diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index c24971a..9063b2e 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -6415,8 +6415,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.74/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/polgen.py 2009-09-20 21:26:37.000000000 -0400 -@@ -0,0 +1,1183 @@ ++++ policycoreutils-2.0.74/gui/polgen.py 2009-10-01 11:36:54.000000000 -0400 +@@ -0,0 +1,1188 @@ +#!/usr/bin/python +# +# Copyright (C) 2007, 2008, 2009 Red Hat @@ -6787,10 +6787,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + def use_network(self): + return self.use_tcp() or self.use_udp() + -+ def find_port(self, port): -+ for begin,end in self.ports.keys(): -+ if port >= begin and port <= end: -+ return self.ports[begin,end] ++ def find_port(self, port, protocol="tcp"): ++ for begin,end,p in self.ports.keys(): ++ if port >= begin and port <= end and protocol == p: ++ return self.ports[begin,end, protocol] + return None + + def set_program(self, program): @@ -6925,50 +6925,50 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + return line + + def generate_network_types(self): -+ for i in self.in_tcp[PORTS]: -+ rec = self.find_port(int(i)) -+ if rec == None: -+ self.need_tcp_type = True; -+ else: -+ port_name = rec[0][:-2] -+ line = self.generate_network_action("tcp", "bind", port_name) -+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name) -+ if line not in self.found_tcp_ports: -+ self.found_tcp_ports.append(line) ++ for i in self.in_tcp[PORTS]: ++ rec = self.find_port(int(i), "tcp") ++ if rec == None: ++ self.need_tcp_type = True; ++ else: ++ port_name = rec[0][:-2] ++ line = self.generate_network_action("tcp", "bind", port_name) ++# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name) ++ if line not in self.found_tcp_ports: ++ self.found_tcp_ports.append(line) + -+ for i in self.out_tcp[PORTS]: -+ rec = self.find_port(int(i)) -+ if rec == None: -+ self.need_tcp_type = True; -+ else: -+ port_name = rec[0][:-2] -+ line = self.generate_network_action("tcp", "connect", port_name) -+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name) -+ if line not in self.found_tcp_ports: -+ self.found_tcp_ports.append(line) ++ for i in self.out_tcp[PORTS]: ++ rec = self.find_port(int(i), "tcp") ++ if rec == None: ++ self.need_tcp_type = True; ++ else: ++ port_name = rec[0][:-2] ++ line = self.generate_network_action("tcp", "connect", port_name) ++# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name) ++ if line not in self.found_tcp_ports: ++ self.found_tcp_ports.append(line) + -+ for i in self.in_udp[PORTS]: -+ rec = self.find_port(int(i)) -+ if rec == None: -+ self.need_udp_type = True; -+ else: -+ port_name = rec[0][:-2] -+ line = self.generate_network_action("udp", "bind", port_name) -+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name) -+ if line not in self.found_udp_ports: -+ self.found_udp_ports.append(line) ++ for i in self.in_udp[PORTS]: ++ rec = self.find_port(int(i),"udp") ++ if rec == None: ++ self.need_udp_type = True; ++ else: ++ port_name = rec[0][:-2] ++ line = self.generate_network_action("udp", "bind", port_name) ++# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name) ++ if line not in self.found_udp_ports: ++ self.found_udp_ports.append(line) + -+ if self.need_udp_type == True or self.need_tcp_type == True: -+ return re.sub("TEMPLATETYPE", self.name, network.te_port_types) -+ return "" ++ if self.need_udp_type == True or self.need_tcp_type == True: ++ return re.sub("TEMPLATETYPE", self.name, network.te_port_types) ++ return "" + + def __find_path(self, file): -+ for d in self.DEFAULT_DIRS: -+ if file.find(d) == 0: -+ self.DEFAULT_DIRS[d][1].append(file) -+ return self.DEFAULT_DIRS[d] -+ self.DEFAULT_DIRS["rw"][1].append(file) -+ return self.DEFAULT_DIRS["rw"] ++ for d in self.DEFAULT_DIRS: ++ if file.find(d) == 0: ++ self.DEFAULT_DIRS[d][1].append(file) ++ return self.DEFAULT_DIRS[d] ++ self.DEFAULT_DIRS["rw"][1].append(file) ++ return self.DEFAULT_DIRS["rw"] + + def add_capability(self, capability): + self.capabilities.append(capability) @@ -7360,12 +7360,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + newsh += re.sub("FILENAME", i, script.restorecon) + + for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]: -+ if self.find_port(i) == None: ++ if self.find_port(i,"tcp") == None: + t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports) + newsh += re.sub("TEMPLATETYPE", self.name, t1) + + for i in self.in_udp[PORTS] + self.out_udp[PORTS]: -+ if self.find_port(i) == None: ++ if self.find_port(i,"udp") == None: + t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports) + newsh += re.sub("TEMPLATETYPE", self.name, t1) + @@ -7551,7 +7551,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + setype = DAEMON + gopts, cmds = getopt.getopt(sys.argv[1:], "ht:m", + ["type=", -+ "mount", ++ "mount", ++ "test", + "help"]) + for o, a in gopts: + if o == "-t" or o == "--type": @@ -7567,7 +7568,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + mount_ind = True + + if o == "-h" or o == "--help": -+ usage(""); ++ usage("") ++ ++ if o == "--test": ++ test() ++ sys.exit(0) + + if len(cmds) == 0: + usage(_("Executable required")) @@ -12069,7 +12074,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + app.stand_alone() diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.74/gui/templates/boolean.py --- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/boolean.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/boolean.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,40 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12113,7 +12118,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.74/gui/templates/etc_rw.py --- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/etc_rw.py 2009-09-30 11:32:23.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/etc_rw.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12144,9 +12149,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +files_type(TEMPLATETYPE_etc_rw_t) +""" +te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t TEMPLATETYPE_etc_rw_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t TEMPLATETYPE_etc_rw_t) -+files_etc_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_etc_rw_t, { file dir }) ++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) ++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) ++files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { file dir }) +""" + +########################### Interface File ############################# @@ -12206,7 +12211,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py + type TEMPLATETYPE_etc_rw_t; + ') + -+ manage_files_pattern($1,TEMPLATETYPE_etc_rw_t,TEMPLATETYPE_etc_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) + files_search_etc($1) +') + @@ -12225,9 +12230,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py + type TEMPLATETYPE_etc_rw_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_etc_rw_t,TEMPLATETYPE_etc_rw_t) -+ manage_files_pattern($1,TEMPLATETYPE_etc_rw_t,TEMPLATETYPE_etc_rw_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_etc_rw_t,TEMPLATETYPE_etc_rw_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) +') + +""" @@ -12246,7 +12251,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.74/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/executable.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/executable.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,368 @@ +# Copyright (C) 2007-2009 Red Hat +# see file 'COPYING' for use and warranty information @@ -12459,7 +12464,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; + ') + -+ domtrans_pattern($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t) ++ domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t) +') + +""" @@ -12535,7 +12540,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + type TEMPLATETYPE_initrc_exec_t; + ') + -+ init_labeled_script_domtrans($1,TEMPLATETYPE_initrc_exec_t) ++ init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t) +') +""" + @@ -12618,7 +12623,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.74/gui/templates/__init__.py --- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/__init__.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/__init__.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,18 @@ +# +# Copyright (C) 2007 Red Hat, Inc. @@ -12640,7 +12645,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.74/gui/templates/network.py --- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/network.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/network.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,80 @@ +te_port_types=""" +type TEMPLATETYPE_port_t; @@ -12724,7 +12729,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.74/gui/templates/rw.py --- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/rw.py 2009-09-30 11:32:29.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/rw.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,127 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12755,8 +12760,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +""" + +te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t TEMPLATETYPE_rw_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t TEMPLATETYPE_rw_t) ++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +""" + +########################### Interface File ############################# @@ -12816,7 +12821,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli + type TEMPLATETYPE_rw_t; + ') + -+ manage_files_pattern($1, TEMPLATETYPE_rw_t TEMPLATETYPE_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +') + +######################################## @@ -12834,9 +12839,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli + type TEMPLATETYPE_rw_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_rw_t,TEMPLATETYPE_rw_t) -+ manage_files_pattern($1,TEMPLATETYPE_rw_t,TEMPLATETYPE_rw_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_rw_t,TEMPLATETYPE_rw_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +') + +""" @@ -12855,7 +12860,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.74/gui/templates/script.py --- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/script.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/script.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,99 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12958,7 +12963,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.74/gui/templates/semodule.py --- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/semodule.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/semodule.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,41 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13003,7 +13008,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.74/gui/templates/tmp.py --- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/tmp.py 2009-09-30 11:32:04.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/tmp.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,97 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13034,9 +13039,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol +""" + +te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t TEMPLATETYPE_tmp_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t TEMPLATETYPE_tmp_t) -+files_tmp_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_tmp_t, { file dir }) ++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { file dir }) +""" + +if_rules=""" @@ -13092,9 +13097,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + type TEMPLATETYPE_tmp_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_tmp_t,TEMPLATETYPE_tmp_t) -+ manage_files_pattern($1,TEMPLATETYPE_tmp_t,TEMPLATETYPE_tmp_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_tmp_t,TEMPLATETYPE_tmp_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) +') +""" + @@ -13104,7 +13109,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.74/gui/templates/user.py --- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/user.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/user.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,182 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13233,7 +13238,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po + +te_transition_rules=""" +optional_policy(` -+ APPLICATION_role(TEMPLATETYPE_r,TEMPLATETYPE_t) ++ APPLICATION_role(TEMPLATETYPE_r, TEMPLATETYPE_t) +') +""" + @@ -13277,7 +13282,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po + +te_admin_domain_rules=""" +optional_policy(` -+ APPLICATION_admin(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) ++ APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) +') +""" + @@ -13286,11 +13291,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" + +te_newrole_rules=""" -+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) ++seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.74/gui/templates/var_lib.py --- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/var_lib.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/var_lib.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,158 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13328,7 +13333,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + +te_stream_rules="""\ +allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_sock_file_perms; -+files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, sock_file) ++files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file) +""" + + @@ -13407,9 +13412,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + type TEMPLATETYPE_var_lib_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t) -+ manage_files_pattern($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +""" @@ -13452,7 +13457,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.74/gui/templates/var_log.py --- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/var_log.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/var_log.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,110 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13546,9 +13551,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py + type TEMPLATETYPE_log_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t) -+ manage_files_pattern($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') +""" + @@ -13566,7 +13571,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +""" diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.74/gui/templates/var_run.py --- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/var_run.py 2009-09-20 21:26:37.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/var_run.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,118 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13599,12 +13604,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +te_rules=""" +manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) +manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) -+files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, { file dir }) ++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { file dir }) +""" + +te_stream_rules=""" +allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_sock_file_perms; -+files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, sock_file) ++files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file) +""" + +if_rules=""" @@ -13642,9 +13647,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py + type TEMPLATETYPE_var_run_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t) -+ manage_files_pattern($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) ++ manage_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) +') + +""" @@ -13688,7 +13693,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py + diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.74/gui/templates/var_spool.py --- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.74/gui/templates/var_spool.py 2009-09-30 11:31:43.000000000 -0400 ++++ policycoreutils-2.0.74/gui/templates/var_spool.py 2009-10-01 12:03:05.000000000 -0400 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -13719,10 +13724,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +files_type(TEMPLATETYPE_spool_t) +""" +te_rules=""" -+manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t) -+manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t) -+manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t) -+files_spool_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_spool_t, { file dir sock_file }) ++manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) ++manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) ++manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) ++files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { file dir sock_file }) +""" + +########################### Interface File ############################# @@ -13782,7 +13787,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. + ') + + files_search_spool($1) -+ manage_files_pattern($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t) ++ manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) +') + +######################################## @@ -13800,9 +13805,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. + type TEMPLATETYPE_spool_t; + ') + -+ manage_dirs_pattern($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t) -+ manage_files_pattern($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t) -+ manage_lnk_files_pattern($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) ++ manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) +') + +""" diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 0e234a1..8ebf39b 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1801,7 +1801,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -mkdir -p $(BINDIR) diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/semanage policycoreutils-2.0.74/semanage/semanage --- nsapolicycoreutils/semanage/semanage 2009-09-08 09:03:10.000000000 -0400 -+++ policycoreutils-2.0.74/semanage/semanage 2009-09-30 11:07:29.000000000 -0400 ++++ policycoreutils-2.0.74/semanage/semanage 2009-10-01 11:43:48.000000000 -0400 @@ -39,19 +39,26 @@ __builtin__.__dict__['_'] = unicode @@ -1856,7 +1856,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + valid_option["module"] = [] + valid_option["module"] += valid_everyone + [ '--enable', '--disable'] valid_option["fcontext"] = [] - valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] +- valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] ++ valid_option["fcontext"] += valid_everyone + [ '-e', '--equal', '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] valid_option["dontaudit"] = [ '-S', '--store' ] - valid_option["translation"] = [] - valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] @@ -2062,7 +2063,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po # diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/semanage/seobject.py policycoreutils-2.0.74/semanage/seobject.py --- nsapolicycoreutils/semanage/seobject.py 2009-09-08 09:03:10.000000000 -0400 -+++ policycoreutils-2.0.74/semanage/seobject.py 2009-09-30 11:07:37.000000000 -0400 ++++ policycoreutils-2.0.74/semanage/seobject.py 2009-10-01 11:34:19.000000000 -0400 @@ -195,88 +195,6 @@ else: return raw @@ -2152,36 +2153,10 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po class semanageRecords: def __init__(self, store): global handle -@@ -315,17 +233,6 @@ +@@ -315,6 +233,77 @@ self.transaction = False self.commit() --class dontauditClass(semanageRecords): -- def __init__(self, store): -- semanageRecords.__init__(self, store) -- -- def toggle(self, dontaudit): -- if dontaudit not in [ "on", "off" ]: -- raise ValueError(_("dontaudit requires either 'on' or 'off'")) -- self.begin() -- rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off") -- self.commit() -- - class permissiveRecords(semanageRecords): - def __init__(self, store): - semanageRecords.__init__(self, store) -@@ -341,6 +248,7 @@ - name = semanage_module_get_name(mod) - if name and name.startswith("permissive_"): - l.append(name.split("permissive_")[1]) -+ - return l - - def list(self, heading = 1, locallist = 0): -@@ -403,6 +311,88 @@ - all = " ".join(l) - self.delete(all) - +class moduleRecords(semanageRecords): + def __init__(self, store): + semanageRecords.__init__(self, store) @@ -2253,20 +2228,26 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.17 --exclude=gui --exclude=po + all = " ".join(l[0]) + self.delete(all) + -+class dontauditClass(semanageRecords): -+ def __init__(self, store): -+ semanageRecords.__init__(self, store) + class dontauditClass(semanageRecords): + def __init__(self, store): + semanageRecords.__init__(self, store) +@@ -341,6 +330,7 @@ + name = semanage_module_get_name(mod) + if name and name.startswith("permissive_"): + l.append(name.split("permissive_")[1]) + -+ def toggle(self, dontaudit): -+ if dontaudit not in [ "on", "off" ]: -+ raise ValueError(_("dontaudit requires either 'on' or 'off'")) -+ self.begin() -+ rc = semanage_set_disable_dontaudit(self.sh, dontaudit == "off") -+ self.commit() -+ - class loginRecords(semanageRecords): - def __init__(self, store = ""): - semanageRecords.__init__(self, store) + return l + + def list(self, heading = 1, locallist = 0): +@@ -1120,7 +1110,7 @@ + + def add(self, addr, mask, proto, serange, ctype): + self.begin() +- self.__add(self, addr, mask, proto, serange, ctype) ++ self.__add(addr, mask, proto, serange, ctype) + self.commit() + + def __modify(self, addr, mask, proto, serange, setype): @@ -1420,6 +1410,48 @@ class fcontextRecords(semanageRecords): def __init__(self, store = ""): diff --git a/policycoreutils.spec b/policycoreutils.spec index 8b25623..dd5431b 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -6,7 +6,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.74 -Release: 5%{?dist} +Release: 7%{?dist} License: GPLv2+ Group: System Environment/Base Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz @@ -296,6 +296,12 @@ fi exit 0 %changelog +* Thu Oct 1 2009 Dan Walsh 2.0.74-7 +- Fixes Templates + +* Thu Oct 1 2009 Dan Walsh 2.0.74-6 +- Fixes for polgengui to handle tcp ports correctly + * Wed Sep 30 2009 Dan Walsh 2.0.74-5 - Fixes for semanage -equiv, readded modules, --enable, --disable