From e71cb0d5d014599e3671aa7ca457a2947fdcfee3 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 7 Nov 2011 15:56:15 -0500 Subject: [PATCH] Allow user to specify DPI when running sandbox --- policycoreutils-rhat.patch | 187 ++++++++++++++++++++++++++++++++++++- policycoreutils.spec | 5 +- 2 files changed, 189 insertions(+), 3 deletions(-) diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 0e418a1..9909014 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -42,6 +42,19 @@ index 99d0ed7..19e20a8 100644 if (set_signal_handles()) return -1; +diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile +index 554262a..a52e4b0 100644 +--- a/policycoreutils/po/Makefile ++++ b/policycoreutils/po/Makefile +@@ -7,7 +7,7 @@ TOP = ../.. + # What is this package? + NLSPACKAGE = policycoreutils + POTFILE = $(NLSPACKAGE).pot +-INSTALL = /usr/bin/install -c ++INSTALL = /usr/bin/install -c -p + INSTALL_DATA = $(INSTALL) -m 644 + INSTALL_DIR = /usr/bin/install -d + diff --git a/policycoreutils/restorecond/restorecond.c b/policycoreutils/restorecond/restorecond.c index 89f5d97..dfd9629 100644 --- a/policycoreutils/restorecond/restorecond.c @@ -85,7 +98,7 @@ index 9db766c..068e24c 100644 } /* main() */ diff --git a/policycoreutils/sandbox/Makefile b/policycoreutils/sandbox/Makefile -index 1c458f1..36042a2 100644 +index 1c458f1..96c6795 100644 --- a/policycoreutils/sandbox/Makefile +++ b/policycoreutils/sandbox/Makefile @@ -23,7 +23,7 @@ install: all @@ -93,10 +106,180 @@ index 1c458f1..36042a2 100644 install -m 644 seunshare.8 $(MANDIR)/man8/ -mkdir -p $(MANDIR)/man5 - install -m 644 sandbox.conf.5 $(MANDIR)/man5/ -+ install -m 644 sandbox.conf.5 $(MANDIR)/man5/sandbox.5 ++ install -m 644 sandbox.5 $(MANDIR)/man5/sandbox.5 -mkdir -p $(SBINDIR) install -m 4755 seunshare $(SBINDIR)/ -mkdir -p $(SHAREDIR) +diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox +index 486cd4e..cdd4293 100644 +--- a/policycoreutils/sandbox/sandbox ++++ b/policycoreutils/sandbox/sandbox +@@ -160,6 +160,17 @@ class Sandbox: + self.__level = None + self.__homedir = None + self.__tmpdir = None ++ self.__set_dpi() ++ ++ def __set_dpi(self): ++ rc, out = commands.getstatusoutput("/usr/bin/xrdb -query") ++ if rc != 0: ++ self.dpi = 96 ++ else: ++ for i in out.split("\n"): ++ if i.startswith("Xft.dpi:"): ++ self.dpi = i.split()[1] ++ break; + + def __validate_mount(self): + if self.__options.level: +@@ -278,6 +289,9 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile + action="callback", callback=self.__mount_callback, + help=_("mount new home and/or tmp directory")) + ++ parser.add_option("-d", "--dpi", ++ dest="dpi", action="store",default=self.dpi, ++ help=_("dots per inch for X display: (%s)" % self.dpi)) + parser.add_option("-S", "--session", action="store_true", dest="session", + default=False, help=_("run complete desktop session within sandbox")) + +@@ -322,7 +336,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile + + if self.__options.X_ind: + self.setype = DEFAULT_X_TYPE +- self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2") ++ + if self.__options.setype: + self.setype = self.__options.setype + +@@ -408,7 +422,7 @@ sandbox [-h] [-c] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile + + self.__setup_sandboxrc(self.__options.wm) + +- cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ] ++ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.__options.dpi ] + else: + cmds += [ "--" ] + self.__paths + return subprocess.Popen(cmds).wait() +diff --git a/policycoreutils/sandbox/sandbox.5 b/policycoreutils/sandbox/sandbox.5 +new file mode 100644 +index 0000000..b3ee67d +--- /dev/null ++++ b/policycoreutils/sandbox/sandbox.5 +@@ -0,0 +1,40 @@ ++.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration" ++.SH NAME ++sandbox.conf \- user config file for the SELinux sandbox ++.SH DESCRIPTION ++.PP ++When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined. ++ ++.PP ++Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("="). ++ ++.PP ++These keywords are allowed. ++ ++.RS ++.TP ++.B NAME ++The name of the sandbox control group. Default is "sandbox". ++ ++.TP ++.B CPUAFFINITY ++Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5 ++ ++.TP ++.B MEMUSAGE ++How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M ++ ++.TP ++.B CPUUSAGE ++Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50% ++ ++ ++ ++.SH "SEE ALSO" ++.TP ++sandbox(8) ++.PP ++ ++.SH AUTHOR ++This manual page was written by ++.I Thomas Liu +diff --git a/policycoreutils/sandbox/sandbox.8 b/policycoreutils/sandbox/sandbox.8 +index 2b37e63..3f05c79 100644 +--- a/policycoreutils/sandbox/sandbox.8 ++++ b/policycoreutils/sandbox/sandbox.8 +@@ -3,11 +3,11 @@ + sandbox \- Run cmd under an SELinux sandbox + .SH SYNOPSIS + .B sandbox +-[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd ++[-C] [-c] [ -d DPI ] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] cmd + + .br + .B sandbox +-[-C] [-c] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S ++[-C] [-c] [ -d DPI ] [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [ -w windowsize ] [[-i file ]...] [ -t type ] -S + .br + .SH DESCRIPTION + .PP +@@ -60,6 +60,9 @@ Default to /usr/bin/matchbox-window-manager. + Create an X based Sandbox for gui apps, temporary files for + $HOME and /tmp, secondary Xserver, defaults to sandbox_x_t + .TP ++\fB\-d\fR ++Set the DPI value for the sanbox X Server. Defaults to the current X Sever DPI. ++.TP + \fB\-c\fR + Use control groups to control this copy of sandbox. Specify parameters in /etc/sysconfig/sandbox. Max memory usage and cpu usage are to be specified in percent. You can specify which CPUs to use by numbering them 0,1,2... etc. + .TP +diff --git a/policycoreutils/sandbox/sandbox.conf.5 b/policycoreutils/sandbox/sandbox.conf.5 +deleted file mode 100644 +index b3ee67d..0000000 +--- a/policycoreutils/sandbox/sandbox.conf.5 ++++ /dev/null +@@ -1,40 +0,0 @@ +-.TH sandbox.conf "5" "June 2010" "sandbox.conf" "Linux System Administration" +-.SH NAME +-sandbox.conf \- user config file for the SELinux sandbox +-.SH DESCRIPTION +-.PP +-When running sandbox with the -C argument, it will be confined using control groups and a system administrator can specify how the sandbox is confined. +- +-.PP +-Everything after "#" is ignored, as are empty lines. All arguments should be separated by and equals sign ("="). +- +-.PP +-These keywords are allowed. +- +-.RS +-.TP +-.B NAME +-The name of the sandbox control group. Default is "sandbox". +- +-.TP +-.B CPUAFFINITY +-Which cpus to assign sandbox to. The default is ALL, but users can specify a comma-separated list with dashes ("-") to represent ranges. Ex: 0-2,5 +- +-.TP +-.B MEMUSAGE +-How much memory to allow sandbox to use. The default is 80%. Users can specify either a percentage or a value in the form of a number followed by one of the suffixes K, M, G to denote kilobytes, megabytes or gigabytes respectively. Ex: 50% or 100M +- +-.TP +-.B CPUUSAGE +-Percentage of cpu sandbox should be allowed to use. The default is 80%. Specify a value followed by a percent sign ("%"). Ex: 50% +- +- +- +-.SH "SEE ALSO" +-.TP +-sandbox(8) +-.PP +- +-.SH AUTHOR +-This manual page was written by +-.I Thomas Liu diff --git a/policycoreutils/sandbox/sandbox.init b/policycoreutils/sandbox/sandbox.init index d1ccdc2..11c391c 100644 --- a/policycoreutils/sandbox/sandbox.init diff --git a/policycoreutils.spec b/policycoreutils.spec index 7764288..4da08e0 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.1.8 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -352,6 +352,9 @@ fi /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : %changelog +* Mon Nov 7 2011 Dan Walsh - 2.1.8-3 +- Allow user to specify DPI when running sandbox + * Mon Nov 7 2011 Dan Walsh - 2.1.8-2 - Add Miroslav patch to return all attributes