* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
This commit is contained in:
parent
ee3649bda5
commit
fce031b620
@ -1713,8 +1713,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+relabel:
|
+relabel:
|
||||||
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.78/sandbox/sandbox
|
diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po -N -u -r nsapolicycoreutils/sandbox/sandbox policycoreutils-2.0.78/sandbox/sandbox
|
||||||
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/sandbox/sandbox 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.78/sandbox/sandbox 2010-02-11 13:22:58.000000000 -0500
|
+++ policycoreutils-2.0.78/sandbox/sandbox 2010-02-11 16:54:12.000000000 -0500
|
||||||
@@ -0,0 +1,359 @@
|
@@ -0,0 +1,360 @@
|
||||||
+#! /usr/bin/python -E
|
+#! /usr/bin/python -E
|
||||||
+# Authors: Dan Walsh <dwalsh@redhat.com>
|
+# Authors: Dan Walsh <dwalsh@redhat.com>
|
||||||
+# Authors: Josh Cogliati
|
+# Authors: Josh Cogliati
|
||||||
@ -1882,7 +1882,6 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+ fd.write("""
|
+ fd.write("""
|
||||||
+#!/bin/sh
|
+#!/bin/sh
|
||||||
+#TITLE: %s
|
+#TITLE: %s
|
||||||
+/usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
|
|
||||||
+%s
|
+%s
|
||||||
+""" % (command, command))
|
+""" % (command, command))
|
||||||
+ fd.close()
|
+ fd.close()
|
||||||
@ -1897,7 +1896,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+ def usage(message = ""):
|
+ def usage(message = ""):
|
||||||
+ text = _("""
|
+ text = _("""
|
||||||
+sandbox [-h] [-[X|M] [-S] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
|
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] command
|
||||||
|
+sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [[-i file ] ...] [ -t type ] -S
|
||||||
+""")
|
+""")
|
||||||
+ error_exit("%s\n%s" % (message, text))
|
+ error_exit("%s\n%s" % (message, text))
|
||||||
+
|
+
|
||||||
@ -1957,16 +1957,17 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+ newhomedir = a
|
+ newhomedir = a
|
||||||
+ if o == "-T" or o == "--tmpdir":
|
+ if o == "-T" or o == "--tmpdir":
|
||||||
+ existing_temp = True
|
+ existing_temp = True
|
||||||
+ newtempdir = a
|
+ newtmpdir = a
|
||||||
+ if o == "-h" or o == "--help":
|
+ if o == "-h" or o == "--help":
|
||||||
+ usage(_("Usage"));
|
+ usage(_("Usage"));
|
||||||
+
|
+
|
||||||
+ if o == "-S" or o == "--session":
|
+ if o == "-S" or o == "--session":
|
||||||
+ session = True
|
+ session = True
|
||||||
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
|
+ homedir=pwd.getpwuid(os.getuid()).pw_dir
|
||||||
+
|
+ if setype in (DEFAULT_TYPE, DEFAULT_X_TYPE):
|
||||||
|
+ setype = selinux.getcon()[1].split(":")[2]
|
||||||
+
|
+
|
||||||
+ if len(cmds) == 0:
|
+ if len(cmds) == 0 and not session:
|
||||||
+ usage(_("Command required"))
|
+ usage(_("Command required"))
|
||||||
+
|
+
|
||||||
+ if (existing_home or existing_temp) and not home_and_temp:
|
+ if (existing_home or existing_temp) and not home_and_temp:
|
||||||
@ -1974,7 +1975,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+ execcon, filecon = gen_context(setype, level)
|
+ execcon, filecon = gen_context(setype, level)
|
||||||
+ rc = -1
|
+ rc = -1
|
||||||
+
|
+
|
||||||
+ if cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
|
+ if not session and cmds[0][0] != "/" and cmds[0][:2] != "./" and cmds[0][:3] != "../":
|
||||||
+ for i in os.environ["PATH"].split(':'):
|
+ for i in os.environ["PATH"].split(':'):
|
||||||
+ f = "%s/%s" % (i, cmds[0])
|
+ f = "%s/%s" % (i, cmds[0])
|
||||||
+ if os.access(f, os.X_OK):
|
+ if os.access(f, os.X_OK):
|
||||||
@ -2003,8 +2004,8 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
|
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
|
||||||
+
|
+
|
||||||
+ if existing_temp:
|
+ if existing_temp:
|
||||||
+ if not os.path.isdir(newtempdir):
|
+ if not os.path.isdir(newtmpdir):
|
||||||
+ raise IOError("Temp directory "+newtempdir+" not found")
|
+ raise IOError("Temp directory "+newtmpdir+" not found")
|
||||||
+ if not level and not session:
|
+ if not level and not session:
|
||||||
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
|
+ chcon = ("/usr/bin/chcon -R %s %s" % (filecon, newtmpdir)).split()
|
||||||
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
|
+ rc = os.spawnvp(os.P_WAIT, chcon[0], chcon)
|
||||||
@ -2034,7 +2035,7 @@ diff --exclude-from=exclude --exclude=sepolgen-1.0.19 --exclude=gui --exclude=po
|
|||||||
+
|
+
|
||||||
+ execfile = newhomedir + "/.sandboxrc"
|
+ execfile = newhomedir + "/.sandboxrc"
|
||||||
+ if session:
|
+ if session:
|
||||||
+ setup_session(execfile, " ".join(paths))
|
+ setup_session(execfile)
|
||||||
+ else:
|
+ else:
|
||||||
+ setup_executable(execfile, " ".join(paths))
|
+ setup_executable(execfile, " ".join(paths))
|
||||||
+
|
+
|
||||||
|
Loading…
Reference in New Issue
Block a user