome.program_init("SELinux Policy Generation Tool", "5") -+ -+version = "1.0" -+ -+sys.path.append('/usr/share/system-config-selinux') -+sys.path.append('.') -+ -+# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html -+def foreach(model, path, iter, selected): -+ selected.append(model.get_value(iter, 0)) -+ -+## -+## Pull in the Glade file -+## -+if os.access("polgen.glade", os.F_OK): -+ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME) -+else: -+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME) -+ -+FILE = 1 -+DIR = 2 -+ -+class childWindow: -+ START_PAGE = 0 -+ SELECT_TYPE_PAGE = 1 -+ APP_PAGE = 2 -+ EXISTING_USER_PAGE = 3 -+ TRANSITION_PAGE = 4 -+ USER_TRANSITION_PAGE = 5 -+ ADMIN_PAGE = 6 -+ ROLE_PAGE = 7 -+ IN_NET_PAGE = 8 -+ OUT_NET_PAGE = 9 -+ COMMON_APPS_PAGE = 10 -+ FILES_PAGE = 11 -+ BOOLEAN_PAGE = 12 -+ SELECT_DIR_PAGE = 13 -+ GEN_POLICY_PAGE = 14 -+ GEN_USER_POLICY_PAGE = 15 -+ -+ def __init__(self): -+ self.xml = xml -+ self.all_types=polgen.get_all_types() -+ self.all_modules=polgen.get_all_modules() -+ self.name="" -+ xml.signal_connect("on_delete_clicked", self.delete) -+ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean) -+ xml.signal_connect("on_exec_select_clicked", self.exec_select) -+ xml.signal_connect("on_init_script_select_clicked", self.init_script_select) -+ xml.signal_connect("on_add_clicked", self.add) -+ xml.signal_connect("on_add_boolean_clicked", self.add_boolean) -+ xml.signal_connect("on_add_dir_clicked", self.add_dir) -+ xml.signal_connect("on_about_clicked", self.on_about_clicked) -+ xml.get_widget ("cancel_button").connect("clicked",self.quit) -+ self.forward_button = xml.get_widget ("forward_button") -+ self.forward_button.connect("clicked",self.forward) -+ self.back_button = xml.get_widget ("back_button") -+ self.back_button.connect("clicked",self.back) -+ -+ self.boolean_dialog = xml.get_widget ("boolean_dialog") -+ self.boolean_name_entry = xml.get_widget ("boolean_name_entry") -+ self.boolean_description_entry = xml.get_widget ("boolean_description_entry") -+ -+ self.notebook = xml.get_widget ("notebook1") -+ self.pages={} -+ self.finish_page = [ self.GEN_POLICY_PAGE, self.GEN_USER_POLICY_PAGE ] -+ for i in polgen.USERS: -+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] -+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] -+ self.pages[polgen.LUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] -+ -+ self.pages[polgen.EUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_USER_POLICY_PAGE] -+ -+ for i in polgen.APPLICATIONS: -+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE] -+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE, self.GEN_POLICY_PAGE] -+ -+ self.current_page = 0 -+ self.back_button.set_sensitive(0) -+ -+ self.network_buttons = {} -+ -+ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton") -+ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton") -+ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton") -+ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry") -+ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ] -+ -+ -+ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton") -+ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton") -+ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton") -+ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry") -+ -+ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ] -+ -+ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton") -+ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton") -+ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton") -+ self.in_udp_entry = self.xml.get_widget("in_udp_entry") -+ -+ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ] -+ -+ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton") -+ self.out_udp_entry = self.xml.get_widget("out_udp_entry") -+ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ] -+ -+ for b in self.network_buttons.keys(): -+ b.connect("clicked",self.network_all_clicked) -+ -+ self.boolean_treeview = self.xml.get_widget("boolean_treeview") -+ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING) -+ self.boolean_treeview.set_model(self.boolean_store) -+ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0) -+ self.boolean_treeview.append_column(col) -+ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1) -+ self.boolean_treeview.append_column(col) -+ -+ self.role_treeview = self.xml.get_widget("role_treeview") -+ self.role_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.role_treeview.set_model(self.role_store) -+ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0) -+ self.role_treeview.append_column(col) -+ -+ self.existing_user_treeview = self.xml.get_widget("existing_user_treeview") -+ self.existing_user_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.existing_user_treeview.set_model(self.existing_user_store) -+ self.existing_user_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Existing_User"), gtk.CellRendererText(), text = 0) -+ self.existing_user_treeview.append_column(col) -+ -+ roles = polgen.get_all_roles() -+ for i in roles: -+ iter = self.role_store.append() -+ self.role_store.set_value(iter, 0, i[:-2]) -+ -+ self.types = polgen.get_all_types() -+ -+ self.transition_treeview = self.xml.get_widget("transition_treeview") -+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.transition_treeview.set_model(self.transition_store) -+ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) -+ self.transition_treeview.append_column(col) -+ -+ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview") -+ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.user_transition_treeview.set_model(self.user_transition_store) -+ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) -+ self.user_transition_treeview.append_column(col) -+ -+ for i in polgen.get_all_users(): -+ iter = self.user_transition_store.append() -+ self.user_transition_store.set_value(iter, 0, i) -+ iter = self.existing_user_store.append() -+ self.existing_user_store.set_value(iter, 0, i) -+ -+ self.admin_treeview = self.xml.get_widget("admin_treeview") -+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING) -+ self.admin_treeview.set_model(self.admin_store) -+ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE) -+ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING) -+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) -+ self.admin_treeview.append_column(col) -+ -+ for i in polgen.methods: -+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i) -+ if len(m) > 0: -+ if "%s_exec" % m[0] in self.types: -+ iter = self.transition_store.append() -+ self.transition_store.set_value(iter, 0, m[0]) -+ continue -+ -+ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i) -+ if len(m) > 0: -+ iter = self.admin_store.append() -+ self.admin_store.set_value(iter, 0, m[0]) -+ continue -+ -+ def confine_application(self): -+ return self.get_type() in polgen.APPLICATIONS -+ -+ def forward(self, arg): -+ type = self.get_type() -+ if self.current_page == self.START_PAGE: -+ self.back_button.set_sensitive(1) -+ -+ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE: -+ if self.on_select_type_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.IN_NET_PAGE: -+ if self.on_in_net_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE: -+ if self.on_out_net_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.APP_PAGE: -+ if self.on_name_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.EXISTING_USER_PAGE: -+ if self.on_existing_user_page_next(): -+ return -+ -+ if self.pages[type][self.current_page] == self.SELECT_DIR_PAGE: -+ outputdir = self.output_entry.get_text() -+ if not os.path.isdir(outputdir): -+ self.error(_("%s must be a directory") % outputdir ) -+ return False -+ -+ if self.pages[type][self.current_page] in self.finish_page: -+ self.generate_policy() -+ else: -+ self.current_page = self.current_page + 1 -+ self.notebook.set_current_page(self.pages[type][self.current_page]) -+ if self.pages[type][self.current_page] in self.finish_page: -+ self.forward_button.set_label(gtk.STOCK_APPLY) -+ -+ def back(self,arg): -+ type = self.get_type() -+ if self.pages[type][self.current_page] in self.finish_page: -+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD) -+ -+ self.current_page = self.current_page - 1 -+ self.notebook.set_current_page(self.pages[type][self.current_page]) -+ if self.current_page == 0: -+ self.back_button.set_sensitive(0) -+ -+ def network_all_clicked(self, button): -+ active = button.get_active() -+ for b in self.network_buttons[button]: -+ b.set_sensitive(not active) -+ -+ def verify(self, message, title="" ): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, -+ gtk.BUTTONS_YES_NO, -+ message) -+ dlg.set_title(title) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ rc = dlg.run() -+ dlg.destroy() -+ return rc -+ -+ def info(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO, -+ gtk.BUTTONS_OK, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def error(self, message): -+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR, -+ gtk.BUTTONS_CLOSE, -+ message) -+ dlg.set_position(gtk.WIN_POS_MOUSE) -+ dlg.show_all() -+ dlg.run() -+ dlg.destroy() -+ -+ def get_name(self): -+ if self.existing_user_radiobutton.get_active(): -+ store, iter = self.existing_user_treeview.get_selection().get_selected() -+ if iter == None: -+ raise(_("You must select a user")) -+ return store.get_value(iter, 0) -+ else: -+ return self.name_entry.get_text() -+ -+ def get_type(self): -+ if self.cgi_radiobutton.get_active(): -+ return polgen.CGI -+ if self.user_radiobutton.get_active(): -+ return polgen.USER -+ if self.init_radiobutton.get_active(): -+ return polgen.DAEMON -+ if self.inetd_radiobutton.get_active(): -+ return polgen.INETD -+ if self.login_user_radiobutton.get_active(): -+ return polgen.LUSER -+ if self.admin_user_radiobutton.get_active(): -+ return polgen.AUSER -+ if self.xwindows_user_radiobutton.get_active(): -+ return polgen.XUSER -+ if self.terminal_user_radiobutton.get_active(): -+ return polgen.TUSER -+ if self.root_user_radiobutton.get_active(): -+ return polgen.RUSER -+ if self.existing_user_radiobutton.get_active(): -+ return polgen.EUSER -+ -+ def generate_policy(self, *args): -+ outputdir = self.output_entry.get_text() -+ try: -+ my_policy=polgen.policy(self.get_name(), self.get_type()) -+ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text()) -+ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text()) -+ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text()) -+ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text()) -+ -+ iter= self.boolean_store.get_iter_first() -+ while(iter): -+ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) -+ iter= self.boolean_store.iter_next(iter) -+ -+ if self.get_type() in polgen.APPLICATIONS: -+ my_policy.set_program(self.exec_entry.get_text()) -+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1) -+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1) -+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1) -+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1) -+ -+ my_policy.set_use_dbus(self.dbus_checkbutton.get_active() == 1) -+ my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1) -+ my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1) -+ my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) -+ if self.get_type() is polgen.DAEMON: -+ my_policy.set_init_script(self.init_script_entry.get_text()) -+ if self.get_type() == polgen.USER: -+ selected = [] -+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_transition_users(selected) -+ else: -+ if self.get_type() == polgen.RUSER: -+ selected = [] -+ self.admin_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_admin_domains(selected) -+ selected = [] -+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_transition_users(selected) -+ else: -+ selected = [] -+ self.transition_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_transition_domains(selected) -+ -+ selected = [] -+ self.role_treeview.get_selection().selected_foreach(foreach, selected) -+ my_policy.set_admin_roles(selected) -+ -+ iter= self.store.get_iter_first() -+ while(iter): -+ if self.store.get_value(iter, 1) == FILE: -+ my_policy.add_file(self.store.get_value(iter, 0)) -+ else: -+ my_policy.add_dir(self.store.get_value(iter, 0)) -+ iter= self.store.iter_next(iter) -+ -+ self.info(my_policy.generate(outputdir)) -+ return False -+ except ValueError, e: -+ self.error(e.message) -+ -+ def delete(self, args): -+ store, iter = self.view.get_selection().get_selected() -+ if iter != None: -+ store.remove(iter) -+ self.view.get_selection().select_path ((0,)) -+ -+ def delete_boolean(self, args): -+ store, iter = self.boolean_treeview.get_selection().get_selected() -+ if iter != None: -+ store.remove(iter) -+ self.boolean_treeview.get_selection().select_path ((0,)) -+ -+ def add_boolean(self,type): -+ self.boolean_name_entry.set_text("") -+ self.boolean_description_entry.set_text("") -+ rc = self.boolean_dialog.run() -+ self.boolean_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ iter = self.boolean_store.append() -+ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text()) -+ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text()) -+ -+ def __add(self,type): -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ for i in self.file_dialog.get_filenames(): -+ iter = self.store.append() -+ self.store.set_value(iter, 0, i) -+ self.store.set_value(iter, 1, type) -+ -+ def exec_select(self, args): -+ self.file_dialog.set_select_multiple(0) -+ self.file_dialog.set_title(_("Select executable file to be confined.")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) -+ self.file_dialog.set_current_folder("/usr/sbin") -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ self.exec_entry.set_text(self.file_dialog.get_filename()) -+ -+ def init_script_select(self, args): -+ self.file_dialog.set_select_multiple(0) -+ self.file_dialog.set_title(_("Select init script file to be confined.")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) -+ self.file_dialog.set_current_folder("/etc/rc.d/init.d") -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ self.init_script_entry.set_text(self.file_dialog.get_filename()) -+ -+ def add(self, args): -+ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes")) -+ self.file_dialog.set_current_folder("/") -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN) -+ self.file_dialog.set_select_multiple(1) -+ self.__add(FILE) -+ -+ def add_dir(self, args): -+ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into")) -+ self.file_dialog.set_current_folder("/") -+ self.file_dialog.set_select_multiple(1) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) -+ self.__add(DIR) -+ -+ def on_about_clicked(self, args): -+ dlg = xml.get_widget ("about_dialog") -+ dlg.run () -+ dlg.hide () -+ -+ def quit(self, args): -+ gtk.main_quit() -+ -+ def setupScreen(self): -+ # Bring in widgets from glade file. -+ self.mainWindow = self.xml.get_widget("main_window") -+ self.druid = self.xml.get_widget("druid") -+ self.type = 0 -+ self.name_entry = self.xml.get_widget("name_entry") -+ self.name_entry.connect("focus_out_event",self.on_name_entry_changed) -+ self.exec_entry = self.xml.get_widget("exec_entry") -+ self.exec_button = self.xml.get_widget("exec_button") -+ self.init_script_entry = self.xml.get_widget("init_script_entry") -+ self.init_script_button = self.xml.get_widget("init_script_button") -+ self.output_entry = self.xml.get_widget("output_entry") -+ self.output_entry.set_text(os.getcwd()) -+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked) -+ -+ self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton") -+ self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton") -+ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton") -+ self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton") -+ self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton") -+ self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton") -+ -+ self.user_radiobutton = self.xml.get_widget("user_radiobutton") -+ self.init_radiobutton = self.xml.get_widget("init_radiobutton") -+ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton") -+ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton") -+ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton") -+ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton") -+ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton") -+ self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton") -+ self.audit_checkbutton = self.xml.get_widget("audit_checkbutton") -+ self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton") -+ self.mail_checkbutton = self.xml.get_widget("mail_checkbutton") -+ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton") -+ self.view = self.xml.get_widget("write_treeview") -+ self.file_dialog = self.xml.get_widget("filechooserdialog") -+ -+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT) -+ self.view.set_model(self.store) -+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0) -+ col.set_resizable(True) -+ self.view.append_column(col) -+ self.view.get_selection().select_path ((0,)) -+ -+ def output_button_clicked(self, *args): -+ self.file_dialog.set_title(_("Select directory to generate policy files in")) -+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER) -+ self.file_dialog.set_select_multiple(0) -+ rc = self.file_dialog.run() -+ self.file_dialog.hide() -+ if rc == gtk.RESPONSE_CANCEL: -+ return -+ self.output_entry.set_text(self.file_dialog.get_filename()) -+ -+ def on_name_entry_changed(self, entry, third): -+ name = entry.get_text() -+ if self.name != name: -+ if name in self.all_types: -+ if self.verify(_("Type %s_t already defined in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: -+ entry.set_text("") -+ return False -+ if name in self.all_modules: -+ if self.verify(_("Module %s.pp already loaded in current policy.\nDo you want to continue?") % name, _("Verify Name")) == gtk.RESPONSE_NO: -+ entry.set_text("") -+ return False -+ -+ file = "/etc/rc.d/init.d/" + name -+ if os.path.isfile(file) and self.init_script_entry.get_text() == "": -+ self.init_script_entry.set_text(file) -+ -+ file = "/usr/sbin/" + name -+ if os.path.isfile(file) and self.exec_entry.get_text() == "": -+ self.exec_entry.set_text(file) -+ -+ self.name = name -+ return False -+ -+ def on_in_net_page_next(self, *args): -+ try: -+ polgen.verify_ports(self.in_tcp_entry.get_text()) -+ polgen.verify_ports(self.in_udp_entry.get_text()) -+ except ValueError, e: -+ self.error(e.message) -+ return True -+ -+ def on_out_net_page_next(self, *args): -+ try: -+ polgen.verify_ports(self.out_tcp_entry.get_text()) -+ polgen.verify_ports(self.out_udp_entry.get_text()) -+ except ValueError, e: -+ self.error(e.message) -+ return True -+ -+ def on_select_type_page_next(self, *args): -+ self.exec_entry.set_sensitive(self.confine_application()) -+ self.exec_button.set_sensitive(self.confine_application()) -+ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active()) -+ self.init_script_button.set_sensitive(self.init_radiobutton.get_active()) -+ -+ def on_existing_user_page_next(self, *args): -+ store, iter = self.view.get_selection().get_selected() -+ if iter != None: -+ self.error(_("You must select a user")) -+ return True -+ -+ def on_name_page_next(self, *args): -+ name=self.name_entry.get_text() -+ if name == "": -+ self.error(_("You must enter a name")) -+ return True -+ -+ if self.confine_application(): -+ exe = self.exec_entry.get_text() -+ if exe == "": -+ self.error(_("You must enter a executable")) -+ return True -+ -+ def stand_alone(self): -+ desktopName = _("Configue SELinux") -+ -+ self.setupScreen() -+ self.mainWindow.connect("destroy", self.quit) -+ -+ self.mainWindow.show_all() -+ gtk.main() -+ -+if __name__ == "__main__": -+ signal.signal (signal.SIGINT, signal.SIG_DFL) -+ -+ app = childWindow() -+ app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.57/gui/portsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.60/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/portsPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/portsPage.py 2008-12-15 15:49:14.000000000 -0500 @@ -0,0 +1,259 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -7261,8 +7261,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + + def sort_int(self, treemodel, iter1, iter2, user_data): + try: -+ p1 = int(treemodel.get_value(iter1,PORT_COL)) -+ p2 = int(treemodel.get_value(iter2,PORT_COL)) ++ p1 = int(treemodel.get_value(iter1,PORT_COL).split('-')[0]) ++ p2 = int(treemodel.get_value(iter2,PORT_COL).split('-')[0]) + if p1 > p2: + return 1 + if p1 == p2: @@ -7412,9 +7412,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.57/gui/selinux.tbl +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.60/gui/selinux.tbl --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/selinux.tbl 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/selinux.tbl 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,234 @@ +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") @@ -7650,9 +7650,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories") +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories") + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.57/gui/semanagePage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.60/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/semanagePage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/semanagePage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,169 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -7823,9 +7823,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + self.load(self.filter) + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.57/gui/statusPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.60/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/statusPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/statusPage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,191 @@ +# statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. @@ -8018,9 +8018,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy + return self.types[self.selinuxTypeOptionMenu.get_active()] + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.57/gui/system-config-selinux.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.60/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/system-config-selinux.glade 2008-10-17 11:57:52.000000000 -0400 ++++ policycoreutils-2.0.60/gui/system-config-selinux.glade 2009-01-04 14:12:28.000000000 -0500 @@ -0,0 +1,3221 @@ + + @@ -8461,7 +8461,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + True -+ tcp ++ tcp +udp + False + True @@ -11243,9 +11243,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.57/gui/system-config-selinux.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.60/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/system-config-selinux.py 2008-10-29 12:38:39.000000000 -0400 ++++ policycoreutils-2.0.60/gui/system-config-selinux.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,187 @@ +#!/usr/bin/python +# @@ -11434,31 +11434,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.57/gui/templates/__init__.py ---- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/__init__.py 2008-10-10 16:04:46.000000000 -0400 -@@ -0,0 +1,18 @@ -+# -+# Copyright (C) 2007 Red Hat, Inc. -+# -+# This program is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with this program; if not, write to the Free Software -+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+# -+ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.57/gui/templates/boolean.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.60/gui/templates/boolean.py --- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/boolean.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/boolean.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,40 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11500,9 +11478,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py +') +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.57/gui/templates/etc_rw.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.60/gui/templates/etc_rw.py --- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/etc_rw.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/etc_rw.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11633,9 +11611,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.57/gui/templates/executable.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.60/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/executable.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/executable.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,327 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11964,9 +11942,31 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.57/gui/templates/network.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.60/gui/templates/__init__.py +--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.60/gui/templates/__init__.py 2008-12-15 15:34:55.000000000 -0500 +@@ -0,0 +1,18 @@ ++# ++# Copyright (C) 2007 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.60/gui/templates/network.py --- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/network.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/network.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,80 @@ +te_port_types=""" +type TEMPLATETYPE_port_t; @@ -12048,9 +12048,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py +corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.57/gui/templates/rw.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.60/gui/templates/rw.py --- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/rw.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/rw.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,128 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12180,9 +12180,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +fc_dir=""" +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.57/gui/templates/script.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.60/gui/templates/script.py --- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/script.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/script.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,105 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12289,9 +12289,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +# Adding roles to SELinux user USER +/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.57/gui/templates/semodule.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.60/gui/templates/semodule.py --- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/semodule.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/semodule.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,41 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12334,9 +12334,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p +semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.57/gui/templates/tmp.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.60/gui/templates/tmp.py --- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/tmp.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/tmp.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,97 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12435,9 +12435,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + TEMPLATETYPE_manage_tmp($1) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.57/gui/templates/user.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.60/gui/templates/user.py --- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/user.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/user.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,182 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12621,9 +12621,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +te_newrole_rules=""" +seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.57/gui/templates/var_lib.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.60/gui/templates/var_lib.py --- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/var_lib.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/var_lib.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,158 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12783,9 +12783,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.57/gui/templates/var_log.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.60/gui/templates/var_log.py --- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/var_log.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/var_log.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,110 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12897,9 +12897,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.57/gui/templates/var_run.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.60/gui/templates/var_run.py --- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/var_run.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/var_run.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,118 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13019,9 +13019,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.57/gui/templates/var_spool.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.60/gui/templates/var_spool.py --- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/templates/var_spool.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/templates/var_spool.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13152,9 +13152,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.57/gui/translationsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.60/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/translationsPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/translationsPage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,118 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. @@ -13274,9 +13274,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.57/gui/usersPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.60/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.57/gui/usersPage.py 2008-10-10 16:04:46.000000000 -0400 ++++ policycoreutils-2.0.60/gui/usersPage.py 2008-12-15 15:34:55.000000000 -0500 @@ -0,0 +1,150 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006,2007,2008 Red Hat, Inc. diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 09dfdb2..198543e 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1,15 +1,6 @@ -diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile ---- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.60/Makefile 2008-12-01 11:47:09.000000000 -0500 -@@ -1,4 +1,4 @@ --SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po -+SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui - - INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) - diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow policycoreutils-2.0.60/audit2allow/audit2allow --- nsapolicycoreutils/audit2allow/audit2allow 2008-11-10 08:53:49.000000000 -0500 -+++ policycoreutils-2.0.60/audit2allow/audit2allow 2008-12-01 15:16:31.000000000 -0500 ++++ policycoreutils-2.0.60/audit2allow/audit2allow 2008-12-15 15:34:54.000000000 -0500 @@ -42,10 +42,10 @@ from optparse import OptionParser @@ -46,7 +37,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po writer.write(generator.get_module(), fd) diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/audit2allow/audit2allow.1 policycoreutils-2.0.60/audit2allow/audit2allow.1 --- nsapolicycoreutils/audit2allow/audit2allow.1 2008-11-10 08:53:49.000000000 -0500 -+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-01 15:10:13.000000000 -0500 ++++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500 @@ -44,9 +44,6 @@ Note that all audit messages are not available via dmesg when auditd is running; use "ausearch -m avc | audit2allow" or "-a" instead. @@ -57,9 +48,28 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po .B "\-h" | "\-\-help" Print a short usage message .TP +@@ -78,9 +75,6 @@ + Generate reference policy using installed macros. + This attempts to match denials against interfaces and may be inaccurate. + .TP +-.B "\-t " | "\-\-tefile" +-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format. +-.TP + .B "\-w" | "\-\-why" + Translates SELinux audit messages into a description of why the access was denied + +diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/Makefile policycoreutils-2.0.60/Makefile +--- nsapolicycoreutils/Makefile 2008-08-28 09:34:24.000000000 -0400 ++++ policycoreutils-2.0.60/Makefile 2008-12-15 15:34:54.000000000 -0500 +@@ -1,4 +1,4 @@ +-SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po ++SUBDIRS = setfiles semanage load_policy newrole run_init secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po gui + + INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) + diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/restorecond.c policycoreutils-2.0.60/restorecond/restorecond.c --- nsapolicycoreutils/restorecond/restorecond.c 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-02 08:36:38.000000000 -0500 ++++ policycoreutils-2.0.60/restorecond/restorecond.c 2008-12-15 15:34:54.000000000 -0500 @@ -283,6 +283,8 @@ inotify_rm_watch(fd, master_wd); master_wd = @@ -86,7 +96,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po if (!ptr->dir) diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/restorecond/utmpwatcher.c policycoreutils-2.0.60/restorecond/utmpwatcher.c --- nsapolicycoreutils/restorecond/utmpwatcher.c 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-02 08:35:18.000000000 -0500 ++++ policycoreutils-2.0.60/restorecond/utmpwatcher.c 2008-12-15 15:34:54.000000000 -0500 @@ -57,7 +57,7 @@ utmp_ptr = NULL; FILE *cfg = fopen(utmp_path, "r"); @@ -108,7 +118,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po strings_list_free(prev_utmp_ptr); diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/scripts/chcat policycoreutils-2.0.60/scripts/chcat --- nsapolicycoreutils/scripts/chcat 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.60/scripts/chcat 2008-12-01 11:47:09.000000000 -0500 ++++ policycoreutils-2.0.60/scripts/chcat 2008-12-15 15:34:54.000000000 -0500 @@ -291,6 +291,8 @@ for i in c.split(","): if i not in newcats: @@ -120,7 +130,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po def translate(cats): diff --exclude-from=exclude --exclude=sepolgen-1.0.14 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semodule/semodule.c policycoreutils-2.0.60/semodule/semodule.c --- nsapolicycoreutils/semodule/semodule.c 2008-08-28 09:34:24.000000000 -0400 -+++ policycoreutils-2.0.60/semodule/semodule.c 2008-12-01 11:47:09.000000000 -0500 ++++ policycoreutils-2.0.60/semodule/semodule.c 2008-12-15 15:34:54.000000000 -0500 @@ -60,24 +60,6 @@ free(commands); } diff --git a/policycoreutils.spec b/policycoreutils.spec index 9319bc5..270a5c6 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.60 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -192,6 +192,9 @@ if [ "$1" -ge "1" ]; then fi %changelog +* Mon Dec 15 2008 Dan Walsh 2.0.60-6 +- fix audit2allow man page + * Wed Dec 10 2008 Dan Walsh 2.0.60-5 - Fix Japanese translations