* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15

- Add use_resolve to sepolgen
This commit is contained in:
Daniel J Walsh 2010-01-28 17:19:01 +00:00
parent dd674534b4
commit fc6e11b600
2 changed files with 28 additions and 6 deletions

View File

@ -6414,8 +6414,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone() + app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/gui/polgen.py 2010-01-08 10:18:49.000000000 -0500 +++ policycoreutils-2.0.78/gui/polgen.py 2010-01-28 12:17:31.000000000 -0500
@@ -0,0 +1,1197 @@ @@ -0,0 +1,1212 @@
+#!/usr/bin/python +#!/usr/bin/python
+# +#
+# Copyright (C) 2007, 2008, 2009 Red Hat +# Copyright (C) 2007, 2008, 2009 Red Hat
@ -6614,6 +6614,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.symbols["openlog"] = "set_use_kerberos(True)" + self.symbols["openlog"] = "set_use_kerberos(True)"
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)" + self.symbols["openlog"] = "set_use_kerb_rcache(True)"
+ self.symbols["openlog"] = "set_use_syslog(True)" + self.symbols["openlog"] = "set_use_syslog(True)"
+ self.symbols["gethostby"] = "set_use_resolve(True)"
+ self.symbols["getaddrinfo"] = "set_use_resolve(True)"
+ self.symbols["getnameinfo"] = "set_use_resolve(True)"
+ self.symbols["krb"] = "set_use_kerberos(True)" + self.symbols["krb"] = "set_use_kerberos(True)"
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)" + self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)" + self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
@ -6624,7 +6627,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.symbols["dbus_"] = "set_use_dbus(True)" + self.symbols["dbus_"] = "set_use_dbus(True)"
+ self.symbols["pam_"] = "set_use_pam(True)" + self.symbols["pam_"] = "set_use_pam(True)"
+ self.symbols["pam_"] = "set_use_audit(True)" + self.symbols["pam_"] = "set_use_audit(True)"
+
+ self.symbols["fork"] = "add_process('fork')" + self.symbols["fork"] = "add_process('fork')"
+ self.symbols["transition"] = "add_process('transition')" + self.symbols["transition"] = "add_process('transition')"
+ self.symbols["sigchld"] = "add_process('sigchld')" + self.symbols["sigchld"] = "add_process('sigchld')"
@ -6816,6 +6818,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ def set_out_udp(self, all, ports): + def set_out_udp(self, all, ports):
+ self.out_udp = [ all , False, False, verify_ports(ports) ] + self.out_udp = [ all , False, False, verify_ports(ports) ]
+ +
+ def set_use_resolve(self, val):
+ if val != True and val != False:
+ raise ValueError(_("use_resolve must be a boolean value "))
+
+ self.use_resolve = val
+
+ def set_use_syslog(self, val): + def set_use_syslog(self, val):
+ if val != True and val != False: + if val != True and val != False:
+ raise ValueError(_("use_syslog must be a boolean value ")) + raise ValueError(_("use_syslog must be a boolean value "))
@ -6873,6 +6881,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ else: + else:
+ return "" + return ""
+ +
+ def generate_resolve_rules(self):
+ if self.use_resolve:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules)
+ else:
+ return ""
+
+ def generate_kerberos_rules(self): + def generate_kerberos_rules(self):
+ if self.use_kerberos: + if self.use_kerberos:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules) + return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
@ -7283,6 +7297,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ newte += self.generate_tmp_rules() + newte += self.generate_tmp_rules()
+ newte += self.generate_uid_rules() + newte += self.generate_uid_rules()
+ newte += self.generate_syslog_rules() + newte += self.generate_syslog_rules()
+ newte += self.generate_resolve_rules()
+ newte += self.generate_pam_rules() + newte += self.generate_pam_rules()
+ newte += self.generate_dbus_rules() + newte += self.generate_dbus_rules()
+ newte += self.generate_audit_rules() + newte += self.generate_audit_rules()
@ -11889,8 +11904,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
+""" +"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-21 08:18:05.000000000 -0500 +++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-28 12:17:43.000000000 -0500
@@ -0,0 +1,359 @@ @@ -0,0 +1,363 @@
+# Copyright (C) 2007-2009 Red Hat +# Copyright (C) 2007-2009 Red Hat
+# see file 'COPYING' for use and warranty information +# see file 'COPYING' for use and warranty information
+# +#
@ -12031,6 +12046,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
+logging_send_syslog_msg(TEMPLATETYPE_t) +logging_send_syslog_msg(TEMPLATETYPE_t)
+""" +"""
+ +
+te_resolve_rules="""
+sysnet_dns_name_resolve(TEMPLATETYPE_t)
+"""
+
+te_pam_rules=""" +te_pam_rules="""
+auth_domtrans_chk_passwd(TEMPLATETYPE_t) +auth_domtrans_chk_passwd(TEMPLATETYPE_t)
+""" +"""

View File

@ -6,7 +6,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.0.78 Version: 2.0.78
Release: 14%{?dist} Release: 15%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@ -297,6 +297,9 @@ fi
exit 0 exit 0
%changelog %changelog
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
- Add use_resolve to sepolgen
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14 * Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
- Add session capability to sandbox - Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession - sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession