* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-15
- Fix File Labeling add
This commit is contained in:
Daniel J Walsh
parent
f5a3b73fcd
commit
d2285e6e8b
@ -234,7 +234,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.31/gui/fcontextPage.py
|
||||
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.31/gui/fcontextPage.py 2007-11-05 16:29:06.000000000 -0500
|
||||
+++ policycoreutils-2.0.31/gui/fcontextPage.py 2007-11-15 11:00:13.000000000 -0500
|
||||
@@ -0,0 +1,217 @@
|
||||
+## fcontextPage.py - show selinux mappings
|
||||
+## Copyright (C) 2006 Red Hat, Inc.
|
||||
@ -424,7 +424,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
|
||||
+ iter = self.fcontextFileTypeCombo.get_active_iter()
|
||||
+ ftype=list_model.get_value(iter,0)
|
||||
+ self.wait()
|
||||
+ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec))
|
||||
+ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec))
|
||||
+ self.ready()
|
||||
+ if rc != 0:
|
||||
+ self.error(out)
|
||||
@ -443,7 +443,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli
|
||||
+ iter = self.fcontextFileTypeCombo.get_active_iter()
|
||||
+ ftype=list_model.get_value(iter,0)
|
||||
+ self.wait()
|
||||
+ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec))
|
||||
+ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' '%s'" % (type, mls, ftype, fspec))
|
||||
+ self.ready()
|
||||
+ if rc != 0:
|
||||
+ self.error(out)
|
||||
@ -5648,39 +5648,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc
|
||||
+
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.31/gui/selinux.tbl
|
||||
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.31/gui/selinux.tbl 2007-11-02 15:54:42.000000000 -0400
|
||||
@@ -0,0 +1,295 @@
|
||||
+! allow_console_login _("Login") _("Allow direct login to the console device. Required for System 390")
|
||||
+++ policycoreutils-2.0.31/gui/selinux.tbl 2007-11-07 16:11:37.000000000 -0500
|
||||
@@ -0,0 +1,234 @@
|
||||
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
|
||||
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
|
||||
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
|
||||
+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys")
|
||||
+allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
|
||||
+allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
|
||||
+allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
|
||||
+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
|
||||
+allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system")
|
||||
+allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
|
||||
+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services")
|
||||
+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services")
|
||||
+allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack")
|
||||
+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his home directory or /tmp")
|
||||
+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory")
|
||||
+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his home directory or /tmp")
|
||||
+allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t")
|
||||
+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service")
|
||||
+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam")
|
||||
+allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t")
|
||||
+allow_java_execstack _("Memory Protection") _("Allow java executable stack")
|
||||
+allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files")
|
||||
+allow_mount_anyfile _("Mount") _("Allow mount to mount any file")
|
||||
+allow_mounton_anydir _("Mount") _("Allow mount to mount any directory")
|
||||
+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
|
||||
+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services")
|
||||
+allow_polyinstantiation _("Polyinstantiation") _("Enable polyinstantiated directory support")
|
||||
+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications")
|
||||
+allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
|
||||
+allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
|
||||
+allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign")
|
||||
+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his home directory or /tmp")
|
||||
+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his home directory or /tmp")
|
||||
@ -5693,7 +5671,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+allow_write_xshm _("XServer") _("Allow clients to write to X shared memory")
|
||||
+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his home directory or /tmp")
|
||||
+allow_ypbind _("NIS") _("Allow daemons to run with NIS")
|
||||
+allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files")
|
||||
+browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain")
|
||||
+browser_confine_sysadm _("Web Applications") _("Transition sysadm SELinux user to Web Browser Domain")
|
||||
+browser_confine_user _("Web Applications") _("Transition user SELinux user to Web Browser Domain")
|
||||
@ -5726,7 +5703,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
|
||||
+cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon")
|
||||
+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
|
||||
+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts")
|
||||
+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
|
||||
+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd back end server")
|
||||
+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
|
||||
@ -5753,15 +5729,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon")
|
||||
+dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon")
|
||||
+entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon")
|
||||
+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron")
|
||||
+fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail")
|
||||
+fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon")
|
||||
+freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon")
|
||||
+fsdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fsdaemon daemon")
|
||||
+ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon")
|
||||
+ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd")
|
||||
+ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
|
||||
+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom")
|
||||
+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
|
||||
+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
|
||||
+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Hal daemon")
|
||||
@ -5770,20 +5741,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon")
|
||||
+howl_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for howl daemon")
|
||||
+hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon")
|
||||
+httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
|
||||
+httpd_can_sendmail _("HTTPD Service") _("Allow HTTPD to send mail")
|
||||
+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases")
|
||||
+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network")
|
||||
+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay")
|
||||
+httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
|
||||
+httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
|
||||
+httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server")
|
||||
+httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
|
||||
+httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs")
|
||||
+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts")
|
||||
+httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
|
||||
+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates")
|
||||
+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files")
|
||||
+hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon")
|
||||
+i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon")
|
||||
+imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon")
|
||||
@ -5813,12 +5772,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+mysqld_disable_trans _("Databases") _("Disable SELinux protection for mysqld daemon")
|
||||
+nagios_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nagios daemon")
|
||||
+named_disable_trans _("Name Service") _("Disable SELinux protection for named daemon")
|
||||
+named_write_master_zones _("Name Service") _("Allow named to overwrite master zone files")
|
||||
+nessusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nessusd daemon")
|
||||
+NetworkManager_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for NetworkManager")
|
||||
+nfsd_disable_trans _("NFS") _("Disable SELinux protection for nfsd daemon")
|
||||
+nfs_export_all_ro _("NFS") _("Allow NFS to share any file/directory read only")
|
||||
+nfs_export_all_rw _("NFS") _("Allow NFS to share any file/directory read/write")
|
||||
+nmbd_disable_trans _("Samba") _("Disable SELinux protection for nmbd daemon")
|
||||
+nrpe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nrpe daemon")
|
||||
+nscd_disable_trans _("Name Service") _("Disable SELinux protection for nscd daemon")
|
||||
@ -5834,10 +5790,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+portslave_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portslave daemon")
|
||||
+postfix_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for postfix")
|
||||
+postgresql_disable_trans _("Databases") _("Disable SELinux protection for postgresql daemon")
|
||||
+openvpn_enable_homedirs _("Network Configuration") _("Allow openvpn service access to users home directories")
|
||||
+pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel")
|
||||
+pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon")
|
||||
+pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon")
|
||||
+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user")
|
||||
+pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp")
|
||||
+prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon")
|
||||
@ -5851,7 +5803,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+rdisc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rdisc")
|
||||
+readahead_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for readahead")
|
||||
+read_default_t _("Admin") _("Allow programs to read files in non-standard locations (default_t)")
|
||||
+read_untrusted_content _("Web Applications") _("Allow programs to read untrusted content without relabel")
|
||||
+restorecond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for restorecond")
|
||||
+rhgb_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rhgb daemon")
|
||||
+ricci_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci")
|
||||
@ -5861,7 +5812,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+rshd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rshd")
|
||||
+rsync_disable_trans _("rsync") _("Disable SELinux protection for rsync daemon")
|
||||
+run_ssh_inetd _("SSH") _("Allow ssh to run from inetd instead of as a daemon")
|
||||
+samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories")
|
||||
+samba_share_nfs _("Samba") _("Allow Samba to share nfs directories")
|
||||
+allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow")
|
||||
+allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable")
|
||||
@ -5907,8 +5857,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined")
|
||||
+updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon")
|
||||
+uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon")
|
||||
+use_lpd_server _("Printing") _("Use lpd server instead of cups")
|
||||
+use_nfs_home_dirs _("NFS") _("Support NFS home directories")
|
||||
+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so")
|
||||
+user_can_mount _("Mount") _("Allow users to execute the mount command")
|
||||
+user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)")
|
||||
@ -5919,12 +5867,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+user_rw_usb _("User Privs") _("Allow users to rw usb devices")
|
||||
+user_tcp_server _("User Privs") _("Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols")
|
||||
+user_ttyfile_stat _("User Privs") _("Allow user to stat ttyfiles")
|
||||
+use_samba_home_dirs _("Samba") _("Allow users to login with CIFS home directories")
|
||||
+uucpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uucpd daemon")
|
||||
+vmware_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for vmware daemon")
|
||||
+watchdog_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for watchdog daemon")
|
||||
+winbind_disable_trans _("Samba") _("Disable SELinux protection for winbind daemon")
|
||||
+write_untrusted_content _("Web Applications") _("Allow web applications to write untrusted content to disk (implies read)")
|
||||
+xdm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xdm daemon")
|
||||
+xdm_sysadm_login _("XServer") _("Allow xdm logins as sysadm_r:sysadm_t")
|
||||
+xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon")
|
||||
@ -5935,13 +5881,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco
|
||||
+yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon")
|
||||
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
|
||||
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
|
||||
+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
|
||||
+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems")
|
||||
+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems")
|
||||
+samba_domain_controller _("Samba") _("Allow samba to act as the domain controller, add users, groups and change passwords")
|
||||
+samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only")
|
||||
+samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write")
|
||||
+samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory")
|
||||
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
|
||||
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
|
||||
+
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.31
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||
@ -207,7 +207,10 @@ if [ "$1" -ge "1" ]; then
|
||||
fi
|
||||
|
||||
%changelog
|
||||
* Thu Nov 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14
|
||||
* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-15
|
||||
- Fix File Labeling add
|
||||
|
||||
* Thu Nov 8 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14
|
||||
- Fix semanage to handle state where policy.xml is not installed
|
||||
|
||||
* Mon Nov 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-13
|
||||
|
||||
Loading…
Reference in New Issue
Block a user