From b75813c5f268537b9ad80e1a49db8479e6c8eab5 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 10:08:47 -0400 Subject: [PATCH] import policycoreutils-3.4-3.el9 --- .gitignore | 2 +- .policycoreutils.metadata | 4 +- ...t-to-Xephyr-as-it-works-better-with-.patch | 5 +- ...RD_FILE_CONTEXT-section-in-man-pages.patch | 7 +- ...xecutable-we-don-t-want-to-print-a-p.patch | 9 +- ...sepolicy-manpage-web-functionality.-.patch | 9 +- ...e-the-trailing-newline-for-etc-syste.patch | 7 +- ...-in-manpage.py-to-not-contain-online.patch | 7 +- ...t-be-verbose-if-you-are-not-on-a-tty.patch | 9 +- ...ate-Handle-more-reserved-port-types.patch} | 5 +- ...box-window-manager-instead-of-openb.patch} | 5 +- ...her-small-optimization-for-mcs-types.patch | 53 - ...ion-files-into-the-right-sub-directo.patch | 515 -- ... => 0010-Use-SHA-2-instead-of-SHA-1.patch} | 21 +- ...ettext-domains-in-python-gui-sandbox.patch | 306 -- ...-interface-file_type_is_executable-.patch} | 9 +- ...al-.pot-files-for-gui-python-sandbox.patch | 4532 ----------------- ...andle-unsupported-languages-properly.patch | 349 ++ ...setfiles-Improve-description-of-d-sw.patch | 30 - ...rebuild-if-modules-changed-to-refres.patch | 82 + ...emanage-import-into-two-transactions.patch | 65 + ...ix-RESOURCE_LEAK-coverity-scan-defec.patch | 24 - ...-flake8-warnings-in-Fedora-only-code.patch | 46 - ...storecon-support-parallel-relabeling.patch | 253 - .../0020-semodule-add-m-checksum-option.patch | 674 --- ...1-semodule-Fix-lang_ext-column-index.patch | 29 - ...semodule-Don-t-forget-to-munmap-data.patch | 32 - ...nage-move-module-hashing-into-libsem.patch | 539 -- ...mand-line-option-to-detect-module-ch.patch | 144 - ...ils-fixfiles-Use-parallel-relabeling.patch | 180 - ...Improve-error-message-when-selabel_o.patch | 41 - SOURCES/selinux-autorelabel | 14 +- SPECS/policycoreutils.spec | 55 +- 33 files changed, 587 insertions(+), 7475 deletions(-) rename SOURCES/{0014-sepolicy-generate-Handle-more-reserved-port-types.patch => 0008-sepolicy-generate-Handle-more-reserved-port-types.patch} (96%) rename SOURCES/{0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch => 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch} (96%) delete mode 100644 SOURCES/0009-sepolicy-Another-small-optimization-for-mcs-types.patch delete mode 100644 SOURCES/0010-Move-po-translation-files-into-the-right-sub-directo.patch rename SOURCES/{0018-Use-SHA-2-instead-of-SHA-1.patch => 0010-Use-SHA-2-instead-of-SHA-1.patch} (97%) delete mode 100644 SOURCES/0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch rename SOURCES/{0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch => 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch} (90%) delete mode 100644 SOURCES/0012-Initial-.pot-files-for-gui-python-sandbox.patch create mode 100644 SOURCES/0012-gettext-handle-unsupported-languages-properly.patch delete mode 100644 SOURCES/0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch create mode 100644 SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch create mode 100644 SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch delete mode 100644 SOURCES/0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch delete mode 100644 SOURCES/0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch delete mode 100644 SOURCES/0019-setfiles-restorecon-support-parallel-relabeling.patch delete mode 100644 SOURCES/0020-semodule-add-m-checksum-option.patch delete mode 100644 SOURCES/0021-semodule-Fix-lang_ext-column-index.patch delete mode 100644 SOURCES/0022-semodule-Don-t-forget-to-munmap-data.patch delete mode 100644 SOURCES/0023-semodule-libsemanage-move-module-hashing-into-libsem.patch delete mode 100644 SOURCES/0024-semodule-add-command-line-option-to-detect-module-ch.patch delete mode 100644 SOURCES/0025-policycoreutils-fixfiles-Use-parallel-relabeling.patch delete mode 100644 SOURCES/0026-policycoreutils-Improve-error-message-when-selabel_o.patch diff --git a/.gitignore b/.gitignore index bc7b399..0d989de 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,6 @@ SOURCES/gui-po.tgz SOURCES/policycoreutils-po.tgz SOURCES/python-po.tgz SOURCES/sandbox-po.tgz -SOURCES/selinux-3.3.tar.gz +SOURCES/selinux-3.4.tar.gz SOURCES/sepolicy-icons.tgz SOURCES/system-config-selinux.png diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata index 8eb80fb..bef12db 100644 --- a/.policycoreutils.metadata +++ b/.policycoreutils.metadata @@ -1,7 +1,7 @@ e0c82a8693936806c4289f865712ba0e8fc94f91 SOURCES/gui-po.tgz c8279f87160e2ff16eb775287d529e5c49b19ae3 SOURCES/policycoreutils-po.tgz -bca6372bd3e5b63e2b64ce4bf62a7b5934d933af SOURCES/python-po.tgz +606f854b945f4deae897770692707013b753b277 SOURCES/python-po.tgz 413495010fcab556e8ea9f226c67557a23cc1498 SOURCES/sandbox-po.tgz -cdde8ef04ac354b2499fd2822acbd11fc27843c8 SOURCES/selinux-3.3.tar.gz +3c789c6783738e17f74221efa475cbb878183379 SOURCES/selinux-3.4.tar.gz d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz 611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png diff --git a/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch index 67d6dc3..1b5b9c9 100644 --- a/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch +++ b/SOURCES/0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch @@ -1,8 +1,9 @@ -From ec3bf6f3e5468ba7b5164cc588ef5746454808a5 Mon Sep 17 00:00:00 2001 +From f361ee407490bc74b43ec408b1edc70cd647d4e0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 20 Aug 2015 12:58:41 +0200 Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in recent Fedoras +Content-type: text/plain --- sandbox/sandboxX.sh | 2 +- @@ -22,5 +23,5 @@ index eaa500d08143..4774528027ef 100644 cat > ~/seremote << __EOF #!/bin/sh -- -2.32.0 +2.35.1 diff --git a/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch index 73b45fd..998345e 100644 --- a/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch +++ b/SOURCES/0002-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch @@ -1,7 +1,8 @@ -From 7a548cae4303f8429040ba6be67be182b7f9a943 Mon Sep 17 00:00:00 2001 +From 71a2f14767c0ec70c23ecce43d7cbc5404c95552 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 21 Apr 2014 13:54:40 -0400 Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages +Content-type: text/plain Signed-off-by: Miroslav Grepl --- @@ -9,7 +10,7 @@ Signed-off-by: Miroslav Grepl 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 2f847abb87e2..dccd778ed4be 100755 +index 3e61e333193f..82338aeeef32 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -737,10 +737,13 @@ Default Defined Ports:""") @@ -42,5 +43,5 @@ index 2f847abb87e2..dccd778ed4be 100755 self.fd.write(r""" .I The following file types are defined for %(domainname)s: -- -2.32.0 +2.35.1 diff --git a/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch index 9ff8301..aca9199 100644 --- a/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch +++ b/SOURCES/0003-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch @@ -1,15 +1,16 @@ -From b3cb362afe86278c600d6e97cc7abf9c0b102071 Mon Sep 17 00:00:00 2001 +From d55a06c002641dce1301b9b5639bd8e206460724 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Mon, 12 May 2014 14:11:22 +0200 Subject: [PATCH] If there is no executable we don't want to print a part of STANDARD FILE CONTEXT +Content-type: text/plain --- python/sepolicy/sepolicy/manpage.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index dccd778ed4be..81333928d552 100755 +index 82338aeeef32..ec8aa1cb94a2 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -795,7 +795,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d @@ -18,10 +19,10 @@ index dccd778ed4be..81333928d552 100755 - self.fd.write(r""" + if flist_non_exec: -+ self.fd.write(r""" ++ self.fd.write(r""" .PP .B STANDARD FILE CONTEXT -- -2.32.0 +2.35.1 diff --git a/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch index 87b58c2..045c033 100644 --- a/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch +++ b/SOURCES/0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch @@ -1,9 +1,10 @@ -From b954ff8379e03714f707daa85111f6bf2f265772 Mon Sep 17 00:00:00 2001 +From b180f7679c5e09535416f47d48afd0c0738f5fa9 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Thu, 19 Feb 2015 17:45:15 +0100 Subject: [PATCH] Simplication of sepolicy-manpage web functionality. system_release is no longer hardcoded and it creates only index.html and html man pages in the directory for the system release. +Content-type: text/plain --- python/sepolicy/sepolicy/__init__.py | 25 +++-------- @@ -11,7 +12,7 @@ Subject: [PATCH] Simplication of sepolicy-manpage web functionality. 2 files changed, 13 insertions(+), 77 deletions(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index e8654abbceb3..a2475d22547a 100644 +index 203ca25f4210..9447812b7450 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -1225,27 +1225,14 @@ def boolean_desc(boolean): @@ -49,7 +50,7 @@ index e8654abbceb3..a2475d22547a 100644 def reinit(): diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 81333928d552..dc3e5207c57c 100755 +index ec8aa1cb94a2..c632d05dbb1b 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -151,10 +151,6 @@ def prettyprint(f, trim): @@ -165,5 +166,5 @@ index 81333928d552..dc3e5207c57c 100755 if len(self.manpage_roles[letter]): fd.write(""" -- -2.32.0 +2.35.1 diff --git a/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch index 7d20801..948881f 100644 --- a/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch +++ b/SOURCES/0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch @@ -1,15 +1,16 @@ -From 7572bbec8b6a422e722864348a53d5e0f855e7f6 Mon Sep 17 00:00:00 2001 +From 1747f59fece8183772e5591ce5b5feb5f421f602 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Fri, 20 Feb 2015 16:42:01 +0100 Subject: [PATCH] We want to remove the trailing newline for /etc/system_release. +Content-type: text/plain --- python/sepolicy/sepolicy/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index a2475d22547a..8055a12f6020 100644 +index 9447812b7450..aa8beda313c8 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -1228,7 +1228,7 @@ def get_os_version(): @@ -22,5 +23,5 @@ index a2475d22547a..8055a12f6020 100644 system_release = "Misc" -- -2.32.0 +2.35.1 diff --git a/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch index 8af8682..9b31464 100644 --- a/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch +++ b/SOURCES/0006-Fix-title-in-manpage.py-to-not-contain-online.patch @@ -1,14 +1,15 @@ -From a4d59dcce863a02895fe40e487176149f3a4ad5b Mon Sep 17 00:00:00 2001 +From 0bd28bc715034c644405d3c03f160d69ae710500 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Fri, 20 Feb 2015 16:42:53 +0100 Subject: [PATCH] Fix title in manpage.py to not contain 'online'. +Content-type: text/plain --- python/sepolicy/sepolicy/manpage.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index dc3e5207c57c..6420ebe2e08e 100755 +index c632d05dbb1b..3ae2f42b2fdf 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -222,7 +222,7 @@ class HTMLManPages: @@ -21,5 +22,5 @@ index dc3e5207c57c..6420ebe2e08e 100755

SELinux man pages for %s

-- -2.32.0 +2.35.1 diff --git a/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch index 216cdb2..ba39b4d 100644 --- a/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch +++ b/SOURCES/0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch @@ -1,14 +1,15 @@ -From f183dd36c66069c95726e1dab47639e76077d86a Mon Sep 17 00:00:00 2001 +From f204dd292340689c2d7ab75612b9fd81337fcbc3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Fri, 14 Feb 2014 12:32:12 -0500 Subject: [PATCH] Don't be verbose if you are not on a tty +Content-type: text/plain --- policycoreutils/scripts/fixfiles | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index 6fb12e0451a9..cb20002ab613 100755 +index c72ca0eb9d61..163ebcd1f232 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() { @@ -17,8 +18,8 @@ index 6fb12e0451a9..cb20002ab613 100755 VERBOSE="-p" +[ -t 1 ] || VERBOSE="" FORCEFLAG="" + THREADS="" RPMFILES="" - PREFC="" -- -2.32.0 +2.35.1 diff --git a/SOURCES/0014-sepolicy-generate-Handle-more-reserved-port-types.patch b/SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch similarity index 96% rename from SOURCES/0014-sepolicy-generate-Handle-more-reserved-port-types.patch rename to SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch index d64acff..0e45be3 100644 --- a/SOURCES/0014-sepolicy-generate-Handle-more-reserved-port-types.patch +++ b/SOURCES/0008-sepolicy-generate-Handle-more-reserved-port-types.patch @@ -1,7 +1,8 @@ -From 53c27e891b9053a9bbbbca5a854deb4fc526a8a2 Mon Sep 17 00:00:00 2001 +From d8f51aa7d299383247213b69ec7cbb68c1fa3bc4 Mon Sep 17 00:00:00 2001 From: Masatake YAMATO Date: Thu, 14 Dec 2017 15:57:58 +0900 Subject: [PATCH] sepolicy-generate: Handle more reserved port types +Content-type: text/plain Currently only reserved_port_t, port_t and hi_reserved_port_t are handled as special when making a ports-dictionary. However, as fas as @@ -67,5 +68,5 @@ index 43180ca6fda4..d60a08e1d72c 100644 dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range')) return dict -- -2.32.0 +2.35.1 diff --git a/SOURCES/0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch similarity index 96% rename from SOURCES/0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch rename to SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch index 6ab6f4a..e8a52b2 100644 --- a/SOURCES/0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +++ b/SOURCES/0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch @@ -1,7 +1,8 @@ -From be804ecd456a52803067e1aa11e20ef69788221c Mon Sep 17 00:00:00 2001 +From 8054dc44cf105b959864a1424fe857fac3ba3d73 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 18 Jul 2018 09:09:35 +0200 Subject: [PATCH] sandbox: Use matchbox-window-manager instead of openbox +Content-type: text/plain --- sandbox/sandbox | 4 ++-- @@ -70,5 +71,5 @@ index 4774528027ef..c211ebc14549 100644 export DISPLAY=:$D cat > ~/seremote << __EOF -- -2.32.0 +2.35.1 diff --git a/SOURCES/0009-sepolicy-Another-small-optimization-for-mcs-types.patch b/SOURCES/0009-sepolicy-Another-small-optimization-for-mcs-types.patch deleted file mode 100644 index 35d2276..0000000 --- a/SOURCES/0009-sepolicy-Another-small-optimization-for-mcs-types.patch +++ /dev/null @@ -1,53 +0,0 @@ -From afe686ec783ccf442c8e2bbcb9dbdb7650328253 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 28 Feb 2017 21:29:46 +0100 -Subject: [PATCH] sepolicy: Another small optimization for mcs types - ---- - python/sepolicy/sepolicy/manpage.py | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index d15522135288..ffcedb547993 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -144,6 +144,15 @@ def _gen_entry_types(): - entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"] - return entry_types - -+mcs_constrained_types = None -+ -+def _gen_mcs_constrained_types(): -+ global mcs_constrained_types -+ if mcs_constrained_types is None: -+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -+ return mcs_constrained_types -+ -+ - types = None - - def _gen_types(): -@@ -392,6 +401,7 @@ class ManPage: - self.types = _gen_types() - self.exec_types = _gen_exec_types() - self.entry_types = _gen_entry_types() -+ self.mcs_constrained_types = _gen_mcs_constrained_types() - - if self.source_files: - self.fcpath = self.root + "file_contexts" -@@ -946,11 +956,7 @@ All executables with the default executable label, usually stored in /usr/bin an - %s""" % ", ".join(paths)) - - def _mcs_types(self): -- try: -- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type")) -- except StopIteration: -- return -- if self.type not in mcs_constrained_type['types']: -+ if self.type not in self.mcs_constrained_types['types']: - return - self.fd.write (""" - .SH "MCS Constrained" --- -2.32.0 - diff --git a/SOURCES/0010-Move-po-translation-files-into-the-right-sub-directo.patch b/SOURCES/0010-Move-po-translation-files-into-the-right-sub-directo.patch deleted file mode 100644 index 49a1477..0000000 --- a/SOURCES/0010-Move-po-translation-files-into-the-right-sub-directo.patch +++ /dev/null @@ -1,515 +0,0 @@ -From 28879b771a804242d00a8a978bdbc4b85210814d Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 6 Aug 2018 13:23:00 +0200 -Subject: [PATCH] Move po/ translation files into the right sub-directories - -When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/ -sub-directories, po/ translation files stayed in policycoreutils/. - -This commit split original policycoreutils/po directory into -policycoreutils/po -python/po -gui/po -sandbox/po - -See https://github.com/fedora-selinux/selinux/issues/43 ---- - gui/Makefile | 3 ++ - gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++ - gui/po/POTFILES | 17 ++++++++ - policycoreutils/po/Makefile | 70 ++----------------------------- - policycoreutils/po/POTFILES | 9 ++++ - python/Makefile | 2 +- - python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++ - python/po/POTFILES | 10 +++++ - sandbox/Makefile | 2 + - sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++ - sandbox/po/POTFILES | 1 + - 11 files changed, 293 insertions(+), 68 deletions(-) - create mode 100644 gui/po/Makefile - create mode 100644 gui/po/POTFILES - create mode 100644 policycoreutils/po/POTFILES - create mode 100644 python/po/Makefile - create mode 100644 python/po/POTFILES - create mode 100644 sandbox/po/Makefile - create mode 100644 sandbox/po/POTFILES - -diff --git a/gui/Makefile b/gui/Makefile -index ca965c942912..5a5bf6dcae19 100644 ---- a/gui/Makefile -+++ b/gui/Makefile -@@ -22,6 +22,7 @@ system-config-selinux.ui \ - usersPage.py - - all: $(TARGETS) system-config-selinux.py polgengui.py -+ (cd po && $(MAKE) $@) - - install: all - -mkdir -p $(DESTDIR)$(MANDIR)/man8 -@@ -54,6 +55,8 @@ install: all - install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ - done - install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ -+ (cd po && $(MAKE) $@) -+ - clean: - - indent: -diff --git a/gui/po/Makefile b/gui/po/Makefile -new file mode 100644 -index 000000000000..a0f5439f2d1c ---- /dev/null -+++ b/gui/po/Makefile -@@ -0,0 +1,82 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = gui -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git a/gui/po/POTFILES b/gui/po/POTFILES -new file mode 100644 -index 000000000000..1795c5c1951b ---- /dev/null -+++ b/gui/po/POTFILES -@@ -0,0 +1,17 @@ -+../booleansPage.py -+../domainsPage.py -+../fcontextPage.py -+../loginsPage.py -+../modulesPage.py -+../org.selinux.config.policy -+../polgengui.py -+../polgen.ui -+../portsPage.py -+../selinux-polgengui.desktop -+../semanagePage.py -+../sepolicy.desktop -+../statusPage.py -+../system-config-selinux.desktop -+../system-config-selinux.py -+../system-config-selinux.ui -+../usersPage.py -diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile -index 575e143122e6..18bc1dff8d1f 100644 ---- a/policycoreutils/po/Makefile -+++ b/policycoreutils/po/Makefile -@@ -3,7 +3,6 @@ - # - - PREFIX ?= /usr --TOP = ../.. - - # What is this package? - NLSPACKAGE = policycoreutils -@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) - - POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) - MOFILES = $(patsubst %.po,%.mo,$(POFILES)) --POTFILES = \ -- ../run_init/open_init_pty.c \ -- ../run_init/run_init.c \ -- ../semodule_link/semodule_link.c \ -- ../audit2allow/audit2allow \ -- ../semanage/seobject.py \ -- ../setsebool/setsebool.c \ -- ../newrole/newrole.c \ -- ../load_policy/load_policy.c \ -- ../sestatus/sestatus.c \ -- ../semodule/semodule.c \ -- ../setfiles/setfiles.c \ -- ../semodule_package/semodule_package.c \ -- ../semodule_deps/semodule_deps.c \ -- ../semodule_expand/semodule_expand.c \ -- ../scripts/chcat \ -- ../scripts/fixfiles \ -- ../restorecond/stringslist.c \ -- ../restorecond/restorecond.h \ -- ../restorecond/utmpwatcher.h \ -- ../restorecond/stringslist.h \ -- ../restorecond/restorecond.c \ -- ../restorecond/utmpwatcher.c \ -- ../gui/booleansPage.py \ -- ../gui/fcontextPage.py \ -- ../gui/loginsPage.py \ -- ../gui/mappingsPage.py \ -- ../gui/modulesPage.py \ -- ../gui/polgen.glade \ -- ../gui/polgengui.py \ -- ../gui/portsPage.py \ -- ../gui/semanagePage.py \ -- ../gui/statusPage.py \ -- ../gui/system-config-selinux.glade \ -- ../gui/system-config-selinux.py \ -- ../gui/usersPage.py \ -- ../secon/secon.c \ -- booleans.py \ -- ../sepolicy/sepolicy.py \ -- ../sepolicy/sepolicy/communicate.py \ -- ../sepolicy/sepolicy/__init__.py \ -- ../sepolicy/sepolicy/network.py \ -- ../sepolicy/sepolicy/generate.py \ -- ../sepolicy/sepolicy/sepolicy.glade \ -- ../sepolicy/sepolicy/gui.py \ -- ../sepolicy/sepolicy/manpage.py \ -- ../sepolicy/sepolicy/transition.py \ -- ../sepolicy/sepolicy/templates/executable.py \ -- ../sepolicy/sepolicy/templates/__init__.py \ -- ../sepolicy/sepolicy/templates/network.py \ -- ../sepolicy/sepolicy/templates/rw.py \ -- ../sepolicy/sepolicy/templates/script.py \ -- ../sepolicy/sepolicy/templates/semodule.py \ -- ../sepolicy/sepolicy/templates/tmp.py \ -- ../sepolicy/sepolicy/templates/user.py \ -- ../sepolicy/sepolicy/templates/var_lib.py \ -- ../sepolicy/sepolicy/templates/var_log.py \ -- ../sepolicy/sepolicy/templates/var_run.py \ -- ../sepolicy/sepolicy/templates/var_spool.py -+POTFILES = $(shell cat POTFILES) - - #default:: clean - --all:: $(MOFILES) -+all:: $(POTFILE) $(MOFILES) - --booleans.py: -- sepolicy booleans -a > booleans.py -- --$(POTFILE): $(POTFILES) booleans.py -+$(POTFILE): $(POTFILES) - $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) - @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ - rm -f $(NLSPACKAGE).po; \ -@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py - mv -f $(NLSPACKAGE).po $(POTFILE); \ - fi; \ - --update-po: Makefile $(POTFILE) refresh-po -- @rm -f booleans.py - - refresh-po: Makefile - for cat in $(POFILES); do \ -diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES -new file mode 100644 -index 000000000000..12237dc61ee4 ---- /dev/null -+++ b/policycoreutils/po/POTFILES -@@ -0,0 +1,9 @@ -+../run_init/open_init_pty.c -+../run_init/run_init.c -+../setsebool/setsebool.c -+../newrole/newrole.c -+../load_policy/load_policy.c -+../sestatus/sestatus.c -+../semodule/semodule.c -+../setfiles/setfiles.c -+../secon/secon.c -diff --git a/python/Makefile b/python/Makefile -index 9b66d52fbd4d..00312dbdb5c6 100644 ---- a/python/Makefile -+++ b/python/Makefile -@@ -1,4 +1,4 @@ --SUBDIRS = sepolicy audit2allow semanage sepolgen chcat -+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po - - all install relabel clean indent test: - @for subdir in $(SUBDIRS); do \ -diff --git a/python/po/Makefile b/python/po/Makefile -new file mode 100644 -index 000000000000..4e052d5a2bd7 ---- /dev/null -+++ b/python/po/Makefile -@@ -0,0 +1,83 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = python -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES) -+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git a/python/po/POTFILES b/python/po/POTFILES -new file mode 100644 -index 000000000000..128eb870a69e ---- /dev/null -+++ b/python/po/POTFILES -@@ -0,0 +1,10 @@ -+../audit2allow/audit2allow -+../chcat/chcat -+../semanage/semanage -+../semanage/seobject.py -+../sepolgen/src/sepolgen/interfaces.py -+../sepolicy/sepolicy/generate.py -+../sepolicy/sepolicy/gui.py -+../sepolicy/sepolicy/__init__.py -+../sepolicy/sepolicy/interface.py -+../sepolicy/sepolicy.py -diff --git a/sandbox/Makefile b/sandbox/Makefile -index 9da5e58db9e6..b817824e2102 100644 ---- a/sandbox/Makefile -+++ b/sandbox/Makefile -@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng - SEUNSHARE_OBJS = seunshare.o - - all: sandbox seunshare sandboxX.sh start -+ (cd po && $(MAKE) $@) - - seunshare: $(SEUNSHARE_OBJS) - -@@ -39,6 +40,7 @@ install: all - install -m 755 start $(DESTDIR)$(SHAREDIR) - -mkdir -p $(DESTDIR)$(SYSCONFDIR) - install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox -+ (cd po && $(MAKE) $@) - - test: - @$(PYTHON) test_sandbox.py -v -diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile -new file mode 100644 -index 000000000000..0556bbe953f0 ---- /dev/null -+++ b/sandbox/po/Makefile -@@ -0,0 +1,82 @@ -+# -+# Makefile for the PO files (translation) catalog -+# -+ -+PREFIX ?= /usr -+ -+# What is this package? -+NLSPACKAGE = sandbox -+POTFILE = $(NLSPACKAGE).pot -+INSTALL = /usr/bin/install -c -p -+INSTALL_DATA = $(INSTALL) -m 644 -+INSTALL_DIR = /usr/bin/install -d -+ -+# destination directory -+INSTALL_NLS_DIR = $(PREFIX)/share/locale -+ -+# PO catalog handling -+MSGMERGE = msgmerge -+MSGMERGE_FLAGS = -q -+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE) -+MSGFMT = msgfmt -+ -+# All possible linguas -+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po))) -+ -+# Only the files matching what the user has set in LINGUAS -+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS)) -+ -+# if no valid LINGUAS, build all languages -+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS)) -+ -+POFILES = $(patsubst %,%.po,$(USE_LINGUAS)) -+MOFILES = $(patsubst %.po,%.mo,$(POFILES)) -+POTFILES = $(shell cat POTFILES) -+ -+#default:: clean -+ -+all:: $(POTFILE) $(MOFILES) -+ -+$(POTFILE): $(POTFILES) -+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) -+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ -+ rm -f $(NLSPACKAGE).po; \ -+ else \ -+ mv -f $(NLSPACKAGE).po $(POTFILE); \ -+ fi; \ -+ -+ -+refresh-po: Makefile -+ for cat in $(POFILES); do \ -+ lang=`basename $$cat .po`; \ -+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \ -+ mv -f $$lang.pot $$lang.po ; \ -+ echo "$(MSGMERGE) of $$lang succeeded" ; \ -+ else \ -+ echo "$(MSGMERGE) of $$lang failed" ; \ -+ rm -f $$lang.pot ; \ -+ fi \ -+ done -+ -+clean: -+ @rm -fv *mo *~ .depend -+ @rm -rf tmp -+ -+install: $(MOFILES) -+ @for n in $(MOFILES); do \ -+ l=`basename $$n .mo`; \ -+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \ -+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \ -+ done -+ -+%.mo: %.po -+ $(MSGFMT) -o $@ $< -+report: -+ @for cat in $(wildcard *.po); do \ -+ echo -n "$$cat: "; \ -+ msgfmt -v --statistics -o /dev/null $$cat; \ -+ done -+ -+.PHONY: missing depend -+ -+relabel: -diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES -new file mode 100644 -index 000000000000..deff3f2f4656 ---- /dev/null -+++ b/sandbox/po/POTFILES -@@ -0,0 +1 @@ -+../sandbox --- -2.32.0 - diff --git a/SOURCES/0018-Use-SHA-2-instead-of-SHA-1.patch b/SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch similarity index 97% rename from SOURCES/0018-Use-SHA-2-instead-of-SHA-1.patch rename to SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch index 143f805..812028f 100644 --- a/SOURCES/0018-Use-SHA-2-instead-of-SHA-1.patch +++ b/SOURCES/0010-Use-SHA-2-instead-of-SHA-1.patch @@ -1,7 +1,8 @@ -From ec1b147076345478636de763ce5d4e8daa69afd6 Mon Sep 17 00:00:00 2001 +From 53d085d8d6edc05886d473e412a8025b7f8d9ce4 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 30 Jul 2021 14:14:37 +0200 Subject: [PATCH] Use SHA-2 instead of SHA-1 +Content-type: text/plain The use of SHA-1 in RHEL9 is deprecated --- @@ -15,10 +16,10 @@ The use of SHA-1 in RHEL9 is deprecated 7 files changed, 33 insertions(+), 33 deletions(-) diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 -index 668486f66113..a8900f02b3f3 100644 +index e07db2c87dc4..dbd55ce7c512 100644 --- a/policycoreutils/setfiles/restorecon.8 +++ b/policycoreutils/setfiles/restorecon.8 -@@ -93,14 +93,14 @@ display usage information and exit. +@@ -95,14 +95,14 @@ display usage information and exit. ignore files that do not exist. .TP .B \-I @@ -36,7 +37,7 @@ index 668486f66113..a8900f02b3f3 100644 enable usage of the .IR security.sehash extended attribute. -@@ -191,7 +191,7 @@ the +@@ -200,7 +200,7 @@ the .B \-D option to .B restorecon @@ -45,7 +46,7 @@ index 668486f66113..a8900f02b3f3 100644 attribute named .IR security.sehash on each directory specified in -@@ -208,7 +208,7 @@ for further details. +@@ -217,7 +217,7 @@ for further details. .sp The .B \-I @@ -253,10 +254,10 @@ index 910101452625..7f2daa09191b 100644 , и, при условии, что НЕ установлен параметр .B \-n diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index 8e6c4ab94841..0692121f2f4d 100644 +index 19b59a2cc90d..bad9f37a9ac4 100644 --- a/policycoreutils/setfiles/setfiles.8 +++ b/policycoreutils/setfiles/setfiles.8 -@@ -85,14 +85,14 @@ display usage information and exit. +@@ -87,14 +87,14 @@ display usage information and exit. ignore files that do not exist. .TP .B \-I @@ -274,7 +275,7 @@ index 8e6c4ab94841..0692121f2f4d 100644 enable usage of the .IR security.sehash extended attribute. -@@ -230,7 +230,7 @@ the +@@ -239,7 +239,7 @@ the .B \-D option to .B setfiles @@ -283,7 +284,7 @@ index 8e6c4ab94841..0692121f2f4d 100644 .B spec_file set in an extended attribute named .IR security.sehash -@@ -251,7 +251,7 @@ for further details. +@@ -260,7 +260,7 @@ for further details. .sp The .B \-I @@ -293,5 +294,5 @@ index 8e6c4ab94841..0692121f2f4d 100644 and provided the .B \-n -- -2.32.0 +2.35.1 diff --git a/SOURCES/0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch b/SOURCES/0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch deleted file mode 100644 index fa55c2e..0000000 --- a/SOURCES/0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch +++ /dev/null @@ -1,306 +0,0 @@ -From a8cacf2944ddd803909d2111bdf2d43ab90e1111 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 6 Aug 2018 13:37:07 +0200 -Subject: [PATCH] Use correct gettext domains in python/ gui/ sandbox/ - -https://github.com/fedora-selinux/selinux/issues/43 ---- - gui/booleansPage.py | 2 +- - gui/domainsPage.py | 2 +- - gui/fcontextPage.py | 2 +- - gui/loginsPage.py | 2 +- - gui/modulesPage.py | 2 +- - gui/polgengui.py | 2 +- - gui/portsPage.py | 2 +- - gui/semanagePage.py | 2 +- - gui/statusPage.py | 2 +- - gui/system-config-selinux.py | 2 +- - gui/usersPage.py | 2 +- - python/chcat/chcat | 2 +- - python/semanage/semanage | 2 +- - python/semanage/seobject.py | 2 +- - python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +- - python/sepolicy/sepolicy.py | 2 +- - python/sepolicy/sepolicy/__init__.py | 2 +- - python/sepolicy/sepolicy/generate.py | 2 +- - python/sepolicy/sepolicy/gui.py | 2 +- - python/sepolicy/sepolicy/interface.py | 2 +- - sandbox/sandbox | 2 +- - 21 files changed, 21 insertions(+), 21 deletions(-) - -diff --git a/gui/booleansPage.py b/gui/booleansPage.py -index 7849bea26a06..dd12b6d6ab86 100644 ---- a/gui/booleansPage.py -+++ b/gui/booleansPage.py -@@ -38,7 +38,7 @@ DISABLED = 2 - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/domainsPage.py b/gui/domainsPage.py -index bad5140d8c59..6bbe4de5884f 100644 ---- a/gui/domainsPage.py -+++ b/gui/domainsPage.py -@@ -30,7 +30,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py -index d26aa1b405a9..52292cae01d2 100644 ---- a/gui/fcontextPage.py -+++ b/gui/fcontextPage.py -@@ -47,7 +47,7 @@ class context: - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/loginsPage.py b/gui/loginsPage.py -index b67eb8bc42af..cbfb0cc23f65 100644 ---- a/gui/loginsPage.py -+++ b/gui/loginsPage.py -@@ -29,7 +29,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/modulesPage.py b/gui/modulesPage.py -index 0584acf9b3a4..35a0129bab9c 100644 ---- a/gui/modulesPage.py -+++ b/gui/modulesPage.py -@@ -30,7 +30,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/polgengui.py b/gui/polgengui.py -index d284ded65279..01f541bafae8 100644 ---- a/gui/polgengui.py -+++ b/gui/polgengui.py -@@ -63,7 +63,7 @@ def get_all_modules(): - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/portsPage.py b/gui/portsPage.py -index 30f58383bc1d..a537ecc8c0a1 100644 ---- a/gui/portsPage.py -+++ b/gui/portsPage.py -@@ -35,7 +35,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/semanagePage.py b/gui/semanagePage.py -index 4127804fbbee..5361d69c1313 100644 ---- a/gui/semanagePage.py -+++ b/gui/semanagePage.py -@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/statusPage.py b/gui/statusPage.py -index 766854b19cba..a8f079b9b163 100644 ---- a/gui/statusPage.py -+++ b/gui/statusPage.py -@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel" - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py -index 3f70122b87e8..8c46c987b974 100644 ---- a/gui/system-config-selinux.py -+++ b/gui/system-config-selinux.py -@@ -45,7 +45,7 @@ import selinux - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/gui/usersPage.py b/gui/usersPage.py -index 26794ed5c3f3..d15d4c5a71dd 100644 ---- a/gui/usersPage.py -+++ b/gui/usersPage.py -@@ -29,7 +29,7 @@ from semanagePage import * - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-gui" - try: - import gettext - kwargs = {} -diff --git a/python/chcat/chcat b/python/chcat/chcat -index fdd2e46ee3f9..839ddd3b54b6 100755 ---- a/python/chcat/chcat -+++ b/python/chcat/chcat -@@ -30,7 +30,7 @@ import getopt - import selinux - import seobject - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/semanage/semanage b/python/semanage/semanage -index 18a2710531ca..0980aecb6311 100644 ---- a/python/semanage/semanage -+++ b/python/semanage/semanage -@@ -30,7 +30,7 @@ import seobject - import sys - import traceback - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py -index 21adbf6eb74f..69e60db80060 100644 ---- a/python/semanage/seobject.py -+++ b/python/semanage/seobject.py -@@ -29,7 +29,7 @@ import sys - import stat - import socket - from semanage import * --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - import sepolicy - from setools.policyrep import SELinuxPolicy - from setools.typequery import TypeQuery -diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py -index 998c4356415c..56ebd807c69c 100644 ---- a/python/sepolgen/src/sepolgen/sepolgeni18n.py -+++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py -@@ -19,7 +19,7 @@ - - try: - import gettext -- t = gettext.translation( 'yumex' ) -+ t = gettext.translation( 'selinux-python' ) - _ = t.gettext - except: - def _(str): -diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py -index 7b2230651099..32956e58f52e 100755 ---- a/python/sepolicy/sepolicy.py -+++ b/python/sepolicy/sepolicy.py -@@ -28,7 +28,7 @@ import sepolicy - from multiprocessing import Pool - from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text - import argparse --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py -index 8055a12f6020..aa8beda313c8 100644 ---- a/python/sepolicy/sepolicy/__init__.py -+++ b/python/sepolicy/sepolicy/__init__.py -@@ -23,7 +23,7 @@ from setools.typeattrquery import TypeAttributeQuery - from setools.typequery import TypeQuery - from setools.userquery import UserQuery - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py -index 4e1ed4e9dc31..43180ca6fda4 100644 ---- a/python/sepolicy/sepolicy/generate.py -+++ b/python/sepolicy/sepolicy/generate.py -@@ -48,7 +48,7 @@ import sepolgen.defaults as defaults - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py -index 1e86422b864a..c9ca158ddd09 100644 ---- a/python/sepolicy/sepolicy/gui.py -+++ b/python/sepolicy/sepolicy/gui.py -@@ -41,7 +41,7 @@ import os - import re - import unicodedata - --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py -index bdffb770f364..9d40aea1498d 100644 ---- a/python/sepolicy/sepolicy/interface.py -+++ b/python/sepolicy/sepolicy/interface.py -@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us - ## - ## I18N - ## --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-python" - try: - import gettext - kwargs = {} -diff --git a/sandbox/sandbox b/sandbox/sandbox -index ca5f1e030a51..16c43b51eaaa 100644 ---- a/sandbox/sandbox -+++ b/sandbox/sandbox -@@ -37,7 +37,7 @@ import sepolicy - - SEUNSHARE = "/usr/sbin/seunshare" - SANDBOXSH = "/usr/share/sandbox/sandboxX.sh" --PROGNAME = "policycoreutils" -+PROGNAME = "selinux-sandbox" - try: - import gettext - kwargs = {} --- -2.32.0 - diff --git a/SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch similarity index 90% rename from SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch rename to SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch index 20bf928..c4e1fe1 100644 --- a/SOURCES/0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch +++ b/SOURCES/0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch @@ -1,8 +1,9 @@ -From fae31a306e7b6084710c02b658ace668766fc004 Mon Sep 17 00:00:00 2001 +From 3748b7eab7434698998edfcf613fe738cf19d5c9 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 27 Feb 2017 17:12:39 +0100 Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and file_type_is_entrypoint(f) +Content-type: text/plain - use direct queries - load exec_types and entry_types only once @@ -11,7 +12,7 @@ Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index 6420ebe2e08e..d15522135288 100755 +index 3ae2f42b2fdf..5a434bd360ae 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -127,8 +127,24 @@ def gen_domains(): @@ -54,10 +55,10 @@ index 6420ebe2e08e..d15522135288 100755 if f.startswith(self.domainname): flist.append(f) - if not file_type_is_executable(f) or not file_type_is_entrypoint(f): -+ if not f in self.exec_types or not f in self.entry_types: ++ if f not in self.exec_types or f not in self.entry_types: flist_non_exec.append(f) if f in self.fcdict: mpaths = mpaths + self.fcdict[f]["regex"] -- -2.32.0 +2.35.1 diff --git a/SOURCES/0012-Initial-.pot-files-for-gui-python-sandbox.patch b/SOURCES/0012-Initial-.pot-files-for-gui-python-sandbox.patch deleted file mode 100644 index 9a6b2e8..0000000 --- a/SOURCES/0012-Initial-.pot-files-for-gui-python-sandbox.patch +++ /dev/null @@ -1,4532 +0,0 @@ -From a4183d4c2d335fca940f741bec1f1839394ea783 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 6 Aug 2018 14:23:19 +0200 -Subject: [PATCH] Initial .pot files for gui/ python/ sandbox/ - -https://github.com/fedora-selinux/selinux/issues/43 ---- - gui/po/gui.pot | 964 ++++++++++++ - python/po/python.pot | 3375 ++++++++++++++++++++++++++++++++++++++++ - sandbox/po/sandbox.pot | 157 ++ - 3 files changed, 4496 insertions(+) - create mode 100644 gui/po/gui.pot - create mode 100644 python/po/python.pot - create mode 100644 sandbox/po/sandbox.pot - -diff --git a/gui/po/gui.pot b/gui/po/gui.pot -new file mode 100644 -index 000000000000..1663b4caa7c3 ---- /dev/null -+++ b/gui/po/gui.pot -@@ -0,0 +1,964 @@ -+# SOME DESCRIPTIVE TITLE. -+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -+# This file is distributed under the same license as the PACKAGE package. -+# FIRST AUTHOR , YEAR. -+# -+#, fuzzy -+msgid "" -+msgstr "" -+"Project-Id-Version: PACKAGE VERSION\n" -+"Report-Msgid-Bugs-To: \n" -+"POT-Creation-Date: 2018-08-06 14:22+0200\n" -+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -+"Last-Translator: FULL NAME \n" -+"Language-Team: LANGUAGE \n" -+"Language: \n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=CHARSET\n" -+"Content-Transfer-Encoding: 8bit\n" -+ -+#: ../booleansPage.py:198 ../system-config-selinux.ui:1025 -+msgid "Boolean" -+msgstr "" -+ -+#: ../booleansPage.py:248 ../semanagePage.py:166 -+msgid "all" -+msgstr "" -+ -+#: ../booleansPage.py:250 ../semanagePage.py:168 -+#: ../system-config-selinux.ui:961 ../system-config-selinux.ui:1097 -+#: ../system-config-selinux.ui:1506 -+msgid "Customized" -+msgstr "" -+ -+#: ../domainsPage.py:55 ../system-config-selinux.ui:1834 -+msgid "Process Domain" -+msgstr "" -+ -+#: ../domainsPage.py:63 -+msgid "Domain Name" -+msgstr "" -+ -+#: ../domainsPage.py:68 -+msgid "Mode" -+msgstr "" -+ -+#: ../domainsPage.py:101 ../domainsPage.py:112 ../domainsPage.py:156 -+#: ../statusPage.py:73 ../system-config-selinux.ui:622 -+#: ../system-config-selinux.ui:1755 -+msgid "Permissive" -+msgstr "" -+ -+#: ../fcontextPage.py:72 ../system-config-selinux.ui:1160 -+msgid "File Labeling" -+msgstr "" -+ -+#: ../fcontextPage.py:82 -+msgid "" -+"File\n" -+"Specification" -+msgstr "" -+ -+#: ../fcontextPage.py:89 -+msgid "" -+"Selinux\n" -+"File Type" -+msgstr "" -+ -+#: ../fcontextPage.py:96 -+msgid "" -+"File\n" -+"Type" -+msgstr "" -+ -+#: ../loginsPage.py:55 ../system-config-selinux.ui:1281 -+msgid "User Mapping" -+msgstr "" -+ -+#: ../loginsPage.py:59 -+msgid "" -+"Login\n" -+"Name" -+msgstr "" -+ -+#: ../loginsPage.py:63 ../usersPage.py:60 -+msgid "" -+"SELinux\n" -+"User" -+msgstr "" -+ -+#: ../loginsPage.py:66 ../usersPage.py:65 -+msgid "" -+"MLS/\n" -+"MCS Range" -+msgstr "" -+ -+#: ../loginsPage.py:135 -+#, python-format -+msgid "Login '%s' is required" -+msgstr "" -+ -+#: ../modulesPage.py:55 ../system-config-selinux.ui:1722 -+msgid "Policy Module" -+msgstr "" -+ -+#: ../modulesPage.py:65 -+msgid "Module Name" -+msgstr "" -+ -+#: ../modulesPage.py:70 -+msgid "Priority" -+msgstr "" -+ -+#: ../modulesPage.py:79 -+msgid "Kind" -+msgstr "" -+ -+#: ../modulesPage.py:147 -+msgid "Disable Audit" -+msgstr "" -+ -+#: ../modulesPage.py:150 ../system-config-selinux.ui:1659 -+msgid "Enable Audit" -+msgstr "" -+ -+#: ../modulesPage.py:175 -+msgid "Load Policy Module" -+msgstr "" -+ -+#: ../org.selinux.config.policy:11 -+msgid "Run System Config SELinux" -+msgstr "" -+ -+#: ../org.selinux.config.policy:12 -+msgid "Authentication is required to run system-config-selinux" -+msgstr "" -+ -+#: ../polgengui.py:288 ../polgen.ui:728 -+msgid "Name" -+msgstr "" -+ -+#: ../polgengui.py:290 ../polgen.ui:111 -+msgid "Description" -+msgstr "" -+ -+#: ../polgengui.py:298 -+msgid "Role" -+msgstr "" -+ -+#: ../polgengui.py:305 -+msgid "Existing_User" -+msgstr "" -+ -+#: ../polgengui.py:319 ../polgengui.py:327 ../polgengui.py:341 -+msgid "Application" -+msgstr "" -+ -+#: ../polgengui.py:386 -+#, python-format -+msgid "%s must be a directory" -+msgstr "" -+ -+#: ../polgengui.py:446 ../polgengui.py:727 -+msgid "You must select a user" -+msgstr "" -+ -+#: ../polgengui.py:576 -+msgid "Select executable file to be confined." -+msgstr "" -+ -+#: ../polgengui.py:587 -+msgid "Select init script file to be confined." -+msgstr "" -+ -+#: ../polgengui.py:597 -+msgid "Select file(s) that confined application creates or writes" -+msgstr "" -+ -+#: ../polgengui.py:604 -+msgid "Select directory(s) that the confined application owns and writes into" -+msgstr "" -+ -+#: ../polgengui.py:666 -+msgid "Select directory to generate policy files in" -+msgstr "" -+ -+#: ../polgengui.py:683 -+#, python-format -+msgid "" -+"Type %s_t already defined in current policy.\n" -+"Do you want to continue?" -+msgstr "" -+ -+#: ../polgengui.py:683 ../polgengui.py:687 -+msgid "Verify Name" -+msgstr "" -+ -+#: ../polgengui.py:687 -+#, python-format -+msgid "" -+"Module %s already loaded in current policy.\n" -+"Do you want to continue?" -+msgstr "" -+ -+#: ../polgengui.py:733 -+msgid "" -+"You must add a name made up of letters and numbers and containing no spaces." -+msgstr "" -+ -+#: ../polgengui.py:747 -+msgid "You must enter a executable" -+msgstr "" -+ -+#: ../polgengui.py:772 ../system-config-selinux.py:184 -+msgid "Configue SELinux" -+msgstr "" -+ -+#: ../polgen.ui:9 -+msgid "Red Hat 2007" -+msgstr "" -+ -+#: ../polgen.ui:11 -+msgid "GPL" -+msgstr "" -+ -+#. TRANSLATORS: Replace this string with your names, one name per line. -+#: ../polgen.ui:13 ../system-config-selinux.ui:15 -+msgid "translator-credits" -+msgstr "" -+ -+#: ../polgen.ui:34 -+msgid "Add Booleans Dialog" -+msgstr "" -+ -+#: ../polgen.ui:99 -+msgid "Boolean Name" -+msgstr "" -+ -+#: ../polgen.ui:234 ../selinux-polgengui.desktop:3 -+msgid "SELinux Policy Generation Tool" -+msgstr "" -+ -+#: ../polgen.ui:255 -+msgid "" -+"Select the policy type for the application or user role you want to " -+"confine:" -+msgstr "" -+ -+#: ../polgen.ui:288 -+msgid "Applications" -+msgstr "" -+ -+#: ../polgen.ui:320 -+msgid "Standard Init Daemon" -+msgstr "" -+ -+#: ../polgen.ui:324 ../polgen.ui:340 -+msgid "" -+"Standard Init Daemon are daemons started on boot via init scripts. Usually " -+"requires a script in /etc/rc.d/init.d" -+msgstr "" -+ -+#: ../polgen.ui:336 -+msgid "DBUS System Daemon" -+msgstr "" -+ -+#: ../polgen.ui:353 -+msgid "Internet Services Daemon (inetd)" -+msgstr "" -+ -+#: ../polgen.ui:357 -+msgid "Internet Services Daemon are daemons started by xinetd" -+msgstr "" -+ -+#: ../polgen.ui:370 -+msgid "Web Application/Script (CGI)" -+msgstr "" -+ -+#: ../polgen.ui:374 -+msgid "" -+"Web Applications/Script (CGI) CGI scripts started by the web server (apache)" -+msgstr "" -+ -+#: ../polgen.ui:387 -+msgid "User Application" -+msgstr "" -+ -+#: ../polgen.ui:391 ../polgen.ui:408 -+msgid "" -+"User Application are any application that you would like to confine that is " -+"started by a user" -+msgstr "" -+ -+#: ../polgen.ui:404 -+msgid "Sandbox" -+msgstr "" -+ -+#: ../polgen.ui:450 -+msgid "Login Users" -+msgstr "" -+ -+#: ../polgen.ui:482 -+msgid "Existing User Roles" -+msgstr "" -+ -+#: ../polgen.ui:486 -+msgid "Modify an existing login user record." -+msgstr "" -+ -+#: ../polgen.ui:499 -+msgid "Minimal Terminal User Role" -+msgstr "" -+ -+#: ../polgen.ui:503 -+msgid "" -+"This user will login to a machine only via a terminal or remote login. By " -+"default this user will have no setuid, no networking, no su, no sudo." -+msgstr "" -+ -+#: ../polgen.ui:516 -+msgid "Minimal X Windows User Role" -+msgstr "" -+ -+#: ../polgen.ui:520 -+msgid "" -+"This user can login to a machine via X or terminal. By default this user " -+"will have no setuid, no networking, no sudo, no su" -+msgstr "" -+ -+#: ../polgen.ui:533 -+msgid "User Role" -+msgstr "" -+ -+#: ../polgen.ui:537 -+msgid "" -+"User with full networking, no setuid applications without transition, no " -+"sudo, no su." -+msgstr "" -+ -+#: ../polgen.ui:550 -+msgid "Admin User Role" -+msgstr "" -+ -+#: ../polgen.ui:554 -+msgid "" -+"User with full networking, no setuid applications without transition, no su, " -+"can sudo to Root Administration Roles" -+msgstr "" -+ -+#: ../polgen.ui:596 -+msgid "Root Users" -+msgstr "" -+ -+#: ../polgen.ui:627 -+msgid "Root Admin User Role" -+msgstr "" -+ -+#: ../polgen.ui:631 -+msgid "" -+"Select Root Administrator User Role, if this user will be used to administer " -+"the machine while running as root. This user will not be able to login to " -+"the system directly." -+msgstr "" -+ -+#: ../polgen.ui:705 -+msgid "Enter name of application or user role:" -+msgstr "" -+ -+#: ../polgen.ui:739 -+msgid "Enter complete path for executable to be confined." -+msgstr "" -+ -+#: ../polgen.ui:756 ../polgen.ui:838 ../polgen.ui:2317 -+msgid "..." -+msgstr "" -+ -+#: ../polgen.ui:776 -+msgid "Enter unique name for the confined application or user role." -+msgstr "" -+ -+#: ../polgen.ui:794 -+msgid "Executable" -+msgstr "" -+ -+#: ../polgen.ui:808 -+msgid "Init script" -+msgstr "" -+ -+#: ../polgen.ui:821 -+msgid "" -+"Enter complete path to init script used to start the confined application." -+msgstr "" -+ -+#: ../polgen.ui:883 -+msgid "Select existing role to modify:" -+msgstr "" -+ -+#: ../polgen.ui:904 -+#, python-format -+msgid "Select the user roles that will transiton to the %s domain." -+msgstr "" -+ -+#: ../polgen.ui:921 -+msgid "role tab" -+msgstr "" -+ -+#: ../polgen.ui:937 -+#, python-format -+msgid "Select roles that %s will transition to:" -+msgstr "" -+ -+#: ../polgen.ui:955 -+#, python-format -+msgid "Select applications domains that %s will transition to." -+msgstr "" -+ -+#: ../polgen.ui:972 -+msgid "" -+"transition \n" -+"role tab" -+msgstr "" -+ -+#: ../polgen.ui:989 -+#, python-format -+msgid "Select the user_roles that will transition to %s:" -+msgstr "" -+ -+#: ../polgen.ui:1007 -+msgid "Select the user roles that will transiton to this applications domains." -+msgstr "" -+ -+#: ../polgen.ui:1040 -+#, python-format -+msgid "Select domains that %s will administer:" -+msgstr "" -+ -+#: ../polgen.ui:1058 ../polgen.ui:1109 -+msgid "Select the domains that you would like this user administer." -+msgstr "" -+ -+#: ../polgen.ui:1091 -+#, python-format -+msgid "Select additional roles for %s:" -+msgstr "" -+ -+#: ../polgen.ui:1142 -+#, python-format -+msgid "Enter network ports that %s binds on:" -+msgstr "" -+ -+#: ../polgen.ui:1162 ../polgen.ui:1529 -+msgid "TCP Ports" -+msgstr "" -+ -+#: ../polgen.ui:1199 ../polgen.ui:1366 ../polgen.ui:1561 ../polgen.ui:1670 -+msgid "All" -+msgstr "" -+ -+#: ../polgen.ui:1203 ../polgen.ui:1370 -+#, python-format -+msgid "Allows %s to bind to any udp port" -+msgstr "" -+ -+#: ../polgen.ui:1216 ../polgen.ui:1383 -+msgid "600-1024" -+msgstr "" -+ -+#: ../polgen.ui:1220 ../polgen.ui:1387 -+#, python-format -+msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" -+msgstr "" -+ -+#: ../polgen.ui:1233 ../polgen.ui:1400 -+msgid "Unreserved Ports (>1024)" -+msgstr "" -+ -+#: ../polgen.ui:1237 ../polgen.ui:1404 -+#, python-format -+msgid "" -+"Enter a comma separated list of udp ports or ranges of ports that %s binds " -+"to. Example: 612, 650-660" -+msgstr "" -+ -+#: ../polgen.ui:1265 ../polgen.ui:1432 ../polgen.ui:1581 ../polgen.ui:1690 -+msgid "Select Ports" -+msgstr "" -+ -+#: ../polgen.ui:1278 ../polgen.ui:1445 -+#, python-format -+msgid "Allows %s to bind to any udp ports > 1024" -+msgstr "" -+ -+#: ../polgen.ui:1329 ../polgen.ui:1638 -+msgid "UDP Ports" -+msgstr "" -+ -+#: ../polgen.ui:1492 -+msgid "" -+"Network\n" -+"Bind tab" -+msgstr "" -+ -+#: ../polgen.ui:1509 -+#, python-format -+msgid "Select network ports that %s connects to:" -+msgstr "" -+ -+#: ../polgen.ui:1565 -+#, python-format -+msgid "Allows %s to connect to any tcp port" -+msgstr "" -+ -+#: ../polgen.ui:1594 -+#, python-format -+msgid "" -+"Enter a comma separated list of tcp ports or ranges of ports that %s " -+"connects to. Example: 612, 650-660" -+msgstr "" -+ -+#: ../polgen.ui:1674 -+#, python-format -+msgid "Allows %s to connect to any udp port" -+msgstr "" -+ -+#: ../polgen.ui:1703 -+#, python-format -+msgid "" -+"Enter a comma separated list of udp ports or ranges of ports that %s " -+"connects to. Example: 612, 650-660" -+msgstr "" -+ -+#: ../polgen.ui:1760 -+#, python-format -+msgid "Select common application traits for %s:" -+msgstr "" -+ -+#: ../polgen.ui:1777 -+msgid "Writes syslog messages\t" -+msgstr "" -+ -+#: ../polgen.ui:1792 -+msgid "Create/Manipulate temporary files in /tmp" -+msgstr "" -+ -+#: ../polgen.ui:1807 -+msgid "Uses Pam for authentication" -+msgstr "" -+ -+#: ../polgen.ui:1822 -+msgid "Uses nsswitch or getpw* calls" -+msgstr "" -+ -+#: ../polgen.ui:1837 -+msgid "Uses dbus" -+msgstr "" -+ -+#: ../polgen.ui:1852 -+msgid "Sends audit messages" -+msgstr "" -+ -+#: ../polgen.ui:1867 -+msgid "Interacts with the terminal" -+msgstr "" -+ -+#: ../polgen.ui:1882 -+msgid "Sends email" -+msgstr "" -+ -+#: ../polgen.ui:1925 -+#, python-format -+msgid "Add files/directories that %s manages" -+msgstr "" -+ -+#: ../polgen.ui:2086 -+#, python-format -+msgid "" -+"Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " -+"Files ..." -+msgstr "" -+ -+#: ../polgen.ui:2126 -+#, python-format -+msgid "Add booleans from the %s policy:" -+msgstr "" -+ -+#: ../polgen.ui:2234 -+#, python-format -+msgid "Add/Remove booleans used by the %s domain" -+msgstr "" -+ -+#: ../polgen.ui:2272 -+#, python-format -+msgid "Which directory you will generate the %s policy?" -+msgstr "" -+ -+#: ../polgen.ui:2290 -+msgid "Policy Directory" -+msgstr "" -+ -+#: ../portsPage.py:60 ../system-config-selinux.ui:1570 -+msgid "Network Port" -+msgstr "" -+ -+#: ../portsPage.py:95 -+msgid "" -+"SELinux Port\n" -+"Type" -+msgstr "" -+ -+#: ../portsPage.py:101 ../system-config-selinux.ui:294 -+msgid "Protocol" -+msgstr "" -+ -+#: ../portsPage.py:106 ../system-config-selinux.ui:355 -+msgid "" -+"MLS/MCS\n" -+"Level" -+msgstr "" -+ -+#: ../portsPage.py:111 -+msgid "Port" -+msgstr "" -+ -+#: ../portsPage.py:213 -+#, python-format -+msgid "Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 " -+msgstr "" -+ -+#: ../portsPage.py:258 -+msgid "List View" -+msgstr "" -+ -+#: ../portsPage.py:261 ../system-config-selinux.ui:1492 -+msgid "Group View" -+msgstr "" -+ -+#: ../selinux-polgengui.desktop:32 ../sepolicy.desktop:4 -+msgid "Generate SELinux policy modules" -+msgstr "" -+ -+#: ../selinux-polgengui.desktop:62 ../system-config-selinux.desktop:62 -+msgid "system-config-selinux" -+msgstr "" -+ -+#: ../semanagePage.py:130 -+#, python-format -+msgid "Are you sure you want to delete %s '%s'?" -+msgstr "" -+ -+#: ../semanagePage.py:130 -+#, python-format -+msgid "Delete %s" -+msgstr "" -+ -+#: ../semanagePage.py:138 -+#, python-format -+msgid "Add %s" -+msgstr "" -+ -+#: ../semanagePage.py:152 -+#, python-format -+msgid "Modify %s" -+msgstr "" -+ -+#: ../sepolicy.desktop:3 -+msgid "SELinux Policy Management Tool" -+msgstr "" -+ -+#: ../sepolicy.desktop:5 -+msgid "sepolicy" -+msgstr "" -+ -+#: ../sepolicy.desktop:11 -+msgid "policy;security;selinux;avc;permission;mac;" -+msgstr "" -+ -+#: ../statusPage.py:74 ../system-config-selinux.ui:625 -+#: ../system-config-selinux.ui:1770 -+msgid "Enforcing" -+msgstr "" -+ -+#: ../statusPage.py:79 ../system-config-selinux.ui:619 -+msgid "Disabled" -+msgstr "" -+ -+#: ../statusPage.py:98 -+msgid "Status" -+msgstr "" -+ -+#: ../statusPage.py:137 -+msgid "" -+"Changing the policy type will cause a relabel of the entire file system on " -+"the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../statusPage.py:151 -+msgid "" -+"Changing to SELinux disabled requires a reboot. It is not recommended. If " -+"you later decide to turn SELinux back on, the system will be required to " -+"relabel. If you just want to see if SELinux is causing a problem on your " -+"system, you can go to permissive mode which will only log errors and not " -+"enforce SELinux policy. Permissive mode does not require a reboot Do you " -+"wish to continue?" -+msgstr "" -+ -+#: ../statusPage.py:156 -+msgid "" -+"Changing to SELinux enabled will cause a relabel of the entire file system " -+"on the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../system-config-selinux.desktop:3 -+msgid "SELinux Management" -+msgstr "" -+ -+#: ../system-config-selinux.desktop:32 -+msgid "Configure SELinux in a graphical setting" -+msgstr "" -+ -+#: ../system-config-selinux.ui:11 -+msgid "" -+"Copyright (c)2006 Red Hat, Inc.\n" -+"Copyright (c) 2006 Dan Walsh " -+msgstr "" -+ -+#: ../system-config-selinux.ui:53 ../system-config-selinux.ui:433 -+msgid "Add SELinux Login Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:117 -+msgid "Login Name" -+msgstr "" -+ -+#: ../system-config-selinux.ui:128 ../system-config-selinux.ui:1402 -+#: ../system-config-selinux.ui:1937 ../usersPage.py:54 -+msgid "SELinux User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:139 ../system-config-selinux.ui:1948 -+msgid "MLS/MCS Range" -+msgstr "" -+ -+#: ../system-config-selinux.ui:219 -+msgid "Add SELinux Network Ports" -+msgstr "" -+ -+#: ../system-config-selinux.ui:283 -+msgid "Port Number" -+msgstr "" -+ -+#: ../system-config-selinux.ui:305 ../system-config-selinux.ui:519 -+msgid "SELinux Type" -+msgstr "" -+ -+#: ../system-config-selinux.ui:406 -+msgid "all files" -+msgstr "" -+ -+#: ../system-config-selinux.ui:409 -+msgid "regular file" -+msgstr "" -+ -+#: ../system-config-selinux.ui:412 -+msgid "directory" -+msgstr "" -+ -+#: ../system-config-selinux.ui:415 -+msgid "character device" -+msgstr "" -+ -+#: ../system-config-selinux.ui:418 -+msgid "block device" -+msgstr "" -+ -+#: ../system-config-selinux.ui:421 -+msgid "socket file" -+msgstr "" -+ -+#: ../system-config-selinux.ui:424 -+msgid "symbolic link" -+msgstr "" -+ -+#: ../system-config-selinux.ui:427 -+msgid "named pipe" -+msgstr "" -+ -+#: ../system-config-selinux.ui:497 -+msgid "File Specification" -+msgstr "" -+ -+#: ../system-config-selinux.ui:508 -+msgid "File Type" -+msgstr "" -+ -+#: ../system-config-selinux.ui:569 -+msgid "MLS" -+msgstr "" -+ -+#: ../system-config-selinux.ui:631 -+msgid "SELinux Administration" -+msgstr "" -+ -+#: ../system-config-selinux.ui:648 -+msgid "_File" -+msgstr "" -+ -+#: ../system-config-selinux.ui:656 -+msgid "_Add" -+msgstr "" -+ -+#: ../system-config-selinux.ui:668 -+msgid "_Properties" -+msgstr "" -+ -+#: ../system-config-selinux.ui:680 -+msgid "_Delete" -+msgstr "" -+ -+#: ../system-config-selinux.ui:707 -+msgid "_Help" -+msgstr "" -+ -+#: ../system-config-selinux.ui:754 -+msgid "Select Management Object" -+msgstr "" -+ -+#: ../system-config-selinux.ui:767 -+msgid "Select:" -+msgstr "" -+ -+#: ../system-config-selinux.ui:797 -+msgid "System Default Enforcing Mode" -+msgstr "" -+ -+#: ../system-config-selinux.ui:826 -+msgid "Current Enforcing Mode" -+msgstr "" -+ -+#: ../system-config-selinux.ui:848 -+msgid "System Default Policy Type: " -+msgstr "" -+ -+#: ../system-config-selinux.ui:871 -+msgid "" -+"Select if you wish to relabel then entire file system on next reboot. " -+"Relabeling can take a very long time, depending on the size of the system. " -+"If you are changing policy types or going from disabled to enforcing, a " -+"relabel is required." -+msgstr "" -+ -+#: ../system-config-selinux.ui:903 -+msgid "Relabel on next reboot." -+msgstr "" -+ -+#: ../system-config-selinux.ui:947 -+msgid "Revert boolean setting to system default" -+msgstr "" -+ -+#: ../system-config-selinux.ui:960 -+msgid "Toggle between Customized and All Booleans" -+msgstr "" -+ -+#: ../system-config-selinux.ui:986 ../system-config-selinux.ui:1122 -+#: ../system-config-selinux.ui:1242 ../system-config-selinux.ui:1363 -+#: ../system-config-selinux.ui:1531 ../system-config-selinux.ui:1683 -+#: ../system-config-selinux.ui:1795 -+msgid "Filter" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1057 -+msgid "Add File Context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1070 -+msgid "Modify File Context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1083 -+msgid "Delete File Context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1096 -+msgid "Toggle between all and customized file context" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1192 -+msgid "Add SELinux User Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1205 -+msgid "Modify SELinux User Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1218 -+msgid "Delete SELinux User Mapping" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1313 -+msgid "Add User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1326 -+msgid "Modify User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1339 -+msgid "Delete User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1434 -+msgid "Add Network Port" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1447 -+msgid "Edit Network Port" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1460 -+msgid "Delete Network Port" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1491 ../system-config-selinux.ui:1505 -+msgid "Toggle between Customized and All Ports" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1602 -+msgid "Generate new policy module" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1614 -+msgid "Load policy module" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1627 -+msgid "Remove loadable policy module" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1658 -+msgid "" -+"Enable/Disable additional audit rules, that are normally not reported in the " -+"log files." -+msgstr "" -+ -+#: ../system-config-selinux.ui:1754 -+msgid "Change process mode to permissive." -+msgstr "" -+ -+#: ../system-config-selinux.ui:1769 -+msgid "Change process mode to enforcing" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1873 -+msgid "Add SELinux User" -+msgstr "" -+ -+#: ../system-config-selinux.ui:1970 ../usersPage.py:69 -+msgid "SELinux Roles" -+msgstr "" -+ -+#: ../usersPage.py:142 -+#, python-format -+msgid "SELinux user '%s' is required" -+msgstr "" -diff --git a/python/po/python.pot b/python/po/python.pot -new file mode 100644 -index 000000000000..a279b0e8d540 ---- /dev/null -+++ b/python/po/python.pot -@@ -0,0 +1,3375 @@ -+# SOME DESCRIPTIVE TITLE. -+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -+# This file is distributed under the same license as the PACKAGE package. -+# FIRST AUTHOR , YEAR. -+# -+#, fuzzy -+msgid "" -+msgstr "" -+"Project-Id-Version: PACKAGE VERSION\n" -+"Report-Msgid-Bugs-To: \n" -+"POT-Creation-Date: 2018-08-06 14:22+0200\n" -+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -+"Last-Translator: FULL NAME \n" -+"Language-Team: LANGUAGE \n" -+"Language: \n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=CHARSET\n" -+"Content-Transfer-Encoding: 8bit\n" -+ -+#: ../audit2allow/audit2allow:237 -+msgid "******************** IMPORTANT ***********************\n" -+msgstr "" -+ -+#: ../audit2allow/audit2allow:238 -+#, python-format -+msgid "" -+"To make this policy package active, execute:\n" -+"\n" -+"semodule -i %s\n" -+"\n" -+msgstr "" -+ -+#: ../chcat/chcat:115 ../chcat/chcat:194 -+msgid "Requires at least one category" -+msgstr "" -+ -+#: ../chcat/chcat:129 ../chcat/chcat:208 -+#, python-format -+msgid "Can not modify sensitivity levels using '+' on %s" -+msgstr "" -+ -+#: ../chcat/chcat:133 -+#, python-format -+msgid "%s is already in %s" -+msgstr "" -+ -+#: ../chcat/chcat:213 ../chcat/chcat:223 -+#, python-format -+msgid "%s is not in %s" -+msgstr "" -+ -+#: ../chcat/chcat:295 ../chcat/chcat:300 -+msgid "Can not combine +/- with other types of categories" -+msgstr "" -+ -+#: ../chcat/chcat:350 -+msgid "Can not have multiple sensitivities" -+msgstr "" -+ -+#: ../chcat/chcat:357 -+#, python-format -+msgid "Usage %s CATEGORY File ..." -+msgstr "" -+ -+#: ../chcat/chcat:358 -+#, python-format -+msgid "Usage %s -l CATEGORY user ..." -+msgstr "" -+ -+#: ../chcat/chcat:359 -+#, python-format -+msgid "Usage %s [[+|-]CATEGORY],...] File ..." -+msgstr "" -+ -+#: ../chcat/chcat:360 -+#, python-format -+msgid "Usage %s -l [[+|-]CATEGORY],...] user ..." -+msgstr "" -+ -+#: ../chcat/chcat:361 -+#, python-format -+msgid "Usage %s -d File ..." -+msgstr "" -+ -+#: ../chcat/chcat:362 -+#, python-format -+msgid "Usage %s -l -d user ..." -+msgstr "" -+ -+#: ../chcat/chcat:363 -+#, python-format -+msgid "Usage %s -L" -+msgstr "" -+ -+#: ../chcat/chcat:364 -+#, python-format -+msgid "Usage %s -L -l user" -+msgstr "" -+ -+#: ../chcat/chcat:365 -+msgid "Use -- to end option list. For example" -+msgstr "" -+ -+#: ../chcat/chcat:366 -+msgid "chcat -- -CompanyConfidential /docs/businessplan.odt" -+msgstr "" -+ -+#: ../chcat/chcat:367 -+msgid "chcat -l +CompanyConfidential juser" -+msgstr "" -+ -+#: ../chcat/chcat:436 -+#, python-format -+msgid "Options Error %s " -+msgstr "" -+ -+#: ../semanage/semanage:203 -+msgid "Select an alternate SELinux Policy Store to manage" -+msgstr "" -+ -+#: ../semanage/semanage:207 -+msgid "Select a priority for module operations" -+msgstr "" -+ -+#: ../semanage/semanage:211 -+#, python-format -+msgid "Do not print heading when listing %s object types" -+msgstr "" -+ -+#: ../semanage/semanage:215 -+msgid "Do not reload policy after commit" -+msgstr "" -+ -+#: ../semanage/semanage:219 -+#, python-format -+msgid "List %s local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:223 -+#, python-format -+msgid "Add a record of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:227 -+msgid "SELinux Type for the object" -+msgstr "" -+ -+#: ../semanage/semanage:231 -+msgid "" -+"Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)" -+msgstr "" -+ -+#: ../semanage/semanage:236 -+msgid "" -+"\n" -+"MLS/MCS Security Range (MLS/MCS Systems only)\n" -+"SELinux Range for SELinux login mapping\n" -+"defaults to the SELinux user record range.\n" -+"SELinux Range for SELinux user defaults to s0.\n" -+msgstr "" -+ -+#: ../semanage/semanage:245 -+msgid "" -+"\n" -+" Protocol for the specified port (tcp|udp) or internet protocol\n" -+" version for the specified node (ipv4|ipv6).\n" -+msgstr "" -+ -+#: ../semanage/semanage:251 -+msgid "" -+"\n" -+" Subnet prefix for the specified infiniband ibpkey.\n" -+msgstr "" -+ -+#: ../semanage/semanage:256 -+msgid "" -+"\n" -+" Name for the specified infiniband end port.\n" -+msgstr "" -+ -+#: ../semanage/semanage:261 -+#, python-format -+msgid "Modify a record of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:265 -+#, python-format -+msgid "List records of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:269 -+#, python-format -+msgid "Delete a record of the %s object type" -+msgstr "" -+ -+#: ../semanage/semanage:273 -+msgid "Extract customizable commands, for use within a transaction" -+msgstr "" -+ -+#: ../semanage/semanage:277 -+#, python-format -+msgid "Remove all %s objects local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:281 -+msgid "SELinux user name" -+msgstr "" -+ -+#: ../semanage/semanage:286 -+msgid "Manage login mappings between linux users and SELinux confined users" -+msgstr "" -+ -+#: ../semanage/semanage:303 -+#, python-format -+msgid "login_name | %%groupname" -+msgstr "" -+ -+#: ../semanage/semanage:355 -+msgid "Manage file context mapping definitions" -+msgstr "" -+ -+#: ../semanage/semanage:369 -+msgid "" -+"Substitute target path with sourcepath when generating default\n" -+" label. " -+"This is used with fcontext. Requires source and target\n" -+" path " -+"arguments. The context labeling for the target subtree is\n" -+" made " -+"equivalent to that defined for the source." -+msgstr "" -+ -+#: ../semanage/semanage:377 -+msgid "file_spec" -+msgstr "" -+ -+#: ../semanage/semanage:405 -+msgid "Manage SELinux confined users (Roles and levels for an SELinux user)" -+msgstr "" -+ -+#: ../semanage/semanage:423 -+msgid "" -+"\n" -+"SELinux Roles. You must enclose multiple roles within " -+"quotes, separate by spaces. Or specify -R multiple times.\n" -+msgstr "" -+ -+#: ../semanage/semanage:427 -+msgid "selinux_name" -+msgstr "" -+ -+#: ../semanage/semanage:455 -+msgid "Manage network port type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:471 -+msgid "port | port_range" -+msgstr "" -+ -+#: ../semanage/semanage:500 -+msgid "Manage infiniband ibpkey type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:516 -+msgid "pkey | pkey_range" -+msgstr "" -+ -+#: ../semanage/semanage:543 -+msgid "Manage infiniband end port type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:559 -+msgid "ibendport" -+msgstr "" -+ -+#: ../semanage/semanage:586 -+msgid "Manage network interface type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:601 -+msgid "interface_spec" -+msgstr "" -+ -+#: ../semanage/semanage:625 -+msgid "Manage SELinux policy modules" -+msgstr "" -+ -+#: ../semanage/semanage:637 -+msgid "Remove a module" -+msgstr "" -+ -+#: ../semanage/semanage:638 -+msgid "Disable a module" -+msgstr "" -+ -+#: ../semanage/semanage:639 -+msgid "Enable a module" -+msgstr "" -+ -+#: ../semanage/semanage:640 -+msgid "Name of the module to act on" -+msgstr "" -+ -+#: ../semanage/semanage:667 -+msgid "Manage network node type definitions" -+msgstr "" -+ -+#: ../semanage/semanage:681 -+msgid "Network Mask" -+msgstr "" -+ -+#: ../semanage/semanage:685 -+msgid "node" -+msgstr "" -+ -+#: ../semanage/semanage:710 -+msgid "Manage booleans to selectively enable functionality" -+msgstr "" -+ -+#: ../semanage/semanage:715 -+msgid "boolean" -+msgstr "" -+ -+#: ../semanage/semanage:725 -+msgid "Enable the boolean" -+msgstr "" -+ -+#: ../semanage/semanage:726 -+msgid "Disable the boolean" -+msgstr "" -+ -+#: ../semanage/semanage:743 -+msgid "semanage permissive: error: the following argument is required: type\n" -+msgstr "" -+ -+#: ../semanage/semanage:748 -+msgid "Manage process type enforcement mode" -+msgstr "" -+ -+#: ../semanage/semanage:760 ../semanage/seobject.py:2611 -+msgid "type" -+msgstr "" -+ -+#: ../semanage/semanage:771 -+msgid "Disable/Enable dontaudit rules in policy" -+msgstr "" -+ -+#: ../semanage/semanage:791 -+msgid "Output local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:793 -+msgid "Output file" -+msgstr "" -+ -+#: ../semanage/semanage:871 -+msgid "Import local customizations" -+msgstr "" -+ -+#: ../semanage/semanage:874 -+msgid "Input file" -+msgstr "" -+ -+#: ../semanage/seobject.py:274 -+msgid "Could not create semanage handle" -+msgstr "" -+ -+#: ../semanage/seobject.py:282 -+msgid "SELinux policy is not managed or store cannot be accessed." -+msgstr "" -+ -+#: ../semanage/seobject.py:287 -+msgid "Cannot read policy store." -+msgstr "" -+ -+#: ../semanage/seobject.py:292 -+msgid "Could not establish semanage connection" -+msgstr "" -+ -+#: ../semanage/seobject.py:297 -+msgid "Could not test MLS enabled status" -+msgstr "" -+ -+#: ../semanage/seobject.py:303 ../semanage/seobject.py:319 -+msgid "Not yet implemented" -+msgstr "" -+ -+#: ../semanage/seobject.py:307 -+msgid "Semanage transaction already in progress" -+msgstr "" -+ -+#: ../semanage/seobject.py:316 -+msgid "Could not start semanage transaction" -+msgstr "" -+ -+#: ../semanage/seobject.py:330 -+msgid "Could not commit semanage transaction" -+msgstr "" -+ -+#: ../semanage/seobject.py:335 -+msgid "Semanage transaction not in progress" -+msgstr "" -+ -+#: ../semanage/seobject.py:349 ../semanage/seobject.py:469 -+msgid "Could not list SELinux modules" -+msgstr "" -+ -+#: ../semanage/seobject.py:356 -+msgid "Could not get module name" -+msgstr "" -+ -+#: ../semanage/seobject.py:360 -+msgid "Could not get module enabled" -+msgstr "" -+ -+#: ../semanage/seobject.py:364 -+msgid "Could not get module priority" -+msgstr "" -+ -+#: ../semanage/seobject.py:368 -+msgid "Could not get module lang_ext" -+msgstr "" -+ -+#: ../semanage/seobject.py:389 -+msgid "Module Name" -+msgstr "" -+ -+#: ../semanage/seobject.py:389 -+msgid "Priority" -+msgstr "" -+ -+#: ../semanage/seobject.py:389 -+msgid "Language" -+msgstr "" -+ -+#: ../semanage/seobject.py:392 ../sepolicy/sepolicy/sepolicy.glade:3431 -+msgid "Disabled" -+msgstr "" -+ -+#: ../semanage/seobject.py:401 -+#, python-format -+msgid "Module does not exist: %s " -+msgstr "" -+ -+#: ../semanage/seobject.py:405 ../semanage/seobject.py:432 -+#, python-format -+msgid "Invalid priority %d (needs to be between 1 and 999)" -+msgstr "" -+ -+#: ../semanage/seobject.py:415 -+msgid "Could not create module key" -+msgstr "" -+ -+#: ../semanage/seobject.py:419 -+msgid "Could not set module key name" -+msgstr "" -+ -+#: ../semanage/seobject.py:424 -+#, python-format -+msgid "Could not enable module %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:426 -+#, python-format -+msgid "Could not disable module %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:437 -+#, python-format -+msgid "Could not remove module %s (remove failed)" -+msgstr "" -+ -+#: ../semanage/seobject.py:454 -+msgid "dontaudit requires either 'on' or 'off'" -+msgstr "" -+ -+#: ../semanage/seobject.py:484 -+msgid "Builtin Permissive Types" -+msgstr "" -+ -+#: ../semanage/seobject.py:494 -+msgid "Customized Permissive Types" -+msgstr "" -+ -+#: ../semanage/seobject.py:502 -+msgid "" -+"The sepolgen python module is required to setup permissive domains.\n" -+"In some distributions it is included in the policycoreutils-devel package.\n" -+"# yum install policycoreutils-devel\n" -+"Or similar for your distro." -+msgstr "" -+ -+#: ../semanage/seobject.py:512 -+#, python-format -+msgid "Could not set permissive domain %s (module installation failed)" -+msgstr "" -+ -+#: ../semanage/seobject.py:518 -+#, python-format -+msgid "Could not remove permissive domain %s (remove failed)" -+msgstr "" -+ -+#: ../semanage/seobject.py:555 ../semanage/seobject.py:627 -+#: ../semanage/seobject.py:674 ../semanage/seobject.py:794 -+#: ../semanage/seobject.py:824 ../semanage/seobject.py:889 -+#: ../semanage/seobject.py:945 ../semanage/seobject.py:1209 -+#: ../semanage/seobject.py:1468 ../semanage/seobject.py:2442 -+#: ../semanage/seobject.py:2512 ../semanage/seobject.py:2536 -+#: ../semanage/seobject.py:2664 ../semanage/seobject.py:2715 -+#, python-format -+msgid "Could not create a key for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:559 ../semanage/seobject.py:631 -+#: ../semanage/seobject.py:678 ../semanage/seobject.py:684 -+#, python-format -+msgid "Could not check if login mapping for %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:561 -+#, python-format -+msgid "Login mapping for %s is already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:566 -+#, python-format -+msgid "Linux Group %s does not exist" -+msgstr "" -+ -+#: ../semanage/seobject.py:571 -+#, python-format -+msgid "Linux User %s does not exist" -+msgstr "" -+ -+#: ../semanage/seobject.py:575 -+#, python-format -+msgid "Could not create login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:579 ../semanage/seobject.py:838 -+#, python-format -+msgid "Could not set name for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:584 ../semanage/seobject.py:848 -+#, python-format -+msgid "Could not set MLS range for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:588 -+#, python-format -+msgid "Could not set SELinux user for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:592 -+#, python-format -+msgid "Could not add login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:610 -+msgid "Requires seuser or serange" -+msgstr "" -+ -+#: ../semanage/seobject.py:633 ../semanage/seobject.py:680 -+#, python-format -+msgid "Login mapping for %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:637 -+#, python-format -+msgid "Could not query seuser for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:652 -+#, python-format -+msgid "Could not modify login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:686 -+#, python-format -+msgid "Login mapping for %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:690 -+#, python-format -+msgid "Could not delete login mapping for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:712 ../semanage/seobject.py:745 -+#: ../semanage/seobject.py:988 -+msgid "Could not list login mappings" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 ../semanage/seobject.py:781 -+#: ../sepolicy/sepolicy/sepolicy.glade:1162 -+#: ../sepolicy/sepolicy/sepolicy.glade:3156 -+msgid "Login Name" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 ../semanage/seobject.py:781 -+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040 -+#: ../sepolicy/sepolicy/sepolicy.glade:1188 -+#: ../sepolicy/sepolicy/sepolicy.glade:3174 -+#: ../sepolicy/sepolicy/sepolicy.glade:3260 -+#: ../sepolicy/sepolicy/sepolicy.glade:4915 -+msgid "SELinux User" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 -+msgid "MLS/MCS Range" -+msgstr "" -+ -+#: ../semanage/seobject.py:769 -+msgid "Service" -+msgstr "" -+ -+#: ../semanage/seobject.py:797 ../semanage/seobject.py:828 -+#: ../semanage/seobject.py:893 ../semanage/seobject.py:949 -+#: ../semanage/seobject.py:955 -+#, python-format -+msgid "Could not check if SELinux user %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:800 ../semanage/seobject.py:899 -+#: ../semanage/seobject.py:961 -+#, python-format -+msgid "Could not query user for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:820 -+#, python-format -+msgid "You must add at least one role for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:830 -+#, python-format -+msgid "SELinux user %s is already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:834 -+#, python-format -+msgid "Could not create SELinux user for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:843 -+#, python-format -+msgid "Could not add role %s for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:852 -+#, python-format -+msgid "Could not set MLS level for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:855 -+#, python-format -+msgid "Could not add prefix %s for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:858 -+#, python-format -+msgid "Could not extract key for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:862 -+#, python-format -+msgid "Could not add SELinux user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:883 -+msgid "Requires prefix, roles, level or range" -+msgstr "" -+ -+#: ../semanage/seobject.py:885 -+msgid "Requires prefix or roles" -+msgstr "" -+ -+#: ../semanage/seobject.py:895 ../semanage/seobject.py:951 -+#, python-format -+msgid "SELinux user %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:924 -+#, python-format -+msgid "Could not modify SELinux user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:957 -+#, python-format -+msgid "SELinux user %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:968 -+#, python-format -+msgid "Could not delete SELinux user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1006 -+msgid "Could not list SELinux users" -+msgstr "" -+ -+#: ../semanage/seobject.py:1012 -+#, python-format -+msgid "Could not list roles for user %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1034 -+msgid "Labeling" -+msgstr "" -+ -+#: ../semanage/seobject.py:1034 -+msgid "MLS/" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 -+msgid "Prefix" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 -+msgid "MCS Level" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 -+msgid "MCS Range" -+msgstr "" -+ -+#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040 -+#: ../sepolicy/sepolicy/sepolicy.glade:3280 -+#: ../sepolicy/sepolicy/sepolicy.glade:5251 -+#: ../sepolicy/sepolicy/sepolicy.glade:5400 -+msgid "SELinux Roles" -+msgstr "" -+ -+#: ../semanage/seobject.py:1061 -+msgid "Protocol udp or tcp is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1063 -+msgid "Port is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1073 -+msgid "Invalid Port" -+msgstr "" -+ -+#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1345 -+#, python-format -+msgid "Could not create a key for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1088 ../semanage/seobject.py:1356 -+#: ../semanage/seobject.py:1604 -+msgid "Type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1091 ../semanage/seobject.py:1155 -+#, python-format -+msgid "Type %s is invalid, must be a port type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1097 ../semanage/seobject.py:1161 -+#: ../semanage/seobject.py:1227 ../semanage/seobject.py:1233 -+#, python-format -+msgid "Could not check if port %s/%s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1099 -+#, python-format -+msgid "Port %s/%s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1103 -+#, python-format -+msgid "Could not create port for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1109 ../semanage/seobject.py:1377 -+#: ../semanage/seobject.py:1624 -+#, python-format -+msgid "Could not create context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1113 -+#, python-format -+msgid "Could not set user in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1117 -+#, python-format -+msgid "Could not set role in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1121 -+#, python-format -+msgid "Could not set type in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1126 -+#, python-format -+msgid "Could not set mls fields in port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1130 -+#, python-format -+msgid "Could not set port context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1134 -+#, python-format -+msgid "Could not add port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1150 ../semanage/seobject.py:1416 -+#: ../semanage/seobject.py:1663 ../semanage/seobject.py:1923 -+#: ../semanage/seobject.py:2125 -+msgid "Requires setype or serange" -+msgstr "" -+ -+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1418 -+#: ../semanage/seobject.py:1665 -+msgid "Requires setype" -+msgstr "" -+ -+#: ../semanage/seobject.py:1163 ../semanage/seobject.py:1229 -+#, python-format -+msgid "Port %s/%s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1167 -+#, python-format -+msgid "Could not query port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1181 -+#, python-format -+msgid "Could not modify port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1196 -+msgid "Could not list the ports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1213 -+#, python-format -+msgid "Could not delete the port %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1235 -+#, python-format -+msgid "Port %s/%s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1239 -+#, python-format -+msgid "Could not delete port %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1277 -+msgid "Could not list ports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1311 ../sepolicy/sepolicy/sepolicy.glade:2676 -+#: ../sepolicy/sepolicy/sepolicy.glade:2774 -+#: ../sepolicy/sepolicy/sepolicy.glade:4648 -+msgid "SELinux Port Type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1311 -+msgid "Proto" -+msgstr "" -+ -+#: ../semanage/seobject.py:1311 ../semanage/seobject.py:1801 -+#: ../sepolicy/sepolicy/sepolicy.glade:1413 -+msgid "Port Number" -+msgstr "" -+ -+#: ../semanage/seobject.py:1331 -+msgid "Subnet Prefix is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1341 -+msgid "Invalid Pkey" -+msgstr "" -+ -+#: ../semanage/seobject.py:1359 ../semanage/seobject.py:1421 -+#, python-format -+msgid "Type %s is invalid, must be a ibpkey type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1365 ../semanage/seobject.py:1427 -+#: ../semanage/seobject.py:1481 ../semanage/seobject.py:1487 -+#, python-format -+msgid "Could not check if ibpkey %s/%s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1367 -+#, python-format -+msgid "ibpkey %s/%s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1371 -+#, python-format -+msgid "Could not create ibpkey for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1381 -+#, python-format -+msgid "Could not set user in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1385 -+#, python-format -+msgid "Could not set role in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1389 -+#, python-format -+msgid "Could not set type in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1394 -+#, python-format -+msgid "Could not set mls fields in ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1398 -+#, python-format -+msgid "Could not set ibpkey context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1402 -+#, python-format -+msgid "Could not add ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1429 ../semanage/seobject.py:1483 -+#, python-format -+msgid "ibpkey %s/%s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1433 -+#, python-format -+msgid "Could not query ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1444 -+#, python-format -+msgid "Could not modify ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1457 -+msgid "Could not list the ibpkeys" -+msgstr "" -+ -+#: ../semanage/seobject.py:1472 -+#, python-format -+msgid "Could not delete the ibpkey %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1489 -+#, python-format -+msgid "ibpkey %s/%s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1493 -+#, python-format -+msgid "Could not delete ibpkey %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1509 ../semanage/seobject.py:1530 -+msgid "Could not list ibpkeys" -+msgstr "" -+ -+#: ../semanage/seobject.py:1564 -+msgid "SELinux IB Pkey Type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1564 -+msgid "Subnet_Prefix" -+msgstr "" -+ -+#: ../semanage/seobject.py:1564 -+msgid "Pkey Number" -+msgstr "" -+ -+#: ../semanage/seobject.py:1584 -+msgid "IB device name is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1589 -+msgid "Invalid Port Number" -+msgstr "" -+ -+#: ../semanage/seobject.py:1593 -+#, python-format -+msgid "Could not create a key for ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1607 ../semanage/seobject.py:1668 -+#, python-format -+msgid "Type %s is invalid, must be an ibendport type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1612 ../semanage/seobject.py:1674 -+#: ../semanage/seobject.py:1726 ../semanage/seobject.py:1732 -+#, python-format -+msgid "Could not check if ibendport %s/%s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1614 -+#, python-format -+msgid "ibendport %s/%s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1618 -+#, python-format -+msgid "Could not create ibendport for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1628 -+#, python-format -+msgid "Could not set user in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1632 -+#, python-format -+msgid "Could not set role in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1636 -+#, python-format -+msgid "Could not set type in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1641 -+#, python-format -+msgid "Could not set mls fields in ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1645 -+#, python-format -+msgid "Could not set ibendport context for %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1649 -+#, python-format -+msgid "Could not add ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1676 ../semanage/seobject.py:1728 -+#, python-format -+msgid "ibendport %s/%s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1680 -+#, python-format -+msgid "Could not query ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1691 -+#, python-format -+msgid "Could not modify ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1704 -+msgid "Could not list the ibendports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1713 -+#, python-format -+msgid "Could not create a key for %s/%d" -+msgstr "" -+ -+#: ../semanage/seobject.py:1717 -+#, python-format -+msgid "Could not delete the ibendport %s/%d" -+msgstr "" -+ -+#: ../semanage/seobject.py:1734 -+#, python-format -+msgid "ibendport %s/%s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1738 -+#, python-format -+msgid "Could not delete ibendport %s/%s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1754 ../semanage/seobject.py:1774 -+msgid "Could not list ibendports" -+msgstr "" -+ -+#: ../semanage/seobject.py:1801 -+msgid "SELinux IB End Port Type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1801 -+msgid "IB Device Name" -+msgstr "" -+ -+#: ../semanage/seobject.py:1825 -+msgid "Node Address is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1840 -+msgid "Unknown or missing protocol" -+msgstr "" -+ -+#: ../semanage/seobject.py:1854 -+msgid "SELinux node type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:1857 ../semanage/seobject.py:1926 -+#, python-format -+msgid "Type %s is invalid, must be a node type" -+msgstr "" -+ -+#: ../semanage/seobject.py:1861 ../semanage/seobject.py:1930 -+#: ../semanage/seobject.py:1968 ../semanage/seobject.py:2066 -+#: ../semanage/seobject.py:2129 ../semanage/seobject.py:2165 -+#: ../semanage/seobject.py:2377 -+#, python-format -+msgid "Could not create key for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1863 ../semanage/seobject.py:1934 -+#: ../semanage/seobject.py:1972 ../semanage/seobject.py:1978 -+#, python-format -+msgid "Could not check if addr %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1867 -+#, python-format -+msgid "Addr %s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1871 -+#, python-format -+msgid "Could not create addr for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1877 ../semanage/seobject.py:2081 -+#: ../semanage/seobject.py:2333 -+#, python-format -+msgid "Could not create context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1881 -+#, python-format -+msgid "Could not set mask for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1885 -+#, python-format -+msgid "Could not set user in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1889 -+#, python-format -+msgid "Could not set role in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1893 -+#, python-format -+msgid "Could not set type in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1898 -+#, python-format -+msgid "Could not set mls fields in addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1902 -+#, python-format -+msgid "Could not set addr context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1906 -+#, python-format -+msgid "Could not add addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1936 ../semanage/seobject.py:1974 -+#, python-format -+msgid "Addr %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:1940 -+#, python-format -+msgid "Could not query addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1950 -+#, python-format -+msgid "Could not modify addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1980 -+#, python-format -+msgid "Addr %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:1984 -+#, python-format -+msgid "Could not delete addr %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:1998 -+msgid "Could not deleteall node mappings" -+msgstr "" -+ -+#: ../semanage/seobject.py:2012 -+msgid "Could not list addrs" -+msgstr "" -+ -+#: ../semanage/seobject.py:2062 ../semanage/seobject.py:2370 -+msgid "SELinux Type is required" -+msgstr "" -+ -+#: ../semanage/seobject.py:2070 ../semanage/seobject.py:2133 -+#: ../semanage/seobject.py:2169 ../semanage/seobject.py:2175 -+#, python-format -+msgid "Could not check if interface %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2072 -+#, python-format -+msgid "Interface %s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2076 -+#, python-format -+msgid "Could not create interface for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2085 -+#, python-format -+msgid "Could not set user in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2089 -+#, python-format -+msgid "Could not set role in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2093 -+#, python-format -+msgid "Could not set type in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2098 -+#, python-format -+msgid "Could not set mls fields in interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2102 -+#, python-format -+msgid "Could not set interface context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2106 -+#, python-format -+msgid "Could not set message context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2110 -+#, python-format -+msgid "Could not add interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2135 ../semanage/seobject.py:2171 -+#, python-format -+msgid "Interface %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2139 -+#, python-format -+msgid "Could not query interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2150 -+#, python-format -+msgid "Could not modify interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2177 -+#, python-format -+msgid "Interface %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:2181 -+#, python-format -+msgid "Could not delete interface %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2195 -+msgid "Could not delete all interface mappings" -+msgstr "" -+ -+#: ../semanage/seobject.py:2209 -+msgid "Could not list interfaces" -+msgstr "" -+ -+#: ../semanage/seobject.py:2231 -+msgid "SELinux Interface" -+msgstr "" -+ -+#: ../semanage/seobject.py:2231 ../semanage/seobject.py:2611 -+msgid "Context" -+msgstr "" -+ -+#: ../semanage/seobject.py:2299 -+#, python-format -+msgid "Target %s is not valid. Target is not allowed to end with '/'" -+msgstr "" -+ -+#: ../semanage/seobject.py:2302 -+#, python-format -+msgid "Substiture %s is not valid. Substitute is not allowed to end with '/'" -+msgstr "" -+ -+#: ../semanage/seobject.py:2305 -+#, python-format -+msgid "Equivalence class for %s already exists" -+msgstr "" -+ -+#: ../semanage/seobject.py:2311 -+#, python-format -+msgid "File spec %s conflicts with equivalency rule '%s %s'" -+msgstr "" -+ -+#: ../semanage/seobject.py:2322 -+#, python-format -+msgid "Equivalence class for %s does not exist" -+msgstr "" -+ -+#: ../semanage/seobject.py:2339 -+#, python-format -+msgid "Could not set user in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2343 -+#, python-format -+msgid "Could not set role in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2348 ../semanage/seobject.py:2406 -+#, python-format -+msgid "Could not set mls fields in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2354 -+msgid "Invalid file specification" -+msgstr "" -+ -+#: ../semanage/seobject.py:2356 -+msgid "File specification can not include spaces" -+msgstr "" -+ -+#: ../semanage/seobject.py:2361 -+#, python-format -+msgid "" -+"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" -+msgstr "" -+ -+#: ../semanage/seobject.py:2373 ../semanage/seobject.py:2436 -+#, python-format -+msgid "Type %s is invalid, must be a file or device type" -+msgstr "" -+ -+#: ../semanage/seobject.py:2381 ../semanage/seobject.py:2386 -+#: ../semanage/seobject.py:2446 ../semanage/seobject.py:2540 -+#: ../semanage/seobject.py:2544 -+#, python-format -+msgid "Could not check if file context for %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2389 -+#, python-format -+msgid "File context for %s already defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2393 -+#, python-format -+msgid "Could not create file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2401 -+#, python-format -+msgid "Could not set type in file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2409 ../semanage/seobject.py:2476 -+#: ../semanage/seobject.py:2480 -+#, python-format -+msgid "Could not set file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2415 -+#, python-format -+msgid "Could not add file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2434 -+msgid "Requires setype, serange or seuser" -+msgstr "" -+ -+#: ../semanage/seobject.py:2450 ../semanage/seobject.py:2548 -+#, python-format -+msgid "File context for %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2458 -+#, python-format -+msgid "Could not query file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2484 -+#, python-format -+msgid "Could not modify file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2502 -+msgid "Could not list the file contexts" -+msgstr "" -+ -+#: ../semanage/seobject.py:2516 -+#, python-format -+msgid "Could not delete the file context %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2546 -+#, python-format -+msgid "File context for %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:2552 -+#, python-format -+msgid "Could not delete file context for %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2569 -+msgid "Could not list file contexts" -+msgstr "" -+ -+#: ../semanage/seobject.py:2573 -+msgid "Could not list file contexts for home directories" -+msgstr "" -+ -+#: ../semanage/seobject.py:2577 -+msgid "Could not list local file contexts" -+msgstr "" -+ -+#: ../semanage/seobject.py:2611 -+msgid "SELinux fcontext" -+msgstr "" -+ -+#: ../semanage/seobject.py:2624 -+msgid "" -+"\n" -+"SELinux Distribution fcontext Equivalence \n" -+msgstr "" -+ -+#: ../semanage/seobject.py:2629 -+msgid "" -+"\n" -+"SELinux Local fcontext Equivalence \n" -+msgstr "" -+ -+#: ../semanage/seobject.py:2667 ../semanage/seobject.py:2718 -+#: ../semanage/seobject.py:2724 -+#, python-format -+msgid "Could not check if boolean %s is defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2669 ../semanage/seobject.py:2720 -+#, python-format -+msgid "Boolean %s is not defined" -+msgstr "" -+ -+#: ../semanage/seobject.py:2673 -+#, python-format -+msgid "Could not query file context %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2678 -+#, python-format -+msgid "You must specify one of the following values: %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2683 -+#, python-format -+msgid "Could not set active value of boolean %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2686 -+#, python-format -+msgid "Could not modify boolean %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2702 -+#, python-format -+msgid "Bad format %s: Record %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2726 -+#, python-format -+msgid "Boolean %s is defined in policy, cannot be deleted" -+msgstr "" -+ -+#: ../semanage/seobject.py:2730 -+#, python-format -+msgid "Could not delete boolean %s" -+msgstr "" -+ -+#: ../semanage/seobject.py:2742 ../semanage/seobject.py:2759 -+msgid "Could not list booleans" -+msgstr "" -+ -+#: ../semanage/seobject.py:2792 -+msgid "off" -+msgstr "" -+ -+#: ../semanage/seobject.py:2792 -+msgid "on" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 -+msgid "SELinux boolean" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 -+msgid "State" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 -+msgid "Default" -+msgstr "" -+ -+#: ../semanage/seobject.py:2804 ../sepolicy/sepolicy/sepolicy.glade:2148 -+#: ../sepolicy/sepolicy/sepolicy.glade:2518 -+#: ../sepolicy/sepolicy/sepolicy.glade:5117 -+msgid "Description" -+msgstr "" -+ -+#: ../sepolgen/src/sepolgen/interfaces.py:486 -+msgid "Found circular interface class" -+msgstr "" -+ -+#: ../sepolgen/src/sepolgen/interfaces.py:491 -+#, python-format -+msgid "Missing interface definition for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:141 -+msgid "Standard Init Daemon" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:142 -+msgid "DBUS System Daemon" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:143 -+msgid "Internet Services Daemon" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:144 -+msgid "Web Application/Script (CGI)" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:145 -+msgid "Sandbox" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:146 -+msgid "User Application" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:147 -+msgid "Existing Domain Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:148 -+msgid "Minimal Terminal Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:149 -+msgid "Minimal X Windows Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:150 -+msgid "Desktop Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:151 -+msgid "Administrator Login User Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:152 -+msgid "Confined Root Administrator Role" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:153 -+msgid "Module information for a new type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:159 -+msgid "Valid Types:\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:194 -+#, python-format -+msgid "Ports must be numbers or ranges of numbers from 1 to %d " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:206 -+msgid "You must enter a valid policy type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:209 -+#, python-format -+msgid "You must enter a name for your policy module for your '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:347 -+msgid "" -+"Name must be alpha numberic with no spaces. Consider using option \"-n " -+"MODULENAME\"" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:439 -+msgid "User Role types can not be assigned executables." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:445 -+msgid "Only Daemon apps can use an init script.." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:463 -+msgid "use_resolve must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:469 -+msgid "use_syslog must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:475 -+msgid "use_kerberos must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:481 -+msgid "manage_krb5_rcache must be a boolean value " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:511 -+msgid "USER Types automatically get a tmp type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:848 -+#, python-format -+msgid "'%s' policy modules require existing domains" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:873 -+msgid "Type field required" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:886 -+#, python-format -+msgid "" -+"You need to define a new type which ends with: \n" -+" %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1114 -+msgid "You must enter the executable path for your confined process" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1381 -+msgid "Type Enforcement file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1382 -+msgid "Interface file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1383 -+msgid "File Contexts file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1386 -+msgid "Spec file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/generate.py:1387 -+msgid "Setup Script" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3742 -+#: ../sepolicy/sepolicy/sepolicy.glade:3844 -+#: ../sepolicy/sepolicy/sepolicy.glade:3907 -+#: ../sepolicy/sepolicy/sepolicy.glade:3970 -+msgid "No" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3725 -+#: ../sepolicy/sepolicy/sepolicy.glade:3826 -+#: ../sepolicy/sepolicy/sepolicy.glade:3890 -+#: ../sepolicy/sepolicy/sepolicy.glade:3953 -+msgid "Yes" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:69 -+msgid "Disable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:69 -+msgid "Enable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:82 ../sepolicy/sepolicy/sepolicy.glade:726 -+#: ../sepolicy/sepolicy/sepolicy.glade:1467 -+#: ../sepolicy/sepolicy/sepolicy.glade:3511 -+msgid "Advanced >>" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:82 -+msgid "Advanced <<" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:83 ../sepolicy/sepolicy/sepolicy.glade:80 -+msgid "Advanced Search >>" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:83 -+msgid "Advanced Search <<" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:108 -+msgid "" -+"\n" -+"To change from Disabled to Enforcing mode\n" -+"- Change the system mode from Disabled to Permissive\n" -+"- Reboot, so that the system can relabel\n" -+"- Once the system is working as planned\n" -+" * Change the system mode to Enforcing\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:503 -+#, python-format -+msgid "%s is not a valid domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:652 -+msgid "System Status: Disabled" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:750 -+msgid "Help: Start Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:754 -+msgid "Help: Booleans Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:760 -+msgid "Help: Executable Files Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:763 -+msgid "Help: Writable Files Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:766 -+msgid "Help: Application Types Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:771 -+msgid "Help: Outbound Network Connections Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:774 -+msgid "Help: Inbound Network Connections Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:780 -+msgid "Help: Transition from application Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:783 -+msgid "Help: Transition into application Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:786 -+msgid "Help: Transition application file Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:790 -+msgid "Help: Systems Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:794 -+msgid "Help: Lockdown Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:798 -+msgid "Help: Login Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:802 -+msgid "Help: SELinux User Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:806 -+msgid "Help: File Equivalence Page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:951 ../sepolicy/sepolicy/gui.py:1242 -+#: ../sepolicy/sepolicy/gui.py:1682 ../sepolicy/sepolicy/gui.py:1929 -+#: ../sepolicy/sepolicy/gui.py:2717 -+msgid "More..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1059 -+#, python-format -+msgid "File path used to enter the '%s' domain." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1060 -+#, python-format -+msgid "Files to which the '%s' domain can write." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1061 -+#, python-format -+msgid "Network Ports to which the '%s' is allowed to connect." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1062 -+#, python-format -+msgid "Network Ports to which the '%s' is allowed to listen." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1063 -+#, python-format -+msgid "File Types defined for the '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1064 -+#, python-format -+msgid "" -+"Display boolean information that can be used to modify the policy for the " -+"'%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1065 -+#, python-format -+msgid "Display file type information that can be used by the '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1066 -+#, python-format -+msgid "Display network ports to which the '%s' can connect or listen to." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1067 -+#, python-format -+msgid "Application Transitions Into '%s'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1068 -+#, python-format -+msgid "Application Transitions From '%s'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1069 -+#, python-format -+msgid "File Transitions From '%s'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1070 -+#, python-format -+msgid "" -+"Executables which will transition to '%s', when executing selected domains " -+"entrypoint." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1071 -+#, python-format -+msgid "" -+"Executables which will transition to a different domain, when '%s' executes " -+"them." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1072 -+#, python-format -+msgid "Files by '%s' with transitions to a different label." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1073 -+#, python-format -+msgid "Display applications that can transition into or out of the '%s'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1167 ../sepolicy/sepolicy/__init__.py:74 -+msgid "all files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1181 -+msgid "MISSING FILE PATH" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1296 -+#, python-format -+msgid "To disable this transition, go to the %sBoolean section%s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1298 -+#, python-format -+msgid "To enable this transition, go to the %sBoolean section%s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1355 -+msgid "executable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1358 -+msgid "writable" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1361 -+msgid "application" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1362 -+#, python-format -+msgid "Add new %(TYPE)s file path for '%(DOMAIN)s' domains." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1363 -+#, python-format -+msgid "Delete %(TYPE)s file paths for '%(DOMAIN)s' domain." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1364 -+#, python-format -+msgid "" -+"Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the " -+"list can be selected, this indicates they were modified previously." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1376 -+msgid "connect" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1379 -+msgid "listen for inbound connections" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1381 -+#, python-format -+msgid "" -+"Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1382 -+#, python-format -+msgid "" -+"Delete modified port definitions to which the '%(APP)s' domain is allowed to " -+"%(PERM)s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1383 -+#, python-format -+msgid "" -+"Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1412 -+msgid "Add new SELinux User/Role definition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1413 -+msgid "Delete modified SELinux User/Role definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1414 -+msgid "Modify selected modified SELinux User/Role definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1421 -+msgid "Add new Login Mapping definition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1422 -+msgid "Delete modified Login Mapping definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1423 -+msgid "Modify selected modified Login Mapping definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1430 -+msgid "Add new File Equivalence definition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1431 -+msgid "Delete modified File Equivalence definitions." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1432 -+msgid "" -+"Modify selected modified File Equivalence definitions. Only bolded items in " -+"the list can be selected, this indicates they were modified previously." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1460 -+#, python-format -+msgid "Boolean %s Allow Rules" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1473 -+#, python-format -+msgid "Add Network Port for %s. Ports will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1474 -+#, python-format -+msgid "Add Network Port for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1479 -+#, python-format -+msgid "" -+"Add File Labeling for %s. File labels will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1480 ../sepolicy/sepolicy/gui.py:1533 -+#, python-format -+msgid "Add File Labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1490 -+msgid "Add Login Mapping. User Mapping will be created when Update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1491 -+msgid "Add Login Mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1496 -+msgid "" -+"Add SELinux User Role. SELinux user roles will be created when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1497 -+msgid "Add SELinux Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1504 -+msgid "" -+"Add File Equivalency Mapping. Mapping will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1505 -+msgid "Add SELinux File Equivalency" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1532 -+#, python-format -+msgid "" -+"Modify File Labeling for %s. File labels will be created when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1588 -+msgid "" -+"Modify SELinux User Role. SELinux user roles will be modified when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1589 -+msgid "Modify SELinux Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1597 -+msgid "" -+"Modify Login Mapping. Login Mapping will be modified when Update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1598 -+msgid "Modify Login Mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1604 -+msgid "" -+"Modify File Equivalency Mapping. Mapping will be created when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1605 -+msgid "Modify SELinux File Equivalency" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1690 -+#, python-format -+msgid "" -+"Modify Network Port for %s. Ports will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1691 -+#, python-format -+msgid "Modify Network Port for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1910 -+#, python-format -+msgid "The entry '%s' is not a valid path. Paths must begin with a '/'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:1923 -+msgid "Port number must be between 1 and 65536" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2203 -+#, python-format -+msgid "SELinux name: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2214 -+#, python-format -+msgid "Add file labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2216 -+#, python-format -+msgid "Delete file labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2218 -+#, python-format -+msgid "Modify file labeling for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2222 -+#, python-format -+msgid "File path: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2225 -+#, python-format -+msgid "File class: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2228 ../sepolicy/sepolicy/gui.py:2252 -+#, python-format -+msgid "SELinux file type: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2237 -+#, python-format -+msgid "Add ports for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2239 -+#, python-format -+msgid "Delete ports for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2241 -+#, python-format -+msgid "Modify ports for %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2244 -+#, python-format -+msgid "Network ports: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2247 -+#, python-format -+msgid "Network protocol: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2261 -+msgid "Add user" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2263 -+msgid "Delete user" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2265 -+msgid "Modify user" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2268 -+#, python-format -+msgid "SELinux User : %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2273 -+#, python-format -+msgid "Roles: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2277 ../sepolicy/sepolicy/gui.py:2302 -+#, python-format -+msgid "MLS/MCS Range: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2286 -+msgid "Add login mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2288 -+msgid "Delete login mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2290 -+msgid "Modify login mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2294 -+#, python-format -+msgid "Login Name : %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2298 -+#, python-format -+msgid "SELinux User: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2311 -+msgid "Add file equiv labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2313 -+msgid "Delete file equiv labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2315 -+msgid "Modify file equiv labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2319 -+#, python-format -+msgid "File path : %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2323 -+#, python-format -+msgid "Equivalence: %s" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2354 ../sepolicy/sepolicy/sepolicy.glade:129 -+#: ../sepolicy/sepolicy/sepolicy.glade:1898 -+#: ../sepolicy/sepolicy/sepolicy.glade:3803 -+msgid "System" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2363 ../sepolicy/sepolicy/sepolicy.glade:95 -+msgid "File Equivalence" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2373 ../sepolicy/sepolicy/sepolicy.glade:112 -+msgid "Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2426 -+#, python-format -+msgid "" -+"Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the " -+"default %(DEF_CONTEXT)s?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2436 ../sepolicy/sepolicy/sepolicy.glade:4226 -+msgid "Update" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2438 -+msgid "Update Changes" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2440 -+msgid "Revert Changes" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2571 -+msgid "System Status: Enforcing" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2574 -+msgid "System Status: Permissive" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2638 -+msgid "" -+"Changing the policy type will cause a relabel of the entire file system on " -+"the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2768 -+msgid "" -+"Changing to SELinux disabled requires a reboot. It is not recommended. If " -+"you later decide to turn SELinux back on, the system will be required to " -+"relabel. If you just want to see if SELinux is causing a problem on your " -+"system, you can go to permissive mode which will only log errors and not " -+"enforce SELinux policy. Permissive mode does not require a reboot. Do you " -+"wish to continue?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2772 -+msgid "" -+"Changing to SELinux enabled will cause a relabel of the entire file system " -+"on the next boot. Relabeling takes a long time depending on the size of the " -+"file system. Do you wish to continue?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2802 -+msgid "" -+"You are attempting to close the application without applying your changes.\n" -+" * To apply changes you have made during this session, click No and " -+"click Update.\n" -+" * To leave the application without applying your changes, click Yes. " -+"All changes that you have made during this session will be lost." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/gui.py:2802 -+msgid "Loss of data Dialog" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:75 -+msgid "regular file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:76 -+msgid "directory" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:77 -+msgid "character device" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:78 -+msgid "block device" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:79 -+msgid "socket file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:80 -+msgid "symbolic link" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:81 -+msgid "named pipe" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:130 -+msgid "No SELinux Policy installed" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:157 -+#, python-format -+msgid "Failed to read %s policy file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:418 -+#, python-format -+msgid "-- Allowed %s [ %s ]" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:831 -+msgid "You must regenerate interface info by running /usr/bin/sepolgen-ifgen" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/__init__.py:1150 -+msgid "unknown" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:223 -+#, python-format -+msgid "Compiling %s interface" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:231 -+#, python-format -+msgid "" -+"\n" -+"Compile test for %s failed.\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:234 -+#, python-format -+msgid "" -+"\n" -+"Compile test for %s has not run. %s\n" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/interface.py:240 -+#, python-format -+msgid "" -+"\n" -+"Compiling of %s interface is not supported." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:227 -+#, python-format -+msgid "Interface %s does not exist." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:324 -+msgid "You need to install policycoreutils-gui package to use the gui option" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:329 -+msgid "Graphical User Interface for SELinux Policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:332 ../sepolicy/sepolicy.py:380 -+msgid "Domain name(s) of man pages to be created" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:345 -+msgid "Alternative root needs to be setup" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:362 -+msgid "Generate SELinux man pages" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:365 -+msgid "path in which the generated SELinux man pages will be stored" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:367 -+msgid "name of the OS for man pages" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:369 -+msgid "Generate HTML man pages structure for selected SELinux man page" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:371 -+msgid "Alternate root directory, defaults to /" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:373 -+msgid "" -+"With this flag, alternative root path needs to include file context files " -+"and policy.xml file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:377 -+msgid "All domains" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:386 -+msgid "Query SELinux policy network information" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:391 -+msgid "list all SELinux port types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:394 -+msgid "show SELinux type related to the port" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:397 -+msgid "Show ports defined for this SELinux type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:400 -+msgid "show ports to which this domain can bind and/or connect" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:403 -+msgid "show ports to which this application can bind and/or connect" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:420 -+msgid "query SELinux policy to see if domains can communicate with each other" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:423 -+msgid "Source Domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:426 -+msgid "Target Domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:447 -+msgid "query SELinux Policy to see description of booleans" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:451 -+msgid "get all booleans descriptions" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:454 -+msgid "boolean to get description" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:466 -+msgid "" -+"query SELinux Policy to see how a source process domain can transition to " -+"the target process domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:469 -+msgid "source process domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:472 -+msgid "target process domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:517 -+#, python-format -+msgid "sepolicy generate: error: one of the arguments %s is required" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:522 -+msgid "Command required for this type of policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:533 -+#, python-format -+msgid "" -+"-t option can not be used with '%s' domains. Read usage for more details." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:538 -+#, python-format -+msgid "" -+"-d option can not be used with '%s' domains. Read usage for more details." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:542 -+#, python-format -+msgid "" -+"-a option can not be used with '%s' domains. Read usage for more details." -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:546 -+msgid "-w option can not be used with the --newtype option" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:567 -+msgid "List SELinux Policy interfaces" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:587 -+msgid "Enter interface names, you wish to query" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:597 -+msgid "Generate SELinux Policy module template" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:600 -+msgid "Enter domain type which you will be extending" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:603 -+msgid "Enter SELinux user(s) which will transition to this domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:606 -+msgid "Enter SELinux role(s) to which the administror domain will transition" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:609 -+msgid "Enter domain(s) which this confined admin will administrate" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:612 -+msgid "name of policy to generate" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:619 -+msgid "path in which the generated policy files will be stored" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:621 -+msgid "path to which the confined processes will need to write" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:622 -+msgid "Policy types which require a command" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:626 ../sepolicy/sepolicy.py:629 -+#: ../sepolicy/sepolicy.py:632 ../sepolicy/sepolicy.py:635 -+#: ../sepolicy/sepolicy.py:638 ../sepolicy/sepolicy.py:644 -+#: ../sepolicy/sepolicy.py:647 ../sepolicy/sepolicy.py:650 -+#: ../sepolicy/sepolicy.py:656 ../sepolicy/sepolicy.py:659 -+#: ../sepolicy/sepolicy.py:662 ../sepolicy/sepolicy.py:665 -+#, python-format -+msgid "Generate '%s' policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:653 -+#, python-format -+msgid "Generate '%s' policy " -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:667 -+msgid "executable to confine" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:672 -+msgid "commands" -+msgstr "" -+ -+#: ../sepolicy/sepolicy.py:675 -+msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:25 -+#: ../sepolicy/sepolicy/sepolicy.glade:4330 -+msgid "Applications" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:52 -+msgid "Select domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:189 -+#: ../sepolicy/sepolicy/sepolicy.glade:4367 -+#: ../sepolicy/sepolicy/sepolicy.glade:4460 -+#: ../sepolicy/sepolicy/sepolicy.glade:4606 -+#: ../sepolicy/sepolicy/sepolicy.glade:4755 -+#: ../sepolicy/sepolicy/sepolicy.glade:4889 -+#: ../sepolicy/sepolicy/sepolicy.glade:5030 -+#: ../sepolicy/sepolicy/sepolicy.glade:5103 -+#: ../sepolicy/sepolicy/sepolicy.glade:5238 -+msgid "Select" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:204 -+#: ../sepolicy/sepolicy/sepolicy.glade:539 -+#: ../sepolicy/sepolicy/sepolicy.glade:684 -+#: ../sepolicy/sepolicy/sepolicy.glade:1239 -+#: ../sepolicy/sepolicy/sepolicy.glade:1535 -+#: ../sepolicy/sepolicy/sepolicy.glade:4540 -+#: ../sepolicy/sepolicy/sepolicy.glade:4690 -+#: ../sepolicy/sepolicy/sepolicy.glade:4821 -+#: ../sepolicy/sepolicy/sepolicy.glade:4955 -+#: ../sepolicy/sepolicy/sepolicy.glade:5173 -+#: ../sepolicy/sepolicy/sepolicy.glade:5304 -+#: ../sepolicy/sepolicy/sepolicy.glade:5464 -+msgid "Cancel" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:332 -+msgid "" -+"The entry that was entered is incorrect. Please try again in the " -+"ex:/.../... format." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:358 -+msgid "Retry" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:442 -+#: ../sepolicy/sepolicy/sepolicy.glade:1120 -+#: ../sepolicy/sepolicy/sepolicy.glade:1368 -+#: ../sepolicy/sepolicy/sepolicy.glade:5332 -+msgid "Network Port Definitions" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:458 -+msgid "" -+"Add file Equivalence Mapping. Mapping will be created when Update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:483 -+#: ../sepolicy/sepolicy/sepolicy.glade:4046 -+msgid "Path" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:493 -+#: ../sepolicy/sepolicy/sepolicy.glade:5384 -+msgid "" -+"Specify a new SELinux user name. By convention SELinux User names usually " -+"end in an _u." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:497 -+msgid "Enter the path to which you want to setup an equivalence label." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:510 -+#: ../sepolicy/sepolicy/sepolicy.glade:4063 -+#: ../sepolicy/sepolicy/sepolicy.glade:4781 -+msgid "Equivalence Path" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:524 -+#: ../sepolicy/sepolicy/sepolicy.glade:669 -+#: ../sepolicy/sepolicy/sepolicy.glade:1224 -+#: ../sepolicy/sepolicy/sepolicy.glade:1520 -+#: ../sepolicy/sepolicy/sepolicy.glade:5449 -+msgid "Save to update" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:564 -+msgid "" -+"Specify the mapping between the new path and the equivalence path. " -+"Everything under this new path will be labeled as if they were under the " -+"equivalence path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:621 -+msgid "Add a file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:638 -+msgid "" -+" File Labeling for . File labels will be created " -+"when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:711 -+#: ../sepolicy/sepolicy/sepolicy.glade:1485 -+msgid "MLS" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:747 -+#: ../sepolicy/sepolicy/sepolicy.glade:2306 -+#: ../sepolicy/sepolicy/sepolicy.glade:2418 -+#: ../sepolicy/sepolicy/sepolicy.glade:2540 -+#: ../sepolicy/sepolicy/sepolicy.glade:4500 -+msgid "Class" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:763 -+msgid "Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:777 -+msgid "" -+"Select the file class to which this label will be applied. Defaults to all " -+"classes." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:804 -+msgid "Make Path Recursive" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:808 -+msgid "" -+"Select Make Path Recursive if you want to apply this label to all children " -+"of the specified directory path. objects under the directory to have this " -+"label." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:821 -+msgid "Browse" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:825 -+msgid "Browse to select the file/directory for labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:869 -+msgid "Path " -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:880 -+msgid "" -+"Specify the path using regular expressions that you would like to modify the " -+"labeling." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:902 -+msgid "Select the SELinux file type to assign to this path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:929 -+msgid "Enter the MLS Label to assign to this file path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:933 -+msgid "SELinux MLS Label you wish to assign to this path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1070 -+msgid "Analyzing Policy..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1137 -+msgid "" -+"Add Login Mapping. Login Mapping will be created when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1172 -+msgid "" -+"Enter the login user name of the user to which you wish to add SELinux User " -+"confinement." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1201 -+msgid "" -+"Select the SELinux User to assign to this login user. Login users by " -+"default get assigned by the __default__ user." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1264 -+msgid "" -+"Enter MLS/MCS Range for this login User. Defaults to the range for the " -+"Selected SELinux User." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1267 -+#: ../sepolicy/sepolicy/sepolicy.glade:3192 -+#: ../sepolicy/sepolicy/sepolicy.glade:3313 -+#: ../sepolicy/sepolicy/sepolicy.glade:5414 -+msgid "MLS Range" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1279 -+msgid "" -+"Specify the MLS Range for this user to login in with. Defaults to the " -+"selected SELinux Users MLS Range." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1385 -+msgid "" -+" Network Port for . Ports will be created when " -+"update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1423 -+msgid "Enter the port number or range to which you want to add a port type." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1439 -+#: ../sepolicy/sepolicy/sepolicy.glade:2658 -+#: ../sepolicy/sepolicy/sepolicy.glade:2756 -+#: ../sepolicy/sepolicy/sepolicy.glade:4633 -+msgid "Protocol" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1453 -+msgid "Port Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1498 -+msgid "Select the port type you want to assign to the specified port number." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1562 -+msgid "tcp" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1566 -+msgid "" -+"Select tcp if the port type should be assigned to tcp port numbers." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1579 -+msgid "udp" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1583 -+msgid "" -+"Select udp if the port type should be assigned to udp port numbers." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1605 -+msgid "Enter the MLS Label to assign to this port." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1707 -+msgid "SELinux Configuration" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1743 -+msgid "Select..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1792 -+#: ../sepolicy/sepolicy/sepolicy.glade:2212 -+msgid "Booleans" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1796 -+msgid "" -+"Display boolean information that can be used to modify the policy for the " -+"'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1810 -+#: ../sepolicy/sepolicy/sepolicy.glade:2597 -+msgid "Files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1814 -+msgid "" -+"Display file type information that can be used by the 'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1828 -+#: ../sepolicy/sepolicy/sepolicy.glade:2830 -+msgid "Network" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1832 -+msgid "" -+"Display network ports to which the 'selected domain' can connect or listen " -+"to." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1846 -+#: ../sepolicy/sepolicy/sepolicy.glade:3121 -+msgid "Transitions" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1850 -+msgid "" -+"Display applications that can transition into or out of the 'selected " -+"domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1864 -+#: ../sepolicy/sepolicy/sepolicy.glade:3222 -+msgid "Login Mapping" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1867 -+#: ../sepolicy/sepolicy/sepolicy.glade:1884 -+#: ../sepolicy/sepolicy/sepolicy.glade:1901 -+msgid "Manage the SELinux configuration" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1881 -+#: ../sepolicy/sepolicy/sepolicy.glade:3344 -+msgid "SELinux Users" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1915 -+#: ../sepolicy/sepolicy/sepolicy.glade:4016 -+msgid "Lockdown" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1918 -+msgid "" -+"Lockdown the SELinux System.\n" -+"This screen can be used to turn up the SELinux Protections." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1933 -+msgid "radiobutton" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:1993 -+msgid "Filter" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2021 -+msgid "Show Modified Only" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2060 -+msgid "Mislabeled files exist" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2080 -+msgid "Show mislabeled files only" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2120 -+#: ../sepolicy/sepolicy/sepolicy.glade:3244 -+msgid "" -+"If-Then-Else rules written in policy that can\n" -+"allow alternative access control." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2132 -+msgid "Enabled" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2183 -+msgid "Name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2252 -+#: ../sepolicy/sepolicy/sepolicy.glade:2364 -+#: ../sepolicy/sepolicy/sepolicy.glade:2482 -+#: ../sepolicy/sepolicy/sepolicy.glade:4473 -+#: ../sepolicy/sepolicy/sepolicy.glade:4768 -+msgid "File Path" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2288 -+#: ../sepolicy/sepolicy/sepolicy.glade:2399 -+msgid "SELinux File Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2332 -+msgid "File path used to enter the 'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2333 -+msgid "Executable Files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2448 -+msgid "Files to which the 'selected domain' can write." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2449 -+msgid "Writable files" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2571 -+msgid "File Types defined for the 'selected domain'." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2572 -+msgid "Application File Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2639 -+#: ../sepolicy/sepolicy/sepolicy.glade:2738 -+#: ../sepolicy/sepolicy/sepolicy.glade:4619 -+msgid "Port" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2704 -+msgid "Network Ports to which the 'selected domain' is allowed to connect." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2705 -+msgid "Outbound" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2804 -+msgid "Network Ports to which the 'selected domain' is allowed to listen." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2805 -+msgid "Inbound" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2866 -+#: ../sepolicy/sepolicy/sepolicy.glade:2956 -+msgid "" -+"Boolean\n" -+"Enabled" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2892 -+msgid "Boolean name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2909 -+msgid "SELinux Application Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2930 -+msgid "" -+"Executables which will transition to a different domain, when the 'selected " -+"domain' executes them." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2933 -+msgid "Application Transitions From 'select domain'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2972 -+msgid "Calling Process Domain" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:2988 -+msgid "Executable File" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3012 -+msgid "" -+"Executables which will transition to the 'selected domain', when executing a " -+"selected domains entrypoint." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3013 -+msgid "Application Transitions Into 'select domain'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3028 -+msgid "" -+"File Transitions define what happens when the current domain creates the " -+"content of a particular class in a directory of the destination type. " -+"Optionally a file name could be specified for the transition." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3036 -+msgid "SELinux Directory Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3049 -+msgid "Destination Class" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3063 -+msgid "SELinux Destination Type" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3076 -+msgid "File Name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3098 -+msgid "File Transitions From 'select domain'" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3297 -+#: ../sepolicy/sepolicy/sepolicy.glade:5508 -+msgid "Default Level" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3383 -+msgid "Select the system mode when the system first boots up" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3395 -+#: ../sepolicy/sepolicy/sepolicy.glade:3469 -+msgid "Enforcing" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3414 -+#: ../sepolicy/sepolicy/sepolicy.glade:3487 -+msgid "Permissive" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3456 -+msgid "Select the system mode for the current session" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3533 -+msgid "System Policy Type:" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3594 -+msgid "System Mode" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3632 -+msgid "Import system settings from another machine" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3640 -+msgid "Import" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3659 -+msgid "Export system settings to a file" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3669 -+msgid "Export" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3688 -+msgid "Relabel all files back to system defaults on reboot" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3783 -+msgid "System Configuration" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3830 -+#: ../sepolicy/sepolicy/sepolicy.glade:3848 -+msgid "" -+"An unconfined domain is a process label that allows the process to do what " -+"it wants, without SELinux interfering. Applications started at boot by the " -+"init system that SELinux do not have defined SELinux policy will run as " -+"unconfined if this module is enabled. Disabling it means all daemons will " -+"now be confined. To disable the unconfined_t user you must first remove " -+"unconfined_t from the users/login screens." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3866 -+msgid "Disable ability to run unconfined system processes?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3894 -+#: ../sepolicy/sepolicy/sepolicy.glade:3911 -+#: ../sepolicy/sepolicy/sepolicy.glade:3957 -+#: ../sepolicy/sepolicy/sepolicy.glade:3974 -+msgid "" -+"A permissive domain is a process label that allows the process to do what it " -+"wants, with SELinux only logging the denials, but not enforcing them. " -+"Usually permissive domains indicate experimental policy, disabling the " -+"module could cause SELinux to deny access to a domain, that should be " -+"allowed." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3929 -+msgid "Disable all permissive processes?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:3995 -+msgid "Deny all processes from ptracing or debugging other processes?" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4032 -+msgid "" -+"File equivalence cause the system to label content under the new path as if " -+"it were under the equivalence path." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4088 -+msgid "Files Equivalence" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4101 -+msgid "...SELECT TO VIEW DATA..." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4132 -+msgid "Delete" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4148 -+msgid "Modify" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4163 -+msgid "Add" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4209 -+msgid "Revert" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4214 -+msgid "" -+"Revert button will launch a dialog window which allows you to revert changes " -+"within the current transaction." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4231 -+msgid "Commit all changes in your current transaction to the server." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4279 -+msgid "Applications - Advanced Search" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4344 -+msgid "Process Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4385 -+msgid "More Details" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4421 -+#: ../sepolicy/sepolicy/sepolicy.glade:4715 -+msgid "Delete Modified File Labeling" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4439 -+msgid "" -+"Select file labeling to delete. File labeling will be deleted when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4486 -+msgid "SELinux File Label" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4525 -+#: ../sepolicy/sepolicy/sepolicy.glade:4675 -+#: ../sepolicy/sepolicy/sepolicy.glade:4806 -+#: ../sepolicy/sepolicy/sepolicy.glade:4940 -+#: ../sepolicy/sepolicy/sepolicy.glade:5289 -+msgid "Save to Update" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4565 -+msgid "Delete Modified Ports" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4583 -+msgid "Select ports to delete. Ports will be deleted when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4733 -+msgid "" -+"Select file equivalence labeling to delete. File equivalence labeling will " -+"be deleted when update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4849 -+#: ../sepolicy/sepolicy/sepolicy.glade:5198 -+msgid "Delete Modified Users Mapping." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4867 -+msgid "" -+"Select login user mapping to delete. Login user mapping will be deleted when " -+"update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4902 -+msgid "Login name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:4983 -+msgid "More Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5010 -+msgid "Types" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5069 -+msgid "" -+"Review the updates you have made before committing them to the system. To " -+"reset an item, uncheck the checkbox. All items checked will be updated in " -+"the system when you select update." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5132 -+msgid "Action" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5158 -+msgid "Apply" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5216 -+msgid "" -+"Select users mapping to delete.Users mapping will be deleted when update is " -+"applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5264 -+msgid "SELinux Username" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5349 -+msgid "" -+"Add User Roles. SELinux User Roles will be created when Update is applied." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5374 -+msgid "SELinux User Name" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5489 -+msgid "" -+"Enter MLS/MCS Range for this SELinux User.\n" -+"s0-s0:c1023" -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5520 -+msgid "" -+"Specify the default level that you would like this SELinux user to login " -+"with. Defaults to s0." -+msgstr "" -+ -+#: ../sepolicy/sepolicy/sepolicy.glade:5524 -+msgid "Enter Default Level for SELinux User to login with. Default s0" -+msgstr "" -diff --git a/sandbox/po/sandbox.pot b/sandbox/po/sandbox.pot -new file mode 100644 -index 000000000000..328b4f0159d3 ---- /dev/null -+++ b/sandbox/po/sandbox.pot -@@ -0,0 +1,157 @@ -+# SOME DESCRIPTIVE TITLE. -+# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -+# This file is distributed under the same license as the PACKAGE package. -+# FIRST AUTHOR , YEAR. -+# -+#, fuzzy -+msgid "" -+msgstr "" -+"Project-Id-Version: PACKAGE VERSION\n" -+"Report-Msgid-Bugs-To: \n" -+"POT-Creation-Date: 2018-08-06 14:22+0200\n" -+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -+"Last-Translator: FULL NAME \n" -+"Language-Team: LANGUAGE \n" -+"Language: \n" -+"MIME-Version: 1.0\n" -+"Content-Type: text/plain; charset=CHARSET\n" -+"Content-Transfer-Encoding: 8bit\n" -+ -+#: ../sandbox:119 -+#, python-format -+msgid "Do you want to save changes to '%s' (Y/N): " -+msgstr "" -+ -+#: ../sandbox:120 -+msgid "Sandbox Message" -+msgstr "" -+ -+#: ../sandbox:132 -+#, python-format -+msgid "Do you want to save changes to '%s' (y/N): " -+msgstr "" -+ -+#: ../sandbox:133 -+msgid "[yY]" -+msgstr "" -+ -+#: ../sandbox:156 -+msgid "User account must be setup with an MCS Range" -+msgstr "" -+ -+#: ../sandbox:184 -+msgid "" -+"Failed to find any unused category sets. Consider a larger MCS range for " -+"this user." -+msgstr "" -+ -+#: ../sandbox:215 -+msgid "Homedir and tempdir required for level mounts" -+msgstr "" -+ -+#: ../sandbox:218 ../sandbox:229 ../sandbox:234 -+#, python-format -+msgid "" -+"\n" -+"%s is required for the action you want to perform.\n" -+msgstr "" -+ -+#: ../sandbox:305 -+#, python-format -+msgid "" -+"\n" -+"Policy defines the following types for use with the -t:\n" -+"\t%s\n" -+msgstr "" -+ -+#: ../sandbox:312 -+#, python-format -+msgid "" -+"\n" -+"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I " -+"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t " -+"type ] command\n" -+"\n" -+"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I " -+"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t " -+"type ] -S\n" -+"%s\n" -+msgstr "" -+ -+#: ../sandbox:324 -+msgid "include file in sandbox" -+msgstr "" -+ -+#: ../sandbox:327 -+msgid "read list of files to include in sandbox from INCLUDEFILE" -+msgstr "" -+ -+#: ../sandbox:329 -+msgid "run sandbox with SELinux type" -+msgstr "" -+ -+#: ../sandbox:332 -+msgid "mount new home and/or tmp directory" -+msgstr "" -+ -+#: ../sandbox:336 -+msgid "dots per inch for X display" -+msgstr "" -+ -+#: ../sandbox:339 -+msgid "run complete desktop session within sandbox" -+msgstr "" -+ -+#: ../sandbox:342 -+msgid "Shred content before tempory directories are removed" -+msgstr "" -+ -+#: ../sandbox:346 -+msgid "run X application within a sandbox" -+msgstr "" -+ -+#: ../sandbox:352 -+msgid "alternate home directory to use for mounting" -+msgstr "" -+ -+#: ../sandbox:357 -+msgid "alternate /tmp directory to use for mounting" -+msgstr "" -+ -+#: ../sandbox:366 -+msgid "alternate window manager" -+msgstr "" -+ -+#: ../sandbox:369 -+msgid "MCS/MLS level for the sandbox" -+msgstr "" -+ -+#: ../sandbox:385 -+msgid "" -+"Sandbox Policy is not currently installed.\n" -+"You need to install the selinux-policy-sandbox package in order to run this " -+"command" -+msgstr "" -+ -+#: ../sandbox:397 -+msgid "" -+"You must specify a Homedir and tempdir when setting up a session sandbox" -+msgstr "" -+ -+#: ../sandbox:399 -+msgid "Commands are not allowed in a session sandbox" -+msgstr "" -+ -+#: ../sandbox:409 -+msgid "Command required" -+msgstr "" -+ -+#: ../sandbox:412 -+#, python-format -+msgid "%s is not an executable" -+msgstr "" -+ -+#: ../sandbox:535 -+#, python-format -+msgid "Invalid value %s" -+msgstr "" --- -2.32.0 - diff --git a/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch b/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch new file mode 100644 index 0000000..9f194b8 --- /dev/null +++ b/SOURCES/0012-gettext-handle-unsupported-languages-properly.patch @@ -0,0 +1,349 @@ +From f62227788b28e3afd2016b47af248f8ecefa8155 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 24 Jun 2022 16:24:25 +0200 +Subject: [PATCH] gettext: handle unsupported languages properly +Content-type: text/plain + +With "fallback=True" gettext.translation behaves the same as +gettext.install and uses NullTranslations in case the +translation file for given language was not found (as opposed to +throwing an exception). + +Fixes: + # LANG is set to any "unsupported" language, e.g. en_US.UTF-8 + $ chcat --help + Traceback (most recent call last): + File "/usr/bin/chcat", line 39, in + t = gettext.translation(PROGNAME, + File "/usr/lib64/python3.9/gettext.py", line 592, in translation + raise FileNotFoundError(ENOENT, + FileNotFoundError: [Errno 2] No translation file found for domain: 'selinux-python' + +Signed-off-by: Vit Mojzis +Reviewed-by: Daniel Burgener +Acked-by: Petr Lautrbach +--- + gui/booleansPage.py | 3 ++- + gui/domainsPage.py | 3 ++- + gui/fcontextPage.py | 3 ++- + gui/loginsPage.py | 3 ++- + gui/modulesPage.py | 3 ++- + gui/polgengui.py | 3 ++- + gui/portsPage.py | 3 ++- + gui/semanagePage.py | 3 ++- + gui/statusPage.py | 3 ++- + gui/system-config-selinux.py | 3 ++- + gui/usersPage.py | 3 ++- + python/chcat/chcat | 5 +++-- + python/semanage/semanage | 3 ++- + python/semanage/seobject.py | 3 ++- + python/sepolgen/src/sepolgen/sepolgeni18n.py | 4 +++- + python/sepolicy/sepolicy.py | 3 ++- + python/sepolicy/sepolicy/__init__.py | 3 ++- + python/sepolicy/sepolicy/generate.py | 3 ++- + python/sepolicy/sepolicy/gui.py | 3 ++- + python/sepolicy/sepolicy/interface.py | 3 ++- + sandbox/sandbox | 3 ++- + 21 files changed, 44 insertions(+), 22 deletions(-) + +diff --git a/gui/booleansPage.py b/gui/booleansPage.py +index 5beec58bc360..ad11a9b24c79 100644 +--- a/gui/booleansPage.py ++++ b/gui/booleansPage.py +@@ -46,7 +46,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/domainsPage.py b/gui/domainsPage.py +index e08f34b4d3a9..e6eadd61c1bc 100644 +--- a/gui/domainsPage.py ++++ b/gui/domainsPage.py +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py +index bac2bec3ebbd..767664f26ec8 100644 +--- a/gui/fcontextPage.py ++++ b/gui/fcontextPage.py +@@ -55,7 +55,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/loginsPage.py b/gui/loginsPage.py +index 18b93d8c9756..7e08232a90b5 100644 +--- a/gui/loginsPage.py ++++ b/gui/loginsPage.py +@@ -37,7 +37,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/modulesPage.py b/gui/modulesPage.py +index c546d455d4cd..02b79f150a13 100644 +--- a/gui/modulesPage.py ++++ b/gui/modulesPage.py +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/polgengui.py b/gui/polgengui.py +index a18f1cba17b9..7a3ecd50c91c 100644 +--- a/gui/polgengui.py ++++ b/gui/polgengui.py +@@ -71,7 +71,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/portsPage.py b/gui/portsPage.py +index 54aa80ded327..bee2bdf17b99 100644 +--- a/gui/portsPage.py ++++ b/gui/portsPage.py +@@ -43,7 +43,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/semanagePage.py b/gui/semanagePage.py +index 1371d4e7dabe..efad14d9b375 100644 +--- a/gui/semanagePage.py ++++ b/gui/semanagePage.py +@@ -30,7 +30,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/statusPage.py b/gui/statusPage.py +index c241ef83dfa0..832849e60d60 100644 +--- a/gui/statusPage.py ++++ b/gui/statusPage.py +@@ -43,7 +43,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py +index 1b460c99363b..9f53b7fe9020 100644 +--- a/gui/system-config-selinux.py ++++ b/gui/system-config-selinux.py +@@ -53,7 +53,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/gui/usersPage.py b/gui/usersPage.py +index d51bd968b77e..9acd3b844056 100644 +--- a/gui/usersPage.py ++++ b/gui/usersPage.py +@@ -37,7 +37,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/chcat/chcat b/python/chcat/chcat +index e779fcc6ebd7..952cb8187599 100755 +--- a/python/chcat/chcat ++++ b/python/chcat/chcat +@@ -38,9 +38,10 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext +-except ImportError: ++except: + try: + import builtins + builtins.__dict__['_'] = str +diff --git a/python/semanage/semanage b/python/semanage/semanage +index 8f4e44a7a9cd..f45061a601f9 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py +index ff8f4e9c3008..0782c082dc0c 100644 +--- a/python/semanage/seobject.py ++++ b/python/semanage/seobject.py +@@ -42,7 +42,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py +index 56ebd807c69c..1ff307d9b27d 100644 +--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py ++++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py +@@ -19,7 +19,9 @@ + + try: + import gettext +- t = gettext.translation( 'selinux-python' ) ++ t = gettext.translation("selinux-python", ++ localedir="/usr/share/locale", ++ fallback=True) + _ = t.gettext + except: + def _(str): +diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py +index 7ebe0efa88a1..c7a70e094b0c 100755 +--- a/python/sepolicy/sepolicy.py ++++ b/python/sepolicy/sepolicy.py +@@ -36,7 +36,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py +index 95520f9bc35d..6bde1971fd7c 100644 +--- a/python/sepolicy/sepolicy/__init__.py ++++ b/python/sepolicy/sepolicy/__init__.py +@@ -31,7 +31,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py +index 3e8b9f9c291d..eff3a8973917 100644 +--- a/python/sepolicy/sepolicy/generate.py ++++ b/python/sepolicy/sepolicy/generate.py +@@ -56,7 +56,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py +index b0263740a79f..5bdbfebade1d 100644 +--- a/python/sepolicy/sepolicy/gui.py ++++ b/python/sepolicy/sepolicy/gui.py +@@ -49,7 +49,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py +index 599f97fdc6e7..43f86443f2c8 100644 +--- a/python/sepolicy/sepolicy/interface.py ++++ b/python/sepolicy/sepolicy/interface.py +@@ -38,7 +38,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +diff --git a/sandbox/sandbox b/sandbox/sandbox +index 3ef444a12561..53cc504149c9 100644 +--- a/sandbox/sandbox ++++ b/sandbox/sandbox +@@ -45,7 +45,8 @@ try: + kwargs['unicode'] = True + t = gettext.translation(PROGNAME, + localedir="/usr/share/locale", +- **kwargs) ++ **kwargs, ++ fallback=True) + _ = t.gettext + except: + try: +-- +2.36.1 + diff --git a/SOURCES/0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch b/SOURCES/0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch deleted file mode 100644 index f4d6b78..0000000 --- a/SOURCES/0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f5045f645cfa10fed01b4225d26d98ea9f81f085 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Wed, 21 Mar 2018 08:51:31 +0100 -Subject: [PATCH] policycoreutils/setfiles: Improve description of -d switch - -The "-q" switch is becoming obsolete (completely unused in fedora) and -debug output ("-d" switch) makes sense in any scenario. Therefore both -options can be specified at once. - -Resolves: rhbz#1271327 ---- - policycoreutils/setfiles/setfiles.8 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index 4d28bc9a95c1..8e6c4ab94841 100644 ---- a/policycoreutils/setfiles/setfiles.8 -+++ b/policycoreutils/setfiles/setfiles.8 -@@ -57,7 +57,7 @@ option will force a replacement of the entire context. - check the validity of the contexts against the specified binary policy. - .TP - .B \-d --show what specification matched each file. -+show what specification matched each file. Not affected by "\-q". - .TP - .BI \-e \ directory - directory to exclude (repeat option for more than one directory). --- -2.32.0 - diff --git a/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch b/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch new file mode 100644 index 0000000..0db14f7 --- /dev/null +++ b/SOURCES/0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch @@ -0,0 +1,82 @@ +From dc99f08e121ee21650a4179e3deaea8c04ae40c9 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Wed, 8 Jun 2022 19:09:54 +0200 +Subject: [PATCH] semodule: rename --rebuild-if-modules-changed to --refresh +Content-type: text/plain + +After the last commit this option's name and description no longer +matches the semantic, so give it a new one and update the descriptions. +The old name is still recognized and aliased to the new one for +backwards compatibility. + +Signed-off-by: Ondrej Mosnacek +Acked-by: Nicolas Iooss +--- + policycoreutils/semodule/semodule.8 | 12 ++++++------ + policycoreutils/semodule/semodule.c | 13 ++++++++++--- + 2 files changed, 16 insertions(+), 9 deletions(-) + +diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 +index d1735d216276..c56e580f27b8 100644 +--- a/policycoreutils/semodule/semodule.8 ++++ b/policycoreutils/semodule/semodule.8 +@@ -23,12 +23,12 @@ force a reload of policy + .B \-B, \-\-build + force a rebuild of policy (also reloads unless \-n is used) + .TP +-.B \-\-rebuild-if-modules-changed +-Force a rebuild of the policy if any changes to module content are detected +-(by comparing with checksum from the last transaction). One can use this +-instead of \-B to ensure that any changes to the module store done by an +-external tool (e.g. a package manager) are applied, while automatically +-skipping the rebuild if there are no new changes. ++.B \-\-refresh ++Like \-\-build, but reuses existing linked policy if no changes to module ++files are detected (by comparing with checksum from the last transaction). ++One can use this instead of \-B to ensure that any changes to the module ++store done by an external tool (e.g. a package manager) are applied, while ++automatically skipping the module re-linking if there are no module changes. + .TP + .B \-D, \-\-disable_dontaudit + Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt +diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c +index 1ed8e69054e0..ec0794866daa 100644 +--- a/policycoreutils/semodule/semodule.c ++++ b/policycoreutils/semodule/semodule.c +@@ -150,9 +150,12 @@ static void usage(char *progname) + printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); + printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); + printf(" -m, --checksum print module checksum (SHA256).\n"); +- printf(" --rebuild-if-modules-changed\n" +- " force policy rebuild if module content changed since\n" +- " last rebuild (based on checksum)\n"); ++ printf(" --refresh like --build, but reuses existing linked policy if no\n" ++ " changes to module files are detected (via checksum)\n"); ++ printf("Deprecated options:\n"); ++ printf(" -b,--base same as --install\n"); ++ printf(" --rebuild-if-modules-changed\n" ++ " same as --refresh\n"); + } + + /* Sets the global mode variable to new_mode, but only if no other +@@ -185,6 +188,7 @@ static void parse_command_line(int argc, char **argv) + { + static struct option opts[] = { + {"rebuild-if-modules-changed", 0, NULL, '\0'}, ++ {"refresh", 0, NULL, '\0'}, + {"store", required_argument, NULL, 's'}, + {"base", required_argument, NULL, 'b'}, + {"help", 0, NULL, 'h'}, +@@ -225,6 +229,9 @@ static void parse_command_line(int argc, char **argv) + case '\0': + switch(longind) { + case 0: /* --rebuild-if-modules-changed */ ++ fprintf(stderr, "The --rebuild-if-modules-changed option is deprecated. Use --refresh instead.\n"); ++ /* fallthrough */ ++ case 1: /* --refresh */ + check_ext_changes = 1; + break; + default: +-- +2.36.1 + diff --git a/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch b/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch new file mode 100644 index 0000000..6ef58aa --- /dev/null +++ b/SOURCES/0014-python-Split-semanage-import-into-two-transactions.patch @@ -0,0 +1,65 @@ +From 8abaf61849ce9688dddc3b27ef4df3cc23af0109 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Mon, 30 May 2022 14:20:21 +0200 +Subject: [PATCH] python: Split "semanage import" into two transactions +Content-type: text/plain + +First transaction applies all deletion operations, so that there are no +collisions when applying the rest of the changes. + +Fixes: + # semanage port -a -t http_cache_port_t -r s0 -p tcp 3024 + # semanage export | semanage import + ValueError: Port tcp/3024 already defined + +Signed-off-by: Vit Mojzis +--- + python/semanage/semanage | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/python/semanage/semanage b/python/semanage/semanage +index f45061a601f9..4e8d64d6863a 100644 +--- a/python/semanage/semanage ++++ b/python/semanage/semanage +@@ -853,10 +853,29 @@ def handleImport(args): + trans = seobject.semanageRecords(args) + trans.start() + ++ deleteCommands = [] ++ commands = [] ++ # separate commands for deletion from the rest so they can be ++ # applied in a separate transaction + for l in sys.stdin.readlines(): + if len(l.strip()) == 0: + continue ++ if "-d" in l or "-D" in l: ++ deleteCommands.append(l) ++ else: ++ commands.append(l) ++ ++ if deleteCommands: ++ importHelper(deleteCommands) ++ trans.finish() ++ trans.start() ++ ++ importHelper(commands) ++ trans.finish() + ++ ++def importHelper(commands): ++ for l in commands: + try: + commandParser = createCommandParser() + args = commandParser.parse_args(mkargv(l)) +@@ -870,8 +889,6 @@ def handleImport(args): + except KeyboardInterrupt: + sys.exit(0) + +- trans.finish() +- + + def setupImportParser(subparsers): + importParser = subparsers.add_parser('import', help=_('Import local customizations')) +-- +2.36.1 + diff --git a/SOURCES/0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch b/SOURCES/0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch deleted file mode 100644 index e39c750..0000000 --- a/SOURCES/0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch +++ /dev/null @@ -1,24 +0,0 @@ -From f1acc9a3057e199d62c6b8ec6e77fc33ca3db1d1 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 8 Nov 2018 09:20:58 +0100 -Subject: [PATCH] semodule-utils: Fix RESOURCE_LEAK coverity scan defects - ---- - semodule-utils/semodule_package/semodule_package.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c -index 3515234e36de..7b75b3fd9bb4 100644 ---- a/semodule-utils/semodule_package/semodule_package.c -+++ b/semodule-utils/semodule_package/semodule_package.c -@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len) - } - if (!sb.st_size) { - *len = 0; -+ close(fd); - return 0; - } - --- -2.32.0 - diff --git a/SOURCES/0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch b/SOURCES/0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch deleted file mode 100644 index 1a3e957..0000000 --- a/SOURCES/0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 0e40b5541773c6daf58bba7048fae6918d74de74 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Tue, 28 Jul 2020 14:37:13 +0200 -Subject: [PATCH] sepolicy: Fix flake8 warnings in Fedora-only code - -Fixes: -$ PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8 -Analyzing 187 Python scripts -./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in' -./installdir/usr/lib/python3.8/site-packages/sepolicy/manpage.py:774:17: E117 over-indented -./python/sepolicy/build/lib/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in' -./python/sepolicy/build/lib/sepolicy/manpage.py:774:17: E117 over-indented -./python/sepolicy/sepolicy/manpage.py:720:20: E713 test for membership should be 'not in' -./python/sepolicy/sepolicy/manpage.py:774:17: E117 over-indented -The command "PATH="$VIRTUAL_ENV/bin:$PATH" ./scripts/run-flake8" exited with 1. - -Signed-off-by: Ondrej Mosnacek ---- - python/sepolicy/sepolicy/manpage.py | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py -index ffcedb547993..c013c0d48502 100755 ---- a/python/sepolicy/sepolicy/manpage.py -+++ b/python/sepolicy/sepolicy/manpage.py -@@ -719,7 +719,7 @@ Default Defined Ports:""") - for f in self.all_file_types: - if f.startswith(self.domainname): - flist.append(f) -- if not f in self.exec_types or not f in self.entry_types: -+ if f not in self.exec_types or f not in self.entry_types: - flist_non_exec.append(f) - if f in self.fcdict: - mpaths = mpaths + self.fcdict[f]["regex"] -@@ -773,7 +773,7 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d - """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]}) - - if flist_non_exec: -- self.fd.write(r""" -+ self.fd.write(r""" - .PP - .B STANDARD FILE CONTEXT - --- -2.32.0 - diff --git a/SOURCES/0019-setfiles-restorecon-support-parallel-relabeling.patch b/SOURCES/0019-setfiles-restorecon-support-parallel-relabeling.patch deleted file mode 100644 index ad7d65c..0000000 --- a/SOURCES/0019-setfiles-restorecon-support-parallel-relabeling.patch +++ /dev/null @@ -1,253 +0,0 @@ -From fba88f42bf8490a23fa6dcd33de2ccd59170009b Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Tue, 26 Oct 2021 13:52:39 +0200 -Subject: [PATCH] setfiles/restorecon: support parallel relabeling - -Use the newly introduced selinux_restorecon_parallel(3) in -setfiles/restorecon and a -T option to both to allow enabling parallel -relabeling. The default behavior without specifying the -T option is to -use 1 thread; parallel relabeling must be requested explicitly by -passing -T 0 (which will use as many threads as there are available CPU -cores) or -T , which will use threads. - -=== Benchmarks === -As measured on a 32-core cloud VM with Fedora 34. Not a fully -representative environment, but still the scaling is quite good. - -WITHOUT PATCHES: -$ time restorecon -rn /usr - -real 0m21.689s -user 0m21.070s -sys 0m0.494s - -WITH PATCHES: -$ time restorecon -rn /usr - -real 0m23.940s -user 0m23.127s -sys 0m0.653s -$ time restorecon -rn -T 2 /usr - -real 0m13.145s -user 0m25.306s -sys 0m0.695s -$ time restorecon -rn -T 4 /usr - -real 0m7.559s -user 0m28.470s -sys 0m1.099s -$ time restorecon -rn -T 8 /usr - -real 0m5.186s -user 0m37.450s -sys 0m2.094s -$ time restorecon -rn -T 16 /usr - -real 0m3.831s -user 0m51.220s -sys 0m4.895s -$ time restorecon -rn -T 32 /usr - -real 0m2.650s -user 1m5.136s -sys 0m6.614s - -Note that the benchmarks were performed in read-only mode (-n), so the -labels were only read and looked up in the database, not written. When -fixing labels on a heavily mislabeled system, the scaling would likely -be event better, since a larger % of work could be done in parallel. - -Signed-off-by: Ondrej Mosnacek ---- - policycoreutils/setfiles/Makefile | 2 +- - policycoreutils/setfiles/restore.c | 7 ++++--- - policycoreutils/setfiles/restore.h | 2 +- - policycoreutils/setfiles/restorecon.8 | 9 +++++++++ - policycoreutils/setfiles/setfiles.8 | 9 +++++++++ - policycoreutils/setfiles/setfiles.c | 28 ++++++++++++++++----------- - 6 files changed, 41 insertions(+), 16 deletions(-) - -diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile -index 63d818509791..d7670a8ff54b 100644 ---- a/policycoreutils/setfiles/Makefile -+++ b/policycoreutils/setfiles/Makefile -@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man - AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y) - - CFLAGS ?= -g -Werror -Wall -W --override LDLIBS += -lselinux -lsepol -+override LDLIBS += -lselinux -lsepol -lpthread - - ifeq ($(AUDITH), y) - override CFLAGS += -DUSE_AUDIT -diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index 9d688c609f79..74d48bb3752d 100644 ---- a/policycoreutils/setfiles/restore.c -+++ b/policycoreutils/setfiles/restore.c -@@ -72,7 +72,7 @@ void restore_finish(void) - } - } - --int process_glob(char *name, struct restore_opts *opts) -+int process_glob(char *name, struct restore_opts *opts, size_t nthreads) - { - glob_t globbuf; - size_t i = 0; -@@ -91,8 +91,9 @@ int process_glob(char *name, struct restore_opts *opts) - continue; - if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0) - continue; -- rc = selinux_restorecon(globbuf.gl_pathv[i], -- opts->restorecon_flags); -+ rc = selinux_restorecon_parallel(globbuf.gl_pathv[i], -+ opts->restorecon_flags, -+ nthreads); - if (rc < 0) - errors = rc; - } -diff --git a/policycoreutils/setfiles/restore.h b/policycoreutils/setfiles/restore.h -index ac6ad6809f4f..bb35a1db9e34 100644 ---- a/policycoreutils/setfiles/restore.h -+++ b/policycoreutils/setfiles/restore.h -@@ -49,7 +49,7 @@ struct restore_opts { - void restore_init(struct restore_opts *opts); - void restore_finish(void); - void add_exclude(const char *directory); --int process_glob(char *name, struct restore_opts *opts); -+int process_glob(char *name, struct restore_opts *opts, size_t nthreads); - extern char **exclude_list; - - #endif -diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8 -index a8900f02b3f3..dbd55ce7c512 100644 ---- a/policycoreutils/setfiles/restorecon.8 -+++ b/policycoreutils/setfiles/restorecon.8 -@@ -33,6 +33,8 @@ restorecon \- restore file(s) default SELinux security contexts. - .RB [ \-W ] - .RB [ \-I | \-D ] - .RB [ \-x ] -+.RB [ \-T -+.IR nthreads ] - - .SH "DESCRIPTION" - This manual page describes the -@@ -160,6 +162,13 @@ prevent - .B restorecon - from crossing file system boundaries. - .TP -+.BI \-T \ nthreads -+use up to -+.I nthreads -+threads. Specify 0 to create as many threads as there are available -+CPU cores; 1 to use only a single thread (default); or any positive -+number to use the given number of threads (if possible). -+.TP - .SH "ARGUMENTS" - .IR pathname \ ... - The pathname for the file(s) to be relabeled. -diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8 -index 0692121f2f4d..8ef9f602e843 100644 ---- a/policycoreutils/setfiles/setfiles.8 -+++ b/policycoreutils/setfiles/setfiles.8 -@@ -19,6 +19,8 @@ setfiles \- set SELinux file security contexts. - .RB [ \-W ] - .RB [ \-F ] - .RB [ \-I | \-D ] -+.RB [ \-T -+.IR nthreads ] - .I spec_file - .IR pathname \ ... - -@@ -161,6 +163,13 @@ quote marks or backslashes. The - option of GNU - .B find - produces input suitable for this mode. -+.TP -+.BI \-T \ nthreads -+use up to -+.I nthreads -+threads. Specify 0 to create as many threads as there are available -+CPU cores; 1 to use only a single thread (default); or any positive -+number to use the given number of threads (if possible). - - .SH "ARGUMENTS" - .TP -diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c -index f018d161aa9e..2313a21fa0f3 100644 ---- a/policycoreutils/setfiles/setfiles.c -+++ b/policycoreutils/setfiles/setfiles.c -@@ -1,4 +1,5 @@ - #include "restore.h" -+#include - #include - #include - #include -@@ -34,14 +35,14 @@ static __attribute__((__noreturn__)) void usage(const char *const name) - { - if (iamrestorecon) { - fprintf(stderr, -- "usage: %s [-iIDFmnprRv0x] [-e excludedir] pathname...\n" -- "usage: %s [-iIDFmnprRv0x] [-e excludedir] -f filename\n", -+ "usage: %s [-iIDFmnprRv0xT] [-e excludedir] pathname...\n" -+ "usage: %s [-iIDFmnprRv0xT] [-e excludedir] -f filename\n", - name, name); - } else { - fprintf(stderr, -- "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname...\n" -- "usage: %s [-diIDlmnpqvEFW] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename\n" -- "usage: %s -s [-diIDlmnpqvFW] spec_file\n", -+ "usage: %s [-diIDlmnpqvEFWT] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file pathname...\n" -+ "usage: %s [-diIDlmnpqvEFWT] [-e excludedir] [-r alt_root_path] [-c policyfile] spec_file -f filename\n" -+ "usage: %s -s [-diIDlmnpqvFWT] spec_file\n", - name, name, name); - } - exit(-1); -@@ -144,12 +145,12 @@ int main(int argc, char **argv) - int opt, i = 0; - const char *input_filename = NULL; - int use_input_file = 0; -- char *buf = NULL; -- size_t buf_len; -+ char *buf = NULL, *endptr; -+ size_t buf_len, nthreads = 1; - const char *base; - int errors = 0; -- const char *ropts = "e:f:hiIDlmno:pqrsvFRW0x"; -- const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0"; -+ const char *ropts = "e:f:hiIDlmno:pqrsvFRW0xT:"; -+ const char *sopts = "c:de:f:hiIDlmno:pqr:svEFR:W0T:"; - const char *opts; - union selinux_callback cb; - -@@ -370,6 +371,11 @@ int main(int argc, char **argv) - usage(argv[0]); - } - break; -+ case 'T': -+ nthreads = strtoull(optarg, &endptr, 10); -+ if (*optarg == '\0' || *endptr != '\0') -+ usage(argv[0]); -+ break; - case 'h': - case '?': - usage(argv[0]); -@@ -448,13 +454,13 @@ int main(int argc, char **argv) - buf[len - 1] = 0; - if (!strcmp(buf, "/")) - r_opts.mass_relabel = SELINUX_RESTORECON_MASS_RELABEL; -- errors |= process_glob(buf, &r_opts) < 0; -+ errors |= process_glob(buf, &r_opts, nthreads) < 0; - } - if (strcmp(input_filename, "-") != 0) - fclose(f); - } else { - for (i = optind; i < argc; i++) -- errors |= process_glob(argv[i], &r_opts) < 0; -+ errors |= process_glob(argv[i], &r_opts, nthreads) < 0; - } - - maybe_audit_mass_relabel(r_opts.mass_relabel, errors); --- -2.33.1 - diff --git a/SOURCES/0020-semodule-add-m-checksum-option.patch b/SOURCES/0020-semodule-add-m-checksum-option.patch deleted file mode 100644 index afee33a..0000000 --- a/SOURCES/0020-semodule-add-m-checksum-option.patch +++ /dev/null @@ -1,674 +0,0 @@ -From 4e6165719d3315b6502f3d290a549f9fa14c3238 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 16 Nov 2021 14:27:11 +0100 -Subject: [PATCH] semodule: add -m | --checksum option - -Since cil doesn't store module name and module version in module itself, -there's no simple way how to compare that installed module is the same -version as the module which is supposed to be installed. Even though the -version was not used by semodule itself, it was apparently used by some -team. - -With `semodule -l --checksum` users get SHA256 hashes of modules and -could compare them with their files which is faster than installing -modules again and again. - -E.g. - - # time ( - semodule -l --checksum | grep localmodule - /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum - ) - localmodule db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd - db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd - - - real 0m0.876s - user 0m0.849s - sys 0m0.028s - -vs - - # time semodule -i localmodule.pp - - real 0m6.147s - user 0m5.800s - sys 0m0.231s - -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - policycoreutils/semodule/Makefile | 2 +- - policycoreutils/semodule/semodule.8 | 6 + - policycoreutils/semodule/semodule.c | 95 ++++++++- - policycoreutils/semodule/sha256.c | 294 ++++++++++++++++++++++++++++ - policycoreutils/semodule/sha256.h | 89 +++++++++ - 5 files changed, 480 insertions(+), 6 deletions(-) - create mode 100644 policycoreutils/semodule/sha256.c - create mode 100644 policycoreutils/semodule/sha256.h - -diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile -index 73801e487a76..9875ac383280 100644 ---- a/policycoreutils/semodule/Makefile -+++ b/policycoreutils/semodule/Makefile -@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man - - CFLAGS ?= -Werror -Wall -W - override LDLIBS += -lsepol -lselinux -lsemanage --SEMODULE_OBJS = semodule.o -+SEMODULE_OBJS = semodule.o sha256.o - - all: semodule genhomedircon - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index 18d4f708661c..3a2fb21c2481 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -95,6 +95,9 @@ only modules listed in \-\-extract after this option. - .B \-H,\-\-hll - Extract module as an HLL file. This only affects the \-\-extract option and - only modules listed in \-\-extract after this option. -+.TP -+.B \-m,\-\-checksum -+Add SHA256 checksum of modules to the list output. - - .SH EXAMPLE - .nf -@@ -130,6 +133,9 @@ $ semodule \-B \-S "/tmp/var/lib/selinux" - # Write the HLL version of puppet and the CIL version of wireshark - # modules at priority 400 to the current working directory - $ semodule \-X 400 \-\-hll \-E puppet \-\-cil \-E wireshark -+# Check whether a module in "localmodule.pp" file is same as installed module "localmodule" -+$ /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum -+$ semodule -l -m | grep localmodule - .fi - - .SH SEE ALSO -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index c815f01546b4..ddbf10455abf 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -25,6 +25,8 @@ - #include - #include - -+#include "sha256.h" -+ - enum client_modes { - NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M, - LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M -@@ -57,6 +59,7 @@ static semanage_handle_t *sh = NULL; - static char *store; - static char *store_root; - int extract_cil = 0; -+static int checksum = 0; - - extern char *optarg; - extern int optind; -@@ -147,6 +150,7 @@ static void usage(char *progname) - printf(" -S,--store-path use an alternate path for the policy store root\n"); - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); -+ printf(" -m, --checksum print module checksum (SHA256).\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -200,6 +204,7 @@ static void parse_command_line(int argc, char **argv) - {"disable", required_argument, NULL, 'd'}, - {"path", required_argument, NULL, 'p'}, - {"store-path", required_argument, NULL, 'S'}, -+ {"checksum", 0, NULL, 'm'}, - {NULL, 0, NULL, 0} - }; - int extract_selected = 0; -@@ -210,7 +215,7 @@ static void parse_command_line(int argc, char **argv) - no_reload = 0; - priority = 400; - while ((i = -- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cH", opts, -+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts, - NULL)) != -1) { - switch (i) { - case 'b': -@@ -287,6 +292,9 @@ static void parse_command_line(int argc, char **argv) - case 'd': - set_mode(DISABLE_M, optarg); - break; -+ case 'm': -+ checksum = 1; -+ break; - case '?': - default:{ - usage(argv[0]); -@@ -338,6 +346,61 @@ static void parse_command_line(int argc, char **argv) - } - } - -+/* Get module checksum */ -+static char *hash_module_data(const char *module_name, const int prio) { -+ semanage_module_info_t *extract_info = NULL; -+ semanage_module_key_t *modkey = NULL; -+ Sha256Context context; -+ uint8_t sha256_hash[SHA256_HASH_SIZE]; -+ char *sha256_buf = NULL; -+ void *data; -+ size_t data_len = 0, i; -+ int result; -+ -+ result = semanage_module_key_create(sh, &modkey); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ result = semanage_module_key_set_name(sh, modkey, module_name); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ result = semanage_module_key_set_priority(sh, modkey, prio); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ result = semanage_module_extract(sh, modkey, 1, &data, &data_len, -+ &extract_info); -+ if (result != 0) { -+ goto cleanup_extract; -+ } -+ -+ Sha256Initialise(&context); -+ Sha256Update(&context, data, data_len); -+ -+ Sha256Finalise(&context, (SHA256_HASH *)sha256_hash); -+ -+ sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1); -+ -+ if (sha256_buf == NULL) -+ goto cleanup_extract; -+ -+ for (i = 0; i < SHA256_HASH_SIZE; i++) { -+ sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]); -+ } -+ sha256_buf[i * 2] = 0; -+ -+cleanup_extract: -+ semanage_module_info_destroy(sh, extract_info); -+ free(extract_info); -+ semanage_module_key_destroy(sh, modkey); -+ free(modkey); -+ return sha256_buf; -+} -+ - int main(int argc, char *argv[]) - { - int i, commit = 0; -@@ -546,6 +609,8 @@ cleanup_extract: - int modinfos_len = 0; - semanage_module_info_t *m = NULL; - int j = 0; -+ char *module_checksum = NULL; -+ uint16_t pri = 0; - - if (verbose) { - printf -@@ -570,7 +635,18 @@ cleanup_extract: - result = semanage_module_info_get_name(sh, m, &name); - if (result != 0) goto cleanup_list; - -- printf("%s\n", name); -+ result = semanage_module_info_get_priority(sh, m, &pri); -+ if (result != 0) goto cleanup_list; -+ -+ printf("%s", name); -+ if (checksum) { -+ module_checksum = hash_module_data(name, pri); -+ if (module_checksum) { -+ printf(" %s", module_checksum); -+ free(module_checksum); -+ } -+ } -+ printf("\n"); - } - } - else if (strcmp(mode_arg, "full") == 0) { -@@ -585,11 +661,12 @@ cleanup_extract: - } - - /* calculate column widths */ -- size_t column[4] = { 0, 0, 0, 0 }; -+ size_t column[5] = { 0, 0, 0, 0, 0 }; - - /* fixed width columns */ - column[0] = sizeof("000") - 1; - column[3] = sizeof("disabled") - 1; -+ column[4] = 64; /* SHA256_HASH_SIZE * 2 */ - - /* variable width columns */ - const char *tmp = NULL; -@@ -612,7 +689,6 @@ cleanup_extract: - - /* print out each module */ - for (j = 0; j < modinfos_len; j++) { -- uint16_t pri = 0; - const char *name = NULL; - int enabled = 0; - const char *lang_ext = NULL; -@@ -631,11 +707,20 @@ cleanup_extract: - result = semanage_module_info_get_lang_ext(sh, m, &lang_ext); - if (result != 0) goto cleanup_list; - -- printf("%0*u %-*s %-*s %-*s\n", -+ printf("%0*u %-*s %-*s %-*s", - (int)column[0], pri, - (int)column[1], name, - (int)column[2], lang_ext, - (int)column[3], enabled ? "" : "disabled"); -+ if (checksum) { -+ module_checksum = hash_module_data(name, pri); -+ if (module_checksum) { -+ printf(" %-*s", (int)column[4], module_checksum); -+ free(module_checksum); -+ } -+ } -+ printf("\n"); -+ - } - } - else { -diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c -new file mode 100644 -index 000000000000..fe2aeef07f53 ---- /dev/null -+++ b/policycoreutils/semodule/sha256.c -@@ -0,0 +1,294 @@ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// WjCryptLib_Sha256 -+// -+// Implementation of SHA256 hash function. -+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org -+// Modified by WaterJuice retaining Public Domain license. -+// -+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// IMPORTS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#include "sha256.h" -+#include -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// MACROS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) -+ -+#define MIN(x, y) ( ((x)<(y))?(x):(y) ) -+ -+#define STORE32H(x, y) \ -+ { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ -+ (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } -+ -+#define LOAD32H(x, y) \ -+ { x = ((uint32_t)((y)[0] & 255)<<24) | \ -+ ((uint32_t)((y)[1] & 255)<<16) | \ -+ ((uint32_t)((y)[2] & 255)<<8) | \ -+ ((uint32_t)((y)[3] & 255)); } -+ -+#define STORE64H(x, y) \ -+ { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ -+ (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ -+ (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ -+ (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// CONSTANTS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+// The K array -+static const uint32_t K[64] = { -+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, -+ 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, -+ 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, -+ 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, -+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, -+ 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, -+ 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, -+ 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, -+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, -+ 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, -+ 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, -+ 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, -+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -+}; -+ -+#define BLOCK_SIZE 64 -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// INTERNAL FUNCTIONS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+// Various logical functions -+#define Ch( x, y, z ) (z ^ (x & (y ^ z))) -+#define Maj( x, y, z ) (((x | y) & z) | (x & y)) -+#define S( x, n ) ror((x),(n)) -+#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) -+#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) -+#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) -+#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) -+#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) -+ -+#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ -+ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ -+ t1 = Sigma0(a) + Maj(a, b, c); \ -+ d += t0; \ -+ h = t0 + t1; -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// TransformFunction -+// -+// Compress 512-bits -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+static -+void -+ TransformFunction -+ ( -+ Sha256Context* Context, -+ uint8_t const* Buffer -+ ) -+{ -+ uint32_t S[8]; -+ uint32_t W[64]; -+ uint32_t t0; -+ uint32_t t1; -+ uint32_t t; -+ int i; -+ -+ // Copy state into S -+ for( i=0; i<8; i++ ) -+ { -+ S[i] = Context->state[i]; -+ } -+ -+ // Copy the state into 512-bits into W[0..15] -+ for( i=0; i<16; i++ ) -+ { -+ LOAD32H( W[i], Buffer + (4*i) ); -+ } -+ -+ // Fill W[16..63] -+ for( i=16; i<64; i++ ) -+ { -+ W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; -+ } -+ -+ // Compress -+ for( i=0; i<64; i++ ) -+ { -+ Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); -+ t = S[7]; -+ S[7] = S[6]; -+ S[6] = S[5]; -+ S[5] = S[4]; -+ S[4] = S[3]; -+ S[3] = S[2]; -+ S[2] = S[1]; -+ S[1] = S[0]; -+ S[0] = t; -+ } -+ -+ // Feedback -+ for( i=0; i<8; i++ ) -+ { -+ Context->state[i] = Context->state[i] + S[i]; -+ } -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// PUBLIC FUNCTIONS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Initialise -+// -+// Initialises a SHA256 Context. Use this to initialise/reset a context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Initialise -+ ( -+ Sha256Context* Context // [out] -+ ) -+{ -+ Context->curlen = 0; -+ Context->length = 0; -+ Context->state[0] = 0x6A09E667UL; -+ Context->state[1] = 0xBB67AE85UL; -+ Context->state[2] = 0x3C6EF372UL; -+ Context->state[3] = 0xA54FF53AUL; -+ Context->state[4] = 0x510E527FUL; -+ Context->state[5] = 0x9B05688CUL; -+ Context->state[6] = 0x1F83D9ABUL; -+ Context->state[7] = 0x5BE0CD19UL; -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Update -+// -+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on -+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Update -+ ( -+ Sha256Context* Context, // [in out] -+ void const* Buffer, // [in] -+ uint32_t BufferSize // [in] -+ ) -+{ -+ uint32_t n; -+ -+ if( Context->curlen > sizeof(Context->buf) ) -+ { -+ return; -+ } -+ -+ while( BufferSize > 0 ) -+ { -+ if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) -+ { -+ TransformFunction( Context, (uint8_t*)Buffer ); -+ Context->length += BLOCK_SIZE * 8; -+ Buffer = (uint8_t*)Buffer + BLOCK_SIZE; -+ BufferSize -= BLOCK_SIZE; -+ } -+ else -+ { -+ n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); -+ memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); -+ Context->curlen += n; -+ Buffer = (uint8_t*)Buffer + n; -+ BufferSize -= n; -+ if( Context->curlen == BLOCK_SIZE ) -+ { -+ TransformFunction( Context, Context->buf ); -+ Context->length += 8*BLOCK_SIZE; -+ Context->curlen = 0; -+ } -+ } -+ } -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Finalise -+// -+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After -+// calling this, Sha256Initialised must be used to reuse the context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Finalise -+ ( -+ Sha256Context* Context, // [in out] -+ SHA256_HASH* Digest // [out] -+ ) -+{ -+ int i; -+ -+ if( Context->curlen >= sizeof(Context->buf) ) -+ { -+ return; -+ } -+ -+ // Increase the length of the message -+ Context->length += Context->curlen * 8; -+ -+ // Append the '1' bit -+ Context->buf[Context->curlen++] = (uint8_t)0x80; -+ -+ // if the length is currently above 56 bytes we append zeros -+ // then compress. Then we can fall back to padding zeros and length -+ // encoding like normal. -+ if( Context->curlen > 56 ) -+ { -+ while( Context->curlen < 64 ) -+ { -+ Context->buf[Context->curlen++] = (uint8_t)0; -+ } -+ TransformFunction(Context, Context->buf); -+ Context->curlen = 0; -+ } -+ -+ // Pad up to 56 bytes of zeroes -+ while( Context->curlen < 56 ) -+ { -+ Context->buf[Context->curlen++] = (uint8_t)0; -+ } -+ -+ // Store length -+ STORE64H( Context->length, Context->buf+56 ); -+ TransformFunction( Context, Context->buf ); -+ -+ // Copy output -+ for( i=0; i<8; i++ ) -+ { -+ STORE32H( Context->state[i], Digest->bytes+(4*i) ); -+ } -+} -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Calculate -+// -+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the -+// buffer. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Calculate -+ ( -+ void const* Buffer, // [in] -+ uint32_t BufferSize, // [in] -+ SHA256_HASH* Digest // [in] -+ ) -+{ -+ Sha256Context context; -+ -+ Sha256Initialise( &context ); -+ Sha256Update( &context, Buffer, BufferSize ); -+ Sha256Finalise( &context, Digest ); -+} -diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h -new file mode 100644 -index 000000000000..406ed869cd82 ---- /dev/null -+++ b/policycoreutils/semodule/sha256.h -@@ -0,0 +1,89 @@ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// WjCryptLib_Sha256 -+// -+// Implementation of SHA256 hash function. -+// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org -+// Modified by WaterJuice retaining Public Domain license. -+// -+// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#pragma once -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// IMPORTS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+#include -+#include -+ -+typedef struct -+{ -+ uint64_t length; -+ uint32_t state[8]; -+ uint32_t curlen; -+ uint8_t buf[64]; -+} Sha256Context; -+ -+#define SHA256_HASH_SIZE ( 256 / 8 ) -+ -+typedef struct -+{ -+ uint8_t bytes [SHA256_HASH_SIZE]; -+} SHA256_HASH; -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// PUBLIC FUNCTIONS -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Initialise -+// -+// Initialises a SHA256 Context. Use this to initialise/reset a context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Initialise -+ ( -+ Sha256Context* Context // [out] -+ ); -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Update -+// -+// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on -+// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Update -+ ( -+ Sha256Context* Context, // [in out] -+ void const* Buffer, // [in] -+ uint32_t BufferSize // [in] -+ ); -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Finalise -+// -+// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After -+// calling this, Sha256Initialised must be used to reuse the context. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Finalise -+ ( -+ Sha256Context* Context, // [in out] -+ SHA256_HASH* Digest // [out] -+ ); -+ -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+// Sha256Calculate -+// -+// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the -+// buffer. -+//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -+void -+ Sha256Calculate -+ ( -+ void const* Buffer, // [in] -+ uint32_t BufferSize, // [in] -+ SHA256_HASH* Digest // [in] -+ ); --- -2.33.1 - diff --git a/SOURCES/0021-semodule-Fix-lang_ext-column-index.patch b/SOURCES/0021-semodule-Fix-lang_ext-column-index.patch deleted file mode 100644 index 2c0581b..0000000 --- a/SOURCES/0021-semodule-Fix-lang_ext-column-index.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 7537374e7f5802852c0c64b4cb2a9646402e3cba Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 16 Nov 2021 16:11:22 +0100 -Subject: [PATCH] semodule: Fix lang_ext column index - -lang_ext is 3. column - index number 2. - -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - policycoreutils/semodule/semodule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index ddbf10455abf..57f005ce2c62 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -684,7 +684,7 @@ cleanup_extract: - if (result != 0) goto cleanup_list; - - size = strlen(tmp); -- if (size > column[3]) column[3] = size; -+ if (size > column[2]) column[2] = size; - } - - /* print out each module */ --- -2.33.1 - diff --git a/SOURCES/0022-semodule-Don-t-forget-to-munmap-data.patch b/SOURCES/0022-semodule-Don-t-forget-to-munmap-data.patch deleted file mode 100644 index fa7fcd2..0000000 --- a/SOURCES/0022-semodule-Don-t-forget-to-munmap-data.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 0c4e5d70fde006977e798d6cc7d80db2e8af7bb9 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 23 Nov 2021 17:38:51 +0100 -Subject: [PATCH] semodule: Don't forget to munmap() data - -semanage_module_extract() mmap()'s the module raw data but it leaves on -the caller to munmap() them. - -Reported-by: Ondrej Mosnacek -Signed-off-by: Petr Lautrbach -Acked-by: James Carter ---- - policycoreutils/semodule/semodule.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 57f005ce2c62..94a9d131bb79 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -394,6 +394,9 @@ static char *hash_module_data(const char *module_name, const int prio) { - sha256_buf[i * 2] = 0; - - cleanup_extract: -+ if (data_len > 0) { -+ munmap(data, data_len); -+ } - semanage_module_info_destroy(sh, extract_info); - free(extract_info); - semanage_module_key_destroy(sh, modkey); --- -2.33.1 - diff --git a/SOURCES/0023-semodule-libsemanage-move-module-hashing-into-libsem.patch b/SOURCES/0023-semodule-libsemanage-move-module-hashing-into-libsem.patch deleted file mode 100644 index 8fcd481..0000000 --- a/SOURCES/0023-semodule-libsemanage-move-module-hashing-into-libsem.patch +++ /dev/null @@ -1,539 +0,0 @@ -From 7809f29b68e17a455478990ae9b22728381a126b Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 3 Feb 2022 17:53:23 +0100 -Subject: [PATCH] semodule,libsemanage: move module hashing into libsemanage - -The main goal of this move is to have the SHA-256 implementation under -libsemanage, since upcoming patches will make use of SHA-256 for a -different (but similar) purpose in libsemanage. Having the hashing code -in libsemanage will reduce code duplication and allow for easier hash -algorithm upgrade in the future. - -Note that libselinux currently also contains a hash function -implementation (for yet another different purpose). This patch doesn't -make any effort to address that duplicity yet. - -This patch also changes the format of the hash string printed by -semodule to include the name of the hash. The intent is to avoid -ambiguity and potential collisions when the algorithm is potentially -changed in the future. - -Signed-off-by: Ondrej Mosnacek ---- - policycoreutils/semodule/Makefile | 2 +- - policycoreutils/semodule/semodule.c | 53 ++--- - policycoreutils/semodule/sha256.c | 294 ---------------------------- - policycoreutils/semodule/sha256.h | 89 --------- - 4 files changed, 17 insertions(+), 421 deletions(-) - delete mode 100644 policycoreutils/semodule/sha256.c - delete mode 100644 policycoreutils/semodule/sha256.h - -diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile -index 9875ac383280..73801e487a76 100644 ---- a/policycoreutils/semodule/Makefile -+++ b/policycoreutils/semodule/Makefile -@@ -6,7 +6,7 @@ MANDIR = $(PREFIX)/share/man - - CFLAGS ?= -Werror -Wall -W - override LDLIBS += -lsepol -lselinux -lsemanage --SEMODULE_OBJS = semodule.o sha256.o -+SEMODULE_OBJS = semodule.o - - all: semodule genhomedircon - -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index 94a9d131bb79..f4a76289efa3 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -25,8 +25,6 @@ - #include - #include - --#include "sha256.h" -- - enum client_modes { - NO_MODE, INSTALL_M, REMOVE_M, EXTRACT_M, CIL_M, HLL_M, - LIST_M, RELOAD, PRIORITY_M, ENABLE_M, DISABLE_M -@@ -348,60 +346,38 @@ static void parse_command_line(int argc, char **argv) - - /* Get module checksum */ - static char *hash_module_data(const char *module_name, const int prio) { -- semanage_module_info_t *extract_info = NULL; - semanage_module_key_t *modkey = NULL; -- Sha256Context context; -- uint8_t sha256_hash[SHA256_HASH_SIZE]; -- char *sha256_buf = NULL; -- void *data; -- size_t data_len = 0, i; -+ char *hash_str = NULL; -+ void *hash = NULL; -+ size_t hash_len = 0; - int result; - - result = semanage_module_key_create(sh, &modkey); - if (result != 0) { -- goto cleanup_extract; -+ goto cleanup; - } - - result = semanage_module_key_set_name(sh, modkey, module_name); - if (result != 0) { -- goto cleanup_extract; -+ goto cleanup; - } - - result = semanage_module_key_set_priority(sh, modkey, prio); - if (result != 0) { -- goto cleanup_extract; -+ goto cleanup; - } - -- result = semanage_module_extract(sh, modkey, 1, &data, &data_len, -- &extract_info); -+ result = semanage_module_compute_checksum(sh, modkey, 1, &hash_str, -+ &hash_len); - if (result != 0) { -- goto cleanup_extract; -- } -- -- Sha256Initialise(&context); -- Sha256Update(&context, data, data_len); -- -- Sha256Finalise(&context, (SHA256_HASH *)sha256_hash); -- -- sha256_buf = calloc(1, SHA256_HASH_SIZE * 2 + 1); -- -- if (sha256_buf == NULL) -- goto cleanup_extract; -- -- for (i = 0; i < SHA256_HASH_SIZE; i++) { -- sprintf((&sha256_buf[i * 2]), "%02x", sha256_hash[i]); -+ goto cleanup; - } -- sha256_buf[i * 2] = 0; - --cleanup_extract: -- if (data_len > 0) { -- munmap(data, data_len); -- } -- semanage_module_info_destroy(sh, extract_info); -- free(extract_info); -+cleanup: -+ free(hash); - semanage_module_key_destroy(sh, modkey); - free(modkey); -- return sha256_buf; -+ return hash_str; - } - - int main(int argc, char *argv[]) -@@ -669,7 +645,10 @@ cleanup_extract: - /* fixed width columns */ - column[0] = sizeof("000") - 1; - column[3] = sizeof("disabled") - 1; -- column[4] = 64; /* SHA256_HASH_SIZE * 2 */ -+ -+ result = semanage_module_compute_checksum(sh, NULL, 0, NULL, -+ &column[4]); -+ if (result != 0) goto cleanup_list; - - /* variable width columns */ - const char *tmp = NULL; -diff --git a/policycoreutils/semodule/sha256.c b/policycoreutils/semodule/sha256.c -deleted file mode 100644 -index fe2aeef07f53..000000000000 ---- a/policycoreutils/semodule/sha256.c -+++ /dev/null -@@ -1,294 +0,0 @@ --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// WjCryptLib_Sha256 --// --// Implementation of SHA256 hash function. --// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org --// Modified by WaterJuice retaining Public Domain license. --// --// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// IMPORTS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#include "sha256.h" --#include -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// MACROS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits)))) -- --#define MIN(x, y) ( ((x)<(y))?(x):(y) ) -- --#define STORE32H(x, y) \ -- { (y)[0] = (uint8_t)(((x)>>24)&255); (y)[1] = (uint8_t)(((x)>>16)&255); \ -- (y)[2] = (uint8_t)(((x)>>8)&255); (y)[3] = (uint8_t)((x)&255); } -- --#define LOAD32H(x, y) \ -- { x = ((uint32_t)((y)[0] & 255)<<24) | \ -- ((uint32_t)((y)[1] & 255)<<16) | \ -- ((uint32_t)((y)[2] & 255)<<8) | \ -- ((uint32_t)((y)[3] & 255)); } -- --#define STORE64H(x, y) \ -- { (y)[0] = (uint8_t)(((x)>>56)&255); (y)[1] = (uint8_t)(((x)>>48)&255); \ -- (y)[2] = (uint8_t)(((x)>>40)&255); (y)[3] = (uint8_t)(((x)>>32)&255); \ -- (y)[4] = (uint8_t)(((x)>>24)&255); (y)[5] = (uint8_t)(((x)>>16)&255); \ -- (y)[6] = (uint8_t)(((x)>>8)&255); (y)[7] = (uint8_t)((x)&255); } -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// CONSTANTS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --// The K array --static const uint32_t K[64] = { -- 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, -- 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, -- 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, -- 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, -- 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, -- 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, -- 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, -- 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, -- 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, -- 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, -- 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, -- 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, -- 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL --}; -- --#define BLOCK_SIZE 64 -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// INTERNAL FUNCTIONS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --// Various logical functions --#define Ch( x, y, z ) (z ^ (x & (y ^ z))) --#define Maj( x, y, z ) (((x | y) & z) | (x & y)) --#define S( x, n ) ror((x),(n)) --#define R( x, n ) (((x)&0xFFFFFFFFUL)>>(n)) --#define Sigma0( x ) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) --#define Sigma1( x ) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) --#define Gamma0( x ) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) --#define Gamma1( x ) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) -- --#define Sha256Round( a, b, c, d, e, f, g, h, i ) \ -- t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ -- t1 = Sigma0(a) + Maj(a, b, c); \ -- d += t0; \ -- h = t0 + t1; -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// TransformFunction --// --// Compress 512-bits --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --static --void -- TransformFunction -- ( -- Sha256Context* Context, -- uint8_t const* Buffer -- ) --{ -- uint32_t S[8]; -- uint32_t W[64]; -- uint32_t t0; -- uint32_t t1; -- uint32_t t; -- int i; -- -- // Copy state into S -- for( i=0; i<8; i++ ) -- { -- S[i] = Context->state[i]; -- } -- -- // Copy the state into 512-bits into W[0..15] -- for( i=0; i<16; i++ ) -- { -- LOAD32H( W[i], Buffer + (4*i) ); -- } -- -- // Fill W[16..63] -- for( i=16; i<64; i++ ) -- { -- W[i] = Gamma1( W[i-2]) + W[i-7] + Gamma0( W[i-15] ) + W[i-16]; -- } -- -- // Compress -- for( i=0; i<64; i++ ) -- { -- Sha256Round( S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i ); -- t = S[7]; -- S[7] = S[6]; -- S[6] = S[5]; -- S[5] = S[4]; -- S[4] = S[3]; -- S[3] = S[2]; -- S[2] = S[1]; -- S[1] = S[0]; -- S[0] = t; -- } -- -- // Feedback -- for( i=0; i<8; i++ ) -- { -- Context->state[i] = Context->state[i] + S[i]; -- } --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// PUBLIC FUNCTIONS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Initialise --// --// Initialises a SHA256 Context. Use this to initialise/reset a context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Initialise -- ( -- Sha256Context* Context // [out] -- ) --{ -- Context->curlen = 0; -- Context->length = 0; -- Context->state[0] = 0x6A09E667UL; -- Context->state[1] = 0xBB67AE85UL; -- Context->state[2] = 0x3C6EF372UL; -- Context->state[3] = 0xA54FF53AUL; -- Context->state[4] = 0x510E527FUL; -- Context->state[5] = 0x9B05688CUL; -- Context->state[6] = 0x1F83D9ABUL; -- Context->state[7] = 0x5BE0CD19UL; --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Update --// --// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on --// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Update -- ( -- Sha256Context* Context, // [in out] -- void const* Buffer, // [in] -- uint32_t BufferSize // [in] -- ) --{ -- uint32_t n; -- -- if( Context->curlen > sizeof(Context->buf) ) -- { -- return; -- } -- -- while( BufferSize > 0 ) -- { -- if( Context->curlen == 0 && BufferSize >= BLOCK_SIZE ) -- { -- TransformFunction( Context, (uint8_t*)Buffer ); -- Context->length += BLOCK_SIZE * 8; -- Buffer = (uint8_t*)Buffer + BLOCK_SIZE; -- BufferSize -= BLOCK_SIZE; -- } -- else -- { -- n = MIN( BufferSize, (BLOCK_SIZE - Context->curlen) ); -- memcpy( Context->buf + Context->curlen, Buffer, (size_t)n ); -- Context->curlen += n; -- Buffer = (uint8_t*)Buffer + n; -- BufferSize -= n; -- if( Context->curlen == BLOCK_SIZE ) -- { -- TransformFunction( Context, Context->buf ); -- Context->length += 8*BLOCK_SIZE; -- Context->curlen = 0; -- } -- } -- } --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Finalise --// --// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After --// calling this, Sha256Initialised must be used to reuse the context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Finalise -- ( -- Sha256Context* Context, // [in out] -- SHA256_HASH* Digest // [out] -- ) --{ -- int i; -- -- if( Context->curlen >= sizeof(Context->buf) ) -- { -- return; -- } -- -- // Increase the length of the message -- Context->length += Context->curlen * 8; -- -- // Append the '1' bit -- Context->buf[Context->curlen++] = (uint8_t)0x80; -- -- // if the length is currently above 56 bytes we append zeros -- // then compress. Then we can fall back to padding zeros and length -- // encoding like normal. -- if( Context->curlen > 56 ) -- { -- while( Context->curlen < 64 ) -- { -- Context->buf[Context->curlen++] = (uint8_t)0; -- } -- TransformFunction(Context, Context->buf); -- Context->curlen = 0; -- } -- -- // Pad up to 56 bytes of zeroes -- while( Context->curlen < 56 ) -- { -- Context->buf[Context->curlen++] = (uint8_t)0; -- } -- -- // Store length -- STORE64H( Context->length, Context->buf+56 ); -- TransformFunction( Context, Context->buf ); -- -- // Copy output -- for( i=0; i<8; i++ ) -- { -- STORE32H( Context->state[i], Digest->bytes+(4*i) ); -- } --} -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Calculate --// --// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the --// buffer. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Calculate -- ( -- void const* Buffer, // [in] -- uint32_t BufferSize, // [in] -- SHA256_HASH* Digest // [in] -- ) --{ -- Sha256Context context; -- -- Sha256Initialise( &context ); -- Sha256Update( &context, Buffer, BufferSize ); -- Sha256Finalise( &context, Digest ); --} -diff --git a/policycoreutils/semodule/sha256.h b/policycoreutils/semodule/sha256.h -deleted file mode 100644 -index 406ed869cd82..000000000000 ---- a/policycoreutils/semodule/sha256.h -+++ /dev/null -@@ -1,89 +0,0 @@ --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// WjCryptLib_Sha256 --// --// Implementation of SHA256 hash function. --// Original author: Tom St Denis, tomstdenis@gmail.com, http://libtom.org --// Modified by WaterJuice retaining Public Domain license. --// --// This is free and unencumbered software released into the public domain - June 2013 waterjuice.org --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#pragma once -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// IMPORTS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --#include --#include -- --typedef struct --{ -- uint64_t length; -- uint32_t state[8]; -- uint32_t curlen; -- uint8_t buf[64]; --} Sha256Context; -- --#define SHA256_HASH_SIZE ( 256 / 8 ) -- --typedef struct --{ -- uint8_t bytes [SHA256_HASH_SIZE]; --} SHA256_HASH; -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// PUBLIC FUNCTIONS --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Initialise --// --// Initialises a SHA256 Context. Use this to initialise/reset a context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Initialise -- ( -- Sha256Context* Context // [out] -- ); -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Update --// --// Adds data to the SHA256 context. This will process the data and update the internal state of the context. Keep on --// calling this function until all the data has been added. Then call Sha256Finalise to calculate the hash. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Update -- ( -- Sha256Context* Context, // [in out] -- void const* Buffer, // [in] -- uint32_t BufferSize // [in] -- ); -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Finalise --// --// Performs the final calculation of the hash and returns the digest (32 byte buffer containing 256bit hash). After --// calling this, Sha256Initialised must be used to reuse the context. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Finalise -- ( -- Sha256Context* Context, // [in out] -- SHA256_HASH* Digest // [out] -- ); -- --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --// Sha256Calculate --// --// Combines Sha256Initialise, Sha256Update, and Sha256Finalise into one function. Calculates the SHA256 hash of the --// buffer. --//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// --void -- Sha256Calculate -- ( -- void const* Buffer, // [in] -- uint32_t BufferSize, // [in] -- SHA256_HASH* Digest // [in] -- ); --- -2.34.1 - diff --git a/SOURCES/0024-semodule-add-command-line-option-to-detect-module-ch.patch b/SOURCES/0024-semodule-add-command-line-option-to-detect-module-ch.patch deleted file mode 100644 index 93b5421..0000000 --- a/SOURCES/0024-semodule-add-command-line-option-to-detect-module-ch.patch +++ /dev/null @@ -1,144 +0,0 @@ -From 9341da3478625bb2ba2e7d4f3e227735cc9c8198 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Thu, 3 Feb 2022 17:53:27 +0100 -Subject: [PATCH] semodule: add command-line option to detect module changes - -Add a new command-line option "--rebuild-if-modules-changed" to control -the newly introduced check_ext_changes libsemanage flag. - -For example, running `semodule --rebuild-if-modules-changed` will ensure -that any externally added/removed modules (e.g. by an RPM transaction) -are reflected in the compiled policy, while skipping the most expensive -part of the rebuild if no module change was deteceted since the last -libsemanage transaction. - -Signed-off-by: Ondrej Mosnacek ---- - policycoreutils/semodule/semodule.8 | 7 +++++++ - policycoreutils/semodule/semodule.c | 32 ++++++++++++++++++++++------- - 2 files changed, 32 insertions(+), 7 deletions(-) - -diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 -index 3a2fb21c2481..d1735d216276 100644 ---- a/policycoreutils/semodule/semodule.8 -+++ b/policycoreutils/semodule/semodule.8 -@@ -23,6 +23,13 @@ force a reload of policy - .B \-B, \-\-build - force a rebuild of policy (also reloads unless \-n is used) - .TP -+.B \-\-rebuild-if-modules-changed -+Force a rebuild of the policy if any changes to module content are detected -+(by comparing with checksum from the last transaction). One can use this -+instead of \-B to ensure that any changes to the module store done by an -+external tool (e.g. a package manager) are applied, while automatically -+skipping the rebuild if there are no new changes. -+.TP - .B \-D, \-\-disable_dontaudit - Temporarily remove dontaudits from policy. Reverts whenever policy is rebuilt - .TP -diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c -index f4a76289efa3..1ed8e69054e0 100644 ---- a/policycoreutils/semodule/semodule.c -+++ b/policycoreutils/semodule/semodule.c -@@ -47,6 +47,7 @@ static int verbose; - static int reload; - static int no_reload; - static int build; -+static int check_ext_changes; - static int disable_dontaudit; - static int preserve_tunables; - static int ignore_module_cache; -@@ -149,6 +150,9 @@ static void usage(char *progname) - printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); - printf(" -H, --hll extract module as hll. This only affects module extraction.\n"); - printf(" -m, --checksum print module checksum (SHA256).\n"); -+ printf(" --rebuild-if-modules-changed\n" -+ " force policy rebuild if module content changed since\n" -+ " last rebuild (based on checksum)\n"); - } - - /* Sets the global mode variable to new_mode, but only if no other -@@ -180,6 +184,7 @@ static void set_mode(enum client_modes new_mode, char *arg) - static void parse_command_line(int argc, char **argv) - { - static struct option opts[] = { -+ {"rebuild-if-modules-changed", 0, NULL, '\0'}, - {"store", required_argument, NULL, 's'}, - {"base", required_argument, NULL, 'b'}, - {"help", 0, NULL, 'h'}, -@@ -207,15 +212,26 @@ static void parse_command_line(int argc, char **argv) - }; - int extract_selected = 0; - int cil_hll_set = 0; -- int i; -+ int i, longind; - verbose = 0; - reload = 0; - no_reload = 0; -+ check_ext_changes = 0; - priority = 400; - while ((i = -- getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", opts, -- NULL)) != -1) { -+ getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", -+ opts, &longind)) != -1) { - switch (i) { -+ case '\0': -+ switch(longind) { -+ case 0: /* --rebuild-if-modules-changed */ -+ check_ext_changes = 1; -+ break; -+ default: -+ usage(argv[0]); -+ exit(1); -+ } -+ break; - case 'b': - fprintf(stderr, "The --base option is deprecated. Use --install instead.\n"); - set_mode(INSTALL_M, optarg); -@@ -300,13 +316,13 @@ static void parse_command_line(int argc, char **argv) - } - } - } -- if ((build || reload) && num_commands) { -+ if ((build || reload || check_ext_changes) && num_commands) { - fprintf(stderr, - "build or reload should not be used with other commands\n"); - usage(argv[0]); - exit(1); - } -- if (num_commands == 0 && reload == 0 && build == 0) { -+ if (num_commands == 0 && reload == 0 && build == 0 && check_ext_changes == 0) { - fprintf(stderr, "At least one mode must be specified.\n"); - usage(argv[0]); - exit(1); -@@ -395,7 +411,7 @@ int main(int argc, char *argv[]) - - cil_set_log_level(CIL_ERR + verbose); - -- if (build) -+ if (build || check_ext_changes) - commit = 1; - - sh = semanage_handle_create(); -@@ -434,7 +450,7 @@ int main(int argc, char *argv[]) - } - } - -- if (build) { -+ if (build || check_ext_changes) { - if ((result = semanage_begin_transaction(sh)) < 0) { - fprintf(stderr, "%s: Could not begin transaction: %s\n", - argv[0], errno ? strerror(errno) : ""); -@@ -807,6 +823,8 @@ cleanup_disable: - semanage_set_reload(sh, 0); - if (build) - semanage_set_rebuild(sh, 1); -+ if (check_ext_changes) -+ semanage_set_check_ext_changes(sh, 1); - if (disable_dontaudit) - semanage_set_disable_dontaudit(sh, 1); - else if (build) --- -2.34.1 - diff --git a/SOURCES/0025-policycoreutils-fixfiles-Use-parallel-relabeling.patch b/SOURCES/0025-policycoreutils-fixfiles-Use-parallel-relabeling.patch deleted file mode 100644 index ff2de09..0000000 --- a/SOURCES/0025-policycoreutils-fixfiles-Use-parallel-relabeling.patch +++ /dev/null @@ -1,180 +0,0 @@ -From 09f700e9f953769d1697c46179faba32e4b80c0f Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Fri, 4 Feb 2022 13:41:12 +0100 -Subject: [PATCH] policycoreutils/fixfiles: Use parallel relabeling - -Commit 93902fc8340f ("setfiles/restorecon: support parallel relabeling") -implemented support for parallel relabeling in setfiles. This is -available for fixfiles now. - -Signed-off-by: Petr Lautrbach ---- - policycoreutils/scripts/fixfiles | 35 +++++++++++++++++------------- - policycoreutils/scripts/fixfiles.8 | 17 ++++++++++----- - 2 files changed, 31 insertions(+), 21 deletions(-) - -diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index cb20002ab613..a4a419ab62de 100755 ---- a/policycoreutils/scripts/fixfiles -+++ b/policycoreutils/scripts/fixfiles -@@ -110,6 +110,7 @@ BOOTTIME="" - VERBOSE="-p" - [ -t 1 ] || VERBOSE="" - FORCEFLAG="" -+THREADS="" - RPMFILES="" - PREFC="" - RESTORE_MODE="" -@@ -153,7 +154,7 @@ newer() { - shift - LogReadOnly - for m in `echo $FILESYSTEMSRW`; do -- find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} $* -i -0 -f - -+ find $m -mount -newermt $DATE -print0 2>/dev/null | ${RESTORECON} ${FORCEFLAG} ${VERBOSE} ${THREADS} $* -i -0 -f - - done; - } - -@@ -197,7 +198,7 @@ if [ -f ${PREFC} -a -x /usr/bin/diff ]; then - esac; \ - fi; \ - done | \ -- ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f -; \ -+ ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f -; \ - rm -f ${TEMPFILE} ${PREFCTEMPFILE} - fi - } -@@ -235,11 +236,11 @@ LogExcluded - case "$RESTORE_MODE" in - RPMFILES) - for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do -- rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -i -R -f - -+ rpmlist $i | ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -i -R -f - - done - ;; - FILEPATH) -- ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH" -+ ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -R -- "$FILEPATH" - ;; - *) - if [ -n "${FILESYSTEMSRW}" ]; then -@@ -247,7 +248,7 @@ case "$RESTORE_MODE" in - echo "${OPTION}ing `echo ${FILESYSTEMSRW}`" - - if [ -z "$BIND_MOUNT_FILESYSTEMS" ]; then -- ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} ${FILESYSTEMSRW} -+ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${THREADS} ${FC} ${FILESYSTEMSRW} - else - # we bind mount so we can fix the labels of files that have already been - # mounted over -@@ -257,7 +258,7 @@ case "$RESTORE_MODE" in - - mkdir -p "${TMP_MOUNT}${m}" || exit 1 - mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1 -- ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}" -+ ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}" - umount "${TMP_MOUNT}${m}" || exit 1 - rm -rf "${TMP_MOUNT}" || echo "Error cleaning up." - done; -@@ -330,8 +331,9 @@ case "$1" in - fi - > /.autorelabel || exit $? - [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel -- [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel -- [ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo "-M" >> /.autorelabel -+ [ -z "$BOOTTIME" ] || echo -n "-N $BOOTTIME " >> /.autorelabel -+ [ -z "$BIND_MOUNT_FILESYSTEMS" ] || echo -n "-M " >> /.autorelabel -+ [ -z "$THREADS" ] || echo -n "$THREADS " >> /.autorelabel - # Force full relabel if SELinux is not enabled - selinuxenabled || echo -F > /.autorelabel - echo "System will relabel on next boot" -@@ -343,17 +345,17 @@ esac - } - usage() { - echo $""" --Usage: $0 [-v] [-F] [-M] [-f] relabel -+Usage: $0 [-v] [-F] [-M] [-f] [-T nthreads] relabel - or --Usage: $0 [-v] [-F] [-B | -N time ] { check | restore | verify } -+Usage: $0 [-v] [-F] [-B | -N time ] [-T nthreads] { check | restore | verify } - or --Usage: $0 [-v] [-F] { check | restore | verify } dir/file ... -+Usage: $0 [-v] [-F] [-T nthreads] { check | restore | verify } dir/file ... - or --Usage: $0 [-v] [-F] -R rpmpackage[,rpmpackage...] { check | restore | verify } -+Usage: $0 [-v] [-F] [-T nthreads] -R rpmpackage[,rpmpackage...] { check | restore | verify } - or --Usage: $0 [-v] [-F] -C PREVIOUS_FILECONTEXT { check | restore | verify } -+Usage: $0 [-v] [-F] [-T nthreads] -C PREVIOUS_FILECONTEXT { check | restore | verify } - or --Usage: $0 [-F] [-M] [-B] onboot -+Usage: $0 [-F] [-M] [-B] [-T nthreads] onboot - """ - } - -@@ -372,7 +374,7 @@ set_restore_mode() { - } - - # See how we were called. --while getopts "N:BC:FfR:l:vM" i; do -+while getopts "N:BC:FfR:l:vMT:" i; do - case "$i" in - B) - BOOTTIME=`/bin/who -b | awk '{print $3}'` -@@ -407,6 +409,9 @@ while getopts "N:BC:FfR:l:vM" i; do - f) - fullFlag=1 - ;; -+ T) -+ THREADS="-T $OPTARG" -+ ;; - *) - usage - exit 1 -diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8 -index c4e894e56e8f..9a317d9181e2 100644 ---- a/policycoreutils/scripts/fixfiles.8 -+++ b/policycoreutils/scripts/fixfiles.8 -@@ -6,22 +6,22 @@ fixfiles \- fix file SELinux security contexts. - .na - - .B fixfiles --.I [\-v] [\-F] [-M] [\-f] relabel -+.I [\-v] [\-F] [-M] [\-f] [\-T nthreads] relabel - - .B fixfiles --.I [\-v] [\-F] { check | restore | verify } dir/file ... -+.I [\-v] [\-F] [\-T nthreads] { check | restore | verify } dir/file ... - - .B fixfiles --.I [\-v] [\-F] [\-B | \-N time ] { check | restore | verify } -+.I [\-v] [\-F] [\-B | \-N time ] [\-T nthreads] { check | restore | verify } - - .B fixfiles --.I [\-v] [\-F] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify } -+.I [\-v] [\-F] [\-T nthreads] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify } - - .B fixfiles --.I [\-v] [\-F] \-C PREVIOUS_FILECONTEXT { check | restore | verify } -+.I [\-v] [\-F] [\-T nthreads] \-C PREVIOUS_FILECONTEXT { check | restore | verify } - - .B fixfiles --.I [-F] [-M] [-B] onboot -+.I [-F] [-M] [-B] [\-T nthreads] onboot - - .ad - -@@ -76,6 +76,11 @@ Bind mount filesystems before relabeling them, this allows fixing the context of - .B -v - Modify verbosity from progress to verbose. (Run restorecon with \-v instead of \-p) - -+.TP -+.B \-T nthreads -+Use parallel relabeling, see -+.B setfiles(8) -+ - .SH "ARGUMENTS" - One of: - .TP --- -2.34.1 - diff --git a/SOURCES/0026-policycoreutils-Improve-error-message-when-selabel_o.patch b/SOURCES/0026-policycoreutils-Improve-error-message-when-selabel_o.patch deleted file mode 100644 index 46617fe..0000000 --- a/SOURCES/0026-policycoreutils-Improve-error-message-when-selabel_o.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d83caa39d7ff497bddabb54619a8985227ad1264 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 10 Jan 2022 18:35:27 +0100 -Subject: [PATCH] policycoreutils: Improve error message when selabel_open - fails - -When selabel_open fails to locate file_context files and -selabel_opt_path is not specified (e.g. when the policy type is -missconfigured in /etc/selinux/config), perror only prints -"No such file or directory". -This can be confusing in case of "restorecon" since it's -not apparent that the issue is in policy store. - -Before: - \# restorecon -v /tmp/foo.txt - No such file or directory -After: - \# restorecon -v /tmp/foo.txt - /etc/selinux/yolo/contexts/files/file_contexts: No such file or directory - -Signed-off-by: Vit Mojzis ---- - policycoreutils/setfiles/restore.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c -index 74d48bb3752d..e9ae33ad039a 100644 ---- a/policycoreutils/setfiles/restore.c -+++ b/policycoreutils/setfiles/restore.c -@@ -29,7 +29,7 @@ void restore_init(struct restore_opts *opts) - - opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3); - if (!opts->hnd) { -- perror(opts->selabel_opt_path); -+ perror(opts->selabel_opt_path ? opts->selabel_opt_path : selinux_file_context_path()); - exit(1); - } - --- -2.35.1 - diff --git a/SOURCES/selinux-autorelabel b/SOURCES/selinux-autorelabel index 22c2143..5290c8c 100755 --- a/SOURCES/selinux-autorelabel +++ b/SOURCES/selinux-autorelabel @@ -51,9 +51,15 @@ relabel_selinux() { echo $"*** Relabeling could take a very long time, depending on file" echo $"*** system size and speed of hard drives." - FORCE=`cat /.autorelabel` - [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug - /sbin/fixfiles $FORCE restore + OPTS=`cat /.autorelabel` + # by default, use as many threads as there are available + # another -T X in $OPTS will override the default value + OPTS="-T 0 $OPTS" + + [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug + echo + echo $"Running: /sbin/fixfiles $OPTS restore" + /sbin/fixfiles $OPTS restore fi rm -f /.autorelabel @@ -63,7 +69,7 @@ relabel_selinux() { grub2-editenv - incr boot_indeterminate >/dev/null 2>&1 fi sync - systemctl --force reboot + systemctl reboot } # Check to see if a full relabel is needed diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec index 36f041a..3b5d66f 100644 --- a/SPECS/policycoreutils.spec +++ b/SPECS/policycoreutils.spec @@ -1,7 +1,7 @@ %global libauditver 3.0 -%global libsepolver 3.3-1 -%global libsemanagever 3.3-2 -%global libselinuxver 3.3-2 +%global libsepolver 3.4-1 +%global libsemanagever 3.4-1 +%global libselinuxver 3.4-1 %global generatorsdir %{_prefix}/lib/systemd/system-generators @@ -10,11 +10,11 @@ Summary: SELinux policy core utilities Name: policycoreutils -Version: 3.3 -Release: 6%{?dist} +Version: 3.4 +Release: 3%{?dist} License: GPLv2 # https://github.com/SELinuxProject/selinux/wiki/Releases -Source0: https://github.com/SELinuxProject/selinux/releases/download/3.3/selinux-3.3.tar.gz +Source0: https://github.com/SELinuxProject/selinux/releases/download/3.4/selinux-3.4.tar.gz URL: https://github.com/SELinuxProject/selinux Source13: system-config-selinux.png Source14: sepolicy-icons.tgz @@ -28,7 +28,7 @@ Source21: python-po.tgz Source22: gui-po.tgz Source23: sandbox-po.tgz # https://github.com/fedora-selinux/selinux -# $ git format-patch -N 3.3 -- policycoreutils python gui sandbox dbus semodule-utils restorecond +# $ git format-patch -N 3.4 -- policycoreutils python gui sandbox dbus semodule-utils restorecond # $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done # Patch list start Patch0001: 0001-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch @@ -38,27 +38,14 @@ Patch0004: 0004-Simplication-of-sepolicy-manpage-web-functionality.-.patch Patch0005: 0005-We-want-to-remove-the-trailing-newline-for-etc-syste.patch Patch0006: 0006-Fix-title-in-manpage.py-to-not-contain-online.patch Patch0007: 0007-Don-t-be-verbose-if-you-are-not-on-a-tty.patch -Patch0008: 0008-sepolicy-Drop-old-interface-file_type_is_executable-.patch -Patch0009: 0009-sepolicy-Another-small-optimization-for-mcs-types.patch -Patch0010: 0010-Move-po-translation-files-into-the-right-sub-directo.patch -Patch0011: 0011-Use-correct-gettext-domains-in-python-gui-sandbox.patch -Patch0012: 0012-Initial-.pot-files-for-gui-python-sandbox.patch -Patch0013: 0013-policycoreutils-setfiles-Improve-description-of-d-sw.patch -Patch0014: 0014-sepolicy-generate-Handle-more-reserved-port-types.patch -Patch0015: 0015-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch -Patch0016: 0016-sandbox-Use-matchbox-window-manager-instead-of-openb.patch -Patch0017: 0017-sepolicy-Fix-flake8-warnings-in-Fedora-only-code.patch -Patch0018: 0018-Use-SHA-2-instead-of-SHA-1.patch -Patch0019: 0019-setfiles-restorecon-support-parallel-relabeling.patch -Patch0020: 0020-semodule-add-m-checksum-option.patch -Patch0021: 0021-semodule-Fix-lang_ext-column-index.patch -Patch0022: 0022-semodule-Don-t-forget-to-munmap-data.patch -Patch0023: 0023-semodule-libsemanage-move-module-hashing-into-libsem.patch -Patch0024: 0024-semodule-add-command-line-option-to-detect-module-ch.patch -Patch0025: 0025-policycoreutils-fixfiles-Use-parallel-relabeling.patch -Patch0026: 0026-policycoreutils-Improve-error-message-when-selabel_o.patch +Patch0008: 0008-sepolicy-generate-Handle-more-reserved-port-types.patch +Patch0009: 0009-sandbox-Use-matchbox-window-manager-instead-of-openb.patch +Patch0010: 0010-Use-SHA-2-instead-of-SHA-1.patch +Patch0011: 0011-sepolicy-Drop-old-interface-file_type_is_executable-.patch +Patch0012: 0012-gettext-handle-unsupported-languages-properly.patch +Patch0013: 0013-semodule-rename-rebuild-if-modules-changed-to-refres.patch +Patch0014: 0014-python-Split-semanage-import-into-two-transactions.patch # Patch list end - Obsoletes: policycoreutils < 2.0.61-2 Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138 # initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel @@ -483,8 +470,18 @@ The policycoreutils-restorecond package contains the restorecond service. %systemd_postun_with_restart restorecond.service %changelog -* Fri Mar 04 2022 Vit Mojzis - 3.3-6 -- Update translations (#2017376) +* Mon Aug 8 2022 Petr Lautrbach - 3.4-3 +- Run autorelabel in parallel by default + https://fedoraproject.org/wiki/Changes/SELinux_Parallel_Autorelabel + +* Mon Jul 18 2022 Petr Lautrbach - 3.4-2 +- gettext: handle unsupported languages properly (#2100378) +- semodule: rename --rebuild-if-modules-changed to --refresh +- python: Split "semanage import" into two transactions (#2063353) +- selinux-autorelabel: Do not force reboot (#2093133) + +* Thu May 19 2022 Petr Lautrbach - 3.4-1 +- SELinux userspace 3.4 release * Tue Feb 15 2022 Petr Lautrbach - 3.3-4.2 - semodule: add command-line option to detect module changes