* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
- Add use_resolve to sepolgen
This commit is contained in:
parent
dd674534b4
commit
fc6e11b600
@ -6414,8 +6414,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ app.stand_alone()
|
+ app.stand_alone()
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.78/gui/polgen.py
|
||||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.78/gui/polgen.py 2010-01-08 10:18:49.000000000 -0500
|
+++ policycoreutils-2.0.78/gui/polgen.py 2010-01-28 12:17:31.000000000 -0500
|
||||||
@@ -0,0 +1,1197 @@
|
@@ -0,0 +1,1212 @@
|
||||||
+#!/usr/bin/python
|
+#!/usr/bin/python
|
||||||
+#
|
+#
|
||||||
+# Copyright (C) 2007, 2008, 2009 Red Hat
|
+# Copyright (C) 2007, 2008, 2009 Red Hat
|
||||||
@ -6614,6 +6614,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.symbols["openlog"] = "set_use_kerberos(True)"
|
+ self.symbols["openlog"] = "set_use_kerberos(True)"
|
||||||
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
|
+ self.symbols["openlog"] = "set_use_kerb_rcache(True)"
|
||||||
+ self.symbols["openlog"] = "set_use_syslog(True)"
|
+ self.symbols["openlog"] = "set_use_syslog(True)"
|
||||||
|
+ self.symbols["gethostby"] = "set_use_resolve(True)"
|
||||||
|
+ self.symbols["getaddrinfo"] = "set_use_resolve(True)"
|
||||||
|
+ self.symbols["getnameinfo"] = "set_use_resolve(True)"
|
||||||
+ self.symbols["krb"] = "set_use_kerberos(True)"
|
+ self.symbols["krb"] = "set_use_kerberos(True)"
|
||||||
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
|
+ self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)"
|
||||||
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
|
+ self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)"
|
||||||
@ -6624,7 +6627,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ self.symbols["dbus_"] = "set_use_dbus(True)"
|
+ self.symbols["dbus_"] = "set_use_dbus(True)"
|
||||||
+ self.symbols["pam_"] = "set_use_pam(True)"
|
+ self.symbols["pam_"] = "set_use_pam(True)"
|
||||||
+ self.symbols["pam_"] = "set_use_audit(True)"
|
+ self.symbols["pam_"] = "set_use_audit(True)"
|
||||||
+
|
|
||||||
+ self.symbols["fork"] = "add_process('fork')"
|
+ self.symbols["fork"] = "add_process('fork')"
|
||||||
+ self.symbols["transition"] = "add_process('transition')"
|
+ self.symbols["transition"] = "add_process('transition')"
|
||||||
+ self.symbols["sigchld"] = "add_process('sigchld')"
|
+ self.symbols["sigchld"] = "add_process('sigchld')"
|
||||||
@ -6816,6 +6818,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ def set_out_udp(self, all, ports):
|
+ def set_out_udp(self, all, ports):
|
||||||
+ self.out_udp = [ all , False, False, verify_ports(ports) ]
|
+ self.out_udp = [ all , False, False, verify_ports(ports) ]
|
||||||
+
|
+
|
||||||
|
+ def set_use_resolve(self, val):
|
||||||
|
+ if val != True and val != False:
|
||||||
|
+ raise ValueError(_("use_resolve must be a boolean value "))
|
||||||
|
+
|
||||||
|
+ self.use_resolve = val
|
||||||
|
+
|
||||||
+ def set_use_syslog(self, val):
|
+ def set_use_syslog(self, val):
|
||||||
+ if val != True and val != False:
|
+ if val != True and val != False:
|
||||||
+ raise ValueError(_("use_syslog must be a boolean value "))
|
+ raise ValueError(_("use_syslog must be a boolean value "))
|
||||||
@ -6873,6 +6881,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ else:
|
+ else:
|
||||||
+ return ""
|
+ return ""
|
||||||
+
|
+
|
||||||
|
+ def generate_resolve_rules(self):
|
||||||
|
+ if self.use_resolve:
|
||||||
|
+ return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules)
|
||||||
|
+ else:
|
||||||
|
+ return ""
|
||||||
|
+
|
||||||
+ def generate_kerberos_rules(self):
|
+ def generate_kerberos_rules(self):
|
||||||
+ if self.use_kerberos:
|
+ if self.use_kerberos:
|
||||||
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
|
+ return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules)
|
||||||
@ -7283,6 +7297,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ newte += self.generate_tmp_rules()
|
+ newte += self.generate_tmp_rules()
|
||||||
+ newte += self.generate_uid_rules()
|
+ newte += self.generate_uid_rules()
|
||||||
+ newte += self.generate_syslog_rules()
|
+ newte += self.generate_syslog_rules()
|
||||||
|
+ newte += self.generate_resolve_rules()
|
||||||
+ newte += self.generate_pam_rules()
|
+ newte += self.generate_pam_rules()
|
||||||
+ newte += self.generate_dbus_rules()
|
+ newte += self.generate_dbus_rules()
|
||||||
+ newte += self.generate_audit_rules()
|
+ newte += self.generate_audit_rules()
|
||||||
@ -11889,8 +11904,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py
|
|||||||
+"""
|
+"""
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.78/gui/templates/executable.py
|
||||||
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-21 08:18:05.000000000 -0500
|
+++ policycoreutils-2.0.78/gui/templates/executable.py 2010-01-28 12:17:43.000000000 -0500
|
||||||
@@ -0,0 +1,359 @@
|
@@ -0,0 +1,363 @@
|
||||||
+# Copyright (C) 2007-2009 Red Hat
|
+# Copyright (C) 2007-2009 Red Hat
|
||||||
+# see file 'COPYING' for use and warranty information
|
+# see file 'COPYING' for use and warranty information
|
||||||
+#
|
+#
|
||||||
@ -12031,6 +12046,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable
|
|||||||
+logging_send_syslog_msg(TEMPLATETYPE_t)
|
+logging_send_syslog_msg(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
+
|
+
|
||||||
|
+te_resolve_rules="""
|
||||||
|
+sysnet_dns_name_resolve(TEMPLATETYPE_t)
|
||||||
|
+"""
|
||||||
|
+
|
||||||
+te_pam_rules="""
|
+te_pam_rules="""
|
||||||
+auth_domtrans_chk_passwd(TEMPLATETYPE_t)
|
+auth_domtrans_chk_passwd(TEMPLATETYPE_t)
|
||||||
+"""
|
+"""
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.78
|
Version: 2.0.78
|
||||||
Release: 14%{?dist}
|
Release: 15%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
|
||||||
@ -297,6 +297,9 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
|
||||||
|
- Add use_resolve to sepolgen
|
||||||
|
|
||||||
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
|
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
|
||||||
- Add session capability to sandbox
|
- Add session capability to sandbox
|
||||||
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
|
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
|
||||||
|
Loading…
Reference in New Issue
Block a user