diff --git a/policycoreutils/.gitignore b/policycoreutils/.gitignore index 9e2d86b..455c5fe 100644 --- a/policycoreutils/.gitignore +++ b/policycoreutils/.gitignore @@ -14,4 +14,5 @@ sestatus/sestatus setfiles/restorecon setfiles/setfiles setsebool/setsebool -.tx +.#* +*~ diff --git a/policycoreutils/.tx/config b/policycoreutils/.tx/config new file mode 100644 index 0000000..07643e9 --- /dev/null +++ b/policycoreutils/.tx/config @@ -0,0 +1,8 @@ +[main] +host = https://www.transifex.net + +[policycoreutils.policycoreutils] +file_filter = po/.po +source_file = po/policycoreutils.pot +source_lang = en +type = PO diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile index 77d8c80..a65a53f 100644 --- a/policycoreutils/Makefile +++ b/policycoreutils/Makefile @@ -1,4 +1,4 @@ -SUBDIRS = setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui +SUBDIRS = sepolicy setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null) diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen index ef4bec3..9b313ec 100644 --- a/policycoreutils/audit2allow/sepolgen-ifgen +++ b/policycoreutils/audit2allow/sepolgen-ifgen @@ -61,20 +61,10 @@ def parse_options(): return options -def get_policy(): - i = selinux.security_policyvers() - p = selinux.selinux_binary_policy_path() + "." + str(i) - while i > 0 and not os.path.exists(p): - i = i - 1 - p = selinux.selinux_binary_policy_path() + "." + str(i) - if i > 0: - return p - return None - def get_attrs(policy_path): try: if not policy_path: - policy_path = get_policy() + policy_path = selinux.selinux_current_policy_path() if not policy_path: sys.stderr.write("No installed policy to check\n") return None diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile index 1464971..b5abbb9 100644 --- a/policycoreutils/gui/Makefile +++ b/policycoreutils/gui/Makefile @@ -18,17 +18,15 @@ statusPage.py \ system-config-selinux.glade \ usersPage.py -all: $(TARGETS) system-config-selinux.py polgengui.py templates polgen.py +all: $(TARGETS) system-config-selinux.py polgengui.py install: all - -mkdir -p $(SHAREDIR)/templates + -mkdir -p $(SHAREDIR) -mkdir -p $(BINDIR) install -m 755 system-config-selinux.py $(SHAREDIR) install -m 755 polgengui.py $(SHAREDIR) - install -m 755 polgen.py $(SHAREDIR) - (cd $(BINDIR); ln -fs ../share/system-config-selinux/polgen.py sepolgen) + install -m 755 sepolgen $(BINDIR) install -m 644 $(TARGETS) $(SHAREDIR) - install -m 644 templates/*.py $(SHAREDIR)/templates/ clean: diff --git a/policycoreutils/gui/domainsPage.py b/policycoreutils/gui/domainsPage.py index 03451b6..91c88a8 100644 --- a/policycoreutils/gui/domainsPage.py +++ b/policycoreutils/gui/domainsPage.py @@ -26,7 +26,7 @@ import sys import seobject import selinux from semanagePage import *; -import polgen +from sepolicy.generate import get_all_domains ## ## I18N @@ -68,7 +68,7 @@ class domainsPage(semanagePage): self.permissive_button = xml.get_widget("permissiveButton") self.enforcing_button = xml.get_widget("enforcingButton") - self.domains=polgen.get_all_domains() + self.domains=get_all_domains() self.load() def get_modules(self): diff --git a/policycoreutils/gui/modulesPage.py b/policycoreutils/gui/modulesPage.py index ee40fd3..9ff0766 100644 --- a/policycoreutils/gui/modulesPage.py +++ b/policycoreutils/gui/modulesPage.py @@ -26,6 +26,7 @@ import sys import seobject import selinux from semanagePage import *; +from subprocess import Popen, PIPE ## ## I18N @@ -88,7 +89,7 @@ class modulesPage(semanagePage): self.filter=filter self.store.clear() try: - fd=os.popen("semodule -l") + fd = Popen("semodule -l", shell=True, stdout=PIPE).stdout l = fd.readlines() fd.close() for i in l: @@ -105,7 +106,7 @@ class modulesPage(semanagePage): def new_module(self, args): try: - os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/polgengui.py") + Popen(["/usr/share/system-config-selinux/polgengui.py"]) except ValueError, e: self.error(e.args[0]) diff --git a/policycoreutils/gui/polgen.glade b/policycoreutils/gui/polgen.glade index 55bad9d..ee9f394 100644 --- a/policycoreutils/gui/polgen.glade +++ b/policycoreutils/gui/polgen.glade @@ -1,3432 +1,2468 @@ - - - + - - - - 5 - GTK_FILE_CHOOSER_ACTION_OPEN - True - True - True - False - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_MOUSE - False - True - False - True - False - False - GDK_WINDOW_TYPE_HINT_DIALOG - GDK_GRAVITY_NORTH_WEST - True - False - - - - True - False - 24 - - - - True - GTK_BUTTONBOX_END - - - - True - True - True - gtk-cancel - True - GTK_RELIEF_NORMAL - True - -6 - - - - - - True - True - True - True - gtk-add - True - GTK_RELIEF_NORMAL - True - -5 - - - - - 0 - False - True - GTK_PACK_END - - - - - - - - 5 - False - Polgen - Red Hat 2007 - GPL - False - www.redhat.com - Daniel Walsh <dwalsh@redhat.com> - translator-credits - - - - True - SELinux Policy Generation Tool - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_NONE - False - True - False - True - False - False - GDK_WINDOW_TYPE_HINT_NORMAL - GDK_GRAVITY_NORTH_WEST - True - False - - - - True - False - 18 - - - - True - False - True - GTK_POS_LEFT - False - False - - - - True - False - 0 - - - - True - <b>Select the policy type for the application or user role you want to confine:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - False - 0 - - - - True - False - 0 - - - - True - False - 12 - - - - True - False - 6 - - - - True - <b>Applications</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 6 - - - - True - Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d - True - Standard Init Daemon - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d - True - DBUS System Daemon - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - Internet Services Daemon are daemons started by xinetd - True - Internet Services Daemon (inetd) - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - Web Applications/Script (CGI) CGI scripts started by the web server (apache) - True - Web Application/Script (CGI) - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - User Application are any application that you would like to confine that is started by a user - True - User Application - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - User Application are any application that you would like to confine that is started by a user - True - Sandbox - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - 0 - False - False - - - - - 0 - True - True - - - - - 0 - False - True - - - - - - True - False - 6 - - - - True - <b>Login Users</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 6 - - - - True - Modify an existing login user record. - True - Existing User Roles - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo. - True - Minimal Terminal User Role - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su - True - Minimal X Windows User Role - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - User with full networking, no setuid applications without transition, no sudo, no su. - True - User Role - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - - True - User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles - True - Admin User Role - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - 0 - True - False - - - - - 0 - True - True - - - - - 0 - False - True - - - - - - True - False - 6 - - - - True - <b>Root Users</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly. - True - Root Admin User Role - True - GTK_RELIEF_NORMAL - True - False - False - True - init_radiobutton - - - 0 - False - False - - - - - 0 - False - False - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - True - True - - - - - - True - label104 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Enter name of application or user role:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - 3 - 3 - False - 6 - 12 - - - - True - Name - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - 1 - 0 - 1 - fill - - - - - - - True - Enter complete path for executable to be confined. - True - True - True - 0 - - True - - False - - - 1 - 2 - 1 - 2 - - - - - - - True - True - ... - True - GTK_RELIEF_NORMAL - True - - - - 2 - 3 - 1 - 2 - fill - - - - - - - True - Enter unique name for the confined application or user role. - True - True - True - 0 - - True - - False - - - 1 - 3 - 0 - 1 - - - - - - - True - Executable - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - 1 - 1 - 2 - fill - - - - - - - True - Init script - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - 1 - 2 - 3 - fill - - - - - - - True - Enter complete path to init script used to start the confined application. - True - True - True - 0 - - True - - False - - - 1 - 2 - 2 - 3 - - - - - - - True - True - ... - True - GTK_RELIEF_NORMAL - True - - - - 2 - 3 - 2 - 3 - fill - - - - - - 0 - True - True - - - - - False - True - - - - - - True - label105 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select existing role to modify:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - Select the user roles that will transiton to the %s domain. - True - False - False - False - True - False - False - False - - - - - 0 - True - True - - - - - False - True - - - - - - True - label106 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select roles that %s will transition to:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - True - GTK_POLICY_ALWAYS - GTK_POLICY_ALWAYS - GTK_SHADOW_NONE - GTK_CORNER_TOP_LEFT - - - - True - Select applications domains that %s will transition to. - True - False - False - False - True - False - False - False - - - - - 0 - True - True - - - - - False - True - - - - - - True - label107 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select the user_roles that will transition to %s:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - True - GTK_POLICY_ALWAYS - GTK_POLICY_ALWAYS - GTK_SHADOW_NONE - GTK_CORNER_TOP_LEFT - - - - True - Select the user roles that will transiton to this applications domains. - True - False - False - False - True - False - False - False - - - - - 0 - True - True - - - - - False - True - - - - - - True - label108 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select domains that %s will administer:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - True - GTK_POLICY_ALWAYS - GTK_POLICY_ALWAYS - GTK_SHADOW_NONE - GTK_CORNER_TOP_LEFT - - - - True - Select the domains that you would like this user administer. - True - False - False - False - True - False - False - False - - - - - 0 - True - True - - - - - False - True - - - - - - True - label109 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select additional roles for %s:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - True - GTK_POLICY_ALWAYS - GTK_POLICY_ALWAYS - GTK_SHADOW_NONE - GTK_CORNER_TOP_LEFT - - - - True - Select the domains that you would like this user administer. - True - False - False - False - True - False - False - False - - - - - 0 - True - True - - - - - False - True - - - - - - True - label111 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Enter network ports that %s binds on:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - False - 6 - - - - True - <b>TCP Ports</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 6 - - - - True - False - 12 - - - - True - Allows %s to bind to any udp port - True - All - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - - True - Allow %s to call bindresvport with 0. Binding to port 600-1024 - True - 600-1024 - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - - True - Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 - True - Unreserved Ports (>1024) - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - 0 - True - True - - - - - - True - False - 12 - - - - True - Select Ports - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - Allows %s to bind to any udp ports > 1024 - True - True - True - 0 - - True - - False - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - - True - False - 6 - - - - True - <b>UDP Ports</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 6 - - - - True - False - 12 - - - - True - Allows %s to bind to any udp port - True - All - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - - True - Allow %s to call bindresvport with 0. Binding to port 600-1024 - True - 600-1024 - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - - True - Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 - True - Unreserved Ports (>1024) - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - 0 - True - True - - - - - - True - False - 12 - - - - True - Select Ports - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - Allows %s to bind to any udp ports > 1024 - True - True - True - 0 - - True - - False - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - False - True - - - - - - True - label113 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select network ports that %s connects to:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - False - 6 - - - - True - <b>TCP Ports</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 12 - - - - Allows %s to connect to any tcp port - True - True - All - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - - True - Select Ports - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660 - True - True - True - 0 - - True - - False - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - - True - False - 6 - - - - True - <b>UDP Ports</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 0 - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 12 - - - - Allows %s to connect to any udp port - True - True - All - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 10 - False - False - - - - - - True - Select Ports - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660 - True - True - True - 0 - - True - - False - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - 0 - True - True - - - - - False - True - - - - - - True - label114 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Select common application traits for %s:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - False - 6 - - - - True - True - Writes syslog messages - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Create/Manipulate temporary files in /tmp - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Uses Pam for authentication - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Uses nsswitch or getpw* calls - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Uses dbus - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Sends audit messages - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Interacts with the terminal - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - - True - True - Sends email - True - GTK_RELIEF_NORMAL - True - False - False - True - - - 0 - False - False - - - - - 0 - True - True - - - - - False - True - - - - - - True - label115 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Add files/directories that %s manages</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - False - 12 - - - - True - False - 6 - - - - True - True - GTK_RELIEF_NORMAL - True - - - - - True - 0.5 - 0.5 - 0 - 0 - 0 - 0 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-add - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Add File - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - - - - 0 - False - False - - - - - - True - True - GTK_RELIEF_NORMAL - True - - - - - True - 0.5 - 0.5 - 0 - 0 - 0 - 0 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-add - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Add Directory - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - - - - 0 - False - False - - - - - - True - True - gtk-delete - True - GTK_RELIEF_NORMAL - True - - - - - 0 - False - False - - - - - 4 - False - False - - - - - - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ... - True - False - False - False - True - False - False - False - - - - - 0 - True - True - - - - - 0 - True - True - - - - - False - True - - - - - - True - label116 - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Add booleans from the %s policy:</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - False - 12 - - - - True - False - 6 - - - - True - True - GTK_RELIEF_NORMAL - True - - - - - True - 0.5 - 0.5 - 0 - 0 - 0 - 0 - 0 - 0 - - - - True - False - 2 - - - - True - gtk-add - 4 - 0.5 - 0.5 - 0 - 0 - - - 0 - False - False - - - - - - True - Add Boolean - True - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - - - - 0 - False - False - - - - - - True - True - gtk-delete - True - GTK_RELIEF_NORMAL - True - - - - - 0 - False - False - - - - - 4 - False - True - - - - - - True - True - GTK_POLICY_AUTOMATIC - GTK_POLICY_AUTOMATIC - GTK_SHADOW_IN - GTK_CORNER_TOP_LEFT - - - - True - Add/Remove booleans used by the %s domain - True - True - False - False - True - False - False - False - - - - - 0 - True - True - - - - - 0 - True - True - - - - - False - True - - - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - - True - False - 0 - - - - True - <b>Which directory you will generate the %s policy?</b> - False - True - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - False - False - - - - - - True - False - 12 - - - - True - Policy Directory - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 5 - False - False - - - - - - True - True - True - True - 0 - - True - - False - - - 0 - True - True - - - - - - True - True - ... - True - GTK_RELIEF_NORMAL - True - - - 0 - False - False - - - - - 12 - False - False - - - - - False - True - - - - - - True - - False - False - GTK_JUSTIFY_LEFT - False - False - 0.5 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - tab - - - - - 0 - True - True - - - - - - True - GTK_BUTTONBOX_END - 0 - - - - True - True - True - gtk-cancel - True - GTK_RELIEF_NORMAL - True - - - - - - - True - True - True - gtk-go-back - True - GTK_RELIEF_NORMAL - True - - - - - - - True - True - True - gtk-media-forward - True - GTK_RELIEF_NORMAL - True - - - - - - 5 - False - False - - - - - - - - 12 - Add Booleans Dialog - GTK_WINDOW_TOPLEVEL - GTK_WIN_POS_MOUSE - False - 400 - True - False - True - False - False - GDK_WINDOW_TYPE_HINT_DIALOG - GDK_GRAVITY_NORTH_WEST - True - False - False - - - - True - False - 6 - - - - True - GTK_BUTTONBOX_END - - - - True - True - True - gtk-cancel - True - GTK_RELIEF_NORMAL - True - -6 - - - - - - True - True - True - gtk-add - True - GTK_RELIEF_NORMAL - True - -5 - - - - - 0 - False - True - GTK_PACK_END - - - - - - True - 2 - 2 - False - 6 - 12 - - - - True - Boolean Name - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - 1 - 0 - 1 - fill - - - - - - - True - Description - False - False - GTK_JUSTIFY_LEFT - False - False - 0 - 0.5 - 0 - 0 - PANGO_ELLIPSIZE_NONE - -1 - False - 0 - - - 0 - 1 - 1 - 2 - fill - - - - - - - True - True - True - True - 0 - - True - - False - - - 1 - 2 - 0 - 1 - - - - - - - True - True - True - True - 0 - - True - - False - - - 1 - 2 - 1 - 2 - - - - - - 0 - True - True - - - - - - + + + + False + 5 + normal + Red Hat 2007 + www.redhat.com + GPL + Daniel Walsh <dwalsh@redhat.com> + translator-credits + + + False + + + False + + + False + True + end + 0 + + + + + + + False + 12 + Add Booleans Dialog + mouse + 400 + dialog + + + True + False + 6 + + + True + False + end + + + gtk-cancel + -6 + True + True + True + False + True + + + False + False + 0 + + + + + gtk-add + -5 + True + True + True + False + True + + + False + False + 1 + + + + + False + True + end + 0 + + + + + True + False + 2 + 2 + 12 + 6 + + + True + False + 0 + Boolean Name + + + GTK_FILL + + + + + + True + False + 0 + Description + + + 1 + 2 + GTK_FILL + + + + + + True + True + + False + False + True + True + + + 1 + 2 + + + + + + True + True + + False + False + True + True + + + 1 + 2 + 1 + 2 + + + + + + True + True + 1 + + + + + + + False + 5 + mouse + dialog + True + True + + + True + False + 24 + + + True + False + end + + + gtk-cancel + -6 + True + True + True + False + True + + + False + False + 0 + + + + + gtk-add + -5 + True + True + True + True + False + True + + + False + False + 1 + + + + + False + True + end + 0 + + + + + + + True + False + SELinux Policy Generation Tool + + + True + False + 18 + + + True + False + left + False + + + True + False + + + True + False + 0 + <b>Select the policy type for the application or user role you want to confine:</b> + True + + + False + False + 5 + 0 + + + + + True + False + + + True + False + + + True + False + 12 + + + True + False + 6 + + + True + False + 0 + <b>Applications</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + 6 + + + Standard Init Daemon + True + True + False + Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d + True + True + + + False + False + 0 + + + + + DBUS System Daemon + True + True + False + Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d + True + True + init_radiobutton + + + False + False + 1 + + + + + Internet Services Daemon (inetd) + True + True + False + Internet Services Daemon are daemons started by xinetd + True + True + init_radiobutton + + + False + False + 2 + + + + + Web Application/Script (CGI) + True + True + False + Web Applications/Script (CGI) CGI scripts started by the web server (apache) + True + True + init_radiobutton + + + False + False + 3 + + + + + User Application + True + True + False + User Application are any application that you would like to confine that is started by a user + True + True + init_radiobutton + + + False + False + 4 + + + + + Sandbox + True + True + False + User Application are any application that you would like to confine that is started by a user + True + True + init_radiobutton + + + False + False + 5 + + + + + False + False + 1 + + + + + True + True + 1 + + + + + False + True + 0 + + + + + True + False + 6 + + + True + False + 0 + <b>Login Users</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + 6 + + + Existing User Roles + True + True + False + Modify an existing login user record. + True + True + init_radiobutton + + + False + False + 0 + + + + + Minimal Terminal User Role + True + True + False + This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo. + True + True + init_radiobutton + + + False + False + 1 + + + + + Minimal X Windows User Role + True + True + False + This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su + True + True + init_radiobutton + + + False + False + 2 + + + + + User Role + True + True + False + User with full networking, no setuid applications without transition, no sudo, no su. + True + True + init_radiobutton + + + False + False + 3 + + + + + Admin User Role + True + True + False + User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles + True + True + init_radiobutton + + + False + False + 4 + + + + + True + False + 1 + + + + + True + True + 1 + + + + + False + True + 1 + + + + + True + False + 6 + + + True + False + 0 + <b>Root Users</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + + + Root Admin User Role + True + True + False + Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly. + True + True + init_radiobutton + + + False + False + 0 + + + + + False + False + 1 + + + + + True + True + 1 + + + + + True + True + 2 + + + + + True + True + 0 + + + + + True + True + 0 + + + + + True + True + 1 + + + + + True + + + + + True + False + Main Tab + + + False + tab + + + + + True + False + + + True + False + 0 + <b>Enter name of application or user role:</b> + True + + + False + False + 5 + 0 + + + + + True + False + 3 + 3 + 12 + 6 + + + True + False + 0 + Name + + + GTK_FILL + + + + + + True + True + Enter complete path for executable to be confined. + + False + False + True + True + + + 1 + 2 + 1 + 2 + + + + + + ... + True + True + False + True + + + + 2 + 3 + 1 + 2 + GTK_FILL + + + + + + True + True + Enter unique name for the confined application or user role. + + False + False + True + True + + + 1 + 3 + + + + + + True + False + 0 + Executable + + + 1 + 2 + GTK_FILL + + + + + + True + False + 0 + Init script + + + 2 + 3 + GTK_FILL + + + + + + True + True + Enter complete path to init script used to start the confined application. + + False + False + True + True + + + 1 + 2 + 2 + 3 + + + + + + ... + True + True + False + True + + + + 2 + 3 + 2 + 3 + GTK_FILL + + + + + + True + True + 1 + + + + + 1 + + + + + True + False + Name Tab + + + 1 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select existing role to modify:</b> + True + + + False + False + 5 + 0 + + + + + True + True + automatic + automatic + in + + + True + True + Select the user roles that will transiton to the %s domain. + False + + + + + True + True + 1 + + + + + 2 + + + + + True + False + role tab + + + 2 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select roles that %s will transition to:</b> + True + + + False + False + 5 + 0 + + + + + True + True + + + True + True + Select applications domains that %s will transition to. + False + + + + + True + True + 1 + + + + + 3 + + + + + True + False + transition +role tab + + + 3 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select the user_roles that will transition to %s:</b> + True + + + False + False + 5 + 0 + + + + + True + True + + + True + True + Select the user roles that will transiton to this applications domains. + False + + + + + True + True + 1 + + + + + 4 + + + + + True + False + User Tab + + + 4 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select domains that %s will administer:</b> + True + + + False + False + 5 + 0 + + + + + True + True + + + True + True + Select the domains that you would like this user administer. + False + + + + + True + True + 1 + + + + + 5 + + + + + True + False + Admin Tab + + + 5 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select additional roles for %s:</b> + True + + + False + False + 5 + 0 + + + + + True + True + + + True + True + Select the domains that you would like this user administer. + False + + + + + True + True + 1 + + + + + 6 + + + + + True + False + Roles Tab + + + 6 + False + tab + + + + + True + False + + + True + False + 0 + <b>Enter network ports that %s binds on:</b> + True + + + False + False + 5 + 0 + + + + + True + False + 6 + + + True + False + 0 + <b>TCP Ports</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + 6 + + + True + False + 12 + + + All + True + True + False + Allows %s to bind to any udp port + True + True + + + False + False + 10 + 0 + + + + + 600-1024 + True + True + False + Allow %s to call bindresvport with 0. Binding to port 600-1024 + True + True + + + False + False + 10 + 1 + + + + + Unreserved Ports (>1024) + True + True + False + Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 + True + True + + + False + False + 10 + 2 + + + + + True + True + 0 + + + + + True + False + 12 + + + True + False + 0 + Select Ports + + + False + False + 5 + 0 + + + + + True + True + Allows %s to bind to any udp ports > 1024 + + False + False + True + True + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + False + 6 + + + True + False + 0 + <b>UDP Ports</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + 6 + + + True + False + 12 + + + All + True + True + False + Allows %s to bind to any udp port + True + True + + + False + False + 10 + 0 + + + + + 600-1024 + True + True + False + Allow %s to call bindresvport with 0. Binding to port 600-1024 + True + True + + + False + False + 10 + 1 + + + + + Unreserved Ports (>1024) + True + True + False + Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660 + True + True + + + False + False + 10 + 2 + + + + + True + True + 0 + + + + + True + False + 12 + + + True + False + 0 + Select Ports + + + False + False + 5 + 0 + + + + + True + True + Allows %s to bind to any udp ports > 1024 + + False + False + True + True + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 2 + + + + + 7 + + + + + True + False + Network +Bind tab + + + 7 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select network ports that %s connects to:</b> + True + + + False + False + 5 + 0 + + + + + True + False + 6 + + + True + False + 0 + <b>TCP Ports</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + 12 + + + All + True + True + False + Allows %s to connect to any tcp port + True + True + + + False + False + 10 + 0 + + + + + True + False + 0 + Select Ports + + + False + False + 5 + 1 + + + + + True + True + Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660 + + False + False + True + True + + + True + True + 2 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + False + 6 + + + True + False + 0 + <b>UDP Ports</b> + True + + + False + False + 0 + + + + + True + False + + + True + False + + + + False + False + 0 + + + + + True + False + 12 + + + All + True + True + False + Allows %s to connect to any udp port + True + True + + + False + False + 10 + 0 + + + + + True + False + 0 + Select Ports + + + False + False + 5 + 1 + + + + + True + True + Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660 + + False + False + True + True + + + True + True + 2 + + + + + True + True + 1 + + + + + True + True + 1 + + + + + True + True + 2 + + + + + 8 + + + + + True + False + Network +Connect Tab + + + 8 + False + tab + + + + + True + False + + + True + False + 0 + <b>Select common application traits for %s:</b> + True + + + False + False + 5 + 0 + + + + + True + False + 6 + + + Writes syslog messages + True + True + False + True + True + + + False + False + 0 + + + + + Create/Manipulate temporary files in /tmp + True + True + False + True + True + + + False + False + 1 + + + + + Uses Pam for authentication + True + True + False + True + True + + + False + False + 2 + + + + + Uses nsswitch or getpw* calls + True + True + False + True + True + + + False + False + 3 + + + + + Uses dbus + True + True + False + True + True + + + False + False + 4 + + + + + Sends audit messages + True + True + False + True + True + + + False + False + 5 + + + + + Interacts with the terminal + True + True + False + True + True + + + False + False + 6 + + + + + Sends email + True + True + False + True + True + + + False + False + 7 + + + + + True + True + 1 + + + + + 9 + + + + + True + False + Common +Tab + + + 9 + False + tab + + + + + True + False + + + True + False + 0 + <b>Add files/directories that %s manages</b> + True + + + False + False + 5 + 0 + + + + + True + False + 12 + + + True + False + 6 + + + True + True + False + + + + True + False + 0 + 0 + + + True + False + 2 + + + True + False + gtk-add + + + False + False + 0 + + + + + True + False + Add File + True + + + False + False + 1 + + + + + + + + + False + False + 0 + + + + + True + True + False + + + + True + False + 0 + 0 + + + True + False + 2 + + + True + False + gtk-add + + + False + False + 0 + + + + + True + False + Add Directory + True + + + False + False + 1 + + + + + + + + + False + False + 1 + + + + + gtk-delete + True + True + False + True + + + + + False + False + 2 + + + + + False + False + 4 + 0 + + + + + True + True + automatic + automatic + in + + + True + True + Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ... + False + + + + + True + True + 1 + + + + + True + True + 1 + + + + + 10 + + + + + True + False + Add Tab + + + 10 + False + tab + + + + + True + False + + + True + False + 0 + <b>Add booleans from the %s policy:</b> + True + + + False + False + 5 + 0 + + + + + True + False + 12 + + + True + False + 6 + + + True + True + False + + + + True + False + 0 + 0 + + + True + False + 2 + + + True + False + gtk-add + + + False + False + 0 + + + + + True + False + Add Boolean + True + + + False + False + 1 + + + + + + + + + False + False + 0 + + + + + gtk-delete + True + True + False + True + + + + + False + False + 1 + + + + + False + True + 4 + 0 + + + + + True + True + automatic + automatic + in + + + True + True + Add/Remove booleans used by the %s domain + + + + + True + True + 1 + + + + + True + True + 1 + + + + + 11 + + + + + True + False + + + 11 + False + tab + + + + + True + False + + + True + False + 0 + <b>Which directory you will generate the %s policy?</b> + True + + + False + False + 0 + + + + + True + False + 12 + + + True + False + Policy Directory + + + False + False + 5 + 0 + + + + + True + True + + False + False + True + True + + + True + True + 1 + + + + + ... + True + True + False + True + + + False + False + 2 + + + + + False + False + 12 + 1 + + + + + 12 + + + + + True + False + + + 12 + False + tab + + + + + True + True + 0 + + + + + True + False + end + + + gtk-cancel + True + True + True + False + True + + + + False + False + 0 + + + + + gtk-go-back + True + True + True + False + True + + + + False + False + 1 + + + + + gtk-media-forward + True + True + True + False + True + + + + False + False + 2 + + + + + False + False + 5 + 1 + + + + + diff --git a/policycoreutils/gui/polgen.py b/policycoreutils/gui/polgen.py deleted file mode 100644 index 51fb8d7..0000000 --- a/policycoreutils/gui/polgen.py +++ /dev/null @@ -1,1372 +0,0 @@ -#!/usr/bin/python -Es -# -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -import os, sys, stat -import re -import commands -import setools - -from templates import executable -from templates import boolean -from templates import etc_rw -from templates import unit_file -from templates import var_cache -from templates import var_spool -from templates import var_lib -from templates import var_log -from templates import var_run -from templates import tmp -from templates import rw -from templates import network -from templates import script -from templates import user -import sepolgen.interfaces as interfaces -import sepolgen.defaults as defaults - -## -## I18N -## -PROGNAME="policycoreutils" - -import gettext -gettext.bindtextdomain(PROGNAME, "/usr/share/locale") -gettext.textdomain(PROGNAME) -try: - gettext.install(PROGNAME, - localedir="/usr/share/locale", - unicode=False, - codeset = 'utf-8') -except IOError: - import __builtin__ - __builtin__.__dict__['_'] = unicode - -methods = [] -fn = defaults.interface_info() -try: - fd = open(fn) - # List of per_role_template interfaces - ifs = interfaces.InterfaceSet() - ifs.from_file(fd) - methods = ifs.interfaces.keys() - fd.close() -except: - sys.stderr.write("could not open interface info [%s]\n" % fn) - sys.exit(1) - -all_types = None -def get_all_types(): - global all_types - if all_types == None: - all_types = map(lambda x: x['name'], setools.seinfo(setools.TYPE)) - return all_types - -def get_all_ports(): - dict = {} - for p in setools.seinfo(setools.PORT): - if p['type'] == "reserved_port_t" or \ - p['type'] == "port_t" or \ - p['type'] == "hi_reserved_port_t": - continue - dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range']) - return dict - -def get_all_roles(): - roles = map(lambda x: x['name'], setools.seinfo(setools.ROLE)) - roles.remove("object_r") - roles.sort() - return roles - -def get_all_attributes(): - attributes = map(lambda x: x['name'], setools.seinfo(setools.ATTRIBUTE)) - attributes.sort() - return attributes - -def get_all_domains(): - all_domains = [] - types=get_all_types() - types.sort() - for i in types: - m = re.findall("(.*)%s" % "_exec_t$", i) - if len(m) > 0: - if len(re.findall("(.*)%s" % "_initrc$", m[0])) == 0 and m[0] not in all_domains: - all_domains.append(m[0]) - return all_domains - -def get_all_modules(): - try: - all_modules = [] - rc, output=commands.getstatusoutput("semodule -l 2>/dev/null") - if rc == 0: - l = output.split("\n") - for i in l: - all_modules.append(i.split()[0]) - except: - pass - - return all_modules - -def get_all_users(): - users = map(lambda x: x['name'], setools.seinfo(setools.USER)) - users.remove("system_u") - users.remove("root") - users.sort() - return users - -ALL = 0 -RESERVED = 1 -UNRESERVED = 2 -PORTS = 3 -ADMIN_TRANSITION_INTERFACE = "_admin$" -USER_TRANSITION_INTERFACE = "_role$" - -DAEMON = 0 -DBUS = 1 -INETD = 2 -CGI = 3 -USER = 4 -SANDBOX = 5 -TUSER = 6 -XUSER = 7 -LUSER = 8 -AUSER = 9 -RUSER = 10 -EUSER = 11 - -poltype={} -poltype[DAEMON] = _("Standard Init Daemon") -poltype[DBUS] = _("DBUS System Daemon") -poltype[INETD] = _("Internet Services Daemon") -poltype[CGI] = _("Web Application/Script (CGI)") -poltype[USER] = _("User Application") -poltype[SANDBOX] = _("Sandbox") -poltype[TUSER] = _("Minimal Terminal User Role") -poltype[XUSER] = _("Minimal X Windows User Role") -poltype[LUSER] = _("User Role") -poltype[AUSER] = _("Admin User Role") -poltype[RUSER] = _("Root Admin User Role") - -APPLICATIONS = [ DAEMON, DBUS, INETD, USER, CGI ] -USERS = [ XUSER, TUSER, LUSER, AUSER, EUSER, RUSER] - -def verify_ports(ports): - if ports == "": - return [] - max_port=2**16 - try: - temp = [] - for a in ports.split(","): - r = a.split("-") - if len(r) > 2: - raise ValueError - if len(r) == 1: - begin = int (r[0]) - end = int (r[0]) - else: - begin = int (r[0]) - end = int (r[1]) - - if begin > end: - raise ValueError - - for p in range(begin, end + 1): - if p < 1 or p > max_port: - raise ValueError - temp.append(p) - return temp - except ValueError: - raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port )) - -class policy: - - def __init__(self, name, type): - self.ports = [] - try: - self.ports = get_all_ports() - except ValueError, e: - print "Can not get port types, must be root for this information" - except RuntimeError, e: - print "Can not get port types", e - - self.symbols = {} - self.symbols["openlog"] = "set_use_kerberos(True)" - self.symbols["openlog"] = "set_use_kerb_rcache(True)" - self.symbols["openlog"] = "set_use_syslog(True)" - self.symbols["gethostby"] = "set_use_resolve(True)" - self.symbols["getaddrinfo"] = "set_use_resolve(True)" - self.symbols["getnameinfo"] = "set_use_resolve(True)" - self.symbols["krb"] = "set_use_kerberos(True)" - self.symbols["gss_accept_sec_context"] = "set_manage_krb5_rcache(True)" - self.symbols["krb5_verify_init_creds"] = "set_manage_krb5_rcache(True)" - self.symbols["krb5_rd_req"] = "set_manage_krb5_rcache(True)" - self.symbols["__syslog_chk"] = "set_use_syslog(True)" - self.symbols["getpwnam"] = "set_use_uid(True)" - self.symbols["getpwuid"] = "set_use_uid(True)" - self.symbols["dbus_"] = "set_use_dbus(True)" - self.symbols["pam_"] = "set_use_pam(True)" - self.symbols["pam_"] = "set_use_audit(True)" - self.symbols["fork"] = "add_process('fork')" - self.symbols["transition"] = "add_process('transition')" - self.symbols["sigchld"] = "add_process('sigchld')" - self.symbols["sigkill"] = "add_process('sigkill')" - self.symbols["sigstop"] = "add_process('sigstop')" - self.symbols["signull"] = "add_process('signull')" - self.symbols["signal"] = "add_process('signal')" - self.symbols["ptrace"] = "add_process('ptrace')" - self.symbols["getsched"] = "add_process('getsched')" - self.symbols["setsched"] = "add_process('setsched')" - self.symbols["getsession"] = "add_process('getsession')" - self.symbols["getpgid"] = "add_process('getpgid')" - self.symbols["setpgid"] = "add_process('setpgid')" - self.symbols["getcap"] = "add_process('getcap')" - self.symbols["setcap"] = "add_process('setcap')" - self.symbols["share"] = "add_process('share')" - self.symbols["getattr"] = "add_process('getattr')" - self.symbols["setexec"] = "add_process('setexec')" - self.symbols["setfscreate"] = "add_process('setfscreate')" - self.symbols["noatsecure"] = "add_process('noatsecure')" - self.symbols["siginh"] = "add_process('siginh')" - self.symbols["setrlimit"] = "add_process('setrlimit')" - self.symbols["rlimitinh"] = "add_process('rlimitinh')" - self.symbols["dyntransition"] = "add_process('dyntransition')" - self.symbols["setcurrent"] = "add_process('setcurrent')" - self.symbols["execmem"] = "add_process('execmem')" - self.symbols["execstack"] = "add_process('execstack')" - self.symbols["execheap"] = "add_process('execheap')" - self.symbols["setkeycreate"] = "add_process('setkeycreate')" - self.symbols["setsockcreate"] = "add_process('setsockcreate')" - - self.symbols["chown"] = "add_capability('chown')" - self.symbols["dac_override"] = "add_capability('dac_override')" - self.symbols["dac_read_search"] = "add_capability('dac_read_search')" - self.symbols["fowner"] = "add_capability('fowner')" - self.symbols["fsetid"] = "add_capability('fsetid')" - self.symbols["kill"] = "add_capability('kill')" - self.symbols["setgid"] = "add_capability('setgid')" - self.symbols["setresuid"] = "add_capability('setuid')" - self.symbols["setuid"] = "add_capability('setuid')" - self.symbols["setpcap"] = "add_capability('setpcap')" - self.symbols["linux_immutable"] = "add_capability('linux_immutable')" - self.symbols["net_bind_service"] = "add_capability('net_bind_service')" - self.symbols["net_broadcast"] = "add_capability('net_broadcast')" - self.symbols["net_admin"] = "add_capability('net_admin')" - self.symbols["net_raw"] = "add_capability('net_raw')" - self.symbols["ipc_lock"] = "add_capability('ipc_lock')" - self.symbols["ipc_owner"] = "add_capability('ipc_owner')" - self.symbols["sys_module"] = "add_capability('sys_module')" - self.symbols["sys_rawio"] = "add_capability('sys_rawio')" - self.symbols["chroot"] = "add_capability('sys_chroot')" - self.symbols["sys_chroot"] = "add_capability('sys_chroot')" - self.symbols["sys_ptrace"] = "add_capability('sys_ptrace')" - self.symbols["sys_pacct"] = "add_capability('sys_pacct')" - self.symbols["mount"] = "add_capability('sys_admin')" - self.symbols["unshare"] = "add_capability('sys_admin')" - self.symbols["sys_admin"] = "add_capability('sys_admin')" - self.symbols["sys_boot"] = "add_capability('sys_boot')" - self.symbols["sys_nice"] = "add_capability('sys_nice')" - self.symbols["sys_resource"] = "add_capability('sys_resource')" - self.symbols["sys_time"] = "add_capability('sys_time')" - self.symbols["sys_tty_config"] = "add_capability('sys_tty_config')" - self.symbols["mknod"] = "add_capability('mknod')" - self.symbols["lease"] = "add_capability('lease')" - self.symbols["audit_write"] = "add_capability('audit_write')" - self.symbols["audit_control"] = "add_capability('audit_control')" - self.symbols["setfcap"] = "add_capability('setfcap')" - - self.DEFAULT_DIRS = {} - self.DEFAULT_DIRS["/etc"] = ["etc_rw", [], etc_rw]; - self.DEFAULT_DIRS["/tmp"] = ["tmp", [], tmp]; - self.DEFAULT_DIRS["rw"] = ["rw", [], rw]; - self.DEFAULT_DIRS["/usr/lib/systemd/system"] = ["unit_file", [], unit_file]; - self.DEFAULT_DIRS["/lib/systemd/system"] = ["unit_file", [], unit_file]; - self.DEFAULT_DIRS["/etc/systemd/system"] = ["unit_file", [], unit_file]; - self.DEFAULT_DIRS["/var/cache"] = ["var_cache", [], var_cache]; - self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib]; - self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log]; - self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run]; - self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool]; - - self.DEFAULT_KEYS=["/etc", "/var/cache", "/var/log", "/tmp", "rw", "/var/lib", "/var/run", "/var/spool", "/etc/systemd/system", "/usr/lib/systemd/system", "/lib/systemd/system" ] - - self.DEFAULT_TYPES = (\ -( self.generate_daemon_types, self.generate_daemon_rules), \ -( self.generate_dbusd_types, self.generate_dbusd_rules), \ -( self.generate_inetd_types, self.generate_inetd_rules), \ -( self.generate_cgi_types, self.generate_cgi_rules), \ -( self.generate_sandbox_types, self.generate_sandbox_rules), \ -( self.generate_userapp_types, self.generate_userapp_rules), \ -( self.generate_existing_user_types, self.generate_existing_user_rules), \ -( self.generate_min_login_user_types, self.generate_login_user_rules), \ -( self.generate_x_login_user_types, self.generate_x_login_user_rules), \ -( self.generate_login_user_types, self.generate_login_user_rules), \ -( self.generate_admin_user_types, self.generate_login_user_rules), \ -( self.generate_root_user_types, self.generate_root_user_rules)) - if name == "": - raise ValueError(_("You must enter a name for your confined process/user")) - if not name.isalnum(): - raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\"")) - - if type == CGI: - self.name = "httpd_%s_script" % name - else: - self.name = name - - self.file_name = name - - self.capabilities = [] - self.processes = [] - self.type = type - self.initscript = "" - self.program = "" - self.in_tcp = [False, False, False, []] - self.in_udp = [False, False, False, []] - self.out_tcp = [False, False, False, []] - self.out_udp = [False, False, False, []] - self.use_resolve = False - self.use_tmp = False - self.use_uid = False - self.use_syslog = False - self.use_kerberos = False - self.manage_krb5_rcache = False - self.use_pam = False - self.use_dbus = False - self.use_audit = False - self.use_etc = True - self.use_localization = True - self.use_fd = True - self.use_terminal = False - self.use_mail = False - self.booleans = {} - self.files = {} - self.dirs = {} - self.found_tcp_ports=[] - self.found_udp_ports=[] - self.need_tcp_type=False - self.need_udp_type=False - self.admin_domains = [] - self.transition_domains = [] - self.transition_users = [] - self.roles = [] - - def __isnetset(self, l): - return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0 - - def set_admin_domains(self, admin_domains): - self.admin_domains = admin_domains - - def set_admin_roles(self, roles): - self.roles = roles - - def set_transition_domains(self, transition_domains): - self.transition_domains = transition_domains - - def set_transition_users(self, transition_users): - self.transition_users = transition_users - - def use_in_udp(self): - return self.__isnetset(self.in_udp) - - def use_out_udp(self): - return self.__isnetset(self.out_udp) - - def use_udp(self): - return self.use_in_udp() or self.use_out_udp() - - def use_in_tcp(self): - return self.__isnetset(self.in_tcp) - - def use_out_tcp(self): - return self.__isnetset(self.out_tcp) - - def use_tcp(self): - return self.use_in_tcp() or self.use_out_tcp() - - def use_network(self): - return self.use_tcp() or self.use_udp() - - def find_port(self, port, protocol="tcp"): - for begin,end,p in self.ports.keys(): - if port >= begin and port <= end and protocol == p: - return self.ports[begin, end, protocol] - return None - - def set_program(self, program): - if self.type not in APPLICATIONS: - raise ValueError(_("User Role types can not be assigned executables.")) - - self.program = program - - def set_init_script(self, initscript): - if self.type != DAEMON: - raise ValueError(_("Only Daemon apps can use an init script..")) - - self.initscript = initscript - - def set_in_tcp(self, all, reserved, unreserved, ports): - self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)] - - def set_in_udp(self, all, reserved, unreserved, ports): - self.in_udp = [ all, reserved, unreserved, verify_ports(ports)] - - def set_out_tcp(self, all, ports): - self.out_tcp = [ all , False, False, verify_ports(ports) ] - - def set_out_udp(self, all, ports): - self.out_udp = [ all , False, False, verify_ports(ports) ] - - def set_use_resolve(self, val): - if val != True and val != False: - raise ValueError(_("use_resolve must be a boolean value ")) - - self.use_resolve = val - - def set_use_syslog(self, val): - if val != True and val != False: - raise ValueError(_("use_syslog must be a boolean value ")) - - self.use_syslog = val - - def set_use_kerberos(self, val): - if val != True and val != False: - raise ValueError(_("use_kerberos must be a boolean value ")) - - self.use_kerberos = val - - def set_manage_krb5_rcache(self, val): - if val != True and val != False: - raise ValueError(_("manage_krb5_rcache must be a boolean value ")) - - self.manage_krb5_rcache = val - - def set_use_pam(self, val): - self.use_pam = val == True - - def set_use_dbus(self, val): - self.use_dbus = val == True - - def set_use_audit(self, val): - self.use_audit = val == True - - def set_use_etc(self, val): - self.use_etc = val == True - - def set_use_localization(self, val): - self.use_localization = val == True - - def set_use_fd(self, val): - self.use_fd = val == True - - def set_use_terminal(self, val): - self.use_terminal = val == True - - def set_use_mail(self, val): - self.use_mail = val == True - - def set_use_tmp(self, val): - if self.type in USERS: - raise ValueError(_("USER Types automatically get a tmp type")) - - if val: - self.DEFAULT_DIRS["/tmp"][1].append("/tmp"); - else: - self.DEFAULT_DIRS["/tmp"][1]=[] - - def set_use_uid(self, val): - self.use_uid = val == True - - def generate_uid_rules(self): - if self.use_uid: - return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules) - else: - return "" - - def generate_syslog_rules(self): - if self.use_syslog: - return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules) - else: - return "" - - def generate_resolve_rules(self): - if self.use_resolve: - return re.sub("TEMPLATETYPE", self.name, executable.te_resolve_rules) - else: - return "" - - def generate_kerberos_rules(self): - if self.use_kerberos: - return re.sub("TEMPLATETYPE", self.name, executable.te_kerberos_rules) - else: - return "" - - def generate_manage_krb5_rcache_rules(self): - if self.manage_krb5_rcache: - return re.sub("TEMPLATETYPE", self.name, executable.te_manage_krb5_rcache_rules) - else: - return "" - - def generate_pam_rules(self): - newte ="" - if self.use_pam: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules) - return newte - - def generate_audit_rules(self): - newte ="" - if self.use_audit: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_audit_rules) - return newte - - def generate_etc_rules(self): - newte ="" - if self.use_etc: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_etc_rules) - return newte - - def generate_fd_rules(self): - newte ="" - if self.use_fd: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_fd_rules) - return newte - - def generate_localization_rules(self): - newte ="" - if self.use_localization: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_localization_rules) - return newte - - def generate_dbus_rules(self): - newte ="" - if self.type != DBUS and self.use_dbus: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_dbus_rules) - return newte - - def generate_mail_rules(self): - newte ="" - if self.use_mail: - newte = re.sub("TEMPLATETYPE", self.name, executable.te_mail_rules) - return newte - - def generate_network_action(self, protocol, action, port_name): - line = "" - method = "corenet_%s_%s_%s" % (protocol, action, port_name) - if method in methods: - line = "%s(%s_t)\n" % (method, self.name) - else: - line = """ -gen_require(` - type %s_t; -') -allow %s_t %s_t:%s_socket name_%s; -""" % (port_name, self.name, port_name, protocol, action) - return line - - def generate_network_types(self): - for i in self.in_tcp[PORTS]: - rec = self.find_port(int(i), "tcp") - if rec == None: - self.need_tcp_type = True; - else: - port_name = rec[0][:-2] - line = self.generate_network_action("tcp", "bind", port_name) -# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name) - if line not in self.found_tcp_ports: - self.found_tcp_ports.append(line) - - for i in self.out_tcp[PORTS]: - rec = self.find_port(int(i), "tcp") - if rec == None: - self.need_tcp_type = True; - else: - port_name = rec[0][:-2] - line = self.generate_network_action("tcp", "connect", port_name) -# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name) - if line not in self.found_tcp_ports: - self.found_tcp_ports.append(line) - - for i in self.in_udp[PORTS]: - rec = self.find_port(int(i),"udp") - if rec == None: - self.need_udp_type = True; - else: - port_name = rec[0][:-2] - line = self.generate_network_action("udp", "bind", port_name) -# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name) - if line not in self.found_udp_ports: - self.found_udp_ports.append(line) - - if self.need_udp_type == True or self.need_tcp_type == True: - return re.sub("TEMPLATETYPE", self.name, network.te_port_types) - return "" - - def __find_path(self, file): - for d in self.DEFAULT_DIRS: - if file.find(d) == 0: - self.DEFAULT_DIRS[d][1].append(file) - return self.DEFAULT_DIRS[d] - self.DEFAULT_DIRS["rw"][1].append(file) - return self.DEFAULT_DIRS["rw"] - - def add_capability(self, capability): - if capability not in self.capabilities: - self.capabilities.append(capability) - - def add_process(self, process): - if process not in self.processes: - self.processes.append(process) - - def add_boolean(self, name, description): - self.booleans[name] = description - - def add_file(self, file): - self.files[file] = self.__find_path(file) - - def add_dir(self, file): - self.dirs[file] = self.__find_path(file) - - def generate_capabilities(self): - newte = "" - self.capabilities.sort() - if len(self.capabilities) > 0: - newte = "allow %s_t self:capability { %s };\n" % (self.name, " ".join(self.capabilities)) - return newte - - def generate_process(self): - newte = "" - self.processes.sort() - if len(self.processes) > 0: - newte = "allow %s_t self:process { %s };\n" % (self.name, " ".join(self.processes)) - return newte - - - def generate_network_rules(self): - newte = "" - if self.use_network(): - newte = "\n" - - newte += re.sub("TEMPLATETYPE", self.name, network.te_network) - - if self.use_tcp(): - newte += "\n" - newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp) - - if self.use_in_tcp(): - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp) - - if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp) - - if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0: - newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp) - - - if self.in_tcp[ALL]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp) - if self.in_tcp[RESERVED]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp) - if self.in_tcp[UNRESERVED]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp) - - if self.out_tcp[ALL]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp) - if self.out_tcp[RESERVED]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp) - if self.out_tcp[UNRESERVED]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp) - - for i in self.found_tcp_ports: - newte += i - - if self.use_udp(): - newte += "\n" - newte += re.sub("TEMPLATETYPE", self.name, network.te_udp) - - if self.need_udp_type: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp) - if self.use_in_udp(): - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp) - if self.in_udp[ALL]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp) - if self.in_udp[RESERVED]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp) - if self.in_udp[UNRESERVED]: - newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp) - - for i in self.found_udp_ports: - newte += i - return newte - - def generate_transition_rules(self): - newte = "" - for app in self.transition_domains: - tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules) - newte += re.sub("APPLICATION", app, tmp) - - if self.type == USER: - for u in self.transition_users: - temp = re.sub("TEMPLATETYPE", self.name, executable.te_run_rules) - newte += re.sub("USER", u.split("_u")[0], temp) - - return newte - - def generate_admin_rules(self): - newte = "" - if self.type == RUSER: - newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules) - - for app in self.admin_domains: - tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules) - newte += re.sub("APPLICATION", app, tmp) - - all_roles = [] - try: - all_roles = get_all_roles() - except ValueError, e: - print "Can not get all roles, must be root for this information" - except RuntimeError, e: - print "Can not get all roles", e - - for u in self.transition_users: - role = u.split("_u")[0] - - if (role + "_r") in all_roles: - tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_trans_rules) - newte += re.sub("USER", role, tmp) - - return newte - - def generate_dbus_if(self): - newif = "" - if self.use_dbus: - newif = re.sub("TEMPLATETYPE", self.name, executable.if_dbus_rules) - return newif - - def generate_sandbox_if(self): - newif = "" - if self.type != SANDBOX: - return newif - newif = re.sub("TEMPLATETYPE", self.name, executable.if_sandbox_rules) - return newif - - - def generate_admin_if(self): - newif = "" - newtypes = "" - if self.initscript != "": - newtypes += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin_types) - newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin) - for d in self.DEFAULT_KEYS: - if len(self.DEFAULT_DIRS[d][1]) > 0: - newtypes += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_types) - newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules) - - if newif != "": - ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin) - ret += newtypes - - ret += re.sub("TEMPLATETYPE", self.name, executable.if_middle_admin) - ret += newif - ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin) - return ret - - return "" - - def generate_cgi_types(self): - return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types) - - def generate_sandbox_types(self): - return re.sub("TEMPLATETYPE", self.file_name, executable.te_sandbox_types) - - def generate_userapp_types(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types) - - def generate_inetd_types(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types) - - def generate_dbusd_types(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_types) - - def generate_min_login_user_types(self): - return re.sub("TEMPLATETYPE", self.name, user.te_min_login_user_types) - - def generate_login_user_types(self): - return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types) - - def generate_admin_user_types(self): - return re.sub("TEMPLATETYPE", self.name, user.te_admin_user_types) - - def generate_existing_user_types(self): - return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_types) - - def generate_x_login_user_types(self): - return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types) - - def generate_root_user_types(self): - return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types) - - def generate_daemon_types(self): - newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types) - if self.initscript != "": - newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types) - return newte - - def generate_tmp_types(self): - if self.use_tmp: - return re.sub("TEMPLATETYPE", self.name, tmp.te_types) - else: - return "" - - def generate_booleans(self): - newte = "" - for b in self.booleans: - tmp = re.sub("BOOLEAN", b, boolean.te_boolean) - newte += re.sub("DESCRIPTION", self.booleans[b], tmp) - return newte - - def generate_boolean_rules(self): - newte = "" - for b in self.booleans: - newte += re.sub("BOOLEAN", b, boolean.te_rules) - return newte - - def generate_sandbox_te(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_types) - - def generate_cgi_te(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types) - - def generate_daemon_rules(self): - newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules) - - return newif - - def generate_login_user_rules(self): - return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules) - - def generate_existing_user_rules(self): - return re.sub("TEMPLATETYPE", self.name, user.te_existing_user_rules) - - def generate_x_login_user_rules(self): - return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules) - - def generate_root_user_rules(self): - newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules) - return newte - - def generate_userapp_rules(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules) - - def generate_inetd_rules(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules) - - def generate_dbusd_rules(self): - return re.sub("TEMPLATETYPE", self.name, executable.te_dbusd_rules) - - def generate_tmp_rules(self): - if self.use_tmp: - return re.sub("TEMPLATETYPE", self.name, tmp.te_rules) - else: - return "" - - def generate_cgi_rules(self): - newte = "" - newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules) - return newte - - def generate_sandbox_rules(self): - newte = "" - newte += re.sub("TEMPLATETYPE", self.name, executable.te_sandbox_rules) - return newte - - def generate_user_if(self): - newif ="" - if self.use_terminal or self.type == USER: - newif = re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules) - - if self.type in ( TUSER, XUSER, AUSER, LUSER): - newif += re.sub("TEMPLATETYPE", self.name, executable.if_role_change_rules) - return newif - - def generate_if(self): - newif = "" - newif += re.sub("TEMPLATETYPE", self.name, executable.if_heading_rules) - if self.program != "": - newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules) - if self.initscript != "": - newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules) - - for d in self.DEFAULT_KEYS: - if len(self.DEFAULT_DIRS[d][1]) > 0: - newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules) - for i in self.DEFAULT_DIRS[d][1]: - if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): - newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules) - break - newif += self.generate_user_if() - newif += self.generate_dbus_if() - newif += self.generate_admin_if() - newif += self.generate_sandbox_if() - - return newif - - def generate_default_types(self): - return self.DEFAULT_TYPES[self.type][0]() - - def generate_default_rules(self): - return self.DEFAULT_TYPES[self.type][1]() - - def generate_roles_rules(self): - newte = "" - if self.type in ( TUSER, XUSER, AUSER, LUSER, EUSER): - roles = "" - if len(self.roles) > 0: - newte += re.sub("TEMPLATETYPE", self.name, user.te_sudo_rules) - newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules) - for role in self.roles: - tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules) - newte += re.sub("ROLE", role, tmp) - return newte - - def generate_te(self): - newte = self.generate_default_types() - for d in self.DEFAULT_KEYS: - if len(self.DEFAULT_DIRS[d][1]) > 0: - # CGI scripts already have a rw_t - if self.type != CGI or d != "rw": - newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types) - - newte +=""" -######################################## -# -# %s local policy -# -""" % self.name - newte += self.generate_capabilities() - newte += self.generate_process() - newte += self.generate_network_types() - newte += self.generate_tmp_types() - newte += self.generate_booleans() - newte += self.generate_default_rules() - newte += self.generate_boolean_rules() - - for d in self.DEFAULT_KEYS: - if len(self.DEFAULT_DIRS[d][1]) > 0: - newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules) - for i in self.DEFAULT_DIRS[d][1]: - if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): - newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules) - break - - newte += self.generate_tmp_rules() - newte += self.generate_network_rules() - newte += self.generate_fd_rules() - newte += self.generate_etc_rules() - newte += self.generate_pam_rules() - newte += self.generate_uid_rules() - newte += self.generate_audit_rules() - newte += self.generate_syslog_rules() - newte += self.generate_localization_rules() - newte += self.generate_resolve_rules() - newte += self.generate_roles_rules() - newte += self.generate_mail_rules() - newte += self.generate_transition_rules() - newte += self.generate_admin_rules() - newte += self.generate_dbus_rules() - newte += self.generate_kerberos_rules() - newte += self.generate_manage_krb5_rcache_rules() - - return newte - - def generate_fc(self): - newfc = "" - fclist = [] - if self.type in USERS + [ SANDBOX ]: - return re.sub("EXECUTABLE", self.program, executable.fc_user) - if self.program == "": - raise ValueError(_("You must enter the executable path for your confined process")) - - t1 = re.sub("EXECUTABLE", self.program, executable.fc_program) - fclist.append(re.sub("TEMPLATETYPE", self.name, t1)) - - if self.initscript != "": - t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript) - fclist.append(re.sub("TEMPLATETYPE", self.name, t1)) - - for i in self.files.keys(): - if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]): - t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file) - else: - t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file) - t2 = re.sub("FILENAME", i, t1) - fclist.append(re.sub("FILETYPE", self.files[i][0], t2)) - - for i in self.dirs.keys(): - t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir) - t2 = re.sub("FILENAME", i, t1) - fclist.append(re.sub("FILETYPE", self.dirs[i][0], t2)) - - fclist.sort() - newfc="\n".join(fclist) - return newfc - - def generate_user_sh(self): - newsh = "" - if self.type not in ( TUSER, XUSER, AUSER, LUSER, EUSER): - return newsh - - roles = "" - for role in self.roles: - roles += " %s_r" % role - if roles != "": - roles += " system_r" - if self.type == EUSER: - tmp = re.sub("TEMPLATETYPE", self.name, script.eusers) - else: - tmp = re.sub("TEMPLATETYPE", self.name, script.users) - newsh += re.sub("ROLES", roles, tmp) - - if self.type == RUSER: - for u in self.transition_users: - tmp = re.sub("TEMPLATETYPE", self.name, script.admin_trans) - newsh += re.sub("USER", u, tmp) - - if self.type == LUSER: - newsh += re.sub("TEMPLATETYPE", self.name, script.min_login_user_default_context) - else: - newsh += re.sub("TEMPLATETYPE", self.name, script.x_login_user_default_context) - - - return newsh - - def generate_sh(self): - temp = re.sub("TEMPLATETYPE", self.file_name, script.compile) - if self.type == EUSER: - newsh = re.sub("TEMPLATEFILE", "my%s" % self.file_name, temp) - else: - newsh = re.sub("TEMPLATEFILE", self.file_name, temp) - if self.program != "": - newsh += re.sub("FILENAME", self.program, script.restorecon) - if self.initscript != "": - newsh += re.sub("FILENAME", self.initscript, script.restorecon) - - for i in self.files.keys(): - newsh += re.sub("FILENAME", i, script.restorecon) - - for i in self.dirs.keys(): - newsh += re.sub("FILENAME", i, script.restorecon) - - for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]: - if self.find_port(i,"tcp") == None: - t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports) - newsh += re.sub("TEMPLATETYPE", self.name, t1) - - for i in self.in_udp[PORTS]: - if self.find_port(i,"udp") == None: - t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports) - newsh += re.sub("TEMPLATETYPE", self.name, t1) - - newsh += self.generate_user_sh() - - return newsh - - def write_te(self, out_dir): - if self.type == EUSER: - tefile = "%s/my%s.te" % (out_dir, self.file_name) - else: - tefile = "%s/%s.te" % (out_dir, self.file_name) - fd = open(tefile, "w") - fd.write(self.generate_te()) - fd.close() - return tefile - - def write_sh(self, out_dir): - if self.type == EUSER: - shfile = "%s/my%s.sh" % (out_dir, self.file_name) - else: - shfile = "%s/%s.sh" % (out_dir, self.file_name) - fd = open(shfile, "w") - fd.write(self.generate_sh()) - fd.close() - os.chmod(shfile, 0750) - return shfile - - def write_if(self, out_dir): - if self.type == EUSER: - iffile = "%s/my%s.if" % (out_dir, self.file_name) - else: - iffile = "%s/%s.if" % (out_dir, self.file_name) - fd = open(iffile, "w") - fd.write(self.generate_if()) - fd.close() - return iffile - - def write_fc(self,out_dir): - if self.type == EUSER: - fcfile = "%s/my%s.fc" % (out_dir, self.file_name) - else: - fcfile = "%s/%s.fc" % (out_dir, self.file_name) - fd = open(fcfile, "w") - fd.write(self.generate_fc()) - fd.close() - return fcfile - - def gen_writeable(self): - fd = os.popen("rpm -qlf %s" % self.program) - for f in fd.read().split(): - for b in self.DEFAULT_DIRS: - if b == "/etc": - continue - if f.startswith(b): - if os.path.isfile(f): - self.add_file(f) - else: - self.add_dir(f) - fd.close() - - # some packages have own systemd subpackage - # tor-systemd for example - binary_name = self.program.split("/")[-1] - rc, output = commands.getstatusoutput("rpm -q %s-systemd" % binary_name) - if rc == 0: - fd = os.popen("rpm -ql %s-systemd" % binary_name) - for f in fd.read().split(): - for b in self.DEFAULT_DIRS: - if f.startswith(b): - if os.path.isfile(f): - self.add_file(f) - else: - self.add_dir(f) - fd.close() - - if os.path.isfile("/var/run/%s.pid" % self.name): - self.add_file("/var/run/%s.pid" % self.name) - - if os.path.isfile("/etc/rc.d/init.d/%s" % self.name): - self.set_init_script("/etc/rc\.d/init\.d/%s" % self.name) - - def gen_symbols(self): - if self.type not in APPLICATIONS: - return - - fd = os.popen("nm -D %s | grep U" % self.program) - for s in fd.read().split(): - for b in self.symbols: - if s.startswith(b): - exec "self.%s" % self.symbols[b] - fd.close() - - def generate(self, out_dir = "."): - self.write_te(out_dir) - self.write_if(out_dir) - self.write_fc(out_dir) - self.write_sh(out_dir) - out = "Created the following files in:\n%s/\n" % out_dir - out += "%s.te # %s\n" % (self.file_name, _("Type Enforcement file")) - out += "%s.if # %s\n" % (self.file_name, _("Interface file")) - out += "%s.fc # %s\n" % (self.file_name, _("File Contexts file")) - out += "%s.sh # %s\n" % (self.file_name, _("Setup Script")) - return out - -def errorExit(error): - sys.stderr.write("%s: " % sys.argv[0]) - sys.stderr.write("%s\n" % error) - sys.stderr.flush() - sys.exit(1) - -def test(): - import tempfile - - tmpdir = tempfile.mkdtemp(prefix="polgen_") - - mypolicy = policy("myrwho", DAEMON) - mypolicy.set_program("/usr/sbin/myrwhod") - mypolicy.set_init_script("/etc/init.d/myrwhod") - mypolicy.add_dir("/etc/nasd") - mypolicy.set_in_tcp(1, 0, 0, "513") - mypolicy.set_use_uid(True) - mypolicy.set_use_tmp(True) - mypolicy.set_use_syslog(True) - mypolicy.set_use_pam(True) - mypolicy.add_dir("/var/run/myrwho") - mypolicy.add_dir("/var/lib/myrwho") - print mypolicy.generate(tmpdir) - - mypolicy = policy("mywhois", USER) - mypolicy.set_program("/usr/bin/jwhois") - mypolicy.set_out_tcp(0, "43,63,4321") - mypolicy.set_out_udp(0, "43,63,4321") - mypolicy.add_dir("/var/cache/jwhois") - mypolicy.set_transition_users(["staff_u"]) - print mypolicy.generate(tmpdir) - - mypolicy = policy("mytuser", TUSER) - mypolicy.set_admin_roles(["mydbadm"]) - mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications") - print mypolicy.generate(tmpdir) - - mypolicy = policy("mycgi", CGI) - mypolicy.set_program("/var/www/cgi-bin/cgi") - mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000") - mypolicy.set_in_udp(1, 0, 0, "1513") - mypolicy.set_use_uid(True) - mypolicy.set_use_tmp(False) - mypolicy.set_use_syslog(True) - mypolicy.set_use_pam(True) - mypolicy.set_out_tcp(0,"8000") - print mypolicy.generate(tmpdir) - - mypolicy = policy("myinetd", INETD) - mypolicy.set_program("/usr/bin/mytest") - mypolicy.set_in_tcp(1, 0, 0, "513") - mypolicy.set_in_udp(1, 0, 0, "1513") - mypolicy.set_use_uid(True) - mypolicy.set_use_tmp(True) - mypolicy.set_use_syslog(True) - mypolicy.set_use_pam(True) - mypolicy.add_file("/var/lib/mysql/mysql.sock") - mypolicy.add_file("/var/run/rpcbind.sock") - mypolicy.add_file("/var/run/daemon.pub") - mypolicy.add_file("/var/log/daemon.log") - mypolicy.add_dir("/var/lib/daemon") - mypolicy.add_dir("/etc/daemon") - mypolicy.add_dir("/etc/daemon/special") - mypolicy.set_use_uid(True) - mypolicy.set_use_syslog(True) - mypolicy.set_use_pam(True) - mypolicy.set_use_audit(True) - mypolicy.set_use_dbus(True) - mypolicy.set_use_terminal(True) - mypolicy.set_use_mail(True) - mypolicy.set_out_tcp(0,"8000") - print mypolicy.generate(tmpdir) - - - mypolicy = policy("mydbus", DBUS) - mypolicy.set_program("/usr/libexec/mydbus") - mypolicy.set_in_tcp(1, 0, 0, "513") - mypolicy.set_in_udp(1, 0, 0, "1513") - mypolicy.set_use_uid(True) - mypolicy.set_use_tmp(True) - mypolicy.set_use_syslog(True) - mypolicy.set_use_pam(True) - print mypolicy.generate(tmpdir) - - mypolicy = policy("myxuser", XUSER) - mypolicy.set_in_tcp(1, 1, 1, "28920") - mypolicy.set_in_udp(0, 0, 1, "1513") - mypolicy.set_transition_domains(["mozilla"]) - print mypolicy.generate(tmpdir) - - mypolicy = policy("myuser", USER) - mypolicy.set_program("/usr/bin/myuser") - mypolicy.set_in_tcp(1, 0, 0, "513") - mypolicy.set_in_udp(1, 0, 0, "1513") - mypolicy.set_use_uid(True) - mypolicy.set_use_tmp(True) - mypolicy.set_use_syslog(True) - mypolicy.set_use_pam(True) - mypolicy.add_file("/var/lib/myuser/myuser.sock") - mypolicy.set_out_tcp(0,"8000") - mypolicy.set_transition_users(["unconfined_u", "staff_u"]) - print mypolicy.generate(tmpdir) - - mypolicy = policy("mysandbox", SANDBOX) - mypolicy.set_out_udp(0, "993") - print mypolicy.generate("/tmp") - - mypolicy = policy("mydbadm", RUSER) - mypolicy.set_admin_domains(["postgresql", "mysql"]) - print mypolicy.generate(tmpdir) - os.chdir(tmpdir) - rc, output=commands.getstatusoutput("make -f /usr/share/selinux/devel/Makefile") - print output - sys.exit(os.WEXITSTATUS(rc)) - -import os, sys, getopt, socket, random, fcntl - -def usage(msg): - print _(""" -%s - -sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ] -valid Types: -""") % msg - keys=poltype.keys() - for i in keys: - print "\t%s\t%s" % (i, poltype[i]) - sys.exit(-1) - -if __name__ == '__main__': - setype = DAEMON - name = None - try: - gopts, cmds = getopt.getopt(sys.argv[1:], "ht:mn:", - ["type=", - "mount", - "test", - "name=", - "help"]) - for o, a in gopts: - if o == "-t" or o == "--type": - try: - if int(a) not in poltype: - usage ("invalid type %s" % a ) - except: - usage ("invalid type %s" % a ) - - setype = int(a) - - if o == "-m" or o == "--mount": - mount_ind = True - - if o == "-n" or o == "--name": - name = a - - if o == "-h" or o == "--help": - usage("") - - if o == "--test": - test() - sys.exit(0) - - except getopt.error, error: - usage(_("Options Error %s ") % error.msg) - - if len(cmds) == 0: - usage(_("Executable or Name required")) - - try: - cmd = os.path.realpath(cmds[0]) - if not name: - name = os.path.basename(cmd).replace("-","_") - - print("Generating Policy for %s named %s" % (cmd, name)) - mypolicy = policy(name, setype) - if setype not in USERS + [ SANDBOX ]: - mypolicy.set_program(cmd) - - if setype in APPLICATIONS: - mypolicy.gen_writeable() - mypolicy.gen_symbols() - print mypolicy.generate() - sys.exit(0) - except ValueError, e: - usage(e) diff --git a/policycoreutils/gui/polgengui.py b/policycoreutils/gui/polgengui.py index 0460a33..c5d80b7 100644 --- a/policycoreutils/gui/polgengui.py +++ b/policycoreutils/gui/polgengui.py @@ -4,7 +4,7 @@ # # Dan Walsh # -# Copyright (C) 2007-2011 Red Hat +# Copyright (C) 2007-2012 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,9 +28,24 @@ import os import gobject import gnome import sys -import polgen +from sepolicy import generate +import commands + import re +def get_all_modules(): + try: + all_modules = [] + rc, output=commands.getstatusoutput("semodule -l 2>/dev/null") + if rc == 0: + l = output.split("\n") + for i in l: + all_modules.append(i.split()[0]) + except: + pass + + return all_modules + ## ## I18N @@ -169,10 +184,10 @@ class childWindow: self.tooltip_dict[label] = label.get_tooltip_text() try: - self.all_types = polgen.get_all_types() - self.all_modules = polgen.get_all_modules() - self.all_roles = polgen.get_all_roles() - self.all_users = polgen.get_all_users() + self.all_types = generate.get_all_types() + self.all_modules = get_all_modules() + self.all_roles = generate.get_all_roles() + self.all_users = generate.get_all_users() except RuntimeError, e: self.all_types = [] self.all_modules = [] @@ -200,16 +215,16 @@ class childWindow: self.boolean_description_entry = xml.get_widget ("boolean_description_entry") self.pages={} - for i in polgen.USERS: + for i in generate.USERS: self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] - self.pages[polgen.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] - self.pages[polgen.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] - self.pages[polgen.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] - self.pages[polgen.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] + self.pages[generate.RUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.USER_TRANSITION_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] + self.pages[generate.LUSER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] + self.pages[generate.SANDBOX] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] + self.pages[generate.EUSER] = [ self.SELECT_TYPE_PAGE, self.EXISTING_USER_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] - for i in polgen.APPLICATIONS: + for i in generate.APPLICATIONS: self.pages[i] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE] - self.pages[polgen.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] + self.pages[generate.USER] = [ self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.SELECT_DIR_PAGE ] self.current_page = 0 self.back_button.set_sensitive(0) @@ -304,22 +319,22 @@ class childWindow: col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0) self.admin_treeview.append_column(col) - for i in polgen.methods: - m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i) + for i in generate.methods: + m = re.findall("(.*)%s" % generate.USER_TRANSITION_INTERFACE, i) if len(m) > 0: if "%s_exec_t" % m[0] in self.all_types: iter = self.transition_store.append() self.transition_store.set_value(iter, 0, m[0]) continue - m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i) + m = re.findall("(.*)%s" % generate.ADMIN_TRANSITION_INTERFACE, i) if len(m) > 0: iter = self.admin_store.append() self.admin_store.set_value(iter, 0, m[0]) continue def confine_application(self): - return self.get_type() in polgen.APPLICATIONS + return self.get_type() in generate.APPLICATIONS def forward(self, arg): type = self.get_type() @@ -416,41 +431,41 @@ class childWindow: def get_type(self): if self.sandbox_radiobutton.get_active(): - return polgen.SANDBOX + return generate.SANDBOX if self.cgi_radiobutton.get_active(): - return polgen.CGI + return generate.CGI if self.user_radiobutton.get_active(): - return polgen.USER + return generate.USER if self.init_radiobutton.get_active(): - return polgen.DAEMON + return generate.DAEMON if self.dbus_radiobutton.get_active(): - return polgen.DBUS + return generate.DBUS if self.inetd_radiobutton.get_active(): - return polgen.INETD + return generate.INETD if self.login_user_radiobutton.get_active(): - return polgen.LUSER + return generate.LUSER if self.admin_user_radiobutton.get_active(): - return polgen.AUSER + return generate.AUSER if self.xwindows_user_radiobutton.get_active(): - return polgen.XUSER + return generate.XUSER if self.terminal_user_radiobutton.get_active(): - return polgen.TUSER + return generate.TUSER if self.root_user_radiobutton.get_active(): - return polgen.RUSER + return generate.RUSER if self.existing_user_radiobutton.get_active(): - return polgen.EUSER + return generate.EUSER def generate_policy(self, *args): outputdir = self.output_entry.get_text() try: - my_policy=polgen.policy(self.get_name(), self.get_type()) + my_policy=generate.policy(self.get_name(), self.get_type()) iter= self.boolean_store.get_iter_first() while(iter): my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) iter= self.boolean_store.iter_next(iter) - if self.get_type() in polgen.APPLICATIONS: + if self.get_type() in generate.APPLICATIONS: my_policy.set_program(self.exec_entry.get_text()) my_policy.gen_symbols() @@ -463,14 +478,14 @@ class childWindow: my_policy.set_use_audit(self.audit_checkbutton.get_active() == 1) my_policy.set_use_terminal(self.terminal_checkbutton.get_active() == 1) my_policy.set_use_mail(self.mail_checkbutton.get_active() == 1) - if self.get_type() is polgen.DAEMON: + if self.get_type() is generate.DAEMON: my_policy.set_init_script(self.init_script_entry.get_text()) - if self.get_type() == polgen.USER: + if self.get_type() == generate.USER: selected = [] self.user_transition_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_transition_users(selected) else: - if self.get_type() == polgen.RUSER: + if self.get_type() == generate.RUSER: selected = [] self.admin_treeview.get_selection().selected_foreach(foreach, selected) my_policy.set_admin_domains(selected) @@ -667,16 +682,16 @@ class childWindow: def on_in_net_page_next(self, *args): try: - polgen.verify_ports(self.in_tcp_entry.get_text()) - polgen.verify_ports(self.in_udp_entry.get_text()) + generate.verify_ports(self.in_tcp_entry.get_text()) + generate.verify_ports(self.in_udp_entry.get_text()) except ValueError, e: self.error(e.message) return True def on_out_net_page_next(self, *args): try: - polgen.verify_ports(self.out_tcp_entry.get_text()) - polgen.verify_ports(self.out_udp_entry.get_text()) + generate.verify_ports(self.out_tcp_entry.get_text()) + generate.verify_ports(self.out_udp_entry.get_text()) except ValueError, e: self.error(e.message) return True @@ -712,7 +727,7 @@ class childWindow: if exe == "": self.error(_("You must enter a executable")) return True - policy=polgen.policy(name, self.get_type()) + policy=generate.policy(name, self.get_type()) policy.set_program(exe) policy.gen_writeable() policy.gen_symbols() diff --git a/policycoreutils/gui/sepolgen b/policycoreutils/gui/sepolgen new file mode 100644 index 0000000..2f0c1cc --- /dev/null +++ b/policycoreutils/gui/sepolgen @@ -0,0 +1,2 @@ +#!/bin/sh +sepolicy generate $* diff --git a/policycoreutils/gui/system-config-selinux.py b/policycoreutils/gui/system-config-selinux.py index 85e8b7f..bc3027e 100644 --- a/policycoreutils/gui/system-config-selinux.py +++ b/policycoreutils/gui/system-config-selinux.py @@ -22,12 +22,18 @@ # import signal import string -import gtk +import sys +try: + import gtk +except RuntimeError, e: + print "system-config-selinux:", e + print "This is a graphical application and requires DISPLAY to be set." + sys.exit (1) + import gtk.glade import os import gobject import gnome -import sys import statusPage import booleansPage import loginsPage diff --git a/policycoreutils/gui/templates/__init__.py b/policycoreutils/gui/templates/__init__.py deleted file mode 100644 index 156a0bd..0000000 --- a/policycoreutils/gui/templates/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# -# Copyright (C) 2007-2012 Red Hat -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# diff --git a/policycoreutils/gui/templates/boolean.py b/policycoreutils/gui/templates/boolean.py deleted file mode 100644 index f57d927..0000000 --- a/policycoreutils/gui/templates/boolean.py +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### boolean Template File ########################### - -te_boolean=""" -## -##

-## DESCRIPTION -##

-##
-gen_tunable(BOOLEAN, false) -""" - -te_rules=""" -tunable_policy(`BOOLEAN',` -#TRUE -',` -#FALSE -') -""" diff --git a/policycoreutils/gui/templates/etc_rw.py b/policycoreutils/gui/templates/etc_rw.py deleted file mode 100644 index 0d3dbfe..0000000 --- a/policycoreutils/gui/templates/etc_rw.py +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### etc_rw Template File ############################# - -########################### Type Enforcement File ############################# -te_types=""" -type TEMPLATETYPE_etc_rw_t; -files_type(TEMPLATETYPE_etc_rw_t) -""" -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) -files_etc_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_etc_rw_t, { dir file }) -""" - -########################### Interface File ############################# -if_rules=""" -######################################## -## -## Search TEMPLATETYPE conf directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_search_conf',` - gen_require(` - type TEMPLATETYPE_etc_rw_t; - ') - - allow $1 TEMPLATETYPE_etc_rw_t:dir search_dir_perms; - files_search_etc($1) -') - -######################################## -## -## Read TEMPLATETYPE conf files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_conf_files',` - gen_require(` - type TEMPLATETYPE_etc_rw_t; - ') - - allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms; - allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms; - files_search_etc($1) -') - -######################################## -## -## Manage TEMPLATETYPE conf files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_conf_files',` - gen_require(` - type TEMPLATETYPE_etc_rw_t; - ') - - manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) - files_search_etc($1) -') - -""" - -if_admin_types=""" - type TEMPLATETYPE_etc_rw_t;""" - -if_admin_rules=""" - files_search_etc($1) - admin_pattern($1, TEMPLATETYPE_etc_rw_t) -""" - -########################### File Context ################################## -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) -""" - -fc_dir="""\ -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) -""" diff --git a/policycoreutils/gui/templates/executable.py b/policycoreutils/gui/templates/executable.py deleted file mode 100644 index 5b39d77..0000000 --- a/policycoreutils/gui/templates/executable.py +++ /dev/null @@ -1,445 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### Type Enforcement File ############################# -te_daemon_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -type TEMPLATETYPE_t; -type TEMPLATETYPE_exec_t; -init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) - -permissive TEMPLATETYPE_t; -""" - -te_initscript_types=""" -type TEMPLATETYPE_initrc_exec_t; -init_script_file(TEMPLATETYPE_initrc_exec_t) -""" - -te_dbusd_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -type TEMPLATETYPE_t; -type TEMPLATETYPE_exec_t; -dbus_system_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) - -permissive TEMPLATETYPE_t; -""" - -te_inetd_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -type TEMPLATETYPE_t; -type TEMPLATETYPE_exec_t; -inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) - -permissive TEMPLATETYPE_t; -""" - -te_userapp_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -type TEMPLATETYPE_t; -type TEMPLATETYPE_exec_t; -application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t) -role system_r types TEMPLATETYPE_t; - -permissive TEMPLATETYPE_t; -""" - -te_sandbox_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -sandbox_x_domain_template(TEMPLATETYPE) - -permissive TEMPLATETYPE_t; -permissive TEMPLATETYPE_client_t; - -""" - -te_cgi_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -apache_content_template(TEMPLATETYPE) - -permissive httpd_TEMPLATETYPE_script_t; -""" - -te_daemon_rules="""\ -allow TEMPLATETYPE_t self:fifo_file rw_fifo_file_perms; -allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; -""" - -te_inetd_rules=""" -""" - -te_dbusd_rules=""" -""" - -te_userapp_rules=""" -allow TEMPLATETYPE_t self:fifo_file manage_fifo_file_perms; -allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms; -""" - -te_cgi_rules=""" -""" - -te_sandbox_rules=""" -""" - -te_uid_rules=""" -auth_use_nsswitch(TEMPLATETYPE_t) -""" - -te_syslog_rules=""" -logging_send_syslog_msg(TEMPLATETYPE_t) -""" - -te_resolve_rules=""" -sysnet_dns_name_resolve(TEMPLATETYPE_t) -""" - -te_pam_rules=""" -auth_domtrans_chk_passwd(TEMPLATETYPE_t) -""" - -te_mail_rules=""" -mta_send_mail(TEMPLATETYPE_t) -""" - -te_dbus_rules=""" -optional_policy(` - dbus_system_bus_client(TEMPLATETYPE_t) - dbus_connect_system_bus(TEMPLATETYPE_t) -') -""" - -te_kerberos_rules=""" -optional_policy(` - kerberos_use(TEMPLATETYPE_t) -') -""" - -te_manage_krb5_rcache_rules=""" -optional_policy(` - kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) - kerberos_manage_host_rcache(TEMPLATETYPE_t) -') -""" - -te_audit_rules=""" -logging_send_audit_msgs(TEMPLATETYPE_t) -""" - -te_run_rules=""" -optional_policy(` - gen_require(` - type USER_t; - role USER_r; - ') - - TEMPLATETYPE_run(USER_t, USER_r) -') -""" - -te_fd_rules=""" -domain_use_interactive_fds(TEMPLATETYPE_t) -""" - -te_etc_rules=""" -files_read_etc_files(TEMPLATETYPE_t) -""" - -te_localization_rules=""" -miscfiles_read_localization(TEMPLATETYPE_t) -""" - -########################### Interface File ############################# - -if_heading_rules=""" -## policy for TEMPLATETYPE""" - -if_program_rules=""" - -######################################## -## -## Transition to TEMPLATETYPE. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`TEMPLATETYPE_domtrans',` - gen_require(` - type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; - ') - - corecmd_search_bin($1) - domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t) -') -""" - -if_user_program_rules=""" -######################################## -## -## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and -## allow the specified role the TEMPLATETYPE domain. -## -## -## -## Domain allowed to transition -## -## -## -## -## The role to be allowed the TEMPLATETYPE domain. -## -## -# -interface(`TEMPLATETYPE_run',` - gen_require(` - type TEMPLATETYPE_t; - ') - - TEMPLATETYPE_domtrans($1) - role $2 types TEMPLATETYPE_t; -') - -######################################## -## -## Role access for TEMPLATETYPE -## -## -## -## Role allowed access -## -## -## -## -## User domain for the role -## -## -# -interface(`TEMPLATETYPE_role',` - gen_require(` - type TEMPLATETYPE_t; - ') - - role $1 types TEMPLATETYPE_t; - - TEMPLATETYPE_domtrans($2) - - ps_process_pattern($2, TEMPLATETYPE_t) - allow $2 TEMPLATETYPE_t:process signal; -') -""" - -if_sandbox_rules=""" -######################################## -## -## Execute sandbox in the TEMPLATETYPE_t domain, and -## allow the specified role the TEMPLATETYPE_t domain. -## -## -## -## Domain allowed to transition. -## -## -## -## -## The role to be allowed the TEMPLATETYPE_t domain. -## -## -# -interface(`TEMPLATETYPE_transition',` - gen_require(` - type TEMPLATETYPE_t; - type TEMPLATETYPE_client_t; - ') - - allow $1 TEMPLATETYPE_t:process { signal_perms transition }; - dontaudit $1 TEMPLATETYPE_t:process { noatsecure siginh rlimitinh }; - role $2 types TEMPLATETYPE_t; - role $2 types TEMPLATETYPE_client_t; - - allow TEMPLATETYPE_t $1:process { sigchld signull }; - allow TEMPLATETYPE_t $1:fifo_file rw_inherited_fifo_file_perms; - allow TEMPLATETYPE_client_t $1:process { sigchld signull }; - allow TEMPLATETYPE_client_t $1:fifo_file rw_inherited_fifo_file_perms; -') -""" - -if_role_change_rules=""" -######################################## -## -## Change to the TEMPLATETYPE role. -## -## -## -## Role allowed access. -## -## -## -# -interface(`TEMPLATETYPE_role_change',` - gen_require(` - role TEMPLATETYPE_r; - ') - - allow $1 TEMPLATETYPE_r; -') -""" - -if_initscript_rules=""" -######################################## -## -## Execute TEMPLATETYPE server in the TEMPLATETYPE domain. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_initrc_domtrans',` - gen_require(` - type TEMPLATETYPE_initrc_exec_t; - ') - - init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t) -') -""" - -if_dbus_rules=""" -######################################## -## -## Send and receive messages from -## TEMPLATETYPE over dbus. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_dbus_chat',` - gen_require(` - type TEMPLATETYPE_t; - class dbus send_msg; - ') - - allow $1 TEMPLATETYPE_t:dbus send_msg; - allow TEMPLATETYPE_t $1:dbus send_msg; -') -""" - -if_begin_admin=""" -######################################## -## -## All of the rules required to administrate -## an TEMPLATETYPE environment -## -## -## -## Domain allowed access. -## -## -## -## -## Role allowed access. -## -## -## -# -interface(`TEMPLATETYPE_admin',` - gen_require(` - type TEMPLATETYPE_t;""" - -if_middle_admin=""" - ') - - allow $1 TEMPLATETYPE_t:process { ptrace signal_perms }; - ps_process_pattern($1, TEMPLATETYPE_t) -""" - -if_initscript_admin_types=""" - type TEMPLATETYPE_initrc_exec_t;""" - -if_initscript_admin=""" - TEMPLATETYPE_initrc_domtrans($1) - domain_system_change_exemption($1) - role_transition $2 TEMPLATETYPE_initrc_exec_t system_r; - allow $2 system_r; -""" - -if_end_admin="""\ - optional_policy(` - systemd_passwd_agent_exec($1) - systemd_read_fifo_file_passwd_run($1) - ') -') -""" - -########################### File Context ################################## -fc_program="""\ -EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0) -""" - -fc_user="""\ -# Users do not have file context, leave blank -""" - -fc_initscript="""\ -EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0) -""" diff --git a/policycoreutils/gui/templates/network.py b/policycoreutils/gui/templates/network.py deleted file mode 100644 index 679d0a5..0000000 --- a/policycoreutils/gui/templates/network.py +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### Type Enforcement File ############################# -te_port_types=""" -type TEMPLATETYPE_port_t; -corenet_port(TEMPLATETYPE_port_t) -""" - -te_network="""\ -sysnet_dns_name_resolve(TEMPLATETYPE_t) -corenet_all_recvfrom_unlabeled(TEMPLATETYPE_t) -""" - -te_tcp="""\ -allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms; -corenet_tcp_sendrecv_generic_if(TEMPLATETYPE_t) -corenet_tcp_sendrecv_generic_node(TEMPLATETYPE_t) -corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t) -""" - -te_in_tcp="""\ -corenet_tcp_bind_generic_node(TEMPLATETYPE_t) -""" - -te_in_need_port_tcp="""\ -allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_bind; -""" - -te_out_need_port_tcp="""\ -allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_connect; -""" - -te_udp="""\ -allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen }; -corenet_udp_sendrecv_generic_if(TEMPLATETYPE_t) -corenet_udp_sendrecv_generic_node(TEMPLATETYPE_t) -corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t) -""" - -te_in_udp="""\ -corenet_udp_bind_generic_node(TEMPLATETYPE_t) -""" - -te_in_need_port_udp="""\ -allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind; -""" - -te_out_all_ports_tcp="""\ -corenet_tcp_connect_all_ports(TEMPLATETYPE_t) -""" - -te_out_reserved_ports_tcp="""\ -corenet_tcp_connect_all_rpc_ports(TEMPLATETYPE_t) -""" - -te_out_unreserved_ports_tcp="""\ -corenet_tcp_connect_all_unreserved_ports(TEMPLATETYPE_t) -""" - -te_in_all_ports_tcp="""\ -corenet_tcp_bind_all_ports(TEMPLATETYPE_t) -""" - -te_in_reserved_ports_tcp="""\ -corenet_tcp_bind_all_rpc_ports(TEMPLATETYPE_t) -""" - -te_in_unreserved_ports_tcp="""\ -corenet_tcp_bind_all_unreserved_ports(TEMPLATETYPE_t) -""" - -te_in_all_ports_udp="""\ -corenet_udp_bind_all_ports(TEMPLATETYPE_t) -""" - -te_in_reserved_ports_udp="""\ -corenet_udp_bind_all_rpc_ports(TEMPLATETYPE_t) -""" - -te_in_unreserved_ports_udp="""\ -corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) -""" diff --git a/policycoreutils/gui/templates/rw.py b/policycoreutils/gui/templates/rw.py deleted file mode 100644 index 5dfc42f..0000000 --- a/policycoreutils/gui/templates/rw.py +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# - -########################### tmp Template File ############################# -te_types=""" -type TEMPLATETYPE_rw_t; -files_type(TEMPLATETYPE_rw_t) -""" - -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -""" - -########################### Interface File ############################# -if_rules=""" -######################################## -## -## Search TEMPLATETYPE rw directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_search_rw_dir',` - gen_require(` - type TEMPLATETYPE_rw_t; - ') - - allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms; - files_search_rw($1) -') - -######################################## -## -## Read TEMPLATETYPE rw files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_rw_files',` - gen_require(` - type TEMPLATETYPE_rw_t; - ') - - allow $1 TEMPLATETYPE_rw_t:file read_file_perms; - allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; - files_search_rw($1) -') - -######################################## -## -## Manage TEMPLATETYPE rw files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_rw_files',` - gen_require(` - type TEMPLATETYPE_rw_t; - ') - - manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -') - -######################################## -## -## Create, read, write, and delete -## TEMPLATETYPE rw dirs. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_rw_dirs',` - gen_require(` - type TEMPLATETYPE_rw_t; - ') - - manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) -') - -""" - -if_admin_types=""" - type TEMPLATETYPE_rw_t;""" - -if_admin_rules=""" - files_search_etc($1) - admin_pattern($1, TEMPLATETYPE_rw_t) -""" - -########################### File Context ################################## -fc_file=""" -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) -""" - -fc_dir=""" -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) -""" diff --git a/policycoreutils/gui/templates/script.py b/policycoreutils/gui/templates/script.py deleted file mode 100644 index 79240ec..0000000 --- a/policycoreutils/gui/templates/script.py +++ /dev/null @@ -1,126 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# - -########################### tmp Template File ############################# -compile="""\ -#!/bin/sh -e - -DIRNAME=`dirname $0` -cd $DIRNAME -USAGE="$0 [ --update ]" -if [ `id -u` != 0 ]; then -echo 'You must be root to run this script' -exit 1 -fi - -if [ $# -eq 1 ]; then - if [ "$1" = "--update" ] ; then - time=`ls -l --time-style="+%x %X" TEMPLATEFILE.te | awk '{ printf "%s %s", $6, $7 }'` - rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE` - if [ x"$rules" != "x" ] ; then - echo "Found avc's to update policy with" - echo -e "$rules" | audit2allow -R - echo "Do you want these changes added to policy [y/n]?" - read ANS - if [ "$ANS" = "y" -o "$ANS" = "Y" ] ; then - echo "Updating policy" - echo -e "$rules" | audit2allow -R >> TEMPLATEFILE.te - # Fall though and rebuild policy - else - exit 0 - fi - else - echo "No new avcs found" - exit 0 - fi - else - echo -e $USAGE - exit 1 - fi -elif [ $# -ge 2 ] ; then - echo -e $USAGE - exit 1 -fi - -echo "Building and Loading Policy" -set -x -make -f /usr/share/selinux/devel/Makefile TEMPLATEFILE.pp || exit -/usr/sbin/semodule -i TEMPLATEFILE.pp - -""" - -restorecon="""\ -# Fixing the file context on FILENAME -/sbin/restorecon -F -R -v FILENAME -""" - -tcp_ports="""\ -# Adding SELinux tcp port to port PORTNUM -/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM -""" - -udp_ports="""\ -# Adding SELinux udp port to port PORTNUM -/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM -""" - -users="""\ -# Adding SELinux user TEMPLATETYPE_u -/usr/sbin/semanage user -a -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u -""" - -eusers="""\ -# Adding roles to SELinux user TEMPLATETYPE_u -/usr/sbin/semanage user -m -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u -""" - -admin_trans="""\ -# Adding roles to SELinux user USER -/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER -""" - -min_login_user_default_context="""\ -if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then -cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF -TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t -_EOF -fi -""" - -x_login_user_default_context="""\ -if [ ! -f /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u ]; then -cat > /etc/selinux/targeted/contexts/users/TEMPLATETYPE_u << _EOF -TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t -system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t -_EOF -fi -""" diff --git a/policycoreutils/gui/templates/semodule.py b/policycoreutils/gui/templates/semodule.py deleted file mode 100644 index f77e50e..0000000 --- a/policycoreutils/gui/templates/semodule.py +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# - -########################### tmp Template File ############################# -compile=""" -#!/bin/sh -make -f /usr/share/selinux/devel/Makefile -semodule -i TEMPLATETYPE.pp -""" - -restorecon=""" -restorecon -R -v FILENAME -""" - -tcp_ports=""" -semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM -""" - -udp_ports=""" -semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM -""" diff --git a/policycoreutils/gui/templates/tmp.py b/policycoreutils/gui/templates/tmp.py deleted file mode 100644 index d2adaa4..0000000 --- a/policycoreutils/gui/templates/tmp.py +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### tmp Template File ############################# - -te_types=""" -type TEMPLATETYPE_tmp_t; -files_tmp_file(TEMPLATETYPE_tmp_t) -""" - -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -files_tmp_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_tmp_t, { dir file }) -""" - -if_rules=""" -######################################## -## -## Do not audit attempts to read, -## TEMPLATETYPE tmp files -## -## -## -## Domain to not audit. -## -## -# -interface(`TEMPLATETYPE_dontaudit_read_tmp_files',` - gen_require(` - type TEMPLATETYPE_tmp_t; - ') - - dontaudit $1 TEMPLATETYPE_tmp_t:file read_file_perms; -') - -######################################## -## -## Read TEMPLATETYPE tmp files -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_tmp_files',` - gen_require(` - type TEMPLATETYPE_tmp_t; - ') - - files_search_tmp($1) - allow $1 TEMPLATETYPE_tmp_t:file read_file_perms; -') - -######################################## -## -## Manage TEMPLATETYPE tmp files -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_tmp',` - gen_require(` - type TEMPLATETYPE_tmp_t; - ') - - files_search_tmp($1) - manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) - manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) - manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -') -""" - -if_admin_types=""" - type TEMPLATETYPE_tmp_t;""" - -if_admin_rules=""" - files_search_tmp($1) - admin_pattern($1, TEMPLATETYPE_tmp_t) -""" diff --git a/policycoreutils/gui/templates/unit_file.py b/policycoreutils/gui/templates/unit_file.py deleted file mode 100644 index 60e5844..0000000 --- a/policycoreutils/gui/templates/unit_file.py +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright (C) 2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### unit Template File ############################# - -########################### Type Enforcement File ############################# -te_types=""" -type TEMPLATETYPE_unit_file_t; -systemd_unit_file(TEMPLATETYPE_unit_file_t) -""" - -te_rules="" - -########################### Interface File ############################# -if_rules="""\ -######################################## -## -## Execute TEMPLATETYPE server in the TEMPLATETYPE domain. -## -## -## -## Domain allowed to transition. -## -## -# -interface(`TEMPLATETYPE_systemctl',` - gen_require(` - type TEMPLATETYPE_t; - type TEMPLATETYPE_unit_file_t; - ') - - systemd_exec_systemctl($1) - systemd_read_fifo_file_password_run($1) - allow $1 TEMPLATETYPE_unit_file_t:file read_file_perms; - allow $1 TEMPLATETYPE_unit_file_t:service manage_service_perms; - - ps_process_pattern($1, TEMPLATETYPE_t) -') - -""" - -if_admin_types=""" - type TEMPLATETYPE_unit_file_t;""" - -if_admin_rules=""" - TEMPLATETYPE_systemctl($1) - admin_pattern($1, TEMPLATETYPE_unit_file_t) - allow $1 TEMPLATETYPE_unit_file_t:service all_service_perms; -""" - -########################### File Context ################################## -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_unit_file_t,s0) -""" diff --git a/policycoreutils/gui/templates/user.py b/policycoreutils/gui/templates/user.py deleted file mode 100644 index 398c6f2..0000000 --- a/policycoreutils/gui/templates/user.py +++ /dev/null @@ -1,204 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### Type Enforcement File ############################# - -te_login_user_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -userdom_unpriv_user_template(TEMPLATETYPE) -""" - -te_admin_user_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -userdom_admin_user_template(TEMPLATETYPE) -""" - -te_min_login_user_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -userdom_restricted_user_template(TEMPLATETYPE) -""" - -te_x_login_user_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -userdom_restricted_xwindows_user_template(TEMPLATETYPE) -""" - -te_existing_user_types="""\ -policy_module(myTEMPLATETYPE, 1.0.0) - -gen_require(` - type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; - role TEMPLATETYPE_r; -') - -""" - -te_root_user_types="""\ -policy_module(TEMPLATETYPE, 1.0.0) - -######################################## -# -# Declarations -# - -userdom_base_user_template(TEMPLATETYPE) -""" - -te_login_user_rules="""\ - -######################################## -# -# TEMPLATETYPE local policy -# - -""" - -te_existing_user_rules="""\ - -######################################## -# -# TEMPLATETYPE customized policy -# - -""" - -te_x_login_user_rules="""\ - -######################################## -# -# TEMPLATETYPE local policy -# -""" - -te_root_user_rules="""\ - -######################################## -# -# TEMPLATETYPE local policy -# -""" - -te_transition_rules=""" -optional_policy(` - APPLICATION_role(TEMPLATETYPE_r, TEMPLATETYPE_t) -') -""" - -te_user_trans_rules=""" -optional_policy(` - gen_require(` - role USER_r; - ') - - TEMPLATETYPE_role_change(USER_r) -') -""" - -te_admin_rules=""" -allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice }; -files_dontaudit_search_all_dirs(TEMPLATETYPE_t) - -selinux_get_enforce_mode(TEMPLATETYPE_t) -seutil_domtrans_setfiles(TEMPLATETYPE_t) -seutil_search_default_contexts(TEMPLATETYPE_t) - -logging_send_syslog_msg(TEMPLATETYPE_t) - -kernel_read_system_state(TEMPLATETYPE_t) - -domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t) -domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t) - -userdom_dontaudit_search_admin_dir(TEMPLATETYPE_t) -userdom_dontaudit_search_user_home_dirs(TEMPLATETYPE_t) - -bool TEMPLATETYPE_read_user_files false; -bool TEMPLATETYPE_manage_user_files false; - -if (TEMPLATETYPE_read_user_files) { - userdom_read_user_home_content_files(TEMPLATETYPE_t) - userdom_read_user_tmp_files(TEMPLATETYPE_t) -} - -if (TEMPLATETYPE_manage_user_files) { - userdom_manage_user_home_content(TEMPLATETYPE_t) - userdom_manage_user_tmp_files(TEMPLATETYPE_t) -} - -""" - -te_admin_trans_rules=""" -gen_require(` - role USER_r; -') - -allow USER_r TEMPLATETYPE_r; -""" - -te_admin_domain_rules=""" -optional_policy(` - APPLICATION_admin(TEMPLATETYPE_t, TEMPLATETYPE_r) -') -""" - -te_roles_rules=""" -optional_policy(` - gen_require(` - role ROLE_r; - ') - - allow TEMPLATETYPE_r ROLE_r; -') -""" - -te_sudo_rules=""" -optional_policy(` - sudo_role_template(TEMPLATETYPE, TEMPLATETYPE_r, TEMPLATETYPE_t) -') -""" - -te_newrole_rules=""" -seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r) -""" diff --git a/policycoreutils/gui/templates/var_cache.py b/policycoreutils/gui/templates/var_cache.py deleted file mode 100644 index 8efc1d9..0000000 --- a/policycoreutils/gui/templates/var_cache.py +++ /dev/null @@ -1,132 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### cache Template File ############################# - -########################### Type Enforcement File ############################# -te_types=""" -type TEMPLATETYPE_cache_t; -files_type(TEMPLATETYPE_cache_t) -""" -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -files_var_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_cache_t, { dir file }) -""" - -########################### Interface File ############################# -if_rules=""" -######################################## -## -## Search TEMPLATETYPE cache directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_search_cache',` - gen_require(` - type TEMPLATETYPE_cache_t; - ') - - allow $1 TEMPLATETYPE_cache_t:dir search_dir_perms; - files_search_var($1) -') - -######################################## -## -## Read TEMPLATETYPE cache files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_cache_files',` - gen_require(` - type TEMPLATETYPE_cache_t; - ') - - files_search_var($1) - read_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -') - -######################################## -## -## Create, read, write, and delete -## TEMPLATETYPE cache files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_cache_files',` - gen_require(` - type TEMPLATETYPE_cache_t; - ') - - files_search_var($1) - manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -') - -######################################## -## -## Manage TEMPLATETYPE cache dirs. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_cache_dirs',` - gen_require(` - type TEMPLATETYPE_cache_t; - ') - - files_search_var($1) - manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) -') - -""" - -if_admin_types=""" - type TEMPLATETYPE_cache_t;""" - -if_admin_rules=""" - files_search_var($1) - admin_pattern($1, TEMPLATETYPE_cache_t) -""" - -########################### File Context ################################## -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) -""" - -fc_dir="""\ -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) -""" diff --git a/policycoreutils/gui/templates/var_lib.py b/policycoreutils/gui/templates/var_lib.py deleted file mode 100644 index 8bde8c6..0000000 --- a/policycoreutils/gui/templates/var_lib.py +++ /dev/null @@ -1,160 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### var_lib Template File ############################# - -########################### Type Enforcement File ############################# -te_types=""" -type TEMPLATETYPE_var_lib_t; -files_type(TEMPLATETYPE_var_lib_t) -""" -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file }) -""" - -te_stream_rules="""\ -allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_sock_file_perms; -files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, sock_file) -""" - - -########################### Interface File ############################# -if_rules=""" -######################################## -## -## Search TEMPLATETYPE lib directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_search_lib',` - gen_require(` - type TEMPLATETYPE_var_lib_t; - ') - - allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms; - files_search_var_lib($1) -') - -######################################## -## -## Read TEMPLATETYPE lib files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_lib_files',` - gen_require(` - type TEMPLATETYPE_var_lib_t; - ') - - files_search_var_lib($1) - read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -') - -######################################## -## -## Manage TEMPLATETYPE lib files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_lib_files',` - gen_require(` - type TEMPLATETYPE_var_lib_t; - ') - - files_search_var_lib($1) - manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -') - -######################################## -## -## Manage TEMPLATETYPE lib directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_lib_dirs',` - gen_require(` - type TEMPLATETYPE_var_lib_t; - ') - - files_search_var_lib($1) - manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -') - -""" - -if_stream_rules=""" -######################################## -## -## Connect to TEMPLATETYPE over a unix stream socket. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_stream_connect',` - gen_require(` - type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t; - ') - - stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -') -""" - -if_admin_types=""" - type TEMPLATETYPE_var_lib_t;""" - -if_admin_rules=""" - files_search_var_lib($1) - admin_pattern($1, TEMPLATETYPE_var_lib_t) -""" - -########################### File Context ################################## -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) -""" - -fc_sock_file="""\ -FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) -""" - -fc_dir="""\ -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) -""" diff --git a/policycoreutils/gui/templates/var_log.py b/policycoreutils/gui/templates/var_log.py deleted file mode 100644 index b57b93d..0000000 --- a/policycoreutils/gui/templates/var_log.py +++ /dev/null @@ -1,114 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### var_log Template File ############################# - -########################### Type Enforcement File ############################# -te_types=""" -type TEMPLATETYPE_log_t; -logging_log_file(TEMPLATETYPE_log_t) -""" - -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file }) -""" - -########################### Interface File ############################# -if_rules="""\ -######################################## -## -## Read TEMPLATETYPE's log files. -## -## -## -## Domain allowed access. -## -## -## -# -interface(`TEMPLATETYPE_read_log',` - gen_require(` - type TEMPLATETYPE_log_t; - ') - - logging_search_logs($1) - read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -') - -######################################## -## -## Append to TEMPLATETYPE log files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_append_log',` - gen_require(` - type TEMPLATETYPE_log_t; - ') - - logging_search_logs($1) - append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -') - -######################################## -## -## Manage TEMPLATETYPE log files -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_log',` - gen_require(` - type TEMPLATETYPE_log_t; - ') - - logging_search_logs($1) - manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) - manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) - manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -') -""" - -if_admin_types=""" - type TEMPLATETYPE_log_t;""" - -if_admin_rules=""" - logging_search_logs($1) - admin_pattern($1, TEMPLATETYPE_log_t) -""" - -########################### File Context ################################## -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) -""" - -fc_dir="""\ -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) -""" diff --git a/policycoreutils/gui/templates/var_run.py b/policycoreutils/gui/templates/var_run.py deleted file mode 100644 index 916f44c..0000000 --- a/policycoreutils/gui/templates/var_run.py +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### var_run Template File ############################# - -te_types=""" -type TEMPLATETYPE_var_run_t; -files_pid_file(TEMPLATETYPE_var_run_t) -""" - -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) -files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, { dir file }) -""" - -te_stream_rules=""" -allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_sock_file_perms; -files_pid_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_run_t, sock_file) -""" - -if_rules="""\ -######################################## -## -## Read TEMPLATETYPE PID files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_pid_files',` - gen_require(` - type TEMPLATETYPE_var_run_t; - ') - - files_search_pids($1) - allow $1 TEMPLATETYPE_var_run_t:file read_file_perms; -') - -""" - -if_stream_rules="""\ -######################################## -## -## Connect to TEMPLATETYPE over a unix stream socket. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_stream_connect',` - gen_require(` - type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t; - ') - - files_search_pids($1) - stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t) -') -""" - -if_admin_types=""" - type TEMPLATETYPE_var_run_t;""" - -if_admin_rules=""" - files_search_pids($1) - admin_pattern($1, TEMPLATETYPE_var_run_t) -""" - -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) -""" - -fc_sock_file="""\ -FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) -""" - -fc_dir="""\ -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) -""" diff --git a/policycoreutils/gui/templates/var_spool.py b/policycoreutils/gui/templates/var_spool.py deleted file mode 100644 index 8055a9e..0000000 --- a/policycoreutils/gui/templates/var_spool.py +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright (C) 2007-2012 Red Hat -# see file 'COPYING' for use and warranty information -# -# policygentool is a tool for the initial generation of SELinux policy -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation; either version 2 of -# the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -# 02111-1307 USA -# -# -########################### var_spool Template File ############################# - -########################### Type Enforcement File ############################# -te_types=""" -type TEMPLATETYPE_spool_t; -files_type(TEMPLATETYPE_spool_t) -""" -te_rules=""" -manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -manage_lnk_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -files_spool_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_spool_t, { dir file }) -""" - -########################### Interface File ############################# -if_rules=""" -######################################## -## -## Search TEMPLATETYPE spool directories. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_search_spool',` - gen_require(` - type TEMPLATETYPE_spool_t; - ') - - allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms; - files_search_spool($1) -') - -######################################## -## -## Read TEMPLATETYPE spool files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_read_spool_files',` - gen_require(` - type TEMPLATETYPE_spool_t; - ') - - files_search_spool($1) - read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -') - -######################################## -## -## Manage TEMPLATETYPE spool files. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_spool_files',` - gen_require(` - type TEMPLATETYPE_spool_t; - ') - - files_search_spool($1) - manage_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -') - -######################################## -## -## Manage TEMPLATETYPE spool dirs. -## -## -## -## Domain allowed access. -## -## -# -interface(`TEMPLATETYPE_manage_spool_dirs',` - gen_require(` - type TEMPLATETYPE_spool_t; - ') - - files_search_spool($1) - manage_dirs_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) -') - -""" - -if_admin_types=""" - type TEMPLATETYPE_spool_t;""" - -if_admin_rules=""" - files_search_spool($1) - admin_pattern($1, TEMPLATETYPE_spool_t) -""" - -########################### File Context ################################## -fc_file="""\ -FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) -""" - -fc_dir="""\ -FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) -""" diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile index 5da2e0d..7c5bab0 100644 --- a/policycoreutils/load_policy/Makefile +++ b/policycoreutils/load_policy/Makefile @@ -19,7 +19,7 @@ install: all test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8 install -m 644 load_policy.8 $(MANDIR)/man8/ -mkdir -p $(USRSBINDIR) - -ln -sf /sbin/load_policy $(USRSBINDIR)/load_policy + -ln -sf $(SBINDIR)/load_policy $(USRSBINDIR)/load_policy clean: -rm -f $(TARGETS) *.o diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile index 5278a6e..9c1486e 100644 --- a/policycoreutils/po/Makefile +++ b/policycoreutils/po/Makefile @@ -53,33 +53,44 @@ POTFILES = \ ../gui/modulesPage.py \ ../gui/polgen.glade \ ../gui/polgengui.py \ - ../gui/polgen.py \ ../gui/portsPage.py \ - ../gui/selinux.tbl \ ../gui/semanagePage.py \ ../gui/statusPage.py \ ../gui/system-config-selinux.glade \ ../gui/system-config-selinux.py \ ../gui/usersPage.py \ - ../gui/templates/executable.py \ - ../gui/templates/__init__.py \ - ../gui/templates/network.py \ - ../gui/templates/rw.py \ - ../gui/templates/script.py \ - ../gui/templates/semodule.py \ - ../gui/templates/tmp.py \ - ../gui/templates/user.py \ - ../gui/templates/var_lib.py \ - ../gui/templates/var_log.py \ - ../gui/templates/var_run.py \ - ../gui/templates/var_spool.py \ - ../secon/secon.c + ../secon/secon.c \ + ../sepolicy/info.c \ + ../sepolicy/search.c \ + ../sepolicy/sepolicy.py \ + ../sepolicy/sepolicy/communicate.py \ + ../sepolicy/sepolicy/__init__.py \ + ../sepolicy/sepolicy/network.py \ + ../sepolicy/sepolicy/generate.py \ + ../sepolicy/sepolicy/manpage.py \ + ../sepolicy/sepolicy/transition.py \ + ../sepolicy/sepolicy/templates/executable.py \ + ../sepolicy/sepolicy/templates/__init__.py \ + ../sepolicy/sepolicy/templates/network.py \ + ../sepolicy/sepolicy/templates/rw.py \ + ../sepolicy/sepolicy/templates/script.py \ + ../sepolicy/sepolicy/templates/semodule.py \ + ../sepolicy/sepolicy/templates/tmp.py \ + ../sepolicy/sepolicy/templates/user.py \ + ../sepolicy/sepolicy/templates/var_lib.py \ + ../sepolicy/sepolicy/templates/var_log.py \ + ../sepolicy/sepolicy/templates/var_run.py \ + ../sepolicy/sepolicy/templates/var_spool.py \ + booleans.py #default:: clean -all:: update-po $(MOFILES) +all:: $(MOFILES) -$(POTFILE): $(POTFILES) +booleans.py: + sepolicy booleans -a > booleans.py + +$(POTFILE): $(POTFILES) booleans.py $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES) @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \ rm -f $(NLSPACKAGE).po; \ @@ -88,6 +99,7 @@ $(POTFILE): $(POTFILES) fi; \ update-po: Makefile $(POTFILE) refresh-po + @rm -f booleans.py refresh-po: Makefile for cat in $(POFILES); do \ diff --git a/policycoreutils/po/POTFILES.in b/policycoreutils/po/POTFILES.in index aab1a4e..75117f4 100644 --- a/policycoreutils/po/POTFILES.in +++ b/policycoreutils/po/POTFILES.in @@ -27,7 +27,6 @@ gui/mappingsPage.py gui/modulesPage.py gui/polgen.glade gui/polgengui.py -gui/polgen.py gui/portsPage.py gui/selinux.tbl gui/semanagePage.py @@ -35,16 +34,25 @@ gui/statusPage.py gui/system-config-selinux.glade gui/system-config-selinux.py gui/usersPage.py -gui/templates/executable.py -gui/templates/__init__.py -gui/templates/network.py -gui/templates/rw.py -gui/templates/script.py -gui/templates/semodule.py -gui/templates/tmp.py -gui/templates/user.py -gui/templates/var_lib.py -gui/templates/var_log.py -gui/templates/var_run.py -gui/templates/var_spool.py secon/secon.c +sepolicy/info.c +sepolicy/search.c +sepolicy/sepolicy.py +sepolicy/sepolicy/communicate.py +sepolicy/sepolicy/__init__.py +sepolicy/sepolicy/network.py +sepolicy/sepolicy/generate.py +sepolicy/sepolicy/manpage.py +sepolicy/sepolicy/transition.py +sepolicy/sepolicy/templates/executable.py +sepolicy/sepolicy/templates/__init__.py +sepolicy/sepolicy/templates/network.py +sepolicy/sepolicy/templates/rw.py +sepolicy/sepolicy/templates/script.py +sepolicy/sepolicy/templates/semodule.py +sepolicy/sepolicy/templates/tmp.py +sepolicy/sepolicy/templates/user.py +sepolicy/sepolicy/templates/var_lib.py +sepolicy/sepolicy/templates/var_log.py +sepolicy/sepolicy/templates/var_run.py +sepolicy/sepolicy/templates/var_spool.py diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po index a4478db..a61c8f3 100644 --- a/policycoreutils/po/af.po +++ b/policycoreutils/po/af.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2012-05-25 07:28-0400\n" +"POT-Creation-Date: 2012-10-16 12:24-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -24,7 +24,7 @@ msgid "" " are the arguments to that script." msgstr "" -#: ../run_init/run_init.c:126 ../newrole/newrole.c:1124 +#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 #, c-format msgid "failed to initialize PAM\n" msgstr "" @@ -73,7 +73,7 @@ msgstr "" msgid "authentication failed.\n" msgstr "" -#: ../run_init/run_init.c:405 ../newrole/newrole.c:1258 +#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 #, c-format msgid "Could not set exec context to %s.\n" msgstr "" @@ -86,855 +86,870 @@ msgstr "" msgid "To make this policy package active, execute:" msgstr "" -#: ../semanage/seobject.py:143 ../semanage/seobject.py:147 -msgid "global" -msgstr "" - -#: ../semanage/seobject.py:225 +#: ../semanage/seobject.py:200 msgid "Could not create semanage handle" msgstr "" -#: ../semanage/seobject.py:233 +#: ../semanage/seobject.py:208 msgid "SELinux policy is not managed or store cannot be accessed." msgstr "" -#: ../semanage/seobject.py:238 +#: ../semanage/seobject.py:213 msgid "Cannot read policy store." msgstr "" -#: ../semanage/seobject.py:243 +#: ../semanage/seobject.py:218 msgid "Could not establish semanage connection" msgstr "" -#: ../semanage/seobject.py:248 +#: ../semanage/seobject.py:223 msgid "Could not test MLS enabled status" msgstr "" -#: ../semanage/seobject.py:254 ../semanage/seobject.py:269 +#: ../semanage/seobject.py:229 ../semanage/seobject.py:244 msgid "Not yet implemented" msgstr "" -#: ../semanage/seobject.py:258 +#: ../semanage/seobject.py:233 msgid "Semanage transaction already in progress" msgstr "" -#: ../semanage/seobject.py:267 +#: ../semanage/seobject.py:242 msgid "Could not start semanage transaction" msgstr "" -#: ../semanage/seobject.py:278 +#: ../semanage/seobject.py:254 msgid "Could not commit semanage transaction" msgstr "" -#: ../semanage/seobject.py:283 +#: ../semanage/seobject.py:259 msgid "Semanage transaction not in progress" msgstr "" -#: ../semanage/seobject.py:295 ../semanage/seobject.py:375 +#: ../semanage/seobject.py:271 ../semanage/seobject.py:351 msgid "Could not list SELinux modules" msgstr "" -#: ../semanage/seobject.py:308 +#: ../semanage/seobject.py:284 msgid "Modules Name" msgstr "" -#: ../semanage/seobject.py:308 ../gui/modulesPage.py:62 +#: ../semanage/seobject.py:284 ../gui/modulesPage.py:63 msgid "Version" msgstr "" -#: ../semanage/seobject.py:311 ../gui/statusPage.py:75 +#: ../semanage/seobject.py:287 ../gui/statusPage.py:75 msgid "Disabled" msgstr "" -#: ../semanage/seobject.py:326 +#: ../semanage/seobject.py:302 #, python-format msgid "Could not disable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:337 +#: ../semanage/seobject.py:313 #, python-format msgid "Could not enable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:352 +#: ../semanage/seobject.py:328 #, python-format msgid "Could not remove module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:362 +#: ../semanage/seobject.py:338 msgid "dontaudit requires either 'on' or 'off'" msgstr "" -#: ../semanage/seobject.py:391 +#: ../semanage/seobject.py:366 msgid "Builtin Permissive Types" msgstr "" -#: ../semanage/seobject.py:401 +#: ../semanage/seobject.py:376 msgid "Customized Permissive Types" msgstr "" -#: ../semanage/seobject.py:442 +#: ../semanage/seobject.py:417 #, python-format msgid "Could not set permissive domain %s (module installation failed)" msgstr "" -#: ../semanage/seobject.py:448 +#: ../semanage/seobject.py:423 #, python-format msgid "Could not remove permissive domain %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:483 ../semanage/seobject.py:557 -#: ../semanage/seobject.py:603 ../semanage/seobject.py:700 -#: ../semanage/seobject.py:730 ../semanage/seobject.py:797 -#: ../semanage/seobject.py:854 ../semanage/seobject.py:1101 -#: ../semanage/seobject.py:1790 ../semanage/seobject.py:1853 -#: ../semanage/seobject.py:1872 ../semanage/seobject.py:1993 -#: ../semanage/seobject.py:2045 +#: ../semanage/seobject.py:458 ../semanage/seobject.py:532 +#: ../semanage/seobject.py:578 ../semanage/seobject.py:675 +#: ../semanage/seobject.py:705 ../semanage/seobject.py:772 +#: ../semanage/seobject.py:829 ../semanage/seobject.py:1084 +#: ../semanage/seobject.py:1800 ../semanage/seobject.py:1863 +#: ../semanage/seobject.py:1882 ../semanage/seobject.py:2003 +#: ../semanage/seobject.py:2056 #, python-format msgid "Could not create a key for %s" msgstr "" -#: ../semanage/seobject.py:487 ../semanage/seobject.py:561 -#: ../semanage/seobject.py:607 ../semanage/seobject.py:613 +#: ../semanage/seobject.py:462 ../semanage/seobject.py:536 +#: ../semanage/seobject.py:582 ../semanage/seobject.py:588 #, python-format msgid "Could not check if login mapping for %s is defined" msgstr "" -#: ../semanage/seobject.py:496 +#: ../semanage/seobject.py:471 #, python-format msgid "Linux Group %s does not exist" msgstr "" -#: ../semanage/seobject.py:501 +#: ../semanage/seobject.py:476 #, python-format msgid "Linux User %s does not exist" msgstr "" -#: ../semanage/seobject.py:505 +#: ../semanage/seobject.py:480 #, python-format msgid "Could not create login mapping for %s" msgstr "" -#: ../semanage/seobject.py:509 ../semanage/seobject.py:745 +#: ../semanage/seobject.py:484 ../semanage/seobject.py:720 #, python-format msgid "Could not set name for %s" msgstr "" -#: ../semanage/seobject.py:514 ../semanage/seobject.py:755 +#: ../semanage/seobject.py:489 ../semanage/seobject.py:730 #, python-format msgid "Could not set MLS range for %s" msgstr "" -#: ../semanage/seobject.py:518 +#: ../semanage/seobject.py:493 #, python-format msgid "Could not set SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:522 +#: ../semanage/seobject.py:497 #, python-format msgid "Could not add login mapping for %s" msgstr "" -#: ../semanage/seobject.py:540 +#: ../semanage/seobject.py:515 msgid "Requires seuser or serange" msgstr "" -#: ../semanage/seobject.py:563 ../semanage/seobject.py:609 +#: ../semanage/seobject.py:538 ../semanage/seobject.py:584 #, python-format msgid "Login mapping for %s is not defined" msgstr "" -#: ../semanage/seobject.py:567 +#: ../semanage/seobject.py:542 #, python-format msgid "Could not query seuser for %s" msgstr "" -#: ../semanage/seobject.py:581 +#: ../semanage/seobject.py:556 #, python-format msgid "Could not modify login mapping for %s" msgstr "" -#: ../semanage/seobject.py:615 +#: ../semanage/seobject.py:590 #, python-format msgid "Login mapping for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:619 +#: ../semanage/seobject.py:594 #, python-format msgid "Could not delete login mapping for %s" msgstr "" -#: ../semanage/seobject.py:641 ../semanage/seobject.py:659 -#: ../semanage/seobject.py:897 +#: ../semanage/seobject.py:616 ../semanage/seobject.py:634 +#: ../semanage/seobject.py:872 msgid "Could not list login mappings" msgstr "" -#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 +#: ../semanage/seobject.py:659 ../semanage/seobject.py:664 #: ../gui/system-config-selinux.glade:100 msgid "Login Name" msgstr "" -#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 -#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 +#: ../semanage/seobject.py:659 ../semanage/seobject.py:664 +#: ../semanage/seobject.py:922 ../semanage/seobject.py:927 #: ../gui/system-config-selinux.glade:128 #: ../gui/system-config-selinux.glade:915 #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 msgid "SELinux User" msgstr "" -#: ../semanage/seobject.py:684 ../gui/system-config-selinux.glade:156 +#: ../semanage/seobject.py:659 ../gui/system-config-selinux.glade:156 #: ../gui/system-config-selinux.glade:943 msgid "MLS/MCS Range" msgstr "" -#: ../semanage/seobject.py:703 ../semanage/seobject.py:734 -#: ../semanage/seobject.py:801 ../semanage/seobject.py:858 -#: ../semanage/seobject.py:864 +#: ../semanage/seobject.py:678 ../semanage/seobject.py:709 +#: ../semanage/seobject.py:776 ../semanage/seobject.py:833 +#: ../semanage/seobject.py:839 #, python-format msgid "Could not check if SELinux user %s is defined" msgstr "" -#: ../semanage/seobject.py:706 ../semanage/seobject.py:807 -#: ../semanage/seobject.py:870 +#: ../semanage/seobject.py:681 ../semanage/seobject.py:782 +#: ../semanage/seobject.py:845 #, python-format msgid "Could not query user for %s" msgstr "" -#: ../semanage/seobject.py:726 +#: ../semanage/seobject.py:701 #, python-format msgid "You must add at least one role for %s" msgstr "" -#: ../semanage/seobject.py:741 +#: ../semanage/seobject.py:716 #, python-format msgid "Could not create SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:750 +#: ../semanage/seobject.py:725 #, python-format msgid "Could not add role %s for %s" msgstr "" -#: ../semanage/seobject.py:759 +#: ../semanage/seobject.py:734 #, python-format msgid "Could not set MLS level for %s" msgstr "" -#: ../semanage/seobject.py:762 +#: ../semanage/seobject.py:737 #, python-format msgid "Could not add prefix %s for %s" msgstr "" -#: ../semanage/seobject.py:765 +#: ../semanage/seobject.py:740 #, python-format msgid "Could not extract key for %s" msgstr "" -#: ../semanage/seobject.py:769 +#: ../semanage/seobject.py:744 #, python-format msgid "Could not add SELinux user %s" msgstr "" -#: ../semanage/seobject.py:791 +#: ../semanage/seobject.py:766 msgid "Requires prefix, roles, level or range" msgstr "" -#: ../semanage/seobject.py:793 +#: ../semanage/seobject.py:768 msgid "Requires prefix or roles" msgstr "" -#: ../semanage/seobject.py:803 ../semanage/seobject.py:860 +#: ../semanage/seobject.py:778 ../semanage/seobject.py:835 #, python-format msgid "SELinux user %s is not defined" msgstr "" -#: ../semanage/seobject.py:832 +#: ../semanage/seobject.py:807 #, python-format msgid "Could not modify SELinux user %s" msgstr "" -#: ../semanage/seobject.py:866 +#: ../semanage/seobject.py:841 #, python-format msgid "SELinux user %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:877 +#: ../semanage/seobject.py:852 #, python-format msgid "Could not delete SELinux user %s" msgstr "" -#: ../semanage/seobject.py:915 +#: ../semanage/seobject.py:890 msgid "Could not list SELinux users" msgstr "" -#: ../semanage/seobject.py:921 +#: ../semanage/seobject.py:896 #, python-format msgid "Could not list roles for user %s" msgstr "" -#: ../semanage/seobject.py:946 +#: ../semanage/seobject.py:921 msgid "Labeling" msgstr "" -#: ../semanage/seobject.py:946 +#: ../semanage/seobject.py:921 msgid "MLS/" msgstr "" -#: ../semanage/seobject.py:947 +#: ../semanage/seobject.py:922 msgid "Prefix" msgstr "" -#: ../semanage/seobject.py:947 +#: ../semanage/seobject.py:922 msgid "MCS Level" msgstr "" -#: ../semanage/seobject.py:947 +#: ../semanage/seobject.py:922 msgid "MCS Range" msgstr "" -#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 +#: ../semanage/seobject.py:922 ../semanage/seobject.py:927 #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 msgid "SELinux Roles" msgstr "" -#: ../semanage/seobject.py:967 +#: ../semanage/seobject.py:944 msgid "Protocol udp or tcp is required" msgstr "" -#: ../semanage/seobject.py:969 +#: ../semanage/seobject.py:946 msgid "Port is required" msgstr "" -#: ../semanage/seobject.py:979 +#: ../semanage/seobject.py:956 msgid "Invalid Port" msgstr "" -#: ../semanage/seobject.py:983 +#: ../semanage/seobject.py:960 #, python-format msgid "Could not create a key for %s/%s" msgstr "" -#: ../semanage/seobject.py:994 +#: ../semanage/seobject.py:971 msgid "Type is required" msgstr "" -#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1059 -#: ../semanage/seobject.py:1114 ../semanage/seobject.py:1120 +#: ../semanage/seobject.py:974 ../semanage/seobject.py:1036 +#: ../semanage/seobject.py:1794 +#, python-format +msgid "Type %s is invalid, must be a port type" +msgstr "" + +#: ../semanage/seobject.py:980 ../semanage/seobject.py:1042 +#: ../semanage/seobject.py:1097 ../semanage/seobject.py:1103 #, python-format msgid "Could not check if port %s/%s is defined" msgstr "" -#: ../semanage/seobject.py:1002 +#: ../semanage/seobject.py:982 #, python-format msgid "Port %s/%s already defined" msgstr "" -#: ../semanage/seobject.py:1006 +#: ../semanage/seobject.py:986 #, python-format msgid "Could not create port for %s/%s" msgstr "" -#: ../semanage/seobject.py:1012 +#: ../semanage/seobject.py:992 #, python-format msgid "Could not create context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1016 +#: ../semanage/seobject.py:996 #, python-format msgid "Could not set user in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1020 +#: ../semanage/seobject.py:1000 #, python-format msgid "Could not set role in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1024 +#: ../semanage/seobject.py:1004 #, python-format msgid "Could not set type in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1029 +#: ../semanage/seobject.py:1009 #, python-format msgid "Could not set mls fields in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1033 +#: ../semanage/seobject.py:1013 #, python-format msgid "Could not set port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1037 +#: ../semanage/seobject.py:1017 #, python-format msgid "Could not add port %s/%s" msgstr "" -#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1316 -#: ../semanage/seobject.py:1512 +#: ../semanage/seobject.py:1031 ../semanage/seobject.py:1304 +#: ../semanage/seobject.py:1503 msgid "Requires setype or serange" msgstr "" -#: ../semanage/seobject.py:1053 +#: ../semanage/seobject.py:1033 msgid "Requires setype" msgstr "" -#: ../semanage/seobject.py:1061 ../semanage/seobject.py:1116 +#: ../semanage/seobject.py:1044 ../semanage/seobject.py:1099 #, python-format msgid "Port %s/%s is not defined" msgstr "" -#: ../semanage/seobject.py:1065 +#: ../semanage/seobject.py:1048 #, python-format msgid "Could not query port %s/%s" msgstr "" -#: ../semanage/seobject.py:1076 +#: ../semanage/seobject.py:1059 #, python-format msgid "Could not modify port %s/%s" msgstr "" -#: ../semanage/seobject.py:1089 +#: ../semanage/seobject.py:1072 msgid "Could not list the ports" msgstr "" -#: ../semanage/seobject.py:1105 +#: ../semanage/seobject.py:1088 #, python-format msgid "Could not delete the port %s" msgstr "" -#: ../semanage/seobject.py:1122 +#: ../semanage/seobject.py:1105 #, python-format msgid "Port %s/%s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1126 +#: ../semanage/seobject.py:1109 #, python-format msgid "Could not delete port %s/%s" msgstr "" -#: ../semanage/seobject.py:1142 ../semanage/seobject.py:1164 +#: ../semanage/seobject.py:1125 ../semanage/seobject.py:1147 msgid "Could not list ports" msgstr "" -#: ../semanage/seobject.py:1203 +#: ../semanage/seobject.py:1186 msgid "SELinux Port Type" msgstr "" -#: ../semanage/seobject.py:1203 +#: ../semanage/seobject.py:1186 msgid "Proto" msgstr "" -#: ../semanage/seobject.py:1203 ../gui/system-config-selinux.glade:335 +#: ../semanage/seobject.py:1186 ../gui/system-config-selinux.glade:335 msgid "Port Number" msgstr "" -#: ../semanage/seobject.py:1222 +#: ../semanage/seobject.py:1207 msgid "Node Address is required" msgstr "" -#: ../semanage/seobject.py:1237 +#: ../semanage/seobject.py:1222 msgid "Unknown or missing protocol" msgstr "" -#: ../semanage/seobject.py:1251 ../semanage/seobject.py:1450 -#: ../semanage/seobject.py:1728 -msgid "SELinux Type is required" +#: ../semanage/seobject.py:1236 +msgid "SELinux node type is required" +msgstr "" + +#: ../semanage/seobject.py:1239 ../semanage/seobject.py:1307 +#, python-format +msgid "Type %s is invalid, must be a node type" msgstr "" -#: ../semanage/seobject.py:1255 ../semanage/seobject.py:1320 -#: ../semanage/seobject.py:1356 ../semanage/seobject.py:1454 -#: ../semanage/seobject.py:1516 ../semanage/seobject.py:1550 -#: ../semanage/seobject.py:1732 +#: ../semanage/seobject.py:1243 ../semanage/seobject.py:1311 +#: ../semanage/seobject.py:1347 ../semanage/seobject.py:1445 +#: ../semanage/seobject.py:1507 ../semanage/seobject.py:1541 +#: ../semanage/seobject.py:1739 #, python-format msgid "Could not create key for %s" msgstr "" -#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1324 -#: ../semanage/seobject.py:1360 ../semanage/seobject.py:1366 +#: ../semanage/seobject.py:1245 ../semanage/seobject.py:1315 +#: ../semanage/seobject.py:1351 ../semanage/seobject.py:1357 #, python-format msgid "Could not check if addr %s is defined" msgstr "" -#: ../semanage/seobject.py:1266 +#: ../semanage/seobject.py:1254 #, python-format msgid "Could not create addr for %s" msgstr "" -#: ../semanage/seobject.py:1272 ../semanage/seobject.py:1470 -#: ../semanage/seobject.py:1690 +#: ../semanage/seobject.py:1260 ../semanage/seobject.py:1461 +#: ../semanage/seobject.py:1694 #, python-format msgid "Could not create context for %s" msgstr "" -#: ../semanage/seobject.py:1276 +#: ../semanage/seobject.py:1264 #, python-format msgid "Could not set mask for %s" msgstr "" -#: ../semanage/seobject.py:1280 +#: ../semanage/seobject.py:1268 #, python-format msgid "Could not set user in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1284 +#: ../semanage/seobject.py:1272 #, python-format msgid "Could not set role in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1288 +#: ../semanage/seobject.py:1276 #, python-format msgid "Could not set type in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1293 +#: ../semanage/seobject.py:1281 #, python-format msgid "Could not set mls fields in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1297 +#: ../semanage/seobject.py:1285 #, python-format msgid "Could not set addr context for %s" msgstr "" -#: ../semanage/seobject.py:1301 +#: ../semanage/seobject.py:1289 #, python-format msgid "Could not add addr %s" msgstr "" -#: ../semanage/seobject.py:1326 ../semanage/seobject.py:1362 +#: ../semanage/seobject.py:1317 ../semanage/seobject.py:1353 #, python-format msgid "Addr %s is not defined" msgstr "" -#: ../semanage/seobject.py:1330 +#: ../semanage/seobject.py:1321 #, python-format msgid "Could not query addr %s" msgstr "" -#: ../semanage/seobject.py:1340 +#: ../semanage/seobject.py:1331 #, python-format msgid "Could not modify addr %s" msgstr "" -#: ../semanage/seobject.py:1368 +#: ../semanage/seobject.py:1359 #, python-format msgid "Addr %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1372 +#: ../semanage/seobject.py:1363 #, python-format msgid "Could not delete addr %s" msgstr "" -#: ../semanage/seobject.py:1384 +#: ../semanage/seobject.py:1375 msgid "Could not deleteall node mappings" msgstr "" -#: ../semanage/seobject.py:1398 +#: ../semanage/seobject.py:1389 msgid "Could not list addrs" msgstr "" -#: ../semanage/seobject.py:1458 ../semanage/seobject.py:1520 -#: ../semanage/seobject.py:1554 ../semanage/seobject.py:1560 +#: ../semanage/seobject.py:1441 ../semanage/seobject.py:1732 +msgid "SELinux Type is required" +msgstr "" + +#: ../semanage/seobject.py:1449 ../semanage/seobject.py:1511 +#: ../semanage/seobject.py:1545 ../semanage/seobject.py:1551 #, python-format msgid "Could not check if interface %s is defined" msgstr "" -#: ../semanage/seobject.py:1465 +#: ../semanage/seobject.py:1456 #, python-format msgid "Could not create interface for %s" msgstr "" -#: ../semanage/seobject.py:1474 +#: ../semanage/seobject.py:1465 #, python-format msgid "Could not set user in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1478 +#: ../semanage/seobject.py:1469 #, python-format msgid "Could not set role in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1482 +#: ../semanage/seobject.py:1473 #, python-format msgid "Could not set type in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1487 +#: ../semanage/seobject.py:1478 #, python-format msgid "Could not set mls fields in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1491 +#: ../semanage/seobject.py:1482 #, python-format msgid "Could not set interface context for %s" msgstr "" -#: ../semanage/seobject.py:1495 +#: ../semanage/seobject.py:1486 #, python-format msgid "Could not set message context for %s" msgstr "" -#: ../semanage/seobject.py:1499 +#: ../semanage/seobject.py:1490 #, python-format msgid "Could not add interface %s" msgstr "" -#: ../semanage/seobject.py:1522 ../semanage/seobject.py:1556 +#: ../semanage/seobject.py:1513 ../semanage/seobject.py:1547 #, python-format msgid "Interface %s is not defined" msgstr "" -#: ../semanage/seobject.py:1526 +#: ../semanage/seobject.py:1517 #, python-format msgid "Could not query interface %s" msgstr "" -#: ../semanage/seobject.py:1537 +#: ../semanage/seobject.py:1528 #, python-format msgid "Could not modify interface %s" msgstr "" -#: ../semanage/seobject.py:1562 +#: ../semanage/seobject.py:1553 #, python-format msgid "Interface %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1566 +#: ../semanage/seobject.py:1557 #, python-format msgid "Could not delete interface %s" msgstr "" -#: ../semanage/seobject.py:1578 +#: ../semanage/seobject.py:1569 msgid "Could not delete all interface mappings" msgstr "" -#: ../semanage/seobject.py:1592 +#: ../semanage/seobject.py:1583 msgid "Could not list interfaces" msgstr "" -#: ../semanage/seobject.py:1617 +#: ../semanage/seobject.py:1608 msgid "SELinux Interface" msgstr "" -#: ../semanage/seobject.py:1617 ../semanage/seobject.py:1944 +#: ../semanage/seobject.py:1608 ../semanage/seobject.py:1954 msgid "Context" msgstr "" -#: ../semanage/seobject.py:1667 +#: ../semanage/seobject.py:1671 #, python-format msgid "Equivalence class for %s already exists" msgstr "" -#: ../semanage/seobject.py:1673 +#: ../semanage/seobject.py:1677 #, python-format msgid "File spec %s conflicts with equivalency rule '%s %s'" msgstr "" -#: ../semanage/seobject.py:1682 +#: ../semanage/seobject.py:1686 #, python-format msgid "Equivalence class for %s does not exists" msgstr "" -#: ../semanage/seobject.py:1696 +#: ../semanage/seobject.py:1700 #, python-format msgid "Could not set user in file context for %s" msgstr "" -#: ../semanage/seobject.py:1700 +#: ../semanage/seobject.py:1704 #, python-format msgid "Could not set role in file context for %s" msgstr "" -#: ../semanage/seobject.py:1705 ../semanage/seobject.py:1762 +#: ../semanage/seobject.py:1709 ../semanage/seobject.py:1769 #, python-format msgid "Could not set mls fields in file context for %s" msgstr "" -#: ../semanage/seobject.py:1711 +#: ../semanage/seobject.py:1715 msgid "Invalid file specification" msgstr "" -#: ../semanage/seobject.py:1713 +#: ../semanage/seobject.py:1717 msgid "File specification can not include spaces" msgstr "" -#: ../semanage/seobject.py:1718 +#: ../semanage/seobject.py:1722 #, python-format msgid "" "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" msgstr "" -#: ../semanage/seobject.py:1736 ../semanage/seobject.py:1741 -#: ../semanage/seobject.py:1794 ../semanage/seobject.py:1876 -#: ../semanage/seobject.py:1880 +#: ../semanage/seobject.py:1735 +#, python-format +msgid "Type %s is invalid, must be a file or device type" +msgstr "" + +#: ../semanage/seobject.py:1743 ../semanage/seobject.py:1748 +#: ../semanage/seobject.py:1804 ../semanage/seobject.py:1886 +#: ../semanage/seobject.py:1890 #, python-format msgid "Could not check if file context for %s is defined" msgstr "" -#: ../semanage/seobject.py:1749 +#: ../semanage/seobject.py:1756 #, python-format msgid "Could not create file context for %s" msgstr "" -#: ../semanage/seobject.py:1757 +#: ../semanage/seobject.py:1764 #, python-format msgid "Could not set type in file context for %s" msgstr "" -#: ../semanage/seobject.py:1765 ../semanage/seobject.py:1822 -#: ../semanage/seobject.py:1826 +#: ../semanage/seobject.py:1772 ../semanage/seobject.py:1832 +#: ../semanage/seobject.py:1836 #, python-format msgid "Could not set file context for %s" msgstr "" -#: ../semanage/seobject.py:1771 +#: ../semanage/seobject.py:1778 #, python-format msgid "Could not add file context for %s" msgstr "" -#: ../semanage/seobject.py:1785 +#: ../semanage/seobject.py:1792 msgid "Requires setype, serange or seuser" msgstr "" -#: ../semanage/seobject.py:1798 ../semanage/seobject.py:1884 +#: ../semanage/seobject.py:1808 ../semanage/seobject.py:1894 #, python-format msgid "File context for %s is not defined" msgstr "" -#: ../semanage/seobject.py:1804 +#: ../semanage/seobject.py:1814 #, python-format msgid "Could not query file context for %s" msgstr "" -#: ../semanage/seobject.py:1830 +#: ../semanage/seobject.py:1840 #, python-format msgid "Could not modify file context for %s" msgstr "" -#: ../semanage/seobject.py:1843 +#: ../semanage/seobject.py:1853 msgid "Could not list the file contexts" msgstr "" -#: ../semanage/seobject.py:1857 +#: ../semanage/seobject.py:1867 #, python-format msgid "Could not delete the file context %s" msgstr "" -#: ../semanage/seobject.py:1882 +#: ../semanage/seobject.py:1892 #, python-format msgid "File context for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1888 +#: ../semanage/seobject.py:1898 #, python-format msgid "Could not delete file context for %s" msgstr "" -#: ../semanage/seobject.py:1903 +#: ../semanage/seobject.py:1913 msgid "Could not list file contexts" msgstr "" -#: ../semanage/seobject.py:1907 +#: ../semanage/seobject.py:1917 msgid "Could not list local file contexts" msgstr "" -#: ../semanage/seobject.py:1944 +#: ../semanage/seobject.py:1954 msgid "SELinux fcontext" msgstr "" -#: ../semanage/seobject.py:1944 +#: ../semanage/seobject.py:1954 msgid "type" msgstr "" -#: ../semanage/seobject.py:1957 +#: ../semanage/seobject.py:1967 msgid "" "\n" "SELinux Distribution fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1962 +#: ../semanage/seobject.py:1972 msgid "" "\n" "SELinux Local fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1996 ../semanage/seobject.py:2048 -#: ../semanage/seobject.py:2054 +#: ../semanage/seobject.py:2006 ../semanage/seobject.py:2059 +#: ../semanage/seobject.py:2065 #, python-format msgid "Could not check if boolean %s is defined" msgstr "" -#: ../semanage/seobject.py:1998 ../semanage/seobject.py:2050 +#: ../semanage/seobject.py:2008 ../semanage/seobject.py:2061 #, python-format msgid "Boolean %s is not defined" msgstr "" -#: ../semanage/seobject.py:2002 +#: ../semanage/seobject.py:2012 #, python-format msgid "Could not query file context %s" msgstr "" -#: ../semanage/seobject.py:2007 +#: ../semanage/seobject.py:2017 #, python-format msgid "You must specify one of the following values: %s" msgstr "" -#: ../semanage/seobject.py:2012 +#: ../semanage/seobject.py:2022 #, python-format msgid "Could not set active value of boolean %s" msgstr "" -#: ../semanage/seobject.py:2015 +#: ../semanage/seobject.py:2025 #, python-format msgid "Could not modify boolean %s" msgstr "" -#: ../semanage/seobject.py:2033 +#: ../semanage/seobject.py:2043 #, python-format msgid "Bad format %s: Record %s" msgstr "" -#: ../semanage/seobject.py:2056 +#: ../semanage/seobject.py:2067 #, python-format msgid "Boolean %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:2060 +#: ../semanage/seobject.py:2071 #, python-format msgid "Could not delete boolean %s" msgstr "" -#: ../semanage/seobject.py:2072 ../semanage/seobject.py:2089 +#: ../semanage/seobject.py:2083 ../semanage/seobject.py:2100 msgid "Could not list booleans" msgstr "" -#: ../semanage/seobject.py:2112 +#: ../semanage/seobject.py:2125 msgid "unknown" msgstr "" -#: ../semanage/seobject.py:2125 +#: ../semanage/seobject.py:2138 msgid "off" msgstr "" -#: ../semanage/seobject.py:2125 +#: ../semanage/seobject.py:2138 msgid "on" msgstr "" -#: ../semanage/seobject.py:2139 +#: ../semanage/seobject.py:2152 msgid "SELinux boolean" msgstr "" -#: ../semanage/seobject.py:2139 +#: ../semanage/seobject.py:2152 msgid "State" msgstr "" -#: ../semanage/seobject.py:2139 +#: ../semanage/seobject.py:2152 msgid "Default" msgstr "" -#: ../semanage/seobject.py:2139 ../gui/polgen.glade:3355 -#: ../gui/polgengui.py:253 +#: ../semanage/seobject.py:2152 ../gui/polgen.glade:113 +#: ../gui/polgengui.py:254 msgid "Description" msgstr "" @@ -998,7 +1013,7 @@ msgstr "" msgid "Error sending audit message.\n" msgstr "" -#: ../newrole/newrole.c:692 ../newrole/newrole.c:1059 +#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 #, c-format msgid "Could not determine enforcing mode.\n" msgstr "" @@ -1113,62 +1128,66 @@ msgstr "" msgid "Unable to set SIGHUP handler\n" msgstr "" -#: ../newrole/newrole.c:1053 +#: ../newrole/newrole.c:1036 +msgid "Sorry, newrole failed to drop capabilities\n" +msgstr "" + +#: ../newrole/newrole.c:1052 #, c-format msgid "Sorry, newrole may be used only on a SELinux kernel.\n" msgstr "" -#: ../newrole/newrole.c:1070 +#: ../newrole/newrole.c:1069 #, c-format msgid "failed to get old_context.\n" msgstr "" -#: ../newrole/newrole.c:1077 +#: ../newrole/newrole.c:1076 #, c-format msgid "Warning! Could not retrieve tty information.\n" msgstr "" -#: ../newrole/newrole.c:1098 +#: ../newrole/newrole.c:1097 #, c-format msgid "error on reading PAM service configuration.\n" msgstr "" -#: ../newrole/newrole.c:1133 +#: ../newrole/newrole.c:1132 #, c-format msgid "newrole: incorrect password for %s\n" msgstr "" -#: ../newrole/newrole.c:1160 +#: ../newrole/newrole.c:1159 #, c-format msgid "newrole: failure forking: %s" msgstr "" -#: ../newrole/newrole.c:1163 ../newrole/newrole.c:1186 +#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 #, c-format msgid "Unable to restore tty label...\n" msgstr "" -#: ../newrole/newrole.c:1165 ../newrole/newrole.c:1192 +#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 #, c-format msgid "Failed to close tty properly\n" msgstr "" -#: ../newrole/newrole.c:1224 +#: ../newrole/newrole.c:1223 #, c-format msgid "Could not close descriptors.\n" msgstr "" -#: ../newrole/newrole.c:1251 +#: ../newrole/newrole.c:1250 #, c-format msgid "Error allocating shell's argv0.\n" msgstr "" -#: ../newrole/newrole.c:1287 +#: ../newrole/newrole.c:1286 #, c-format msgid "Unable to restore the environment, aborting\n" msgstr "" -#: ../newrole/newrole.c:1298 +#: ../newrole/newrole.c:1297 msgid "failed to exec shell\n" msgstr "" @@ -1271,20 +1290,20 @@ msgstr "" msgid "chcat -l +CompanyConfidential juser" msgstr "" -#: ../scripts/chcat:399 ../gui/polgen.py:1351 -#, c-format, python-format +#: ../scripts/chcat:399 +#, c-format msgid "Options Error %s " msgstr "" -#: ../gui/booleansPage.py:195 ../gui/system-config-selinux.glade:1706 +#: ../gui/booleansPage.py:194 ../gui/system-config-selinux.glade:1706 msgid "Boolean" msgstr "" -#: ../gui/booleansPage.py:252 ../gui/semanagePage.py:162 +#: ../gui/booleansPage.py:245 ../gui/semanagePage.py:162 msgid "all" msgstr "" -#: ../gui/booleansPage.py:254 ../gui/semanagePage.py:164 +#: ../gui/booleansPage.py:247 ../gui/semanagePage.py:164 #: ../gui/system-config-selinux.glade:1615 #: ../gui/system-config-selinux.glade:1820 #: ../gui/system-config-selinux.glade:2437 @@ -1340,577 +1359,464 @@ msgstr "" msgid "Login '%s' is required" msgstr "" -#: ../gui/modulesPage.py:48 ../gui/system-config-selinux.glade:2753 +#: ../gui/modulesPage.py:49 ../gui/system-config-selinux.glade:2753 msgid "Policy Module" msgstr "" -#: ../gui/modulesPage.py:57 +#: ../gui/modulesPage.py:58 msgid "Module Name" msgstr "" -#: ../gui/modulesPage.py:134 +#: ../gui/modulesPage.py:135 msgid "Disable Audit" msgstr "" -#: ../gui/modulesPage.py:137 ../gui/system-config-selinux.glade:2662 +#: ../gui/modulesPage.py:138 ../gui/system-config-selinux.glade:2662 msgid "Enable Audit" msgstr "" -#: ../gui/modulesPage.py:162 +#: ../gui/modulesPage.py:163 msgid "Load Policy Module" msgstr "" -#: ../gui/polgen.glade:79 -msgid "Polgen" -msgstr "" - -#: ../gui/polgen.glade:80 +#: ../gui/polgen.glade:9 msgid "Red Hat 2007" msgstr "" -#: ../gui/polgen.glade:81 +#: ../gui/polgen.glade:11 msgid "GPL" msgstr "" #. TRANSLATORS: Replace this string with your names, one name per line. -#: ../gui/polgen.glade:85 ../gui/system-config-selinux.glade:17 +#: ../gui/polgen.glade:13 ../gui/system-config-selinux.glade:17 msgid "translator-credits" msgstr "" -#: ../gui/polgen.glade:90 +#: ../gui/polgen.glade:34 +msgid "Add Booleans Dialog" +msgstr "" + +#: ../gui/polgen.glade:101 +msgid "Boolean Name" +msgstr "" + +#: ../gui/polgen.glade:230 msgid "SELinux Policy Generation Tool" msgstr "" -#: ../gui/polgen.glade:128 +#: ../gui/polgen.glade:251 msgid "" "Select the policy type for the application or user role you want to " "confine:" msgstr "" -#: ../gui/polgen.glade:177 +#: ../gui/polgen.glade:284 msgid "Applications" msgstr "" -#: ../gui/polgen.glade:239 ../gui/polgen.glade:259 +#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:183 +msgid "Standard Init Daemon" +msgstr "" + +#: ../gui/polgen.glade:320 ../gui/polgen.glade:336 msgid "" "Standard Init Daemon are daemons started on boot via init scripts. Usually " "requires a script in /etc/rc.d/init.d" msgstr "" -#: ../gui/polgen.glade:241 ../gui/polgen.py:156 -msgid "Standard Init Daemon" +#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:184 +msgid "DBUS System Daemon" msgstr "" -#: ../gui/polgen.glade:261 ../gui/polgen.py:157 -msgid "DBUS System Daemon" +#: ../gui/polgen.glade:349 +msgid "Internet Services Daemon (inetd)" msgstr "" -#: ../gui/polgen.glade:280 +#: ../gui/polgen.glade:353 msgid "Internet Services Daemon are daemons started by xinetd" msgstr "" -#: ../gui/polgen.glade:282 -msgid "Internet Services Daemon (inetd)" +#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:186 +msgid "Web Application/Script (CGI)" msgstr "" -#: ../gui/polgen.glade:301 +#: ../gui/polgen.glade:370 msgid "" "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" msgstr "" -#: ../gui/polgen.glade:303 ../gui/polgen.py:159 -msgid "Web Application/Script (CGI)" +#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:187 +msgid "User Application" msgstr "" -#: ../gui/polgen.glade:322 ../gui/polgen.glade:343 +#: ../gui/polgen.glade:387 ../gui/polgen.glade:404 msgid "" "User Application are any application that you would like to confine that is " "started by a user" msgstr "" -#: ../gui/polgen.glade:324 ../gui/polgen.py:160 -msgid "User Application" -msgstr "" - -#: ../gui/polgen.glade:345 ../gui/polgen.py:161 +#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:188 msgid "Sandbox" msgstr "" -#: ../gui/polgen.glade:391 +#: ../gui/polgen.glade:446 msgid "Login Users" msgstr "" -#: ../gui/polgen.glade:453 +#: ../gui/polgen.glade:478 +msgid "Existing User Roles" +msgstr "" + +#: ../gui/polgen.glade:482 msgid "Modify an existing login user record." msgstr "" -#: ../gui/polgen.glade:455 -msgid "Existing User Roles" +#: ../gui/polgen.glade:495 ../sepolicy/sepolicy/generate.py:189 +msgid "Minimal Terminal User Role" msgstr "" -#: ../gui/polgen.glade:474 +#: ../gui/polgen.glade:499 msgid "" "This user will login to a machine only via a terminal or remote login. By " "default this user will have no setuid, no networking, no su, no sudo." msgstr "" -#: ../gui/polgen.glade:476 ../gui/polgen.py:162 -msgid "Minimal Terminal User Role" +#: ../gui/polgen.glade:512 ../sepolicy/sepolicy/generate.py:190 +msgid "Minimal X Windows User Role" msgstr "" -#: ../gui/polgen.glade:495 +#: ../gui/polgen.glade:516 msgid "" "This user can login to a machine via X or terminal. By default this user " "will have no setuid, no networking, no sudo, no su" msgstr "" -#: ../gui/polgen.glade:497 ../gui/polgen.py:163 -msgid "Minimal X Windows User Role" +#: ../gui/polgen.glade:529 ../sepolicy/sepolicy/generate.py:191 +msgid "User Role" msgstr "" -#: ../gui/polgen.glade:516 +#: ../gui/polgen.glade:533 msgid "" "User with full networking, no setuid applications without transition, no " "sudo, no su." msgstr "" -#: ../gui/polgen.glade:518 ../gui/polgen.py:164 -msgid "User Role" +#: ../gui/polgen.glade:546 ../sepolicy/sepolicy/generate.py:192 +msgid "Admin User Role" msgstr "" -#: ../gui/polgen.glade:537 +#: ../gui/polgen.glade:550 msgid "" "User with full networking, no setuid applications without transition, no su, " "can sudo to Root Administration Roles" msgstr "" -#: ../gui/polgen.glade:539 ../gui/polgen.py:165 -msgid "Admin User Role" +#: ../gui/polgen.glade:592 +msgid "Root Users" msgstr "" -#: ../gui/polgen.glade:585 -msgid "Root Users" +#: ../gui/polgen.glade:623 ../sepolicy/sepolicy/generate.py:193 +msgid "Root Admin User Role" msgstr "" -#: ../gui/polgen.glade:647 +#: ../gui/polgen.glade:627 msgid "" "Select Root Administrator User Role, if this user will be used to administer " "the machine while running as root. This user will not be able to login to " "the system directly." msgstr "" -#: ../gui/polgen.glade:649 ../gui/polgen.py:166 -msgid "Root Admin User Role" -msgstr "" - -#: ../gui/polgen.glade:716 -msgid "label104" -msgstr "" - -#: ../gui/polgen.glade:745 +#: ../gui/polgen.glade:705 msgid "Enter name of application or user role:" msgstr "" -#: ../gui/polgen.glade:779 ../gui/polgengui.py:251 +#: ../gui/polgen.glade:728 ../gui/polgengui.py:252 msgid "Name" msgstr "" -#: ../gui/polgen.glade:807 +#: ../gui/polgen.glade:739 msgid "Enter complete path for executable to be confined." msgstr "" -#: ../gui/polgen.glade:830 ../gui/polgen.glade:950 ../gui/polgen.glade:3142 +#: ../gui/polgen.glade:756 ../gui/polgen.glade:838 ../gui/polgen.glade:2361 msgid "..." msgstr "" -#: ../gui/polgen.glade:849 +#: ../gui/polgen.glade:776 msgid "Enter unique name for the confined application or user role." msgstr "" -#: ../gui/polgen.glade:871 +#: ../gui/polgen.glade:794 msgid "Executable" msgstr "" -#: ../gui/polgen.glade:899 +#: ../gui/polgen.glade:808 msgid "Init script" msgstr "" -#: ../gui/polgen.glade:927 +#: ../gui/polgen.glade:821 msgid "" "Enter complete path to init script used to start the confined application." msgstr "" -#: ../gui/polgen.glade:982 -msgid "label105" -msgstr "" - -#: ../gui/polgen.glade:1011 +#: ../gui/polgen.glade:887 msgid "Select existing role to modify:" msgstr "" -#: ../gui/polgen.glade:1045 +#: ../gui/polgen.glade:908 msgid "Select the user roles that will transiton to the %s domain." msgstr "" -#: ../gui/polgen.glade:1073 -msgid "label106" +#: ../gui/polgen.glade:928 +msgid "role tab" msgstr "" -#: ../gui/polgen.glade:1102 +#: ../gui/polgen.glade:945 msgid "Select roles that %s will transition to:" msgstr "" -#: ../gui/polgen.glade:1136 +#: ../gui/polgen.glade:963 msgid "Select applications domains that %s will transition to." msgstr "" -#: ../gui/polgen.glade:1164 -msgid "label107" +#: ../gui/polgen.glade:983 +msgid "" +"transition \n" +"role tab" msgstr "" -#: ../gui/polgen.glade:1193 +#: ../gui/polgen.glade:1001 msgid "Select the user_roles that will transition to %s:" msgstr "" -#: ../gui/polgen.glade:1227 +#: ../gui/polgen.glade:1019 msgid "Select the user roles that will transiton to this applications domains." msgstr "" -#: ../gui/polgen.glade:1255 -msgid "label108" -msgstr "" - -#: ../gui/polgen.glade:1284 +#: ../gui/polgen.glade:1056 msgid "Select domains that %s will administer:" msgstr "" -#: ../gui/polgen.glade:1318 ../gui/polgen.glade:1409 +#: ../gui/polgen.glade:1074 ../gui/polgen.glade:1129 msgid "Select the domains that you would like this user administer." msgstr "" -#: ../gui/polgen.glade:1346 -msgid "label109" -msgstr "" - -#: ../gui/polgen.glade:1375 +#: ../gui/polgen.glade:1111 msgid "Select additional roles for %s:" msgstr "" -#: ../gui/polgen.glade:1437 -msgid "label111" -msgstr "" - -#: ../gui/polgen.glade:1466 +#: ../gui/polgen.glade:1166 msgid "Enter network ports that %s binds on:" msgstr "" -#: ../gui/polgen.glade:1497 ../gui/polgen.glade:1997 +#: ../gui/polgen.glade:1186 ../gui/polgen.glade:1557 msgid "TCP Ports" msgstr "" -#: ../gui/polgen.glade:1565 ../gui/polgen.glade:1785 +#: ../gui/polgen.glade:1223 ../gui/polgen.glade:1390 ../gui/polgen.glade:1589 +#: ../gui/polgen.glade:1698 +msgid "All" +msgstr "" + +#: ../gui/polgen.glade:1227 ../gui/polgen.glade:1394 msgid "Allows %s to bind to any udp port" msgstr "" -#: ../gui/polgen.glade:1567 ../gui/polgen.glade:1787 ../gui/polgen.glade:2061 -#: ../gui/polgen.glade:2215 -msgid "All" +#: ../gui/polgen.glade:1240 ../gui/polgen.glade:1407 +msgid "600-1024" msgstr "" -#: ../gui/polgen.glade:1585 ../gui/polgen.glade:1805 +#: ../gui/polgen.glade:1244 ../gui/polgen.glade:1411 msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" msgstr "" -#: ../gui/polgen.glade:1587 ../gui/polgen.glade:1807 -msgid "600-1024" +#: ../gui/polgen.glade:1257 ../gui/polgen.glade:1424 +msgid "Unreserved Ports (>1024)" msgstr "" -#: ../gui/polgen.glade:1605 ../gui/polgen.glade:1825 +#: ../gui/polgen.glade:1261 ../gui/polgen.glade:1428 msgid "" "Enter a comma separated list of udp ports or ranges of ports that %s binds " "to. Example: 612, 650-660" msgstr "" -#: ../gui/polgen.glade:1607 ../gui/polgen.glade:1827 -msgid "Unreserved Ports (>1024)" -msgstr "" - -#: ../gui/polgen.glade:1638 ../gui/polgen.glade:1858 ../gui/polgen.glade:2079 -#: ../gui/polgen.glade:2233 +#: ../gui/polgen.glade:1289 ../gui/polgen.glade:1456 ../gui/polgen.glade:1609 +#: ../gui/polgen.glade:1718 msgid "Select Ports" msgstr "" -#: ../gui/polgen.glade:1663 ../gui/polgen.glade:1883 +#: ../gui/polgen.glade:1302 ../gui/polgen.glade:1469 msgid "Allows %s to bind to any udp ports > 1024" msgstr "" -#: ../gui/polgen.glade:1717 ../gui/polgen.glade:2151 +#: ../gui/polgen.glade:1353 ../gui/polgen.glade:1666 msgid "UDP Ports" msgstr "" -#: ../gui/polgen.glade:1937 -msgid "label113" +#: ../gui/polgen.glade:1519 +msgid "" +"Network\n" +"Bind tab" msgstr "" -#: ../gui/polgen.glade:1966 +#: ../gui/polgen.glade:1537 msgid "Select network ports that %s connects to:" msgstr "" -#: ../gui/polgen.glade:2058 +#: ../gui/polgen.glade:1593 msgid "Allows %s to connect to any tcp port" msgstr "" -#: ../gui/polgen.glade:2104 +#: ../gui/polgen.glade:1622 msgid "" "Enter a comma separated list of tcp ports or ranges of ports that %s " "connects to. Example: 612, 650-660" msgstr "" -#: ../gui/polgen.glade:2212 +#: ../gui/polgen.glade:1702 msgid "Allows %s to connect to any udp port" msgstr "" -#: ../gui/polgen.glade:2258 +#: ../gui/polgen.glade:1731 msgid "" "Enter a comma separated list of udp ports or ranges of ports that %s " "connects to. Example: 612, 650-660" msgstr "" -#: ../gui/polgen.glade:2305 -msgid "label114" -msgstr "" - -#: ../gui/polgen.glade:2334 +#: ../gui/polgen.glade:1792 msgid "Select common application traits for %s:" msgstr "" -#: ../gui/polgen.glade:2366 +#: ../gui/polgen.glade:1809 msgid "Writes syslog messages\t" msgstr "" -#: ../gui/polgen.glade:2385 +#: ../gui/polgen.glade:1824 msgid "Create/Manipulate temporary files in /tmp" msgstr "" -#: ../gui/polgen.glade:2404 +#: ../gui/polgen.glade:1839 msgid "Uses Pam for authentication" msgstr "" -#: ../gui/polgen.glade:2423 +#: ../gui/polgen.glade:1854 msgid "Uses nsswitch or getpw* calls" msgstr "" -#: ../gui/polgen.glade:2442 +#: ../gui/polgen.glade:1869 msgid "Uses dbus" msgstr "" -#: ../gui/polgen.glade:2461 +#: ../gui/polgen.glade:1884 msgid "Sends audit messages" msgstr "" -#: ../gui/polgen.glade:2480 +#: ../gui/polgen.glade:1899 msgid "Interacts with the terminal" msgstr "" -#: ../gui/polgen.glade:2499 +#: ../gui/polgen.glade:1914 msgid "Sends email" msgstr "" -#: ../gui/polgen.glade:2530 -msgid "label115" -msgstr "" - -#: ../gui/polgen.glade:2559 +#: ../gui/polgen.glade:1961 msgid "Add files/directories that %s manages" msgstr "" -#: ../gui/polgen.glade:2788 +#: ../gui/polgen.glade:2122 msgid "" "Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " "Files ..." msgstr "" -#: ../gui/polgen.glade:2823 -msgid "label116" -msgstr "" - -#: ../gui/polgen.glade:2852 +#: ../gui/polgen.glade:2166 msgid "Add booleans from the %s policy:" msgstr "" -#: ../gui/polgen.glade:3002 +#: ../gui/polgen.glade:2274 msgid "Add/Remove booleans used by the %s domain" msgstr "" -#: ../gui/polgen.glade:3066 +#: ../gui/polgen.glade:2316 msgid "Which directory you will generate the %s policy?" msgstr "" -#: ../gui/polgen.glade:3097 +#: ../gui/polgen.glade:2334 msgid "Policy Directory" msgstr "" -#: ../gui/polgen.glade:3254 -msgid "Add Booleans Dialog" -msgstr "" - -#: ../gui/polgen.glade:3327 -msgid "Boolean Name" -msgstr "" - -#: ../gui/polgengui.py:261 +#: ../gui/polgengui.py:262 msgid "Role" msgstr "" -#: ../gui/polgengui.py:268 +#: ../gui/polgengui.py:269 msgid "Existing_User" msgstr "" -#: ../gui/polgengui.py:282 ../gui/polgengui.py:290 ../gui/polgengui.py:304 +#: ../gui/polgengui.py:283 ../gui/polgengui.py:291 ../gui/polgengui.py:305 msgid "Application" msgstr "" -#: ../gui/polgengui.py:352 +#: ../gui/polgengui.py:353 #, python-format msgid "%s must be a directory" msgstr "" -#: ../gui/polgengui.py:412 ../gui/polgengui.py:693 +#: ../gui/polgengui.py:413 ../gui/polgengui.py:694 msgid "You must select a user" msgstr "" -#: ../gui/polgengui.py:542 +#: ../gui/polgengui.py:543 msgid "Select executable file to be confined." msgstr "" -#: ../gui/polgengui.py:553 +#: ../gui/polgengui.py:554 msgid "Select init script file to be confined." msgstr "" -#: ../gui/polgengui.py:563 +#: ../gui/polgengui.py:564 msgid "Select file(s) that confined application creates or writes" msgstr "" -#: ../gui/polgengui.py:570 +#: ../gui/polgengui.py:571 msgid "Select directory(s) that the confined application owns and writes into" msgstr "" -#: ../gui/polgengui.py:632 +#: ../gui/polgengui.py:633 msgid "Select directory to generate policy files in" msgstr "" -#: ../gui/polgengui.py:649 +#: ../gui/polgengui.py:650 #, python-format msgid "" "Type %s_t already defined in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:649 ../gui/polgengui.py:653 +#: ../gui/polgengui.py:650 ../gui/polgengui.py:654 msgid "Verify Name" msgstr "" -#: ../gui/polgengui.py:653 +#: ../gui/polgengui.py:654 #, python-format msgid "" "Module %s.pp already loaded in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:699 +#: ../gui/polgengui.py:700 msgid "" "You must add a name made up of letters and numbers and containing no spaces." msgstr "" -#: ../gui/polgengui.py:713 +#: ../gui/polgengui.py:714 msgid "You must enter a executable" msgstr "" -#: ../gui/polgengui.py:738 ../gui/system-config-selinux.py:174 +#: ../gui/polgengui.py:739 ../gui/system-config-selinux.py:174 msgid "Configue SELinux" msgstr "" -#: ../gui/polgen.py:158 -msgid "Internet Services Daemon" -msgstr "" - -#: ../gui/polgen.py:197 -#, python-format -msgid "Ports must be numbers or ranges of numbers from 1 to %d " -msgstr "" - -#: ../gui/polgen.py:324 -msgid "You must enter a name for your confined process/user" -msgstr "" - -#: ../gui/polgen.py:326 -msgid "" -"Name must be alpha numberic with no spaces. Consider using option \"-n " -"MODULENAME\"" -msgstr "" - -#: ../gui/polgen.py:414 -msgid "User Role types can not be assigned executables." -msgstr "" - -#: ../gui/polgen.py:420 -msgid "Only Daemon apps can use an init script.." -msgstr "" - -#: ../gui/polgen.py:438 -msgid "use_resolve must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:444 -msgid "use_syslog must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:450 -msgid "use_kerberos must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:456 -msgid "manage_krb5_rcache must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:486 -msgid "USER Types automatically get a tmp type" -msgstr "" - -#: ../gui/polgen.py:1004 -msgid "You must enter the executable path for your confined process" -msgstr "" - -#: ../gui/polgen.py:1182 -msgid "Type Enforcement file" -msgstr "" - -#: ../gui/polgen.py:1183 -msgid "Interface file" -msgstr "" - -#: ../gui/polgen.py:1184 -msgid "File Contexts file" -msgstr "" - -#: ../gui/polgen.py:1185 -msgid "Setup Script" -msgstr "" - -#: ../gui/polgen.py:1306 -#, python-format -msgid "" -"\n" -"%s\n" -"\n" -"sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]\n" -"valid Types:\n" -msgstr "" - -#: ../gui/polgen.py:1354 -msgid "Executable or Name required" -msgstr "" - #: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528 msgid "Network Port" msgstr "" @@ -1948,1411 +1854,1499 @@ msgstr "" msgid "Group View" msgstr "" -#: ../gui/selinux.tbl:1 ../gui/selinux.tbl:30 ../gui/selinux.tbl:31 -#: ../gui/selinux.tbl:32 ../gui/selinux.tbl:33 ../gui/selinux.tbl:34 -#: ../gui/selinux.tbl:36 ../gui/selinux.tbl:37 ../gui/selinux.tbl:38 -#: ../gui/selinux.tbl:39 ../gui/selinux.tbl:40 ../gui/selinux.tbl:42 -#: ../gui/selinux.tbl:43 ../gui/selinux.tbl:44 ../gui/selinux.tbl:45 -#: ../gui/selinux.tbl:46 ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 -#: ../gui/selinux.tbl:49 ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 -#: ../gui/selinux.tbl:52 ../gui/selinux.tbl:53 ../gui/selinux.tbl:59 -#: ../gui/selinux.tbl:60 ../gui/selinux.tbl:61 ../gui/selinux.tbl:62 -#: ../gui/selinux.tbl:63 ../gui/selinux.tbl:64 ../gui/selinux.tbl:65 -#: ../gui/selinux.tbl:66 ../gui/selinux.tbl:67 ../gui/selinux.tbl:68 -#: ../gui/selinux.tbl:69 ../gui/selinux.tbl:75 ../gui/selinux.tbl:76 -#: ../gui/selinux.tbl:77 ../gui/selinux.tbl:78 ../gui/selinux.tbl:79 -#: ../gui/selinux.tbl:80 ../gui/selinux.tbl:81 ../gui/selinux.tbl:82 -#: ../gui/selinux.tbl:83 ../gui/selinux.tbl:84 ../gui/selinux.tbl:86 -#: ../gui/selinux.tbl:88 ../gui/selinux.tbl:89 ../gui/selinux.tbl:90 -#: ../gui/selinux.tbl:92 ../gui/selinux.tbl:94 ../gui/selinux.tbl:95 -#: ../gui/selinux.tbl:96 ../gui/selinux.tbl:97 ../gui/selinux.tbl:98 -#: ../gui/selinux.tbl:99 ../gui/selinux.tbl:100 ../gui/selinux.tbl:101 -#: ../gui/selinux.tbl:102 ../gui/selinux.tbl:103 ../gui/selinux.tbl:104 -#: ../gui/selinux.tbl:106 ../gui/selinux.tbl:108 ../gui/selinux.tbl:109 -#: ../gui/selinux.tbl:110 ../gui/selinux.tbl:111 ../gui/selinux.tbl:112 -#: ../gui/selinux.tbl:113 ../gui/selinux.tbl:114 ../gui/selinux.tbl:116 -#: ../gui/selinux.tbl:117 ../gui/selinux.tbl:119 ../gui/selinux.tbl:121 -#: ../gui/selinux.tbl:123 ../gui/selinux.tbl:124 ../gui/selinux.tbl:127 -#: ../gui/selinux.tbl:129 ../gui/selinux.tbl:130 ../gui/selinux.tbl:131 -#: ../gui/selinux.tbl:132 ../gui/selinux.tbl:133 ../gui/selinux.tbl:134 -#: ../gui/selinux.tbl:135 ../gui/selinux.tbl:136 ../gui/selinux.tbl:137 -#: ../gui/selinux.tbl:138 ../gui/selinux.tbl:139 ../gui/selinux.tbl:142 -#: ../gui/selinux.tbl:143 ../gui/selinux.tbl:144 ../gui/selinux.tbl:145 -#: ../gui/selinux.tbl:146 ../gui/selinux.tbl:147 ../gui/selinux.tbl:148 -#: ../gui/selinux.tbl:149 ../gui/selinux.tbl:150 ../gui/selinux.tbl:151 -#: ../gui/selinux.tbl:152 ../gui/selinux.tbl:154 ../gui/selinux.tbl:155 -#: ../gui/selinux.tbl:156 ../gui/selinux.tbl:157 ../gui/selinux.tbl:158 -#: ../gui/selinux.tbl:159 ../gui/selinux.tbl:160 ../gui/selinux.tbl:167 -#: ../gui/selinux.tbl:171 ../gui/selinux.tbl:172 ../gui/selinux.tbl:173 -#: ../gui/selinux.tbl:174 ../gui/selinux.tbl:175 ../gui/selinux.tbl:177 -#: ../gui/selinux.tbl:178 ../gui/selinux.tbl:179 ../gui/selinux.tbl:180 -#: ../gui/selinux.tbl:184 ../gui/selinux.tbl:192 ../gui/selinux.tbl:193 -#: ../gui/selinux.tbl:194 ../gui/selinux.tbl:195 ../gui/selinux.tbl:196 -#: ../gui/selinux.tbl:197 ../gui/selinux.tbl:198 ../gui/selinux.tbl:199 -#: ../gui/selinux.tbl:200 ../gui/selinux.tbl:201 ../gui/selinux.tbl:206 -#: ../gui/selinux.tbl:207 ../gui/selinux.tbl:218 ../gui/selinux.tbl:219 -#: ../gui/selinux.tbl:220 ../gui/selinux.tbl:222 ../gui/selinux.tbl:224 -#: ../gui/selinux.tbl:226 ../gui/selinux.tbl:227 ../gui/selinux.tbl:230 -msgid "SELinux Service Protection" -msgstr "" - -#: ../gui/selinux.tbl:1 -msgid "Disable SELinux protection for acct daemon" -msgstr "" - -#: ../gui/selinux.tbl:2 ../gui/selinux.tbl:3 ../gui/selinux.tbl:70 -#: ../gui/selinux.tbl:153 ../gui/selinux.tbl:168 ../gui/selinux.tbl:169 -#: ../gui/selinux.tbl:170 ../gui/selinux.tbl:189 ../gui/selinux.tbl:202 -#: ../gui/selinux.tbl:203 ../gui/selinux.tbl:204 ../gui/selinux.tbl:205 -msgid "Admin" -msgstr "" - -#: ../gui/selinux.tbl:2 -msgid "Allow all daemons to write corefiles to /" -msgstr "" - -#: ../gui/selinux.tbl:3 -msgid "Allow all daemons the ability to use unallocated ttys" -msgstr "" - -#: ../gui/selinux.tbl:4 ../gui/selinux.tbl:5 ../gui/selinux.tbl:11 -#: ../gui/selinux.tbl:12 ../gui/selinux.tbl:13 ../gui/selinux.tbl:15 -#: ../gui/selinux.tbl:20 ../gui/selinux.tbl:41 ../gui/selinux.tbl:208 -#: ../gui/selinux.tbl:210 ../gui/selinux.tbl:211 ../gui/selinux.tbl:212 -#: ../gui/selinux.tbl:213 ../gui/selinux.tbl:214 ../gui/selinux.tbl:215 -#: ../gui/selinux.tbl:216 ../gui/selinux.tbl:217 -msgid "User Privs" -msgstr "" - -#: ../gui/selinux.tbl:4 -msgid "" -"Allow gadmin SELinux user account to execute files in home directory or /tmp" -msgstr "" - -#: ../gui/selinux.tbl:5 -msgid "" -"Allow guest SELinux user account to execute files in home directory or /tmp" -msgstr "" - -#: ../gui/selinux.tbl:6 ../gui/selinux.tbl:9 ../gui/selinux.tbl:16 -msgid "Memory Protection" -msgstr "" - -#: ../gui/selinux.tbl:6 -msgid "Allow java executable stack" +#: ../gui/semanagePage.py:126 +#, python-format +msgid "Are you sure you want to delete %s '%s'?" msgstr "" -#: ../gui/selinux.tbl:7 ../gui/selinux.tbl:8 ../gui/selinux.tbl:35 -#: ../gui/selinux.tbl:209 -msgid "Mount" +#: ../gui/semanagePage.py:126 +#, python-format +msgid "Delete %s" msgstr "" -#: ../gui/selinux.tbl:7 -msgid "Allow mount to mount any file" +#: ../gui/semanagePage.py:134 +#, python-format +msgid "Add %s" msgstr "" -#: ../gui/selinux.tbl:8 -msgid "Allow mount to mount any directory" +#: ../gui/semanagePage.py:148 +#, python-format +msgid "Modify %s" msgstr "" -#: ../gui/selinux.tbl:9 -msgid "Allow mplayer executable stack" +#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 +msgid "Permissive" msgstr "" -#: ../gui/selinux.tbl:10 ../gui/selinux.tbl:162 ../gui/selinux.tbl:187 -#: ../gui/selinux.tbl:188 -msgid "SSH" +#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 +msgid "Enforcing" msgstr "" -#: ../gui/selinux.tbl:10 -msgid "Allow ssh to run ssh-keysign" +#: ../gui/statusPage.py:94 +msgid "Status" msgstr "" -#: ../gui/selinux.tbl:11 +#: ../gui/statusPage.py:133 msgid "" -"Allow staff SELinux user account to execute files in home directory or /tmp" +"Changing the policy type will cause a relabel of the entire file system on " +"the next boot. Relabeling takes a long time depending on the size of the " +"file system. Do you wish to continue?" msgstr "" -#: ../gui/selinux.tbl:12 +#: ../gui/statusPage.py:147 msgid "" -"Allow sysadm SELinux user account to execute files in home directory or /tmp" +"Changing to SELinux disabled requires a reboot. It is not recommended. If " +"you later decide to turn SELinux back on, the system will be required to " +"relabel. If you just want to see if SELinux is causing a problem on your " +"system, you can go to permissive mode which will only log errors and not " +"enforce SELinux policy. Permissive mode does not require a reboot Do you " +"wish to continue?" msgstr "" -#: ../gui/selinux.tbl:13 +#: ../gui/statusPage.py:152 msgid "" -"Allow unconfined SELinux user account to execute files in home directory or /" -"tmp" -msgstr "" - -#: ../gui/selinux.tbl:14 -msgid "Network Configuration" +"Changing to SELinux enabled will cause a relabel of the entire file system " +"on the next boot. Relabeling takes a long time depending on the size of the " +"file system. Do you wish to continue?" msgstr "" -#: ../gui/selinux.tbl:14 -msgid "Allow unlabeled packets to flow on the network" +#: ../gui/system-config-selinux.glade:11 +msgid "system-config-selinux" msgstr "" -#: ../gui/selinux.tbl:15 +#: ../gui/system-config-selinux.glade:12 msgid "" -"Allow user SELinux user account to execute files in home directory or /tmp" +"Copyright (c)2006 Red Hat, Inc.\n" +"Copyright (c) 2006 Dan Walsh " msgstr "" -#: ../gui/selinux.tbl:16 -msgid "Allow unconfined to dyntrans to unconfined_execmem" +#: ../gui/system-config-selinux.glade:22 +#: ../gui/system-config-selinux.glade:544 +msgid "Add SELinux Login Mapping" msgstr "" -#: ../gui/selinux.tbl:17 ../gui/selinux.tbl:18 ../gui/selinux.tbl:120 -#: ../gui/selinux.tbl:140 -msgid "Databases" +#: ../gui/system-config-selinux.glade:257 +msgid "Add SELinux Network Ports" msgstr "" -#: ../gui/selinux.tbl:17 -msgid "Allow user to connect to mysql socket" +#: ../gui/system-config-selinux.glade:391 +#: ../gui/system-config-selinux.glade:678 +msgid "SELinux Type" msgstr "" -#: ../gui/selinux.tbl:18 -msgid "Allow user to connect to postgres socket" +#: ../gui/system-config-selinux.glade:622 +msgid "File Specification" msgstr "" -#: ../gui/selinux.tbl:19 ../gui/selinux.tbl:165 ../gui/selinux.tbl:223 -msgid "XServer" +#: ../gui/system-config-selinux.glade:650 +msgid "File Type" msgstr "" -#: ../gui/selinux.tbl:19 -msgid "Allow clients to write to X shared memory" -msgstr "" +#: ../gui/system-config-selinux.glade:727 +msgid "" +"all files\n" +"regular file\n" +"directory\n" +"character device\n" +"block device\n" +"socket\n" +"symbolic link\n" +"named pipe\n" +msgstr "" + +#: ../gui/system-config-selinux.glade:773 +msgid "MLS" +msgstr "" + +#: ../gui/system-config-selinux.glade:837 +msgid "Add SELinux User" +msgstr "" + +#: ../gui/system-config-selinux.glade:1079 +msgid "SELinux Administration" +msgstr "" + +#: ../gui/system-config-selinux.glade:1122 +msgid "Add" +msgstr "" + +#: ../gui/system-config-selinux.glade:1144 +msgid "_Properties" +msgstr "" + +#: ../gui/system-config-selinux.glade:1166 +msgid "_Delete" +msgstr "" + +#: ../gui/system-config-selinux.glade:1256 +msgid "Select Management Object" +msgstr "" + +#: ../gui/system-config-selinux.glade:1273 +msgid "Select:" +msgstr "" + +#: ../gui/system-config-selinux.glade:1326 +msgid "System Default Enforcing Mode" +msgstr "" + +#: ../gui/system-config-selinux.glade:1354 +msgid "" +"Disabled\n" +"Permissive\n" +"Enforcing\n" +msgstr "" + +#: ../gui/system-config-selinux.glade:1373 +msgid "Current Enforcing Mode" +msgstr "" + +#: ../gui/system-config-selinux.glade:1418 +msgid "System Default Policy Type: " +msgstr "" -#: ../gui/selinux.tbl:20 +#: ../gui/system-config-selinux.glade:1463 msgid "" -"Allow xguest SELinux user account to execute files in home directory or /tmp" +"Select if you wish to relabel then entire file system on next reboot. " +"Relabeling can take a very long time, depending on the size of the system. " +"If you are changing policy types or going from disabled to enforcing, a " +"relabel is required." msgstr "" -#: ../gui/selinux.tbl:21 ../gui/selinux.tbl:228 ../gui/selinux.tbl:229 -#: ../gui/selinux.tbl:231 -msgid "NIS" +#: ../gui/system-config-selinux.glade:1509 +msgid "Relabel on next reboot." +msgstr "" + +#: ../gui/system-config-selinux.glade:1561 +msgid "label37" +msgstr "" + +#: ../gui/system-config-selinux.glade:1598 +msgid "Revert boolean setting to system default" +msgstr "" + +#: ../gui/system-config-selinux.glade:1614 +msgid "Toggle between Customized and All Booleans" +msgstr "" + +#: ../gui/system-config-selinux.glade:1645 +#: ../gui/system-config-selinux.glade:1850 +#: ../gui/system-config-selinux.glade:2037 +#: ../gui/system-config-selinux.glade:2224 +#: ../gui/system-config-selinux.glade:2467 +#: ../gui/system-config-selinux.glade:2692 +#: ../gui/system-config-selinux.glade:2867 +msgid "Filter" +msgstr "" + +#: ../gui/system-config-selinux.glade:1734 +msgid "label50" +msgstr "" + +#: ../gui/system-config-selinux.glade:1771 +msgid "Add File Context" +msgstr "" + +#: ../gui/system-config-selinux.glade:1787 +msgid "Modify File Context" +msgstr "" + +#: ../gui/system-config-selinux.glade:1803 +msgid "Delete File Context" msgstr "" -#: ../gui/selinux.tbl:21 -msgid "Allow daemons to run with NIS" +#: ../gui/system-config-selinux.glade:1819 +msgid "Toggle between all and customized file context" msgstr "" -#: ../gui/selinux.tbl:22 ../gui/selinux.tbl:23 ../gui/selinux.tbl:24 -#: ../gui/selinux.tbl:25 ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 -#: ../gui/selinux.tbl:28 ../gui/selinux.tbl:29 ../gui/selinux.tbl:71 -#: ../gui/selinux.tbl:73 ../gui/selinux.tbl:74 ../gui/selinux.tbl:115 -#: ../gui/selinux.tbl:118 -msgid "Web Applications" +#: ../gui/system-config-selinux.glade:1939 +msgid "label38" msgstr "" -#: ../gui/selinux.tbl:22 -msgid "Transition staff SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:1976 +msgid "Add SELinux User Mapping" msgstr "" -#: ../gui/selinux.tbl:23 -msgid "Transition sysadm SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:1992 +msgid "Modify SELinux User Mapping" msgstr "" -#: ../gui/selinux.tbl:24 -msgid "Transition user SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:2008 +msgid "Delete SELinux User Mapping" msgstr "" -#: ../gui/selinux.tbl:25 -msgid "Transition xguest SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:2126 +msgid "label39" msgstr "" -#: ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 ../gui/selinux.tbl:28 -#: ../gui/selinux.tbl:29 -msgid "Allow staff Web Browsers to write to home directories" +#: ../gui/system-config-selinux.glade:2163 +msgid "Add User" msgstr "" -#: ../gui/selinux.tbl:30 -msgid "Disable SELinux protection for amanda" +#: ../gui/system-config-selinux.glade:2179 +msgid "Modify User" msgstr "" -#: ../gui/selinux.tbl:31 -msgid "Disable SELinux protection for amavis" +#: ../gui/system-config-selinux.glade:2195 +msgid "Delete User" msgstr "" -#: ../gui/selinux.tbl:32 -msgid "Disable SELinux protection for apmd daemon" +#: ../gui/system-config-selinux.glade:2313 +msgid "label41" msgstr "" -#: ../gui/selinux.tbl:33 -msgid "Disable SELinux protection for arpwatch daemon" +#: ../gui/system-config-selinux.glade:2350 +msgid "Add Network Port" msgstr "" -#: ../gui/selinux.tbl:34 -msgid "Disable SELinux protection for auditd daemon" +#: ../gui/system-config-selinux.glade:2366 +msgid "Edit Network Port" msgstr "" -#: ../gui/selinux.tbl:35 -msgid "Disable SELinux protection for automount daemon" +#: ../gui/system-config-selinux.glade:2382 +msgid "Delete Network Port" msgstr "" -#: ../gui/selinux.tbl:36 -msgid "Disable SELinux protection for avahi" +#: ../gui/system-config-selinux.glade:2418 +#: ../gui/system-config-selinux.glade:2436 +msgid "Toggle between Customized and All Ports" msgstr "" -#: ../gui/selinux.tbl:37 -msgid "Disable SELinux protection for bluetooth daemon" +#: ../gui/system-config-selinux.glade:2556 +msgid "label42" msgstr "" -#: ../gui/selinux.tbl:38 -msgid "Disable SELinux protection for canna daemon" +#: ../gui/system-config-selinux.glade:2593 +msgid "Generate new policy module" msgstr "" -#: ../gui/selinux.tbl:39 -msgid "Disable SELinux protection for cardmgr daemon" +#: ../gui/system-config-selinux.glade:2609 +msgid "Load policy module" msgstr "" -#: ../gui/selinux.tbl:40 -msgid "Disable SELinux protection for Cluster Server" +#: ../gui/system-config-selinux.glade:2625 +msgid "Remove loadable policy module" msgstr "" -#: ../gui/selinux.tbl:41 +#: ../gui/system-config-selinux.glade:2661 msgid "" -"Allow cdrecord to read various content. nfs, samba, removable devices, user " -"temp and untrusted content files" +"Enable/Disable additional audit rules, that are normally not reported in the " +"log files." msgstr "" -#: ../gui/selinux.tbl:42 -msgid "Disable SELinux protection for ciped daemon" +#: ../gui/system-config-selinux.glade:2781 +msgid "label44" msgstr "" -#: ../gui/selinux.tbl:43 -msgid "Disable SELinux protection for clamd daemon" +#: ../gui/system-config-selinux.glade:2818 +msgid "Change process mode to permissive." msgstr "" -#: ../gui/selinux.tbl:44 -msgid "Disable SELinux protection for clamscan" +#: ../gui/system-config-selinux.glade:2836 +msgid "Change process mode to enforcing" msgstr "" -#: ../gui/selinux.tbl:45 -msgid "Disable SELinux protection for clvmd" +#: ../gui/system-config-selinux.glade:2928 +msgid "Process Domain" msgstr "" -#: ../gui/selinux.tbl:46 -msgid "Disable SELinux protection for comsat daemon" +#: ../gui/system-config-selinux.glade:2956 +msgid "label59" msgstr "" -#: ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 ../gui/selinux.tbl:49 -#: ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 -msgid "Disable SELinux protection for courier daemon" +#: ../gui/usersPage.py:138 +#, python-format +msgid "SELinux user '%s' is required" msgstr "" -#: ../gui/selinux.tbl:52 -msgid "Disable SELinux protection for cpucontrol daemon" +#: ../sepolicy/sepolicy.py:106 +msgid "Generate SELinux man pages" msgstr "" -#: ../gui/selinux.tbl:53 -msgid "Disable SELinux protection for cpuspeed daemon" +#: ../sepolicy/sepolicy.py:110 +msgid "path in which the generated SELinux man pages will be stored" msgstr "" -#: ../gui/selinux.tbl:54 -msgid "Cron" +#: ../sepolicy/sepolicy.py:114 +msgid "All domains" msgstr "" -#: ../gui/selinux.tbl:54 -msgid "Disable SELinux protection for crond daemon" +#: ../sepolicy/sepolicy.py:116 +msgid "Domain name(s) of man pages to be created" msgstr "" -#: ../gui/selinux.tbl:55 ../gui/selinux.tbl:56 ../gui/selinux.tbl:57 -#: ../gui/selinux.tbl:91 -msgid "Printing" +#: ../sepolicy/sepolicy.py:164 +msgid "Query SELinux policy network information" msgstr "" -#: ../gui/selinux.tbl:55 -msgid "Disable SELinux protection for cupsd back end server" +#: ../sepolicy/sepolicy.py:169 +msgid "list all SELinux port types" msgstr "" -#: ../gui/selinux.tbl:56 -msgid "Disable SELinux protection for cupsd daemon" +#: ../sepolicy/sepolicy.py:172 +msgid "show SELinux type related to the port" msgstr "" -#: ../gui/selinux.tbl:57 -msgid "Disable SELinux protection for cupsd_lpd" +#: ../sepolicy/sepolicy.py:175 +msgid "Show ports defined for this SELinux type" msgstr "" -#: ../gui/selinux.tbl:58 -msgid "CVS" +#: ../sepolicy/sepolicy.py:178 +msgid "show ports to which this domain can bind and/or connect" msgstr "" -#: ../gui/selinux.tbl:58 -msgid "Disable SELinux protection for cvs daemon" +#: ../sepolicy/sepolicy.py:192 +msgid "query SELinux policy to see if domains can communicate with each other" msgstr "" -#: ../gui/selinux.tbl:59 -msgid "Disable SELinux protection for cyrus daemon" +#: ../sepolicy/sepolicy.py:195 +msgid "Source Domain" msgstr "" -#: ../gui/selinux.tbl:60 -msgid "Disable SELinux protection for dbskkd daemon" +#: ../sepolicy/sepolicy.py:198 +msgid "Target Domain" msgstr "" -#: ../gui/selinux.tbl:61 -msgid "Disable SELinux protection for dbusd daemon" +#: ../sepolicy/sepolicy.py:215 +msgid "query SELinux Policy to see description of booleans" msgstr "" -#: ../gui/selinux.tbl:62 -msgid "Disable SELinux protection for dccd" +#: ../sepolicy/sepolicy.py:219 +msgid "get all booleans desctiption" msgstr "" -#: ../gui/selinux.tbl:63 -msgid "Disable SELinux protection for dccifd" +#: ../sepolicy/sepolicy.py:221 +msgid "boolean to get description" msgstr "" -#: ../gui/selinux.tbl:64 -msgid "Disable SELinux protection for dccm" +#: ../sepolicy/sepolicy.py:231 +msgid "" +"query SELinux Policy to see how a source process domain can transition to " +"the target process domain" msgstr "" -#: ../gui/selinux.tbl:65 -msgid "Disable SELinux protection for ddt daemon" +#: ../sepolicy/sepolicy.py:234 +msgid "source process domain" msgstr "" -#: ../gui/selinux.tbl:66 -msgid "Disable SELinux protection for devfsd daemon" +#: ../sepolicy/sepolicy.py:237 +msgid "target process domain" msgstr "" -#: ../gui/selinux.tbl:67 -msgid "Disable SELinux protection for dhcpc daemon" +#: ../sepolicy/sepolicy.py:259 +msgid "Generate SELinux Policy module template" msgstr "" -#: ../gui/selinux.tbl:68 -msgid "Disable SELinux protection for dhcpd daemon" +#: ../sepolicy/sepolicy.py:265 +msgid "name of policy to generate" msgstr "" -#: ../gui/selinux.tbl:69 -msgid "Disable SELinux protection for dictd daemon" +#: ../sepolicy/sepolicy.py:267 +msgid "executable to confine" msgstr "" -#: ../gui/selinux.tbl:70 -msgid "Allow sysadm_t to directly start daemons" +#: ../sepolicy/sepolicy.py:269 +msgid "run policy generation test suite" msgstr "" -#: ../gui/selinux.tbl:71 -msgid "Disable SELinux protection for Evolution" +#: ../sepolicy/sepolicy.py:274 +msgid "commands" msgstr "" -#: ../gui/selinux.tbl:72 -msgid "Games" +#: ../sepolicy/sepolicy/generate.py:185 +msgid "Internet Services Daemon" msgstr "" -#: ../gui/selinux.tbl:72 -msgid "Disable SELinux protection for games" +#: ../sepolicy/sepolicy/generate.py:198 +msgid "Valid Types:\n" msgstr "" -#: ../gui/selinux.tbl:73 -msgid "Disable SELinux protection for the web browsers" +#: ../sepolicy/sepolicy/generate.py:232 +#, python-format +msgid "Ports must be numbers or ranges of numbers from 1 to %d " msgstr "" -#: ../gui/selinux.tbl:74 -msgid "Disable SELinux protection for Thunderbird" +#: ../sepolicy/sepolicy/generate.py:359 +msgid "You must enter a name for your confined process/user" msgstr "" -#: ../gui/selinux.tbl:75 -msgid "Disable SELinux protection for distccd daemon" +#: ../sepolicy/sepolicy/generate.py:361 +msgid "" +"Name must be alpha numberic with no spaces. Consider using option \"-n " +"MODULENAME\"" msgstr "" -#: ../gui/selinux.tbl:76 -msgid "Disable SELinux protection for dmesg daemon" +#: ../sepolicy/sepolicy/generate.py:449 +msgid "User Role types can not be assigned executables." msgstr "" -#: ../gui/selinux.tbl:77 -msgid "Disable SELinux protection for dnsmasq daemon" +#: ../sepolicy/sepolicy/generate.py:455 +msgid "Only Daemon apps can use an init script.." msgstr "" -#: ../gui/selinux.tbl:78 -msgid "Disable SELinux protection for dovecot daemon" +#: ../sepolicy/sepolicy/generate.py:473 +msgid "use_resolve must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:79 -msgid "Disable SELinux protection for entropyd daemon" +#: ../sepolicy/sepolicy/generate.py:479 +msgid "use_syslog must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:80 -msgid "Disable SELinux protection for fetchmail" +#: ../sepolicy/sepolicy/generate.py:485 +msgid "use_kerberos must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:81 -msgid "Disable SELinux protection for fingerd daemon" +#: ../sepolicy/sepolicy/generate.py:491 +msgid "manage_krb5_rcache must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:82 -msgid "Disable SELinux protection for freshclam daemon" +#: ../sepolicy/sepolicy/generate.py:521 +msgid "USER Types automatically get a tmp type" msgstr "" -#: ../gui/selinux.tbl:83 -msgid "Disable SELinux protection for fsdaemon daemon" +#: ../sepolicy/sepolicy/generate.py:1039 +msgid "You must enter the executable path for your confined process" msgstr "" -#: ../gui/selinux.tbl:84 -msgid "Disable SELinux protection for gpm daemon" +#: ../sepolicy/sepolicy/generate.py:1272 +msgid "Type Enforcement file" msgstr "" -#: ../gui/selinux.tbl:85 ../gui/selinux.tbl:125 -msgid "NFS" +#: ../sepolicy/sepolicy/generate.py:1273 +msgid "Interface file" msgstr "" -#: ../gui/selinux.tbl:85 -msgid "Disable SELinux protection for gss daemon" +#: ../sepolicy/sepolicy/generate.py:1274 +msgid "File Contexts file" msgstr "" -#: ../gui/selinux.tbl:86 -msgid "Disable SELinux protection for Hal daemon" +#: ../sepolicy/sepolicy/generate.py:1275 +msgid "Spec file" msgstr "" -#: ../gui/selinux.tbl:87 -msgid "Compatibility" +#: ../sepolicy/sepolicy/generate.py:1276 +msgid "Setup Script" msgstr "" -#: ../gui/selinux.tbl:87 +#: booleans.py:1 msgid "" -"Do not audit things that we know to be broken but which are not security " -"risks" +"Allow ABRT to modify public files used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:88 -msgid "Disable SELinux protection for hostname daemon" +#: booleans.py:2 +msgid "" +"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" msgstr "" -#: ../gui/selinux.tbl:89 -msgid "Disable SELinux protection for hotplug daemon" +#: booleans.py:3 +msgid "Allow amavis to use JIT compiler" msgstr "" -#: ../gui/selinux.tbl:90 -msgid "Disable SELinux protection for howl daemon" +#: booleans.py:4 +msgid "Allow antivirus programs to read non security files on a system" msgstr "" -#: ../gui/selinux.tbl:91 -msgid "Disable SELinux protection for cups hplip daemon" +#: booleans.py:5 +msgid "" +"Allow users to resolve user passwd entries directly from ldap rather then " +"using a sssd server" msgstr "" -#: ../gui/selinux.tbl:92 -msgid "Disable SELinux protection for httpd rotatelogs" +#: booleans.py:6 +msgid "Allow users to login using a radius server" msgstr "" -#: ../gui/selinux.tbl:93 ../gui/selinux.tbl:232 ../gui/selinux.tbl:233 -msgid "HTTPD Service" +#: booleans.py:7 +msgid "Allow users to login using a yubikey server" msgstr "" -#: ../gui/selinux.tbl:93 -msgid "Disable SELinux protection for http suexec" +#: booleans.py:8 +msgid "" +"Allow cdrecord to read various content. nfs, samba, removable devices, user " +"temp and untrusted content files" msgstr "" -#: ../gui/selinux.tbl:94 -msgid "Disable SELinux protection for hwclock daemon" +#: booleans.py:9 +msgid "Allow clamd to use JIT compiler" msgstr "" -#: ../gui/selinux.tbl:95 -msgid "Disable SELinux protection for i18n daemon" +#: booleans.py:10 +msgid "Allow clamscan to non security files on a system" msgstr "" -#: ../gui/selinux.tbl:96 -msgid "Disable SELinux protection for imazesrv daemon" +#: booleans.py:11 +msgid "Allow clamscan to read user content" msgstr "" -#: ../gui/selinux.tbl:97 -msgid "Disable SELinux protection for inetd child daemons" +#: booleans.py:12 +msgid "" +"Allow Cobbler to modify public files used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:98 -msgid "Disable SELinux protection for inetd daemon" +#: booleans.py:13 +msgid "Allow Cobbler to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:99 -msgid "Disable SELinux protection for innd daemon" +#: booleans.py:14 +msgid "Allow Cobbler to access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:100 -msgid "Disable SELinux protection for iptables daemon" +#: booleans.py:15 +msgid "Allow Cobbler to access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:101 -msgid "Disable SELinux protection for ircd daemon" +#: booleans.py:16 +msgid "Allow collectd to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:102 -msgid "Disable SELinux protection for irqbalance daemon" +#: booleans.py:17 +msgid "Allow codnor domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:103 -msgid "Disable SELinux protection for iscsi daemon" +#: booleans.py:18 +msgid "" +"Allow system cron jobs to relabel filesystem for restoring file contexts." msgstr "" -#: ../gui/selinux.tbl:104 -msgid "Disable SELinux protection for jabberd daemon" +#: booleans.py:19 +msgid "Allow cvs daemon to read shadow" msgstr "" -#: ../gui/selinux.tbl:105 ../gui/selinux.tbl:107 -msgid "Kerberos" +#: booleans.py:20 +msgid "Allow all daemons to write corefiles to /" msgstr "" -#: ../gui/selinux.tbl:105 -msgid "Disable SELinux protection for kadmind daemon" +#: booleans.py:21 +msgid "Allow all daemons to use tcp wrappers." msgstr "" -#: ../gui/selinux.tbl:106 -msgid "Disable SELinux protection for klogd daemon" +#: booleans.py:22 +msgid "Allow all daemons the ability to read/write terminals" msgstr "" -#: ../gui/selinux.tbl:107 -msgid "Disable SELinux protection for krb5kdc daemon" +#: booleans.py:23 +msgid "Allow dbadm to manage files in users home directories" msgstr "" -#: ../gui/selinux.tbl:108 -msgid "Disable SELinux protection for ktalk daemons" +#: booleans.py:24 +msgid "Allow dbadm to read files in users home directories" msgstr "" -#: ../gui/selinux.tbl:109 -msgid "Disable SELinux protection for kudzu daemon" +#: booleans.py:25 +msgid "" +"Deny user domains applications to map a memory region as both executable and " +"writable, this is dangerous and the executable should be reported in bugzilla" msgstr "" -#: ../gui/selinux.tbl:110 -msgid "Disable SELinux protection for locate daemon" +#: booleans.py:26 +msgid "Allow sysadm to debug or ptrace all processes." msgstr "" -#: ../gui/selinux.tbl:111 -msgid "Disable SELinux protection for lpd daemon" +#: booleans.py:27 +msgid "Allow dhcpc client applications to execute iptables commands" msgstr "" -#: ../gui/selinux.tbl:112 -msgid "Disable SELinux protection for lrrd daemon" +#: booleans.py:28 +msgid "Allow DHCP daemon to use LDAP backends" msgstr "" -#: ../gui/selinux.tbl:113 -msgid "Disable SELinux protection for lvm daemon" +#: booleans.py:29 +msgid "Allow all domains to use other domains file descriptors" msgstr "" -#: ../gui/selinux.tbl:114 -msgid "Disable SELinux protection for mailman" +#: booleans.py:30 +msgid "Allow all domains to have the kernel load modules" msgstr "" -#: ../gui/selinux.tbl:115 -msgid "Allow evolution and thunderbird to read user files" +#: booleans.py:31 +msgid "Allow the use of the audio devices as the source for the entropy feeds" msgstr "" -#: ../gui/selinux.tbl:116 -msgid "Disable SELinux protection for mdadm daemon" +#: booleans.py:32 +msgid "Allow exim to connect to databases (postgres, mysql)" msgstr "" -#: ../gui/selinux.tbl:117 -msgid "Disable SELinux protection for monopd daemon" +#: booleans.py:33 +msgid "Allow exim to create, read, write, and delete unprivileged user files." msgstr "" -#: ../gui/selinux.tbl:118 -msgid "Allow the mozilla browser to read user files" +#: booleans.py:34 +msgid "Allow exim to read unprivileged user files." msgstr "" -#: ../gui/selinux.tbl:119 -msgid "Disable SELinux protection for mrtg daemon" +#: booleans.py:35 +msgid "Enable extra rules in the cron domain to support fcron." msgstr "" -#: ../gui/selinux.tbl:120 -msgid "Disable SELinux protection for mysqld daemon" +#: booleans.py:36 +msgid "Allow fenced domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:121 -msgid "Disable SELinux protection for nagios daemon" +#: booleans.py:37 +msgid "Allow fenced domain to execute ssh." msgstr "" -#: ../gui/selinux.tbl:122 ../gui/selinux.tbl:128 -msgid "Name Service" +#: booleans.py:38 +msgid "Allow ftp to read and write files in the user home directories" msgstr "" -#: ../gui/selinux.tbl:122 -msgid "Disable SELinux protection for named daemon" +#: booleans.py:39 +msgid "" +"Allow ftp servers to upload files, used for public file transfer services. " +"Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:123 -msgid "Disable SELinux protection for nessusd daemon" +#: booleans.py:40 +msgid "Allow ftp servers to connect to all ports > 1023" msgstr "" -#: ../gui/selinux.tbl:124 -msgid "Disable SELinux protection for NetworkManager" +#: booleans.py:41 +msgid "Allow ftp servers to connect to mysql database ports" msgstr "" -#: ../gui/selinux.tbl:125 -msgid "Disable SELinux protection for nfsd daemon" +#: booleans.py:42 +msgid "" +"Allow ftp servers to login to local users and read/write all files on the " +"system, governed by DAC." msgstr "" -#: ../gui/selinux.tbl:126 ../gui/selinux.tbl:163 ../gui/selinux.tbl:176 -#: ../gui/selinux.tbl:221 -msgid "Samba" +#: booleans.py:43 +msgid "Allow ftp servers to use cifs used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:126 -msgid "Disable SELinux protection for nmbd daemon" +#: booleans.py:44 +msgid "Allow ftp servers to use nfs used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:127 -msgid "Disable SELinux protection for nrpe daemon" +#: booleans.py:45 +msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" msgstr "" -#: ../gui/selinux.tbl:128 -msgid "Disable SELinux protection for nscd daemon" +#: booleans.py:46 +msgid "Determine whether Git CGI can search home directories." msgstr "" -#: ../gui/selinux.tbl:129 -msgid "Disable SELinux protection for nsd daemon" +#: booleans.py:47 +msgid "Determine whether Git CGI can access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:130 -msgid "Disable SELinux protection for ntpd daemon" +#: booleans.py:48 +msgid "Determine whether Git CGI can access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:131 -msgid "Disable SELinux protection for oddjob" +#: booleans.py:49 +msgid "" +"Determine whether Git session daemon can bind TCP sockets to all unreserved " +"ports." msgstr "" -#: ../gui/selinux.tbl:132 -msgid "Disable SELinux protection for oddjob_mkhomedir" +#: booleans.py:50 +msgid "" +"Determine whether calling user domains can execute Git daemon in the " +"git_session_t domain." msgstr "" -#: ../gui/selinux.tbl:133 -msgid "Disable SELinux protection for openvpn daemon" +#: booleans.py:51 +msgid "Determine whether Git system daemon can search home directories." msgstr "" -#: ../gui/selinux.tbl:134 -msgid "Disable SELinux protection for pam daemon" +#: booleans.py:52 +msgid "Determine whether Git system daemon can access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:135 -msgid "Disable SELinux protection for pegasus" +#: booleans.py:53 +msgid "Determine whether Git system daemon can access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:136 -msgid "Disable SELinux protection for perdition daemon" +#: booleans.py:54 +msgid "Allow gitisis daemon to send mail" msgstr "" -#: ../gui/selinux.tbl:137 -msgid "Disable SELinux protection for portmap daemon" +#: booleans.py:55 +msgid "Enable reading of urandom for all domains." msgstr "" -#: ../gui/selinux.tbl:138 -msgid "Disable SELinux protection for portslave daemon" +#: booleans.py:56 +msgid "" +"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" +"agent to manage user files." msgstr "" -#: ../gui/selinux.tbl:139 -msgid "Disable SELinux protection for postfix" +#: booleans.py:57 +msgid "" +"Allow gpg web domain to modify public files used for public file transfer " +"services." msgstr "" -#: ../gui/selinux.tbl:140 -msgid "Disable SELinux protection for postgresql daemon" +#: booleans.py:58 +msgid "Allow gssd to read temp directory. For access to kerberos tgt." msgstr "" -#: ../gui/selinux.tbl:141 -msgid "pppd" +#: booleans.py:59 +msgid "" +"Allow Apache to modify public files used for public file transfer services. " +"Directories/Files must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:141 -msgid "Allow pppd to be run for a regular user" +#: booleans.py:60 +msgid "Allow httpd to use built in scripting (usually php)" msgstr "" -#: ../gui/selinux.tbl:142 -msgid "Disable SELinux protection for pptp" +#: booleans.py:61 +msgid "Allow http daemon to check spam" msgstr "" -#: ../gui/selinux.tbl:143 -msgid "Disable SELinux protection for prelink daemon" +#: booleans.py:62 +msgid "" +"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " +"ports" msgstr "" -#: ../gui/selinux.tbl:144 -msgid "Disable SELinux protection for privoxy daemon" +#: booleans.py:63 +msgid "Allow httpd to connect to the ldap port" msgstr "" -#: ../gui/selinux.tbl:145 -msgid "Disable SELinux protection for ptal daemon" +#: booleans.py:64 +msgid "Allow http daemon to connect to zabbix" msgstr "" -#: ../gui/selinux.tbl:146 -msgid "Disable SELinux protection for pxe daemon" +#: booleans.py:65 +msgid "Allow HTTPD scripts and modules to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:147 -msgid "Disable SELinux protection for pyzord" +#: booleans.py:66 +msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." msgstr "" -#: ../gui/selinux.tbl:148 -msgid "Disable SELinux protection for quota daemon" +#: booleans.py:67 +msgid "" +"Allow HTTPD scripts and modules to connect to databases over the network." msgstr "" -#: ../gui/selinux.tbl:149 -msgid "Disable SELinux protection for radiusd daemon" +#: booleans.py:68 +msgid "Allow httpd to connect to memcache server" msgstr "" -#: ../gui/selinux.tbl:150 -msgid "Disable SELinux protection for radvd daemon" +#: booleans.py:69 +msgid "Allow httpd to act as a relay" msgstr "" -#: ../gui/selinux.tbl:151 -msgid "Disable SELinux protection for rdisc" +#: booleans.py:70 +msgid "Allow http daemon to send mail" msgstr "" -#: ../gui/selinux.tbl:152 -msgid "Disable SELinux protection for readahead" +#: booleans.py:71 +msgid "Allow Apache to communicate with avahi service via dbus" msgstr "" -#: ../gui/selinux.tbl:153 -msgid "Allow programs to read files in non-standard locations (default_t)" +#: booleans.py:72 +msgid "Allow httpd cgi support" msgstr "" -#: ../gui/selinux.tbl:154 -msgid "Disable SELinux protection for restorecond" +#: booleans.py:73 +msgid "Allow httpd to act as a FTP server by listening on the ftp port." msgstr "" -#: ../gui/selinux.tbl:155 -msgid "Disable SELinux protection for rhgb daemon" +#: booleans.py:74 +msgid "Allow httpd to read home directories" msgstr "" -#: ../gui/selinux.tbl:156 -msgid "Disable SELinux protection for ricci" +#: booleans.py:75 +msgid "Allow httpd scripts and modules execmem/execstack" msgstr "" -#: ../gui/selinux.tbl:157 -msgid "Disable SELinux protection for ricci_modclusterd" +#: booleans.py:76 +msgid "Allow HTTPD to connect to port 80 for graceful shutdown" msgstr "" -#: ../gui/selinux.tbl:158 -msgid "Disable SELinux protection for rlogind daemon" +#: booleans.py:77 +msgid "Allow httpd processes to manage IPA content" msgstr "" -#: ../gui/selinux.tbl:159 -msgid "Disable SELinux protection for rpcd daemon" +#: booleans.py:78 +msgid "Allow Apache to use mod_auth_ntlm_winbind" msgstr "" -#: ../gui/selinux.tbl:160 -msgid "Disable SELinux protection for rshd" +#: booleans.py:79 +msgid "Allow Apache to use mod_auth_pam" msgstr "" -#: ../gui/selinux.tbl:161 -msgid "rsync" +#: booleans.py:80 +msgid "Allow httpd to read user content" msgstr "" -#: ../gui/selinux.tbl:161 -msgid "Disable SELinux protection for rsync daemon" +#: booleans.py:81 +msgid "Allow Apache to run in stickshift mode, not transition to passenger" msgstr "" -#: ../gui/selinux.tbl:162 -msgid "Allow ssh to run from inetd instead of as a daemon" +#: booleans.py:82 +msgid "Allow httpd daemon to change its resource limits" msgstr "" -#: ../gui/selinux.tbl:163 -msgid "Allow Samba to share nfs directories" +#: booleans.py:83 +msgid "" +"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." msgstr "" -#: ../gui/selinux.tbl:164 ../gui/selinux.tbl:166 -msgid "SASL authentication server" +#: booleans.py:84 +msgid "" +"Allow apache scripts to write to public content, directories/files must be " +"labeled public_rw_content_t." msgstr "" -#: ../gui/selinux.tbl:164 -msgid "Allow sasl authentication server to read /etc/shadow" +#: booleans.py:85 +msgid "Allow Apache to execute tmp content." msgstr "" -#: ../gui/selinux.tbl:165 +#: booleans.py:86 msgid "" -"Allow X-Windows server to map a memory region as both executable and writable" +"Unify HTTPD to communicate with the terminal. Needed for entering the " +"passphrase for certificates at the terminal." msgstr "" -#: ../gui/selinux.tbl:166 -msgid "Disable SELinux protection for saslauthd daemon" +#: booleans.py:87 +msgid "Unify HTTPD handling of all content files." msgstr "" -#: ../gui/selinux.tbl:167 -msgid "Disable SELinux protection for scannerdaemon daemon" +#: booleans.py:88 +msgid "Allow httpd to access cifs file systems" msgstr "" -#: ../gui/selinux.tbl:168 -msgid "Do not allow transition to sysadm_t, sudo and su effected" +#: booleans.py:89 +msgid "Allow httpd to access FUSE file systems" msgstr "" -#: ../gui/selinux.tbl:169 -msgid "Do not allow any processes to load kernel modules" +#: booleans.py:90 +msgid "Allow httpd to run gpg" msgstr "" -#: ../gui/selinux.tbl:170 -msgid "Do not allow any processes to modify kernel SELinux policy" +#: booleans.py:91 +msgid "Allow httpd to access nfs file systems" msgstr "" -#: ../gui/selinux.tbl:171 -msgid "Disable SELinux protection for sendmail daemon" +#: booleans.py:92 +msgid "Allow httpd to communicate with oddjob to start up a service" msgstr "" -#: ../gui/selinux.tbl:172 -msgid "Disable SELinux protection for setrans" +#: booleans.py:93 +msgid "Allow httpd to access openstack ports" msgstr "" -#: ../gui/selinux.tbl:173 -msgid "Disable SELinux protection for setroubleshoot daemon" +#: booleans.py:94 +msgid "Allow icecast to connect to all ports, not just sound ports." msgstr "" -#: ../gui/selinux.tbl:174 -msgid "Disable SELinux protection for slapd daemon" +#: booleans.py:95 +msgid "" +"Allow the Irssi IRC Client to connect to any port, and to bind to any " +"unreserved port." msgstr "" -#: ../gui/selinux.tbl:175 -msgid "Disable SELinux protection for slrnpull daemon" +#: booleans.py:96 +msgid "Allow java executable stack" msgstr "" -#: ../gui/selinux.tbl:176 -msgid "Disable SELinux protection for smbd daemon" +#: booleans.py:97 +msgid "Allow confined applications to run with kerberos." msgstr "" -#: ../gui/selinux.tbl:177 -msgid "Disable SELinux protection for snmpd daemon" +#: booleans.py:98 +msgid "Allow syslogd daemon to send mail" msgstr "" -#: ../gui/selinux.tbl:178 -msgid "Disable SELinux protection for snort daemon" +#: booleans.py:99 +msgid "Allow syslogd the ability to read/write terminals" msgstr "" -#: ../gui/selinux.tbl:179 -msgid "Disable SELinux protection for soundd daemon" +#: booleans.py:100 +msgid "Allow logging in and using the system from /dev/console." msgstr "" -#: ../gui/selinux.tbl:180 -msgid "Disable SELinux protection for sound daemon" +#: booleans.py:101 +msgid "" +"Control the ability to mmap a low area of the address space, as configured " +"by /proc/sys/kernel/mmap_min_addr." msgstr "" -#: ../gui/selinux.tbl:181 ../gui/selinux.tbl:182 ../gui/selinux.tbl:183 -msgid "Spam Protection" +#: booleans.py:102 +msgid "Allow mock to read files in home directories." msgstr "" -#: ../gui/selinux.tbl:181 -msgid "Disable SELinux protection for spamd daemon" +#: booleans.py:103 +msgid "Allow the mount command to mount any directory or file." msgstr "" -#: ../gui/selinux.tbl:182 -msgid "Allow spamd to access home directories" +#: booleans.py:104 +msgid "Allow mozilla plugin domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:183 -msgid "Allow Spam Assassin daemon network access" +#: booleans.py:105 +msgid "" +"Allow mozilla_plugins to create random content in the users home directory" +msgstr "" + +#: booleans.py:106 +msgid "Allow confined web browsers to read home directory content" msgstr "" -#: ../gui/selinux.tbl:184 -msgid "Disable SELinux protection for speedmgmt daemon" +#: booleans.py:107 +msgid "Allow mplayer executable stack" msgstr "" -#: ../gui/selinux.tbl:185 ../gui/selinux.tbl:186 -msgid "Squid" +#: booleans.py:108 +msgid "Allow mysqld to connect to all ports" msgstr "" -#: ../gui/selinux.tbl:185 -msgid "Allow squid daemon to connect to the network" +#: booleans.py:109 +msgid "Allow BIND to bind apache port." msgstr "" -#: ../gui/selinux.tbl:186 -msgid "Disable SELinux protection for squid daemon" +#: booleans.py:110 +msgid "" +"Allow BIND to write the master zone files. Generally this is used for " +"dynamic DNS or zone transfers." msgstr "" -#: ../gui/selinux.tbl:187 -msgid "Disable SELinux protection for ssh daemon" +#: booleans.py:111 +msgid "Allow any files/directories to be exported read/only via NFS." msgstr "" -#: ../gui/selinux.tbl:188 -msgid "Allow ssh logins as sysadm_r:sysadm_t" +#: booleans.py:112 +msgid "Allow any files/directories to be exported read/write via NFS." msgstr "" -#: ../gui/selinux.tbl:189 +#: booleans.py:113 msgid "" -"Allow staff_r users to search the sysadm home dir and read files (such as ~/." -"bashrc)" +"Allow nfs servers to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:190 ../gui/selinux.tbl:191 -msgid "Universal SSL tunnel" +#: booleans.py:114 +msgid "Allow system to run with NIS" msgstr "" -#: ../gui/selinux.tbl:190 -msgid "Disable SELinux protection for stunnel daemon" +#: booleans.py:115 +msgid "Allow confined applications to use nscd shared memory." msgstr "" -#: ../gui/selinux.tbl:191 -msgid "Allow stunnel daemon to run as standalone, outside of xinetd" +#: booleans.py:116 +msgid "Allow nsplugin code to connect to unreserved ports" msgstr "" -#: ../gui/selinux.tbl:192 -msgid "Disable SELinux protection for swat daemon" +#: booleans.py:117 +msgid "Allow nsplugin code to execmem/execstack" msgstr "" -#: ../gui/selinux.tbl:193 -msgid "Disable SELinux protection for sxid daemon" +#: booleans.py:118 +msgid "Allow openvpn to read home directories" msgstr "" -#: ../gui/selinux.tbl:194 -msgid "Disable SELinux protection for syslogd daemon" +#: booleans.py:119 +msgid "Allow piranha-lvs domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:195 -msgid "Disable SELinux protection for system cron jobs" +#: booleans.py:120 +msgid "Allow polipo to connect to all ports > 1023" msgstr "" -#: ../gui/selinux.tbl:196 -msgid "Disable SELinux protection for tcp daemon" +#: booleans.py:121 +msgid "" +"Determine whether Polipo session daemon can bind tcp sockets to all " +"unreserved ports." msgstr "" -#: ../gui/selinux.tbl:197 -msgid "Disable SELinux protection for telnet daemon" +#: booleans.py:122 +msgid "" +"Determine whether calling user domains can execute Polipo daemon in the " +"polipo_session_t domain." msgstr "" -#: ../gui/selinux.tbl:198 -msgid "Disable SELinux protection for tftpd daemon" +#: booleans.py:123 +msgid "Determine whether polipo can access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:199 -msgid "Disable SELinux protection for transproxy daemon" +#: booleans.py:124 +msgid "Determine whether Polipo can access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:200 -msgid "Disable SELinux protection for udev daemon" +#: booleans.py:125 +msgid "Enable polyinstantiated directory support." msgstr "" -#: ../gui/selinux.tbl:201 -msgid "Disable SELinux protection for uml daemon" +#: booleans.py:126 +msgid "Allow the portage domains to use NFS mounts (regular nfs_t)" msgstr "" -#: ../gui/selinux.tbl:202 -msgid "" -"Allow xinetd to run unconfined, including any services it starts that do not " -"have a domain transition explicitly defined" +#: booleans.py:127 +msgid "Allow postfix_local domain full write access to mail_spool directories" msgstr "" -#: ../gui/selinux.tbl:203 -msgid "" -"Allow rc scripts to run unconfined, including any daemon started by an rc " -"script that does not have a domain transition explicitly defined" +#: booleans.py:128 +msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" msgstr "" -#: ../gui/selinux.tbl:204 -msgid "Allow rpm to run unconfined" +#: booleans.py:129 +msgid "Allow transmit client label to foreign database" msgstr "" -#: ../gui/selinux.tbl:205 -msgid "Allow privileged utilities like hotplug and insmod to run unconfined" +#: booleans.py:130 +msgid "Allow database admins to execute DML statement" msgstr "" -#: ../gui/selinux.tbl:206 -msgid "Disable SELinux protection for updfstab daemon" +#: booleans.py:131 +msgid "Allow unprivileged users to execute DDL statement" msgstr "" -#: ../gui/selinux.tbl:207 -msgid "Disable SELinux protection for uptimed daemon" +#: booleans.py:132 +msgid "Allow pppd to load kernel modules for certain modems" +msgstr "" + +#: booleans.py:133 +msgid "Allow pppd to be run for a regular user" msgstr "" -#: ../gui/selinux.tbl:208 +#: booleans.py:134 msgid "" -"Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only " -"staff_r can do so" +"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." msgstr "" -#: ../gui/selinux.tbl:209 -msgid "Allow users to execute the mount command" +#: booleans.py:135 +msgid "Allow Puppet client to manage all file types." msgstr "" -#: ../gui/selinux.tbl:210 -msgid "Allow regular users direct mouse access (only allow the X server)" +#: booleans.py:136 +msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" msgstr "" -#: ../gui/selinux.tbl:211 -msgid "Allow users to run the dmesg command" +#: booleans.py:137 +msgid "Allow qemu to connect fully to the network" msgstr "" -#: ../gui/selinux.tbl:212 -msgid "Allow users to control network interfaces (also needs USERCTL=true)" +#: booleans.py:138 +msgid "Allow qemu to use cifs/Samba file systems" msgstr "" -#: ../gui/selinux.tbl:213 -msgid "Allow normal user to execute ping" +#: booleans.py:139 +msgid "Allow qemu to use serial/parallel communication ports" msgstr "" -#: ../gui/selinux.tbl:214 -msgid "Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)" +#: booleans.py:140 +msgid "Allow qemu to use nfs file systems" msgstr "" -#: ../gui/selinux.tbl:215 -msgid "Allow users to rw usb devices" +#: booleans.py:141 +msgid "Allow qemu to use usb devices" msgstr "" -#: ../gui/selinux.tbl:216 +#: booleans.py:142 +msgid "Allow racoon to read shadow" +msgstr "" + +#: booleans.py:143 +msgid "Allow rgmanager domain to connect to the network using TCP." +msgstr "" + +#: booleans.py:144 msgid "" -"Allow users to run TCP servers (bind to ports and accept connection from the " -"same domain and outside users) disabling this forces FTP passive mode and " -"may change other protocols" +"Allow rsync to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:217 -msgid "Allow user to stat ttyfiles" +#: booleans.py:145 +msgid "Allow rsync to run as a client" msgstr "" -#: ../gui/selinux.tbl:218 -msgid "Disable SELinux protection for uucpd daemon" +#: booleans.py:146 +msgid "Allow rsync to export any files/directories read only." msgstr "" -#: ../gui/selinux.tbl:219 -msgid "Disable SELinux protection for vmware daemon" +#: booleans.py:147 +msgid "Allow rsync servers to share cifs files systems" msgstr "" -#: ../gui/selinux.tbl:220 -msgid "Disable SELinux protection for watchdog daemon" +#: booleans.py:148 +msgid "Allow rsync servers to share nfs files systems" msgstr "" -#: ../gui/selinux.tbl:221 -msgid "Disable SELinux protection for winbind daemon" +#: booleans.py:149 +msgid "Allow samba to create new home directories (e.g. via PAM)" msgstr "" -#: ../gui/selinux.tbl:222 -msgid "Disable SELinux protection for xdm daemon" +#: booleans.py:150 +msgid "" +"Allow samba to act as the domain controller, add users, groups and change " +"passwords." msgstr "" -#: ../gui/selinux.tbl:223 -msgid "Allow xdm logins as sysadm_r:sysadm_t" +#: booleans.py:151 +msgid "Allow samba to share users home directories." msgstr "" -#: ../gui/selinux.tbl:224 -msgid "Disable SELinux protection for xen daemon" +#: booleans.py:152 +msgid "Allow samba to share any file/directory read only." msgstr "" -#: ../gui/selinux.tbl:225 -msgid "XEN" +#: booleans.py:153 +msgid "Allow samba to share any file/directory read/write." msgstr "" -#: ../gui/selinux.tbl:225 -msgid "Allow xen to read/write physical disk devices" +#: booleans.py:154 +msgid "Allow samba to act as a portmapper" msgstr "" -#: ../gui/selinux.tbl:226 -msgid "Disable SELinux protection for xfs daemon" +#: booleans.py:155 +msgid "Allow samba to run unconfined scripts" msgstr "" -#: ../gui/selinux.tbl:227 -msgid "Disable SELinux protection for xen control" +#: booleans.py:156 +msgid "Allow samba to export ntfs/fusefs volumes." msgstr "" -#: ../gui/selinux.tbl:228 -msgid "Disable SELinux protection for ypbind daemon" +#: booleans.py:157 +msgid "Allow samba to export NFS volumes." msgstr "" -#: ../gui/selinux.tbl:229 -msgid "Disable SELinux protection for NIS Password Daemon" +#: booleans.py:158 +msgid "Allow sanlock to read/write fuse files" msgstr "" -#: ../gui/selinux.tbl:230 -msgid "Disable SELinux protection for ypserv daemon" +#: booleans.py:159 +msgid "Allow sanlock to manage nfs files" msgstr "" -#: ../gui/selinux.tbl:231 -msgid "Disable SELinux protection for NIS Transfer Daemon" +#: booleans.py:160 +msgid "Allow sanlock to manage cifs files" msgstr "" -#: ../gui/selinux.tbl:232 -msgid "Allow SELinux webadm user to manage unprivileged users home directories" +#: booleans.py:161 +msgid "Allow sasl to read shadow" msgstr "" -#: ../gui/selinux.tbl:233 -msgid "Allow SELinux webadm user to read unprivileged users home directories" +#: booleans.py:162 +msgid "" +"disallow programs, such as newrole, from transitioning to administrative " +"user domains." msgstr "" -#: ../gui/semanagePage.py:126 -#, python-format -msgid "Are you sure you want to delete %s '%s'?" +#: booleans.py:163 +msgid "Disable kernel module loading." msgstr "" -#: ../gui/semanagePage.py:126 -#, python-format -msgid "Delete %s" +#: booleans.py:164 +msgid "" +"Boolean to determine whether the system permits loading policy, setting " +"enforcing mode, and changing boolean values. Set this to true and you have " +"to reboot to set it back." msgstr "" -#: ../gui/semanagePage.py:134 -#, python-format -msgid "Add %s" +#: booleans.py:165 +msgid "Allow regular users direct dri device access" msgstr "" -#: ../gui/semanagePage.py:148 -#, python-format -msgid "Modify %s" +#: booleans.py:166 +msgid "" +"Allow unconfined executables to make their heap memory executable. Doing " +"this is a really bad idea. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 -msgid "Permissive" +#: booleans.py:167 +msgid "" +"Allow all unconfined executables to use libraries requiring text relocation " +"that are not labeled textrel_shlib_t" msgstr "" -#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 -msgid "Enforcing" +#: booleans.py:168 +msgid "" +"Allow unconfined executables to make their stack executable. This should " +"never, ever be necessary. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: ../gui/statusPage.py:94 -msgid "Status" +#: booleans.py:169 +msgid "Allow users to connect to the local mysql server" msgstr "" -#: ../gui/statusPage.py:133 +#: booleans.py:170 msgid "" -"Changing the policy type will cause a relabel of the entire file system on " -"the next boot. Relabeling takes a long time depending on the size of the " -"file system. Do you wish to continue?" +"Allow confined users the ability to execute the ping and traceroute commands." msgstr "" -#: ../gui/statusPage.py:147 +#: booleans.py:171 +msgid "Allow users to connect to PostgreSQL" +msgstr "" + +#: booleans.py:172 msgid "" -"Changing to SELinux disabled requires a reboot. It is not recommended. If " -"you later decide to turn SELinux back on, the system will be required to " -"relabel. If you just want to see if SELinux is causing a problem on your " -"system, you can go to permissive mode which will only log errors and not " -"enforce SELinux policy. Permissive mode does not require a reboot Do you " -"wish to continue?" +"Allow user to r/w files on filesystems that do not have extended attributes " +"(FAT, CDROM, FLOPPY)" msgstr "" -#: ../gui/statusPage.py:152 +#: booleans.py:173 msgid "" -"Changing to SELinux enabled will cause a relabel of the entire file system " -"on the next boot. Relabeling takes a long time depending on the size of the " -"file system. Do you wish to continue?" +"Allow users to run TCP servers (bind to ports and accept connection from the " +"same domain and outside users) disabling this forces FTP passive mode and " +"may change other protocols." msgstr "" -#: ../gui/system-config-selinux.glade:11 -msgid "system-config-selinux" +#: booleans.py:174 +msgid "Allow user music sharing" msgstr "" -#: ../gui/system-config-selinux.glade:12 +#: booleans.py:175 msgid "" -"Copyright (c)2006 Red Hat, Inc.\n" -"Copyright (c) 2006 Dan Walsh " +"Allow anon internal-sftp to upload files, used for public file transfer " +"services. Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/system-config-selinux.glade:22 -#: ../gui/system-config-selinux.glade:544 -msgid "Add SELinux Login Mapping" +#: booleans.py:176 +msgid "" +"Allow sftp-internal to read and write files in the user home directories" msgstr "" -#: ../gui/system-config-selinux.glade:257 -msgid "Add SELinux Network Ports" +#: booleans.py:177 +msgid "" +"Allow sftp-internal to login to local users and read/write all files on the " +"system, governed by DAC." msgstr "" -#: ../gui/system-config-selinux.glade:391 -#: ../gui/system-config-selinux.glade:678 -msgid "SELinux Type" +#: booleans.py:178 +msgid "" +"Allow internal-sftp to read and write files in the user ssh home directories." msgstr "" -#: ../gui/system-config-selinux.glade:622 -msgid "File Specification" +#: booleans.py:179 +msgid "Allow sge to connect to the network using any TCP port" msgstr "" -#: ../gui/system-config-selinux.glade:650 -msgid "File Type" +#: booleans.py:180 +msgid "Allow sge to access nfs file systems." msgstr "" -#: ../gui/system-config-selinux.glade:727 +#: booleans.py:181 msgid "" -"all files\n" -"regular file\n" -"directory\n" -"character device\n" -"block device\n" -"socket\n" -"symbolic link\n" -"named pipe\n" +"Enable additional permissions needed to support devices on 3ware controllers." msgstr "" -#: ../gui/system-config-selinux.glade:773 -msgid "MLS" +#: booleans.py:182 +msgid "" +"Allow samba to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/system-config-selinux.glade:837 -msgid "Add SELinux User" +#: booleans.py:183 +msgid "Allow user spamassassin clients to use the network." msgstr "" -#: ../gui/system-config-selinux.glade:1079 -msgid "SELinux Administration" +#: booleans.py:184 +msgid "Allow spamd to read/write user home directories." msgstr "" -#: ../gui/system-config-selinux.glade:1122 -msgid "Add" +#: booleans.py:185 +msgid "" +"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." msgstr "" -#: ../gui/system-config-selinux.glade:1144 -msgid "_Properties" +#: booleans.py:186 +msgid "Allow squid to run as a transparent proxy (TPROXY)" msgstr "" -#: ../gui/system-config-selinux.glade:1166 -msgid "_Delete" +#: booleans.py:187 +msgid "" +"Allow ssh with chroot env to read and write files in the user home " +"directories" msgstr "" -#: ../gui/system-config-selinux.glade:1256 -msgid "Select Management Object" +#: booleans.py:188 +msgid "allow host key based authentication" msgstr "" -#: ../gui/system-config-selinux.glade:1273 -msgid "Select:" +#: booleans.py:189 +msgid "Allow ssh logins as sysadm_r:sysadm_t" msgstr "" -#: ../gui/system-config-selinux.glade:1326 -msgid "System Default Enforcing Mode" +#: booleans.py:190 +msgid "allow staff user to create and transition to svirt domains." msgstr "" -#: ../gui/system-config-selinux.glade:1354 +#: booleans.py:191 +msgid "Allow the Telepathy connection managers to connect to any network port." +msgstr "" + +#: booleans.py:192 msgid "" -"Disabled\n" -"Permissive\n" -"Enforcing\n" +"Allow the Telepathy connection managers to connect to any generic TCP port." msgstr "" -#: ../gui/system-config-selinux.glade:1373 -msgid "Current Enforcing Mode" +#: booleans.py:193 +msgid "" +"Allow tftp to modify public files used for public file transfer services." msgstr "" -#: ../gui/system-config-selinux.glade:1418 -msgid "System Default Policy Type: " +#: booleans.py:194 +msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." msgstr "" -#: ../gui/system-config-selinux.glade:1463 +#: booleans.py:195 msgid "" -"Select if you wish to relabel then entire file system on next reboot. " -"Relabeling can take a very long time, depending on the size of the system. " -"If you are changing policy types or going from disabled to enforcing, a " -"relabel is required." +"allow unconfined users to transition to the chrome sandbox domains when " +"running chrome-sandbox" msgstr "" -#: ../gui/system-config-selinux.glade:1509 -msgid "Relabel on next reboot." +#: booleans.py:196 +msgid "Allow a user to login as an unconfined domain" msgstr "" -#: ../gui/system-config-selinux.glade:1561 -msgid "label37" +#: booleans.py:197 +msgid "" +"Allow unconfined users to transition to the Mozilla plugin domain when " +"running xulrunner plugin-container." msgstr "" -#: ../gui/system-config-selinux.glade:1598 -msgid "Revert boolean setting to system default" +#: booleans.py:198 +msgid "Allow video playing tools to run unconfined" msgstr "" -#: ../gui/system-config-selinux.glade:1614 -msgid "Toggle between Customized and All Booleans" +#: booleans.py:199 +msgid "Allow unprivledged user to create and transition to svirt domains." msgstr "" -#: ../gui/system-config-selinux.glade:1645 -#: ../gui/system-config-selinux.glade:1850 -#: ../gui/system-config-selinux.glade:2037 -#: ../gui/system-config-selinux.glade:2224 -#: ../gui/system-config-selinux.glade:2467 -#: ../gui/system-config-selinux.glade:2692 -#: ../gui/system-config-selinux.glade:2867 -msgid "Filter" +#: booleans.py:200 +msgid "Support ecryptfs home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1734 -msgid "label50" +#: booleans.py:201 +msgid "Support fusefs home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1771 -msgid "Add File Context" +#: booleans.py:202 +msgid "Use lpd server instead of cups" msgstr "" -#: ../gui/system-config-selinux.glade:1787 -msgid "Modify File Context" +#: booleans.py:203 +msgid "Support NFS home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1803 -msgid "Delete File Context" +#: booleans.py:204 +msgid "Support SAMBA home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1819 -msgid "Toggle between all and customized file context" +#: booleans.py:205 +msgid "Allow varnishd to connect to all ports, not just HTTP." msgstr "" -#: ../gui/system-config-selinux.glade:1939 -msgid "label38" +#: booleans.py:206 +msgid "Ignore vbetool mmap_zero errors." msgstr "" -#: ../gui/system-config-selinux.glade:1976 -msgid "Add SELinux User Mapping" +#: booleans.py:207 +msgid "" +"Allow confined virtual guests to use serial/parallel communication ports" msgstr "" -#: ../gui/system-config-selinux.glade:1992 -msgid "Modify SELinux User Mapping" +#: booleans.py:208 +msgid "" +"Allow confined virtual guests to use executable memory and executable stack" msgstr "" -#: ../gui/system-config-selinux.glade:2008 -msgid "Delete SELinux User Mapping" +#: booleans.py:209 +msgid "Allow confined virtual guests to read fuse files" msgstr "" -#: ../gui/system-config-selinux.glade:2126 -msgid "label39" +#: booleans.py:210 +msgid "Allow confined virtual guests to manage nfs files" msgstr "" -#: ../gui/system-config-selinux.glade:2163 -msgid "Add User" +#: booleans.py:211 +msgid "Allow confined virtual guests to manage cifs files" msgstr "" -#: ../gui/system-config-selinux.glade:2179 -msgid "Modify User" +#: booleans.py:212 +msgid "Allow confined virtual guests to interact with the sanlock" msgstr "" -#: ../gui/system-config-selinux.glade:2195 -msgid "Delete User" +#: booleans.py:213 +msgid "Allow confined virtual guests to manage device configuration, (pci)" msgstr "" -#: ../gui/system-config-selinux.glade:2313 -msgid "label41" +#: booleans.py:214 +msgid "Allow confined virtual guests to use usb devices" msgstr "" -#: ../gui/system-config-selinux.glade:2350 -msgid "Add Network Port" +#: booleans.py:215 +msgid "Allow confined virtual guests to interact with the xserver" msgstr "" -#: ../gui/system-config-selinux.glade:2366 -msgid "Edit Network Port" +#: booleans.py:216 +msgid "Allow webadm to manage files in users home directories" msgstr "" -#: ../gui/system-config-selinux.glade:2382 -msgid "Delete Network Port" +#: booleans.py:217 +msgid "Allow webadm to read files in users home directories" msgstr "" -#: ../gui/system-config-selinux.glade:2418 -#: ../gui/system-config-selinux.glade:2436 -msgid "Toggle between Customized and All Ports" +#: booleans.py:218 +msgid "Ignore wine mmap_zero errors." msgstr "" -#: ../gui/system-config-selinux.glade:2556 -msgid "label42" +#: booleans.py:219 +msgid "Allow the graphical login program to execute bootloader" msgstr "" -#: ../gui/system-config-selinux.glade:2593 -msgid "Generate new policy module" +#: booleans.py:220 +msgid "" +"Allow the graphical login program to login directly as sysadm_r:sysadm_t" msgstr "" -#: ../gui/system-config-selinux.glade:2609 -msgid "Load policy module" +#: booleans.py:221 +msgid "Allow xen to manage nfs files" msgstr "" -#: ../gui/system-config-selinux.glade:2625 -msgid "Remove loadable policy module" +#: booleans.py:222 +msgid "" +"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " +"logical volumes for disk images." msgstr "" -#: ../gui/system-config-selinux.glade:2661 +#: booleans.py:223 +msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." +msgstr "" + +#: booleans.py:224 msgid "" -"Enable/Disable additional audit rules, that are normally not reported in the " -"log files." +"Allow xguest users to configure Network Manager and connect to apache ports" msgstr "" -#: ../gui/system-config-selinux.glade:2781 -msgid "label44" +#: booleans.py:225 +msgid "Allow xguest users to mount removable media" msgstr "" -#: ../gui/system-config-selinux.glade:2818 -msgid "Change process mode to permissive." +#: booleans.py:226 +msgid "Allow xguest to use blue tooth devices" msgstr "" -#: ../gui/system-config-selinux.glade:2836 -msgid "Change process mode to enforcing" +#: booleans.py:227 +msgid "Allows clients to write to the X server shared memory segments." msgstr "" -#: ../gui/system-config-selinux.glade:2928 -msgid "Process Domain" +#: booleans.py:228 +msgid "Allows XServer to execute writable memory" msgstr "" -#: ../gui/system-config-selinux.glade:2956 -msgid "label59" +#: booleans.py:229 +msgid "Support X userspace object manager" msgstr "" -#: ../gui/usersPage.py:138 -#, python-format -msgid "SELinux user '%s' is required" +#: booleans.py:230 +msgid "Allow zabbix to connect to unreserved ports" +msgstr "" + +#: booleans.py:231 +msgid "Allow zebra daemon to write it configuration files" +msgstr "" + +#: booleans.py:232 +msgid "" +"Allow ZoneMinder to modify public files used for public file transfer " +"services." msgstr "" diff --git a/policycoreutils/po/am.po b/policycoreutils/po/am.po index a4478db..a61c8f3 100644 --- a/policycoreutils/po/am.po +++ b/policycoreutils/po/am.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2012-05-25 07:28-0400\n" +"POT-Creation-Date: 2012-10-16 12:24-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -24,7 +24,7 @@ msgid "" " are the arguments to that script." msgstr "" -#: ../run_init/run_init.c:126 ../newrole/newrole.c:1124 +#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123 #, c-format msgid "failed to initialize PAM\n" msgstr "" @@ -73,7 +73,7 @@ msgstr "" msgid "authentication failed.\n" msgstr "" -#: ../run_init/run_init.c:405 ../newrole/newrole.c:1258 +#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257 #, c-format msgid "Could not set exec context to %s.\n" msgstr "" @@ -86,855 +86,870 @@ msgstr "" msgid "To make this policy package active, execute:" msgstr "" -#: ../semanage/seobject.py:143 ../semanage/seobject.py:147 -msgid "global" -msgstr "" - -#: ../semanage/seobject.py:225 +#: ../semanage/seobject.py:200 msgid "Could not create semanage handle" msgstr "" -#: ../semanage/seobject.py:233 +#: ../semanage/seobject.py:208 msgid "SELinux policy is not managed or store cannot be accessed." msgstr "" -#: ../semanage/seobject.py:238 +#: ../semanage/seobject.py:213 msgid "Cannot read policy store." msgstr "" -#: ../semanage/seobject.py:243 +#: ../semanage/seobject.py:218 msgid "Could not establish semanage connection" msgstr "" -#: ../semanage/seobject.py:248 +#: ../semanage/seobject.py:223 msgid "Could not test MLS enabled status" msgstr "" -#: ../semanage/seobject.py:254 ../semanage/seobject.py:269 +#: ../semanage/seobject.py:229 ../semanage/seobject.py:244 msgid "Not yet implemented" msgstr "" -#: ../semanage/seobject.py:258 +#: ../semanage/seobject.py:233 msgid "Semanage transaction already in progress" msgstr "" -#: ../semanage/seobject.py:267 +#: ../semanage/seobject.py:242 msgid "Could not start semanage transaction" msgstr "" -#: ../semanage/seobject.py:278 +#: ../semanage/seobject.py:254 msgid "Could not commit semanage transaction" msgstr "" -#: ../semanage/seobject.py:283 +#: ../semanage/seobject.py:259 msgid "Semanage transaction not in progress" msgstr "" -#: ../semanage/seobject.py:295 ../semanage/seobject.py:375 +#: ../semanage/seobject.py:271 ../semanage/seobject.py:351 msgid "Could not list SELinux modules" msgstr "" -#: ../semanage/seobject.py:308 +#: ../semanage/seobject.py:284 msgid "Modules Name" msgstr "" -#: ../semanage/seobject.py:308 ../gui/modulesPage.py:62 +#: ../semanage/seobject.py:284 ../gui/modulesPage.py:63 msgid "Version" msgstr "" -#: ../semanage/seobject.py:311 ../gui/statusPage.py:75 +#: ../semanage/seobject.py:287 ../gui/statusPage.py:75 msgid "Disabled" msgstr "" -#: ../semanage/seobject.py:326 +#: ../semanage/seobject.py:302 #, python-format msgid "Could not disable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:337 +#: ../semanage/seobject.py:313 #, python-format msgid "Could not enable module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:352 +#: ../semanage/seobject.py:328 #, python-format msgid "Could not remove module %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:362 +#: ../semanage/seobject.py:338 msgid "dontaudit requires either 'on' or 'off'" msgstr "" -#: ../semanage/seobject.py:391 +#: ../semanage/seobject.py:366 msgid "Builtin Permissive Types" msgstr "" -#: ../semanage/seobject.py:401 +#: ../semanage/seobject.py:376 msgid "Customized Permissive Types" msgstr "" -#: ../semanage/seobject.py:442 +#: ../semanage/seobject.py:417 #, python-format msgid "Could not set permissive domain %s (module installation failed)" msgstr "" -#: ../semanage/seobject.py:448 +#: ../semanage/seobject.py:423 #, python-format msgid "Could not remove permissive domain %s (remove failed)" msgstr "" -#: ../semanage/seobject.py:483 ../semanage/seobject.py:557 -#: ../semanage/seobject.py:603 ../semanage/seobject.py:700 -#: ../semanage/seobject.py:730 ../semanage/seobject.py:797 -#: ../semanage/seobject.py:854 ../semanage/seobject.py:1101 -#: ../semanage/seobject.py:1790 ../semanage/seobject.py:1853 -#: ../semanage/seobject.py:1872 ../semanage/seobject.py:1993 -#: ../semanage/seobject.py:2045 +#: ../semanage/seobject.py:458 ../semanage/seobject.py:532 +#: ../semanage/seobject.py:578 ../semanage/seobject.py:675 +#: ../semanage/seobject.py:705 ../semanage/seobject.py:772 +#: ../semanage/seobject.py:829 ../semanage/seobject.py:1084 +#: ../semanage/seobject.py:1800 ../semanage/seobject.py:1863 +#: ../semanage/seobject.py:1882 ../semanage/seobject.py:2003 +#: ../semanage/seobject.py:2056 #, python-format msgid "Could not create a key for %s" msgstr "" -#: ../semanage/seobject.py:487 ../semanage/seobject.py:561 -#: ../semanage/seobject.py:607 ../semanage/seobject.py:613 +#: ../semanage/seobject.py:462 ../semanage/seobject.py:536 +#: ../semanage/seobject.py:582 ../semanage/seobject.py:588 #, python-format msgid "Could not check if login mapping for %s is defined" msgstr "" -#: ../semanage/seobject.py:496 +#: ../semanage/seobject.py:471 #, python-format msgid "Linux Group %s does not exist" msgstr "" -#: ../semanage/seobject.py:501 +#: ../semanage/seobject.py:476 #, python-format msgid "Linux User %s does not exist" msgstr "" -#: ../semanage/seobject.py:505 +#: ../semanage/seobject.py:480 #, python-format msgid "Could not create login mapping for %s" msgstr "" -#: ../semanage/seobject.py:509 ../semanage/seobject.py:745 +#: ../semanage/seobject.py:484 ../semanage/seobject.py:720 #, python-format msgid "Could not set name for %s" msgstr "" -#: ../semanage/seobject.py:514 ../semanage/seobject.py:755 +#: ../semanage/seobject.py:489 ../semanage/seobject.py:730 #, python-format msgid "Could not set MLS range for %s" msgstr "" -#: ../semanage/seobject.py:518 +#: ../semanage/seobject.py:493 #, python-format msgid "Could not set SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:522 +#: ../semanage/seobject.py:497 #, python-format msgid "Could not add login mapping for %s" msgstr "" -#: ../semanage/seobject.py:540 +#: ../semanage/seobject.py:515 msgid "Requires seuser or serange" msgstr "" -#: ../semanage/seobject.py:563 ../semanage/seobject.py:609 +#: ../semanage/seobject.py:538 ../semanage/seobject.py:584 #, python-format msgid "Login mapping for %s is not defined" msgstr "" -#: ../semanage/seobject.py:567 +#: ../semanage/seobject.py:542 #, python-format msgid "Could not query seuser for %s" msgstr "" -#: ../semanage/seobject.py:581 +#: ../semanage/seobject.py:556 #, python-format msgid "Could not modify login mapping for %s" msgstr "" -#: ../semanage/seobject.py:615 +#: ../semanage/seobject.py:590 #, python-format msgid "Login mapping for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:619 +#: ../semanage/seobject.py:594 #, python-format msgid "Could not delete login mapping for %s" msgstr "" -#: ../semanage/seobject.py:641 ../semanage/seobject.py:659 -#: ../semanage/seobject.py:897 +#: ../semanage/seobject.py:616 ../semanage/seobject.py:634 +#: ../semanage/seobject.py:872 msgid "Could not list login mappings" msgstr "" -#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 +#: ../semanage/seobject.py:659 ../semanage/seobject.py:664 #: ../gui/system-config-selinux.glade:100 msgid "Login Name" msgstr "" -#: ../semanage/seobject.py:684 ../semanage/seobject.py:689 -#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 +#: ../semanage/seobject.py:659 ../semanage/seobject.py:664 +#: ../semanage/seobject.py:922 ../semanage/seobject.py:927 #: ../gui/system-config-selinux.glade:128 #: ../gui/system-config-selinux.glade:915 #: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44 msgid "SELinux User" msgstr "" -#: ../semanage/seobject.py:684 ../gui/system-config-selinux.glade:156 +#: ../semanage/seobject.py:659 ../gui/system-config-selinux.glade:156 #: ../gui/system-config-selinux.glade:943 msgid "MLS/MCS Range" msgstr "" -#: ../semanage/seobject.py:703 ../semanage/seobject.py:734 -#: ../semanage/seobject.py:801 ../semanage/seobject.py:858 -#: ../semanage/seobject.py:864 +#: ../semanage/seobject.py:678 ../semanage/seobject.py:709 +#: ../semanage/seobject.py:776 ../semanage/seobject.py:833 +#: ../semanage/seobject.py:839 #, python-format msgid "Could not check if SELinux user %s is defined" msgstr "" -#: ../semanage/seobject.py:706 ../semanage/seobject.py:807 -#: ../semanage/seobject.py:870 +#: ../semanage/seobject.py:681 ../semanage/seobject.py:782 +#: ../semanage/seobject.py:845 #, python-format msgid "Could not query user for %s" msgstr "" -#: ../semanage/seobject.py:726 +#: ../semanage/seobject.py:701 #, python-format msgid "You must add at least one role for %s" msgstr "" -#: ../semanage/seobject.py:741 +#: ../semanage/seobject.py:716 #, python-format msgid "Could not create SELinux user for %s" msgstr "" -#: ../semanage/seobject.py:750 +#: ../semanage/seobject.py:725 #, python-format msgid "Could not add role %s for %s" msgstr "" -#: ../semanage/seobject.py:759 +#: ../semanage/seobject.py:734 #, python-format msgid "Could not set MLS level for %s" msgstr "" -#: ../semanage/seobject.py:762 +#: ../semanage/seobject.py:737 #, python-format msgid "Could not add prefix %s for %s" msgstr "" -#: ../semanage/seobject.py:765 +#: ../semanage/seobject.py:740 #, python-format msgid "Could not extract key for %s" msgstr "" -#: ../semanage/seobject.py:769 +#: ../semanage/seobject.py:744 #, python-format msgid "Could not add SELinux user %s" msgstr "" -#: ../semanage/seobject.py:791 +#: ../semanage/seobject.py:766 msgid "Requires prefix, roles, level or range" msgstr "" -#: ../semanage/seobject.py:793 +#: ../semanage/seobject.py:768 msgid "Requires prefix or roles" msgstr "" -#: ../semanage/seobject.py:803 ../semanage/seobject.py:860 +#: ../semanage/seobject.py:778 ../semanage/seobject.py:835 #, python-format msgid "SELinux user %s is not defined" msgstr "" -#: ../semanage/seobject.py:832 +#: ../semanage/seobject.py:807 #, python-format msgid "Could not modify SELinux user %s" msgstr "" -#: ../semanage/seobject.py:866 +#: ../semanage/seobject.py:841 #, python-format msgid "SELinux user %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:877 +#: ../semanage/seobject.py:852 #, python-format msgid "Could not delete SELinux user %s" msgstr "" -#: ../semanage/seobject.py:915 +#: ../semanage/seobject.py:890 msgid "Could not list SELinux users" msgstr "" -#: ../semanage/seobject.py:921 +#: ../semanage/seobject.py:896 #, python-format msgid "Could not list roles for user %s" msgstr "" -#: ../semanage/seobject.py:946 +#: ../semanage/seobject.py:921 msgid "Labeling" msgstr "" -#: ../semanage/seobject.py:946 +#: ../semanage/seobject.py:921 msgid "MLS/" msgstr "" -#: ../semanage/seobject.py:947 +#: ../semanage/seobject.py:922 msgid "Prefix" msgstr "" -#: ../semanage/seobject.py:947 +#: ../semanage/seobject.py:922 msgid "MCS Level" msgstr "" -#: ../semanage/seobject.py:947 +#: ../semanage/seobject.py:922 msgid "MCS Range" msgstr "" -#: ../semanage/seobject.py:947 ../semanage/seobject.py:952 +#: ../semanage/seobject.py:922 ../semanage/seobject.py:927 #: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59 msgid "SELinux Roles" msgstr "" -#: ../semanage/seobject.py:967 +#: ../semanage/seobject.py:944 msgid "Protocol udp or tcp is required" msgstr "" -#: ../semanage/seobject.py:969 +#: ../semanage/seobject.py:946 msgid "Port is required" msgstr "" -#: ../semanage/seobject.py:979 +#: ../semanage/seobject.py:956 msgid "Invalid Port" msgstr "" -#: ../semanage/seobject.py:983 +#: ../semanage/seobject.py:960 #, python-format msgid "Could not create a key for %s/%s" msgstr "" -#: ../semanage/seobject.py:994 +#: ../semanage/seobject.py:971 msgid "Type is required" msgstr "" -#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1059 -#: ../semanage/seobject.py:1114 ../semanage/seobject.py:1120 +#: ../semanage/seobject.py:974 ../semanage/seobject.py:1036 +#: ../semanage/seobject.py:1794 +#, python-format +msgid "Type %s is invalid, must be a port type" +msgstr "" + +#: ../semanage/seobject.py:980 ../semanage/seobject.py:1042 +#: ../semanage/seobject.py:1097 ../semanage/seobject.py:1103 #, python-format msgid "Could not check if port %s/%s is defined" msgstr "" -#: ../semanage/seobject.py:1002 +#: ../semanage/seobject.py:982 #, python-format msgid "Port %s/%s already defined" msgstr "" -#: ../semanage/seobject.py:1006 +#: ../semanage/seobject.py:986 #, python-format msgid "Could not create port for %s/%s" msgstr "" -#: ../semanage/seobject.py:1012 +#: ../semanage/seobject.py:992 #, python-format msgid "Could not create context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1016 +#: ../semanage/seobject.py:996 #, python-format msgid "Could not set user in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1020 +#: ../semanage/seobject.py:1000 #, python-format msgid "Could not set role in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1024 +#: ../semanage/seobject.py:1004 #, python-format msgid "Could not set type in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1029 +#: ../semanage/seobject.py:1009 #, python-format msgid "Could not set mls fields in port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1033 +#: ../semanage/seobject.py:1013 #, python-format msgid "Could not set port context for %s/%s" msgstr "" -#: ../semanage/seobject.py:1037 +#: ../semanage/seobject.py:1017 #, python-format msgid "Could not add port %s/%s" msgstr "" -#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1316 -#: ../semanage/seobject.py:1512 +#: ../semanage/seobject.py:1031 ../semanage/seobject.py:1304 +#: ../semanage/seobject.py:1503 msgid "Requires setype or serange" msgstr "" -#: ../semanage/seobject.py:1053 +#: ../semanage/seobject.py:1033 msgid "Requires setype" msgstr "" -#: ../semanage/seobject.py:1061 ../semanage/seobject.py:1116 +#: ../semanage/seobject.py:1044 ../semanage/seobject.py:1099 #, python-format msgid "Port %s/%s is not defined" msgstr "" -#: ../semanage/seobject.py:1065 +#: ../semanage/seobject.py:1048 #, python-format msgid "Could not query port %s/%s" msgstr "" -#: ../semanage/seobject.py:1076 +#: ../semanage/seobject.py:1059 #, python-format msgid "Could not modify port %s/%s" msgstr "" -#: ../semanage/seobject.py:1089 +#: ../semanage/seobject.py:1072 msgid "Could not list the ports" msgstr "" -#: ../semanage/seobject.py:1105 +#: ../semanage/seobject.py:1088 #, python-format msgid "Could not delete the port %s" msgstr "" -#: ../semanage/seobject.py:1122 +#: ../semanage/seobject.py:1105 #, python-format msgid "Port %s/%s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1126 +#: ../semanage/seobject.py:1109 #, python-format msgid "Could not delete port %s/%s" msgstr "" -#: ../semanage/seobject.py:1142 ../semanage/seobject.py:1164 +#: ../semanage/seobject.py:1125 ../semanage/seobject.py:1147 msgid "Could not list ports" msgstr "" -#: ../semanage/seobject.py:1203 +#: ../semanage/seobject.py:1186 msgid "SELinux Port Type" msgstr "" -#: ../semanage/seobject.py:1203 +#: ../semanage/seobject.py:1186 msgid "Proto" msgstr "" -#: ../semanage/seobject.py:1203 ../gui/system-config-selinux.glade:335 +#: ../semanage/seobject.py:1186 ../gui/system-config-selinux.glade:335 msgid "Port Number" msgstr "" -#: ../semanage/seobject.py:1222 +#: ../semanage/seobject.py:1207 msgid "Node Address is required" msgstr "" -#: ../semanage/seobject.py:1237 +#: ../semanage/seobject.py:1222 msgid "Unknown or missing protocol" msgstr "" -#: ../semanage/seobject.py:1251 ../semanage/seobject.py:1450 -#: ../semanage/seobject.py:1728 -msgid "SELinux Type is required" +#: ../semanage/seobject.py:1236 +msgid "SELinux node type is required" +msgstr "" + +#: ../semanage/seobject.py:1239 ../semanage/seobject.py:1307 +#, python-format +msgid "Type %s is invalid, must be a node type" msgstr "" -#: ../semanage/seobject.py:1255 ../semanage/seobject.py:1320 -#: ../semanage/seobject.py:1356 ../semanage/seobject.py:1454 -#: ../semanage/seobject.py:1516 ../semanage/seobject.py:1550 -#: ../semanage/seobject.py:1732 +#: ../semanage/seobject.py:1243 ../semanage/seobject.py:1311 +#: ../semanage/seobject.py:1347 ../semanage/seobject.py:1445 +#: ../semanage/seobject.py:1507 ../semanage/seobject.py:1541 +#: ../semanage/seobject.py:1739 #, python-format msgid "Could not create key for %s" msgstr "" -#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1324 -#: ../semanage/seobject.py:1360 ../semanage/seobject.py:1366 +#: ../semanage/seobject.py:1245 ../semanage/seobject.py:1315 +#: ../semanage/seobject.py:1351 ../semanage/seobject.py:1357 #, python-format msgid "Could not check if addr %s is defined" msgstr "" -#: ../semanage/seobject.py:1266 +#: ../semanage/seobject.py:1254 #, python-format msgid "Could not create addr for %s" msgstr "" -#: ../semanage/seobject.py:1272 ../semanage/seobject.py:1470 -#: ../semanage/seobject.py:1690 +#: ../semanage/seobject.py:1260 ../semanage/seobject.py:1461 +#: ../semanage/seobject.py:1694 #, python-format msgid "Could not create context for %s" msgstr "" -#: ../semanage/seobject.py:1276 +#: ../semanage/seobject.py:1264 #, python-format msgid "Could not set mask for %s" msgstr "" -#: ../semanage/seobject.py:1280 +#: ../semanage/seobject.py:1268 #, python-format msgid "Could not set user in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1284 +#: ../semanage/seobject.py:1272 #, python-format msgid "Could not set role in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1288 +#: ../semanage/seobject.py:1276 #, python-format msgid "Could not set type in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1293 +#: ../semanage/seobject.py:1281 #, python-format msgid "Could not set mls fields in addr context for %s" msgstr "" -#: ../semanage/seobject.py:1297 +#: ../semanage/seobject.py:1285 #, python-format msgid "Could not set addr context for %s" msgstr "" -#: ../semanage/seobject.py:1301 +#: ../semanage/seobject.py:1289 #, python-format msgid "Could not add addr %s" msgstr "" -#: ../semanage/seobject.py:1326 ../semanage/seobject.py:1362 +#: ../semanage/seobject.py:1317 ../semanage/seobject.py:1353 #, python-format msgid "Addr %s is not defined" msgstr "" -#: ../semanage/seobject.py:1330 +#: ../semanage/seobject.py:1321 #, python-format msgid "Could not query addr %s" msgstr "" -#: ../semanage/seobject.py:1340 +#: ../semanage/seobject.py:1331 #, python-format msgid "Could not modify addr %s" msgstr "" -#: ../semanage/seobject.py:1368 +#: ../semanage/seobject.py:1359 #, python-format msgid "Addr %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1372 +#: ../semanage/seobject.py:1363 #, python-format msgid "Could not delete addr %s" msgstr "" -#: ../semanage/seobject.py:1384 +#: ../semanage/seobject.py:1375 msgid "Could not deleteall node mappings" msgstr "" -#: ../semanage/seobject.py:1398 +#: ../semanage/seobject.py:1389 msgid "Could not list addrs" msgstr "" -#: ../semanage/seobject.py:1458 ../semanage/seobject.py:1520 -#: ../semanage/seobject.py:1554 ../semanage/seobject.py:1560 +#: ../semanage/seobject.py:1441 ../semanage/seobject.py:1732 +msgid "SELinux Type is required" +msgstr "" + +#: ../semanage/seobject.py:1449 ../semanage/seobject.py:1511 +#: ../semanage/seobject.py:1545 ../semanage/seobject.py:1551 #, python-format msgid "Could not check if interface %s is defined" msgstr "" -#: ../semanage/seobject.py:1465 +#: ../semanage/seobject.py:1456 #, python-format msgid "Could not create interface for %s" msgstr "" -#: ../semanage/seobject.py:1474 +#: ../semanage/seobject.py:1465 #, python-format msgid "Could not set user in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1478 +#: ../semanage/seobject.py:1469 #, python-format msgid "Could not set role in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1482 +#: ../semanage/seobject.py:1473 #, python-format msgid "Could not set type in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1487 +#: ../semanage/seobject.py:1478 #, python-format msgid "Could not set mls fields in interface context for %s" msgstr "" -#: ../semanage/seobject.py:1491 +#: ../semanage/seobject.py:1482 #, python-format msgid "Could not set interface context for %s" msgstr "" -#: ../semanage/seobject.py:1495 +#: ../semanage/seobject.py:1486 #, python-format msgid "Could not set message context for %s" msgstr "" -#: ../semanage/seobject.py:1499 +#: ../semanage/seobject.py:1490 #, python-format msgid "Could not add interface %s" msgstr "" -#: ../semanage/seobject.py:1522 ../semanage/seobject.py:1556 +#: ../semanage/seobject.py:1513 ../semanage/seobject.py:1547 #, python-format msgid "Interface %s is not defined" msgstr "" -#: ../semanage/seobject.py:1526 +#: ../semanage/seobject.py:1517 #, python-format msgid "Could not query interface %s" msgstr "" -#: ../semanage/seobject.py:1537 +#: ../semanage/seobject.py:1528 #, python-format msgid "Could not modify interface %s" msgstr "" -#: ../semanage/seobject.py:1562 +#: ../semanage/seobject.py:1553 #, python-format msgid "Interface %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1566 +#: ../semanage/seobject.py:1557 #, python-format msgid "Could not delete interface %s" msgstr "" -#: ../semanage/seobject.py:1578 +#: ../semanage/seobject.py:1569 msgid "Could not delete all interface mappings" msgstr "" -#: ../semanage/seobject.py:1592 +#: ../semanage/seobject.py:1583 msgid "Could not list interfaces" msgstr "" -#: ../semanage/seobject.py:1617 +#: ../semanage/seobject.py:1608 msgid "SELinux Interface" msgstr "" -#: ../semanage/seobject.py:1617 ../semanage/seobject.py:1944 +#: ../semanage/seobject.py:1608 ../semanage/seobject.py:1954 msgid "Context" msgstr "" -#: ../semanage/seobject.py:1667 +#: ../semanage/seobject.py:1671 #, python-format msgid "Equivalence class for %s already exists" msgstr "" -#: ../semanage/seobject.py:1673 +#: ../semanage/seobject.py:1677 #, python-format msgid "File spec %s conflicts with equivalency rule '%s %s'" msgstr "" -#: ../semanage/seobject.py:1682 +#: ../semanage/seobject.py:1686 #, python-format msgid "Equivalence class for %s does not exists" msgstr "" -#: ../semanage/seobject.py:1696 +#: ../semanage/seobject.py:1700 #, python-format msgid "Could not set user in file context for %s" msgstr "" -#: ../semanage/seobject.py:1700 +#: ../semanage/seobject.py:1704 #, python-format msgid "Could not set role in file context for %s" msgstr "" -#: ../semanage/seobject.py:1705 ../semanage/seobject.py:1762 +#: ../semanage/seobject.py:1709 ../semanage/seobject.py:1769 #, python-format msgid "Could not set mls fields in file context for %s" msgstr "" -#: ../semanage/seobject.py:1711 +#: ../semanage/seobject.py:1715 msgid "Invalid file specification" msgstr "" -#: ../semanage/seobject.py:1713 +#: ../semanage/seobject.py:1717 msgid "File specification can not include spaces" msgstr "" -#: ../semanage/seobject.py:1718 +#: ../semanage/seobject.py:1722 #, python-format msgid "" "File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead" msgstr "" -#: ../semanage/seobject.py:1736 ../semanage/seobject.py:1741 -#: ../semanage/seobject.py:1794 ../semanage/seobject.py:1876 -#: ../semanage/seobject.py:1880 +#: ../semanage/seobject.py:1735 +#, python-format +msgid "Type %s is invalid, must be a file or device type" +msgstr "" + +#: ../semanage/seobject.py:1743 ../semanage/seobject.py:1748 +#: ../semanage/seobject.py:1804 ../semanage/seobject.py:1886 +#: ../semanage/seobject.py:1890 #, python-format msgid "Could not check if file context for %s is defined" msgstr "" -#: ../semanage/seobject.py:1749 +#: ../semanage/seobject.py:1756 #, python-format msgid "Could not create file context for %s" msgstr "" -#: ../semanage/seobject.py:1757 +#: ../semanage/seobject.py:1764 #, python-format msgid "Could not set type in file context for %s" msgstr "" -#: ../semanage/seobject.py:1765 ../semanage/seobject.py:1822 -#: ../semanage/seobject.py:1826 +#: ../semanage/seobject.py:1772 ../semanage/seobject.py:1832 +#: ../semanage/seobject.py:1836 #, python-format msgid "Could not set file context for %s" msgstr "" -#: ../semanage/seobject.py:1771 +#: ../semanage/seobject.py:1778 #, python-format msgid "Could not add file context for %s" msgstr "" -#: ../semanage/seobject.py:1785 +#: ../semanage/seobject.py:1792 msgid "Requires setype, serange or seuser" msgstr "" -#: ../semanage/seobject.py:1798 ../semanage/seobject.py:1884 +#: ../semanage/seobject.py:1808 ../semanage/seobject.py:1894 #, python-format msgid "File context for %s is not defined" msgstr "" -#: ../semanage/seobject.py:1804 +#: ../semanage/seobject.py:1814 #, python-format msgid "Could not query file context for %s" msgstr "" -#: ../semanage/seobject.py:1830 +#: ../semanage/seobject.py:1840 #, python-format msgid "Could not modify file context for %s" msgstr "" -#: ../semanage/seobject.py:1843 +#: ../semanage/seobject.py:1853 msgid "Could not list the file contexts" msgstr "" -#: ../semanage/seobject.py:1857 +#: ../semanage/seobject.py:1867 #, python-format msgid "Could not delete the file context %s" msgstr "" -#: ../semanage/seobject.py:1882 +#: ../semanage/seobject.py:1892 #, python-format msgid "File context for %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:1888 +#: ../semanage/seobject.py:1898 #, python-format msgid "Could not delete file context for %s" msgstr "" -#: ../semanage/seobject.py:1903 +#: ../semanage/seobject.py:1913 msgid "Could not list file contexts" msgstr "" -#: ../semanage/seobject.py:1907 +#: ../semanage/seobject.py:1917 msgid "Could not list local file contexts" msgstr "" -#: ../semanage/seobject.py:1944 +#: ../semanage/seobject.py:1954 msgid "SELinux fcontext" msgstr "" -#: ../semanage/seobject.py:1944 +#: ../semanage/seobject.py:1954 msgid "type" msgstr "" -#: ../semanage/seobject.py:1957 +#: ../semanage/seobject.py:1967 msgid "" "\n" "SELinux Distribution fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1962 +#: ../semanage/seobject.py:1972 msgid "" "\n" "SELinux Local fcontext Equivalence \n" msgstr "" -#: ../semanage/seobject.py:1996 ../semanage/seobject.py:2048 -#: ../semanage/seobject.py:2054 +#: ../semanage/seobject.py:2006 ../semanage/seobject.py:2059 +#: ../semanage/seobject.py:2065 #, python-format msgid "Could not check if boolean %s is defined" msgstr "" -#: ../semanage/seobject.py:1998 ../semanage/seobject.py:2050 +#: ../semanage/seobject.py:2008 ../semanage/seobject.py:2061 #, python-format msgid "Boolean %s is not defined" msgstr "" -#: ../semanage/seobject.py:2002 +#: ../semanage/seobject.py:2012 #, python-format msgid "Could not query file context %s" msgstr "" -#: ../semanage/seobject.py:2007 +#: ../semanage/seobject.py:2017 #, python-format msgid "You must specify one of the following values: %s" msgstr "" -#: ../semanage/seobject.py:2012 +#: ../semanage/seobject.py:2022 #, python-format msgid "Could not set active value of boolean %s" msgstr "" -#: ../semanage/seobject.py:2015 +#: ../semanage/seobject.py:2025 #, python-format msgid "Could not modify boolean %s" msgstr "" -#: ../semanage/seobject.py:2033 +#: ../semanage/seobject.py:2043 #, python-format msgid "Bad format %s: Record %s" msgstr "" -#: ../semanage/seobject.py:2056 +#: ../semanage/seobject.py:2067 #, python-format msgid "Boolean %s is defined in policy, cannot be deleted" msgstr "" -#: ../semanage/seobject.py:2060 +#: ../semanage/seobject.py:2071 #, python-format msgid "Could not delete boolean %s" msgstr "" -#: ../semanage/seobject.py:2072 ../semanage/seobject.py:2089 +#: ../semanage/seobject.py:2083 ../semanage/seobject.py:2100 msgid "Could not list booleans" msgstr "" -#: ../semanage/seobject.py:2112 +#: ../semanage/seobject.py:2125 msgid "unknown" msgstr "" -#: ../semanage/seobject.py:2125 +#: ../semanage/seobject.py:2138 msgid "off" msgstr "" -#: ../semanage/seobject.py:2125 +#: ../semanage/seobject.py:2138 msgid "on" msgstr "" -#: ../semanage/seobject.py:2139 +#: ../semanage/seobject.py:2152 msgid "SELinux boolean" msgstr "" -#: ../semanage/seobject.py:2139 +#: ../semanage/seobject.py:2152 msgid "State" msgstr "" -#: ../semanage/seobject.py:2139 +#: ../semanage/seobject.py:2152 msgid "Default" msgstr "" -#: ../semanage/seobject.py:2139 ../gui/polgen.glade:3355 -#: ../gui/polgengui.py:253 +#: ../semanage/seobject.py:2152 ../gui/polgen.glade:113 +#: ../gui/polgengui.py:254 msgid "Description" msgstr "" @@ -998,7 +1013,7 @@ msgstr "" msgid "Error sending audit message.\n" msgstr "" -#: ../newrole/newrole.c:692 ../newrole/newrole.c:1059 +#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058 #, c-format msgid "Could not determine enforcing mode.\n" msgstr "" @@ -1113,62 +1128,66 @@ msgstr "" msgid "Unable to set SIGHUP handler\n" msgstr "" -#: ../newrole/newrole.c:1053 +#: ../newrole/newrole.c:1036 +msgid "Sorry, newrole failed to drop capabilities\n" +msgstr "" + +#: ../newrole/newrole.c:1052 #, c-format msgid "Sorry, newrole may be used only on a SELinux kernel.\n" msgstr "" -#: ../newrole/newrole.c:1070 +#: ../newrole/newrole.c:1069 #, c-format msgid "failed to get old_context.\n" msgstr "" -#: ../newrole/newrole.c:1077 +#: ../newrole/newrole.c:1076 #, c-format msgid "Warning! Could not retrieve tty information.\n" msgstr "" -#: ../newrole/newrole.c:1098 +#: ../newrole/newrole.c:1097 #, c-format msgid "error on reading PAM service configuration.\n" msgstr "" -#: ../newrole/newrole.c:1133 +#: ../newrole/newrole.c:1132 #, c-format msgid "newrole: incorrect password for %s\n" msgstr "" -#: ../newrole/newrole.c:1160 +#: ../newrole/newrole.c:1159 #, c-format msgid "newrole: failure forking: %s" msgstr "" -#: ../newrole/newrole.c:1163 ../newrole/newrole.c:1186 +#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185 #, c-format msgid "Unable to restore tty label...\n" msgstr "" -#: ../newrole/newrole.c:1165 ../newrole/newrole.c:1192 +#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191 #, c-format msgid "Failed to close tty properly\n" msgstr "" -#: ../newrole/newrole.c:1224 +#: ../newrole/newrole.c:1223 #, c-format msgid "Could not close descriptors.\n" msgstr "" -#: ../newrole/newrole.c:1251 +#: ../newrole/newrole.c:1250 #, c-format msgid "Error allocating shell's argv0.\n" msgstr "" -#: ../newrole/newrole.c:1287 +#: ../newrole/newrole.c:1286 #, c-format msgid "Unable to restore the environment, aborting\n" msgstr "" -#: ../newrole/newrole.c:1298 +#: ../newrole/newrole.c:1297 msgid "failed to exec shell\n" msgstr "" @@ -1271,20 +1290,20 @@ msgstr "" msgid "chcat -l +CompanyConfidential juser" msgstr "" -#: ../scripts/chcat:399 ../gui/polgen.py:1351 -#, c-format, python-format +#: ../scripts/chcat:399 +#, c-format msgid "Options Error %s " msgstr "" -#: ../gui/booleansPage.py:195 ../gui/system-config-selinux.glade:1706 +#: ../gui/booleansPage.py:194 ../gui/system-config-selinux.glade:1706 msgid "Boolean" msgstr "" -#: ../gui/booleansPage.py:252 ../gui/semanagePage.py:162 +#: ../gui/booleansPage.py:245 ../gui/semanagePage.py:162 msgid "all" msgstr "" -#: ../gui/booleansPage.py:254 ../gui/semanagePage.py:164 +#: ../gui/booleansPage.py:247 ../gui/semanagePage.py:164 #: ../gui/system-config-selinux.glade:1615 #: ../gui/system-config-selinux.glade:1820 #: ../gui/system-config-selinux.glade:2437 @@ -1340,577 +1359,464 @@ msgstr "" msgid "Login '%s' is required" msgstr "" -#: ../gui/modulesPage.py:48 ../gui/system-config-selinux.glade:2753 +#: ../gui/modulesPage.py:49 ../gui/system-config-selinux.glade:2753 msgid "Policy Module" msgstr "" -#: ../gui/modulesPage.py:57 +#: ../gui/modulesPage.py:58 msgid "Module Name" msgstr "" -#: ../gui/modulesPage.py:134 +#: ../gui/modulesPage.py:135 msgid "Disable Audit" msgstr "" -#: ../gui/modulesPage.py:137 ../gui/system-config-selinux.glade:2662 +#: ../gui/modulesPage.py:138 ../gui/system-config-selinux.glade:2662 msgid "Enable Audit" msgstr "" -#: ../gui/modulesPage.py:162 +#: ../gui/modulesPage.py:163 msgid "Load Policy Module" msgstr "" -#: ../gui/polgen.glade:79 -msgid "Polgen" -msgstr "" - -#: ../gui/polgen.glade:80 +#: ../gui/polgen.glade:9 msgid "Red Hat 2007" msgstr "" -#: ../gui/polgen.glade:81 +#: ../gui/polgen.glade:11 msgid "GPL" msgstr "" #. TRANSLATORS: Replace this string with your names, one name per line. -#: ../gui/polgen.glade:85 ../gui/system-config-selinux.glade:17 +#: ../gui/polgen.glade:13 ../gui/system-config-selinux.glade:17 msgid "translator-credits" msgstr "" -#: ../gui/polgen.glade:90 +#: ../gui/polgen.glade:34 +msgid "Add Booleans Dialog" +msgstr "" + +#: ../gui/polgen.glade:101 +msgid "Boolean Name" +msgstr "" + +#: ../gui/polgen.glade:230 msgid "SELinux Policy Generation Tool" msgstr "" -#: ../gui/polgen.glade:128 +#: ../gui/polgen.glade:251 msgid "" "Select the policy type for the application or user role you want to " "confine:" msgstr "" -#: ../gui/polgen.glade:177 +#: ../gui/polgen.glade:284 msgid "Applications" msgstr "" -#: ../gui/polgen.glade:239 ../gui/polgen.glade:259 +#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:183 +msgid "Standard Init Daemon" +msgstr "" + +#: ../gui/polgen.glade:320 ../gui/polgen.glade:336 msgid "" "Standard Init Daemon are daemons started on boot via init scripts. Usually " "requires a script in /etc/rc.d/init.d" msgstr "" -#: ../gui/polgen.glade:241 ../gui/polgen.py:156 -msgid "Standard Init Daemon" +#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:184 +msgid "DBUS System Daemon" msgstr "" -#: ../gui/polgen.glade:261 ../gui/polgen.py:157 -msgid "DBUS System Daemon" +#: ../gui/polgen.glade:349 +msgid "Internet Services Daemon (inetd)" msgstr "" -#: ../gui/polgen.glade:280 +#: ../gui/polgen.glade:353 msgid "Internet Services Daemon are daemons started by xinetd" msgstr "" -#: ../gui/polgen.glade:282 -msgid "Internet Services Daemon (inetd)" +#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:186 +msgid "Web Application/Script (CGI)" msgstr "" -#: ../gui/polgen.glade:301 +#: ../gui/polgen.glade:370 msgid "" "Web Applications/Script (CGI) CGI scripts started by the web server (apache)" msgstr "" -#: ../gui/polgen.glade:303 ../gui/polgen.py:159 -msgid "Web Application/Script (CGI)" +#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:187 +msgid "User Application" msgstr "" -#: ../gui/polgen.glade:322 ../gui/polgen.glade:343 +#: ../gui/polgen.glade:387 ../gui/polgen.glade:404 msgid "" "User Application are any application that you would like to confine that is " "started by a user" msgstr "" -#: ../gui/polgen.glade:324 ../gui/polgen.py:160 -msgid "User Application" -msgstr "" - -#: ../gui/polgen.glade:345 ../gui/polgen.py:161 +#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:188 msgid "Sandbox" msgstr "" -#: ../gui/polgen.glade:391 +#: ../gui/polgen.glade:446 msgid "Login Users" msgstr "" -#: ../gui/polgen.glade:453 +#: ../gui/polgen.glade:478 +msgid "Existing User Roles" +msgstr "" + +#: ../gui/polgen.glade:482 msgid "Modify an existing login user record." msgstr "" -#: ../gui/polgen.glade:455 -msgid "Existing User Roles" +#: ../gui/polgen.glade:495 ../sepolicy/sepolicy/generate.py:189 +msgid "Minimal Terminal User Role" msgstr "" -#: ../gui/polgen.glade:474 +#: ../gui/polgen.glade:499 msgid "" "This user will login to a machine only via a terminal or remote login. By " "default this user will have no setuid, no networking, no su, no sudo." msgstr "" -#: ../gui/polgen.glade:476 ../gui/polgen.py:162 -msgid "Minimal Terminal User Role" +#: ../gui/polgen.glade:512 ../sepolicy/sepolicy/generate.py:190 +msgid "Minimal X Windows User Role" msgstr "" -#: ../gui/polgen.glade:495 +#: ../gui/polgen.glade:516 msgid "" "This user can login to a machine via X or terminal. By default this user " "will have no setuid, no networking, no sudo, no su" msgstr "" -#: ../gui/polgen.glade:497 ../gui/polgen.py:163 -msgid "Minimal X Windows User Role" +#: ../gui/polgen.glade:529 ../sepolicy/sepolicy/generate.py:191 +msgid "User Role" msgstr "" -#: ../gui/polgen.glade:516 +#: ../gui/polgen.glade:533 msgid "" "User with full networking, no setuid applications without transition, no " "sudo, no su." msgstr "" -#: ../gui/polgen.glade:518 ../gui/polgen.py:164 -msgid "User Role" +#: ../gui/polgen.glade:546 ../sepolicy/sepolicy/generate.py:192 +msgid "Admin User Role" msgstr "" -#: ../gui/polgen.glade:537 +#: ../gui/polgen.glade:550 msgid "" "User with full networking, no setuid applications without transition, no su, " "can sudo to Root Administration Roles" msgstr "" -#: ../gui/polgen.glade:539 ../gui/polgen.py:165 -msgid "Admin User Role" +#: ../gui/polgen.glade:592 +msgid "Root Users" msgstr "" -#: ../gui/polgen.glade:585 -msgid "Root Users" +#: ../gui/polgen.glade:623 ../sepolicy/sepolicy/generate.py:193 +msgid "Root Admin User Role" msgstr "" -#: ../gui/polgen.glade:647 +#: ../gui/polgen.glade:627 msgid "" "Select Root Administrator User Role, if this user will be used to administer " "the machine while running as root. This user will not be able to login to " "the system directly." msgstr "" -#: ../gui/polgen.glade:649 ../gui/polgen.py:166 -msgid "Root Admin User Role" -msgstr "" - -#: ../gui/polgen.glade:716 -msgid "label104" -msgstr "" - -#: ../gui/polgen.glade:745 +#: ../gui/polgen.glade:705 msgid "Enter name of application or user role:" msgstr "" -#: ../gui/polgen.glade:779 ../gui/polgengui.py:251 +#: ../gui/polgen.glade:728 ../gui/polgengui.py:252 msgid "Name" msgstr "" -#: ../gui/polgen.glade:807 +#: ../gui/polgen.glade:739 msgid "Enter complete path for executable to be confined." msgstr "" -#: ../gui/polgen.glade:830 ../gui/polgen.glade:950 ../gui/polgen.glade:3142 +#: ../gui/polgen.glade:756 ../gui/polgen.glade:838 ../gui/polgen.glade:2361 msgid "..." msgstr "" -#: ../gui/polgen.glade:849 +#: ../gui/polgen.glade:776 msgid "Enter unique name for the confined application or user role." msgstr "" -#: ../gui/polgen.glade:871 +#: ../gui/polgen.glade:794 msgid "Executable" msgstr "" -#: ../gui/polgen.glade:899 +#: ../gui/polgen.glade:808 msgid "Init script" msgstr "" -#: ../gui/polgen.glade:927 +#: ../gui/polgen.glade:821 msgid "" "Enter complete path to init script used to start the confined application." msgstr "" -#: ../gui/polgen.glade:982 -msgid "label105" -msgstr "" - -#: ../gui/polgen.glade:1011 +#: ../gui/polgen.glade:887 msgid "Select existing role to modify:" msgstr "" -#: ../gui/polgen.glade:1045 +#: ../gui/polgen.glade:908 msgid "Select the user roles that will transiton to the %s domain." msgstr "" -#: ../gui/polgen.glade:1073 -msgid "label106" +#: ../gui/polgen.glade:928 +msgid "role tab" msgstr "" -#: ../gui/polgen.glade:1102 +#: ../gui/polgen.glade:945 msgid "Select roles that %s will transition to:" msgstr "" -#: ../gui/polgen.glade:1136 +#: ../gui/polgen.glade:963 msgid "Select applications domains that %s will transition to." msgstr "" -#: ../gui/polgen.glade:1164 -msgid "label107" +#: ../gui/polgen.glade:983 +msgid "" +"transition \n" +"role tab" msgstr "" -#: ../gui/polgen.glade:1193 +#: ../gui/polgen.glade:1001 msgid "Select the user_roles that will transition to %s:" msgstr "" -#: ../gui/polgen.glade:1227 +#: ../gui/polgen.glade:1019 msgid "Select the user roles that will transiton to this applications domains." msgstr "" -#: ../gui/polgen.glade:1255 -msgid "label108" -msgstr "" - -#: ../gui/polgen.glade:1284 +#: ../gui/polgen.glade:1056 msgid "Select domains that %s will administer:" msgstr "" -#: ../gui/polgen.glade:1318 ../gui/polgen.glade:1409 +#: ../gui/polgen.glade:1074 ../gui/polgen.glade:1129 msgid "Select the domains that you would like this user administer." msgstr "" -#: ../gui/polgen.glade:1346 -msgid "label109" -msgstr "" - -#: ../gui/polgen.glade:1375 +#: ../gui/polgen.glade:1111 msgid "Select additional roles for %s:" msgstr "" -#: ../gui/polgen.glade:1437 -msgid "label111" -msgstr "" - -#: ../gui/polgen.glade:1466 +#: ../gui/polgen.glade:1166 msgid "Enter network ports that %s binds on:" msgstr "" -#: ../gui/polgen.glade:1497 ../gui/polgen.glade:1997 +#: ../gui/polgen.glade:1186 ../gui/polgen.glade:1557 msgid "TCP Ports" msgstr "" -#: ../gui/polgen.glade:1565 ../gui/polgen.glade:1785 +#: ../gui/polgen.glade:1223 ../gui/polgen.glade:1390 ../gui/polgen.glade:1589 +#: ../gui/polgen.glade:1698 +msgid "All" +msgstr "" + +#: ../gui/polgen.glade:1227 ../gui/polgen.glade:1394 msgid "Allows %s to bind to any udp port" msgstr "" -#: ../gui/polgen.glade:1567 ../gui/polgen.glade:1787 ../gui/polgen.glade:2061 -#: ../gui/polgen.glade:2215 -msgid "All" +#: ../gui/polgen.glade:1240 ../gui/polgen.glade:1407 +msgid "600-1024" msgstr "" -#: ../gui/polgen.glade:1585 ../gui/polgen.glade:1805 +#: ../gui/polgen.glade:1244 ../gui/polgen.glade:1411 msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024" msgstr "" -#: ../gui/polgen.glade:1587 ../gui/polgen.glade:1807 -msgid "600-1024" +#: ../gui/polgen.glade:1257 ../gui/polgen.glade:1424 +msgid "Unreserved Ports (>1024)" msgstr "" -#: ../gui/polgen.glade:1605 ../gui/polgen.glade:1825 +#: ../gui/polgen.glade:1261 ../gui/polgen.glade:1428 msgid "" "Enter a comma separated list of udp ports or ranges of ports that %s binds " "to. Example: 612, 650-660" msgstr "" -#: ../gui/polgen.glade:1607 ../gui/polgen.glade:1827 -msgid "Unreserved Ports (>1024)" -msgstr "" - -#: ../gui/polgen.glade:1638 ../gui/polgen.glade:1858 ../gui/polgen.glade:2079 -#: ../gui/polgen.glade:2233 +#: ../gui/polgen.glade:1289 ../gui/polgen.glade:1456 ../gui/polgen.glade:1609 +#: ../gui/polgen.glade:1718 msgid "Select Ports" msgstr "" -#: ../gui/polgen.glade:1663 ../gui/polgen.glade:1883 +#: ../gui/polgen.glade:1302 ../gui/polgen.glade:1469 msgid "Allows %s to bind to any udp ports > 1024" msgstr "" -#: ../gui/polgen.glade:1717 ../gui/polgen.glade:2151 +#: ../gui/polgen.glade:1353 ../gui/polgen.glade:1666 msgid "UDP Ports" msgstr "" -#: ../gui/polgen.glade:1937 -msgid "label113" +#: ../gui/polgen.glade:1519 +msgid "" +"Network\n" +"Bind tab" msgstr "" -#: ../gui/polgen.glade:1966 +#: ../gui/polgen.glade:1537 msgid "Select network ports that %s connects to:" msgstr "" -#: ../gui/polgen.glade:2058 +#: ../gui/polgen.glade:1593 msgid "Allows %s to connect to any tcp port" msgstr "" -#: ../gui/polgen.glade:2104 +#: ../gui/polgen.glade:1622 msgid "" "Enter a comma separated list of tcp ports or ranges of ports that %s " "connects to. Example: 612, 650-660" msgstr "" -#: ../gui/polgen.glade:2212 +#: ../gui/polgen.glade:1702 msgid "Allows %s to connect to any udp port" msgstr "" -#: ../gui/polgen.glade:2258 +#: ../gui/polgen.glade:1731 msgid "" "Enter a comma separated list of udp ports or ranges of ports that %s " "connects to. Example: 612, 650-660" msgstr "" -#: ../gui/polgen.glade:2305 -msgid "label114" -msgstr "" - -#: ../gui/polgen.glade:2334 +#: ../gui/polgen.glade:1792 msgid "Select common application traits for %s:" msgstr "" -#: ../gui/polgen.glade:2366 +#: ../gui/polgen.glade:1809 msgid "Writes syslog messages\t" msgstr "" -#: ../gui/polgen.glade:2385 +#: ../gui/polgen.glade:1824 msgid "Create/Manipulate temporary files in /tmp" msgstr "" -#: ../gui/polgen.glade:2404 +#: ../gui/polgen.glade:1839 msgid "Uses Pam for authentication" msgstr "" -#: ../gui/polgen.glade:2423 +#: ../gui/polgen.glade:1854 msgid "Uses nsswitch or getpw* calls" msgstr "" -#: ../gui/polgen.glade:2442 +#: ../gui/polgen.glade:1869 msgid "Uses dbus" msgstr "" -#: ../gui/polgen.glade:2461 +#: ../gui/polgen.glade:1884 msgid "Sends audit messages" msgstr "" -#: ../gui/polgen.glade:2480 +#: ../gui/polgen.glade:1899 msgid "Interacts with the terminal" msgstr "" -#: ../gui/polgen.glade:2499 +#: ../gui/polgen.glade:1914 msgid "Sends email" msgstr "" -#: ../gui/polgen.glade:2530 -msgid "label115" -msgstr "" - -#: ../gui/polgen.glade:2559 +#: ../gui/polgen.glade:1961 msgid "Add files/directories that %s manages" msgstr "" -#: ../gui/polgen.glade:2788 +#: ../gui/polgen.glade:2122 msgid "" "Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib " "Files ..." msgstr "" -#: ../gui/polgen.glade:2823 -msgid "label116" -msgstr "" - -#: ../gui/polgen.glade:2852 +#: ../gui/polgen.glade:2166 msgid "Add booleans from the %s policy:" msgstr "" -#: ../gui/polgen.glade:3002 +#: ../gui/polgen.glade:2274 msgid "Add/Remove booleans used by the %s domain" msgstr "" -#: ../gui/polgen.glade:3066 +#: ../gui/polgen.glade:2316 msgid "Which directory you will generate the %s policy?" msgstr "" -#: ../gui/polgen.glade:3097 +#: ../gui/polgen.glade:2334 msgid "Policy Directory" msgstr "" -#: ../gui/polgen.glade:3254 -msgid "Add Booleans Dialog" -msgstr "" - -#: ../gui/polgen.glade:3327 -msgid "Boolean Name" -msgstr "" - -#: ../gui/polgengui.py:261 +#: ../gui/polgengui.py:262 msgid "Role" msgstr "" -#: ../gui/polgengui.py:268 +#: ../gui/polgengui.py:269 msgid "Existing_User" msgstr "" -#: ../gui/polgengui.py:282 ../gui/polgengui.py:290 ../gui/polgengui.py:304 +#: ../gui/polgengui.py:283 ../gui/polgengui.py:291 ../gui/polgengui.py:305 msgid "Application" msgstr "" -#: ../gui/polgengui.py:352 +#: ../gui/polgengui.py:353 #, python-format msgid "%s must be a directory" msgstr "" -#: ../gui/polgengui.py:412 ../gui/polgengui.py:693 +#: ../gui/polgengui.py:413 ../gui/polgengui.py:694 msgid "You must select a user" msgstr "" -#: ../gui/polgengui.py:542 +#: ../gui/polgengui.py:543 msgid "Select executable file to be confined." msgstr "" -#: ../gui/polgengui.py:553 +#: ../gui/polgengui.py:554 msgid "Select init script file to be confined." msgstr "" -#: ../gui/polgengui.py:563 +#: ../gui/polgengui.py:564 msgid "Select file(s) that confined application creates or writes" msgstr "" -#: ../gui/polgengui.py:570 +#: ../gui/polgengui.py:571 msgid "Select directory(s) that the confined application owns and writes into" msgstr "" -#: ../gui/polgengui.py:632 +#: ../gui/polgengui.py:633 msgid "Select directory to generate policy files in" msgstr "" -#: ../gui/polgengui.py:649 +#: ../gui/polgengui.py:650 #, python-format msgid "" "Type %s_t already defined in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:649 ../gui/polgengui.py:653 +#: ../gui/polgengui.py:650 ../gui/polgengui.py:654 msgid "Verify Name" msgstr "" -#: ../gui/polgengui.py:653 +#: ../gui/polgengui.py:654 #, python-format msgid "" "Module %s.pp already loaded in current policy.\n" "Do you want to continue?" msgstr "" -#: ../gui/polgengui.py:699 +#: ../gui/polgengui.py:700 msgid "" "You must add a name made up of letters and numbers and containing no spaces." msgstr "" -#: ../gui/polgengui.py:713 +#: ../gui/polgengui.py:714 msgid "You must enter a executable" msgstr "" -#: ../gui/polgengui.py:738 ../gui/system-config-selinux.py:174 +#: ../gui/polgengui.py:739 ../gui/system-config-selinux.py:174 msgid "Configue SELinux" msgstr "" -#: ../gui/polgen.py:158 -msgid "Internet Services Daemon" -msgstr "" - -#: ../gui/polgen.py:197 -#, python-format -msgid "Ports must be numbers or ranges of numbers from 1 to %d " -msgstr "" - -#: ../gui/polgen.py:324 -msgid "You must enter a name for your confined process/user" -msgstr "" - -#: ../gui/polgen.py:326 -msgid "" -"Name must be alpha numberic with no spaces. Consider using option \"-n " -"MODULENAME\"" -msgstr "" - -#: ../gui/polgen.py:414 -msgid "User Role types can not be assigned executables." -msgstr "" - -#: ../gui/polgen.py:420 -msgid "Only Daemon apps can use an init script.." -msgstr "" - -#: ../gui/polgen.py:438 -msgid "use_resolve must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:444 -msgid "use_syslog must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:450 -msgid "use_kerberos must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:456 -msgid "manage_krb5_rcache must be a boolean value " -msgstr "" - -#: ../gui/polgen.py:486 -msgid "USER Types automatically get a tmp type" -msgstr "" - -#: ../gui/polgen.py:1004 -msgid "You must enter the executable path for your confined process" -msgstr "" - -#: ../gui/polgen.py:1182 -msgid "Type Enforcement file" -msgstr "" - -#: ../gui/polgen.py:1183 -msgid "Interface file" -msgstr "" - -#: ../gui/polgen.py:1184 -msgid "File Contexts file" -msgstr "" - -#: ../gui/polgen.py:1185 -msgid "Setup Script" -msgstr "" - -#: ../gui/polgen.py:1306 -#, python-format -msgid "" -"\n" -"%s\n" -"\n" -"sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]\n" -"valid Types:\n" -msgstr "" - -#: ../gui/polgen.py:1354 -msgid "Executable or Name required" -msgstr "" - #: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528 msgid "Network Port" msgstr "" @@ -1948,1411 +1854,1499 @@ msgstr "" msgid "Group View" msgstr "" -#: ../gui/selinux.tbl:1 ../gui/selinux.tbl:30 ../gui/selinux.tbl:31 -#: ../gui/selinux.tbl:32 ../gui/selinux.tbl:33 ../gui/selinux.tbl:34 -#: ../gui/selinux.tbl:36 ../gui/selinux.tbl:37 ../gui/selinux.tbl:38 -#: ../gui/selinux.tbl:39 ../gui/selinux.tbl:40 ../gui/selinux.tbl:42 -#: ../gui/selinux.tbl:43 ../gui/selinux.tbl:44 ../gui/selinux.tbl:45 -#: ../gui/selinux.tbl:46 ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 -#: ../gui/selinux.tbl:49 ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 -#: ../gui/selinux.tbl:52 ../gui/selinux.tbl:53 ../gui/selinux.tbl:59 -#: ../gui/selinux.tbl:60 ../gui/selinux.tbl:61 ../gui/selinux.tbl:62 -#: ../gui/selinux.tbl:63 ../gui/selinux.tbl:64 ../gui/selinux.tbl:65 -#: ../gui/selinux.tbl:66 ../gui/selinux.tbl:67 ../gui/selinux.tbl:68 -#: ../gui/selinux.tbl:69 ../gui/selinux.tbl:75 ../gui/selinux.tbl:76 -#: ../gui/selinux.tbl:77 ../gui/selinux.tbl:78 ../gui/selinux.tbl:79 -#: ../gui/selinux.tbl:80 ../gui/selinux.tbl:81 ../gui/selinux.tbl:82 -#: ../gui/selinux.tbl:83 ../gui/selinux.tbl:84 ../gui/selinux.tbl:86 -#: ../gui/selinux.tbl:88 ../gui/selinux.tbl:89 ../gui/selinux.tbl:90 -#: ../gui/selinux.tbl:92 ../gui/selinux.tbl:94 ../gui/selinux.tbl:95 -#: ../gui/selinux.tbl:96 ../gui/selinux.tbl:97 ../gui/selinux.tbl:98 -#: ../gui/selinux.tbl:99 ../gui/selinux.tbl:100 ../gui/selinux.tbl:101 -#: ../gui/selinux.tbl:102 ../gui/selinux.tbl:103 ../gui/selinux.tbl:104 -#: ../gui/selinux.tbl:106 ../gui/selinux.tbl:108 ../gui/selinux.tbl:109 -#: ../gui/selinux.tbl:110 ../gui/selinux.tbl:111 ../gui/selinux.tbl:112 -#: ../gui/selinux.tbl:113 ../gui/selinux.tbl:114 ../gui/selinux.tbl:116 -#: ../gui/selinux.tbl:117 ../gui/selinux.tbl:119 ../gui/selinux.tbl:121 -#: ../gui/selinux.tbl:123 ../gui/selinux.tbl:124 ../gui/selinux.tbl:127 -#: ../gui/selinux.tbl:129 ../gui/selinux.tbl:130 ../gui/selinux.tbl:131 -#: ../gui/selinux.tbl:132 ../gui/selinux.tbl:133 ../gui/selinux.tbl:134 -#: ../gui/selinux.tbl:135 ../gui/selinux.tbl:136 ../gui/selinux.tbl:137 -#: ../gui/selinux.tbl:138 ../gui/selinux.tbl:139 ../gui/selinux.tbl:142 -#: ../gui/selinux.tbl:143 ../gui/selinux.tbl:144 ../gui/selinux.tbl:145 -#: ../gui/selinux.tbl:146 ../gui/selinux.tbl:147 ../gui/selinux.tbl:148 -#: ../gui/selinux.tbl:149 ../gui/selinux.tbl:150 ../gui/selinux.tbl:151 -#: ../gui/selinux.tbl:152 ../gui/selinux.tbl:154 ../gui/selinux.tbl:155 -#: ../gui/selinux.tbl:156 ../gui/selinux.tbl:157 ../gui/selinux.tbl:158 -#: ../gui/selinux.tbl:159 ../gui/selinux.tbl:160 ../gui/selinux.tbl:167 -#: ../gui/selinux.tbl:171 ../gui/selinux.tbl:172 ../gui/selinux.tbl:173 -#: ../gui/selinux.tbl:174 ../gui/selinux.tbl:175 ../gui/selinux.tbl:177 -#: ../gui/selinux.tbl:178 ../gui/selinux.tbl:179 ../gui/selinux.tbl:180 -#: ../gui/selinux.tbl:184 ../gui/selinux.tbl:192 ../gui/selinux.tbl:193 -#: ../gui/selinux.tbl:194 ../gui/selinux.tbl:195 ../gui/selinux.tbl:196 -#: ../gui/selinux.tbl:197 ../gui/selinux.tbl:198 ../gui/selinux.tbl:199 -#: ../gui/selinux.tbl:200 ../gui/selinux.tbl:201 ../gui/selinux.tbl:206 -#: ../gui/selinux.tbl:207 ../gui/selinux.tbl:218 ../gui/selinux.tbl:219 -#: ../gui/selinux.tbl:220 ../gui/selinux.tbl:222 ../gui/selinux.tbl:224 -#: ../gui/selinux.tbl:226 ../gui/selinux.tbl:227 ../gui/selinux.tbl:230 -msgid "SELinux Service Protection" -msgstr "" - -#: ../gui/selinux.tbl:1 -msgid "Disable SELinux protection for acct daemon" -msgstr "" - -#: ../gui/selinux.tbl:2 ../gui/selinux.tbl:3 ../gui/selinux.tbl:70 -#: ../gui/selinux.tbl:153 ../gui/selinux.tbl:168 ../gui/selinux.tbl:169 -#: ../gui/selinux.tbl:170 ../gui/selinux.tbl:189 ../gui/selinux.tbl:202 -#: ../gui/selinux.tbl:203 ../gui/selinux.tbl:204 ../gui/selinux.tbl:205 -msgid "Admin" -msgstr "" - -#: ../gui/selinux.tbl:2 -msgid "Allow all daemons to write corefiles to /" -msgstr "" - -#: ../gui/selinux.tbl:3 -msgid "Allow all daemons the ability to use unallocated ttys" -msgstr "" - -#: ../gui/selinux.tbl:4 ../gui/selinux.tbl:5 ../gui/selinux.tbl:11 -#: ../gui/selinux.tbl:12 ../gui/selinux.tbl:13 ../gui/selinux.tbl:15 -#: ../gui/selinux.tbl:20 ../gui/selinux.tbl:41 ../gui/selinux.tbl:208 -#: ../gui/selinux.tbl:210 ../gui/selinux.tbl:211 ../gui/selinux.tbl:212 -#: ../gui/selinux.tbl:213 ../gui/selinux.tbl:214 ../gui/selinux.tbl:215 -#: ../gui/selinux.tbl:216 ../gui/selinux.tbl:217 -msgid "User Privs" -msgstr "" - -#: ../gui/selinux.tbl:4 -msgid "" -"Allow gadmin SELinux user account to execute files in home directory or /tmp" -msgstr "" - -#: ../gui/selinux.tbl:5 -msgid "" -"Allow guest SELinux user account to execute files in home directory or /tmp" -msgstr "" - -#: ../gui/selinux.tbl:6 ../gui/selinux.tbl:9 ../gui/selinux.tbl:16 -msgid "Memory Protection" -msgstr "" - -#: ../gui/selinux.tbl:6 -msgid "Allow java executable stack" +#: ../gui/semanagePage.py:126 +#, python-format +msgid "Are you sure you want to delete %s '%s'?" msgstr "" -#: ../gui/selinux.tbl:7 ../gui/selinux.tbl:8 ../gui/selinux.tbl:35 -#: ../gui/selinux.tbl:209 -msgid "Mount" +#: ../gui/semanagePage.py:126 +#, python-format +msgid "Delete %s" msgstr "" -#: ../gui/selinux.tbl:7 -msgid "Allow mount to mount any file" +#: ../gui/semanagePage.py:134 +#, python-format +msgid "Add %s" msgstr "" -#: ../gui/selinux.tbl:8 -msgid "Allow mount to mount any directory" +#: ../gui/semanagePage.py:148 +#, python-format +msgid "Modify %s" msgstr "" -#: ../gui/selinux.tbl:9 -msgid "Allow mplayer executable stack" +#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 +msgid "Permissive" msgstr "" -#: ../gui/selinux.tbl:10 ../gui/selinux.tbl:162 ../gui/selinux.tbl:187 -#: ../gui/selinux.tbl:188 -msgid "SSH" +#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 +msgid "Enforcing" msgstr "" -#: ../gui/selinux.tbl:10 -msgid "Allow ssh to run ssh-keysign" +#: ../gui/statusPage.py:94 +msgid "Status" msgstr "" -#: ../gui/selinux.tbl:11 +#: ../gui/statusPage.py:133 msgid "" -"Allow staff SELinux user account to execute files in home directory or /tmp" +"Changing the policy type will cause a relabel of the entire file system on " +"the next boot. Relabeling takes a long time depending on the size of the " +"file system. Do you wish to continue?" msgstr "" -#: ../gui/selinux.tbl:12 +#: ../gui/statusPage.py:147 msgid "" -"Allow sysadm SELinux user account to execute files in home directory or /tmp" +"Changing to SELinux disabled requires a reboot. It is not recommended. If " +"you later decide to turn SELinux back on, the system will be required to " +"relabel. If you just want to see if SELinux is causing a problem on your " +"system, you can go to permissive mode which will only log errors and not " +"enforce SELinux policy. Permissive mode does not require a reboot Do you " +"wish to continue?" msgstr "" -#: ../gui/selinux.tbl:13 +#: ../gui/statusPage.py:152 msgid "" -"Allow unconfined SELinux user account to execute files in home directory or /" -"tmp" -msgstr "" - -#: ../gui/selinux.tbl:14 -msgid "Network Configuration" +"Changing to SELinux enabled will cause a relabel of the entire file system " +"on the next boot. Relabeling takes a long time depending on the size of the " +"file system. Do you wish to continue?" msgstr "" -#: ../gui/selinux.tbl:14 -msgid "Allow unlabeled packets to flow on the network" +#: ../gui/system-config-selinux.glade:11 +msgid "system-config-selinux" msgstr "" -#: ../gui/selinux.tbl:15 +#: ../gui/system-config-selinux.glade:12 msgid "" -"Allow user SELinux user account to execute files in home directory or /tmp" +"Copyright (c)2006 Red Hat, Inc.\n" +"Copyright (c) 2006 Dan Walsh " msgstr "" -#: ../gui/selinux.tbl:16 -msgid "Allow unconfined to dyntrans to unconfined_execmem" +#: ../gui/system-config-selinux.glade:22 +#: ../gui/system-config-selinux.glade:544 +msgid "Add SELinux Login Mapping" msgstr "" -#: ../gui/selinux.tbl:17 ../gui/selinux.tbl:18 ../gui/selinux.tbl:120 -#: ../gui/selinux.tbl:140 -msgid "Databases" +#: ../gui/system-config-selinux.glade:257 +msgid "Add SELinux Network Ports" msgstr "" -#: ../gui/selinux.tbl:17 -msgid "Allow user to connect to mysql socket" +#: ../gui/system-config-selinux.glade:391 +#: ../gui/system-config-selinux.glade:678 +msgid "SELinux Type" msgstr "" -#: ../gui/selinux.tbl:18 -msgid "Allow user to connect to postgres socket" +#: ../gui/system-config-selinux.glade:622 +msgid "File Specification" msgstr "" -#: ../gui/selinux.tbl:19 ../gui/selinux.tbl:165 ../gui/selinux.tbl:223 -msgid "XServer" +#: ../gui/system-config-selinux.glade:650 +msgid "File Type" msgstr "" -#: ../gui/selinux.tbl:19 -msgid "Allow clients to write to X shared memory" -msgstr "" +#: ../gui/system-config-selinux.glade:727 +msgid "" +"all files\n" +"regular file\n" +"directory\n" +"character device\n" +"block device\n" +"socket\n" +"symbolic link\n" +"named pipe\n" +msgstr "" + +#: ../gui/system-config-selinux.glade:773 +msgid "MLS" +msgstr "" + +#: ../gui/system-config-selinux.glade:837 +msgid "Add SELinux User" +msgstr "" + +#: ../gui/system-config-selinux.glade:1079 +msgid "SELinux Administration" +msgstr "" + +#: ../gui/system-config-selinux.glade:1122 +msgid "Add" +msgstr "" + +#: ../gui/system-config-selinux.glade:1144 +msgid "_Properties" +msgstr "" + +#: ../gui/system-config-selinux.glade:1166 +msgid "_Delete" +msgstr "" + +#: ../gui/system-config-selinux.glade:1256 +msgid "Select Management Object" +msgstr "" + +#: ../gui/system-config-selinux.glade:1273 +msgid "Select:" +msgstr "" + +#: ../gui/system-config-selinux.glade:1326 +msgid "System Default Enforcing Mode" +msgstr "" + +#: ../gui/system-config-selinux.glade:1354 +msgid "" +"Disabled\n" +"Permissive\n" +"Enforcing\n" +msgstr "" + +#: ../gui/system-config-selinux.glade:1373 +msgid "Current Enforcing Mode" +msgstr "" + +#: ../gui/system-config-selinux.glade:1418 +msgid "System Default Policy Type: " +msgstr "" -#: ../gui/selinux.tbl:20 +#: ../gui/system-config-selinux.glade:1463 msgid "" -"Allow xguest SELinux user account to execute files in home directory or /tmp" +"Select if you wish to relabel then entire file system on next reboot. " +"Relabeling can take a very long time, depending on the size of the system. " +"If you are changing policy types or going from disabled to enforcing, a " +"relabel is required." msgstr "" -#: ../gui/selinux.tbl:21 ../gui/selinux.tbl:228 ../gui/selinux.tbl:229 -#: ../gui/selinux.tbl:231 -msgid "NIS" +#: ../gui/system-config-selinux.glade:1509 +msgid "Relabel on next reboot." +msgstr "" + +#: ../gui/system-config-selinux.glade:1561 +msgid "label37" +msgstr "" + +#: ../gui/system-config-selinux.glade:1598 +msgid "Revert boolean setting to system default" +msgstr "" + +#: ../gui/system-config-selinux.glade:1614 +msgid "Toggle between Customized and All Booleans" +msgstr "" + +#: ../gui/system-config-selinux.glade:1645 +#: ../gui/system-config-selinux.glade:1850 +#: ../gui/system-config-selinux.glade:2037 +#: ../gui/system-config-selinux.glade:2224 +#: ../gui/system-config-selinux.glade:2467 +#: ../gui/system-config-selinux.glade:2692 +#: ../gui/system-config-selinux.glade:2867 +msgid "Filter" +msgstr "" + +#: ../gui/system-config-selinux.glade:1734 +msgid "label50" +msgstr "" + +#: ../gui/system-config-selinux.glade:1771 +msgid "Add File Context" +msgstr "" + +#: ../gui/system-config-selinux.glade:1787 +msgid "Modify File Context" +msgstr "" + +#: ../gui/system-config-selinux.glade:1803 +msgid "Delete File Context" msgstr "" -#: ../gui/selinux.tbl:21 -msgid "Allow daemons to run with NIS" +#: ../gui/system-config-selinux.glade:1819 +msgid "Toggle between all and customized file context" msgstr "" -#: ../gui/selinux.tbl:22 ../gui/selinux.tbl:23 ../gui/selinux.tbl:24 -#: ../gui/selinux.tbl:25 ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 -#: ../gui/selinux.tbl:28 ../gui/selinux.tbl:29 ../gui/selinux.tbl:71 -#: ../gui/selinux.tbl:73 ../gui/selinux.tbl:74 ../gui/selinux.tbl:115 -#: ../gui/selinux.tbl:118 -msgid "Web Applications" +#: ../gui/system-config-selinux.glade:1939 +msgid "label38" msgstr "" -#: ../gui/selinux.tbl:22 -msgid "Transition staff SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:1976 +msgid "Add SELinux User Mapping" msgstr "" -#: ../gui/selinux.tbl:23 -msgid "Transition sysadm SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:1992 +msgid "Modify SELinux User Mapping" msgstr "" -#: ../gui/selinux.tbl:24 -msgid "Transition user SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:2008 +msgid "Delete SELinux User Mapping" msgstr "" -#: ../gui/selinux.tbl:25 -msgid "Transition xguest SELinux user to Web Browser Domain" +#: ../gui/system-config-selinux.glade:2126 +msgid "label39" msgstr "" -#: ../gui/selinux.tbl:26 ../gui/selinux.tbl:27 ../gui/selinux.tbl:28 -#: ../gui/selinux.tbl:29 -msgid "Allow staff Web Browsers to write to home directories" +#: ../gui/system-config-selinux.glade:2163 +msgid "Add User" msgstr "" -#: ../gui/selinux.tbl:30 -msgid "Disable SELinux protection for amanda" +#: ../gui/system-config-selinux.glade:2179 +msgid "Modify User" msgstr "" -#: ../gui/selinux.tbl:31 -msgid "Disable SELinux protection for amavis" +#: ../gui/system-config-selinux.glade:2195 +msgid "Delete User" msgstr "" -#: ../gui/selinux.tbl:32 -msgid "Disable SELinux protection for apmd daemon" +#: ../gui/system-config-selinux.glade:2313 +msgid "label41" msgstr "" -#: ../gui/selinux.tbl:33 -msgid "Disable SELinux protection for arpwatch daemon" +#: ../gui/system-config-selinux.glade:2350 +msgid "Add Network Port" msgstr "" -#: ../gui/selinux.tbl:34 -msgid "Disable SELinux protection for auditd daemon" +#: ../gui/system-config-selinux.glade:2366 +msgid "Edit Network Port" msgstr "" -#: ../gui/selinux.tbl:35 -msgid "Disable SELinux protection for automount daemon" +#: ../gui/system-config-selinux.glade:2382 +msgid "Delete Network Port" msgstr "" -#: ../gui/selinux.tbl:36 -msgid "Disable SELinux protection for avahi" +#: ../gui/system-config-selinux.glade:2418 +#: ../gui/system-config-selinux.glade:2436 +msgid "Toggle between Customized and All Ports" msgstr "" -#: ../gui/selinux.tbl:37 -msgid "Disable SELinux protection for bluetooth daemon" +#: ../gui/system-config-selinux.glade:2556 +msgid "label42" msgstr "" -#: ../gui/selinux.tbl:38 -msgid "Disable SELinux protection for canna daemon" +#: ../gui/system-config-selinux.glade:2593 +msgid "Generate new policy module" msgstr "" -#: ../gui/selinux.tbl:39 -msgid "Disable SELinux protection for cardmgr daemon" +#: ../gui/system-config-selinux.glade:2609 +msgid "Load policy module" msgstr "" -#: ../gui/selinux.tbl:40 -msgid "Disable SELinux protection for Cluster Server" +#: ../gui/system-config-selinux.glade:2625 +msgid "Remove loadable policy module" msgstr "" -#: ../gui/selinux.tbl:41 +#: ../gui/system-config-selinux.glade:2661 msgid "" -"Allow cdrecord to read various content. nfs, samba, removable devices, user " -"temp and untrusted content files" +"Enable/Disable additional audit rules, that are normally not reported in the " +"log files." msgstr "" -#: ../gui/selinux.tbl:42 -msgid "Disable SELinux protection for ciped daemon" +#: ../gui/system-config-selinux.glade:2781 +msgid "label44" msgstr "" -#: ../gui/selinux.tbl:43 -msgid "Disable SELinux protection for clamd daemon" +#: ../gui/system-config-selinux.glade:2818 +msgid "Change process mode to permissive." msgstr "" -#: ../gui/selinux.tbl:44 -msgid "Disable SELinux protection for clamscan" +#: ../gui/system-config-selinux.glade:2836 +msgid "Change process mode to enforcing" msgstr "" -#: ../gui/selinux.tbl:45 -msgid "Disable SELinux protection for clvmd" +#: ../gui/system-config-selinux.glade:2928 +msgid "Process Domain" msgstr "" -#: ../gui/selinux.tbl:46 -msgid "Disable SELinux protection for comsat daemon" +#: ../gui/system-config-selinux.glade:2956 +msgid "label59" msgstr "" -#: ../gui/selinux.tbl:47 ../gui/selinux.tbl:48 ../gui/selinux.tbl:49 -#: ../gui/selinux.tbl:50 ../gui/selinux.tbl:51 -msgid "Disable SELinux protection for courier daemon" +#: ../gui/usersPage.py:138 +#, python-format +msgid "SELinux user '%s' is required" msgstr "" -#: ../gui/selinux.tbl:52 -msgid "Disable SELinux protection for cpucontrol daemon" +#: ../sepolicy/sepolicy.py:106 +msgid "Generate SELinux man pages" msgstr "" -#: ../gui/selinux.tbl:53 -msgid "Disable SELinux protection for cpuspeed daemon" +#: ../sepolicy/sepolicy.py:110 +msgid "path in which the generated SELinux man pages will be stored" msgstr "" -#: ../gui/selinux.tbl:54 -msgid "Cron" +#: ../sepolicy/sepolicy.py:114 +msgid "All domains" msgstr "" -#: ../gui/selinux.tbl:54 -msgid "Disable SELinux protection for crond daemon" +#: ../sepolicy/sepolicy.py:116 +msgid "Domain name(s) of man pages to be created" msgstr "" -#: ../gui/selinux.tbl:55 ../gui/selinux.tbl:56 ../gui/selinux.tbl:57 -#: ../gui/selinux.tbl:91 -msgid "Printing" +#: ../sepolicy/sepolicy.py:164 +msgid "Query SELinux policy network information" msgstr "" -#: ../gui/selinux.tbl:55 -msgid "Disable SELinux protection for cupsd back end server" +#: ../sepolicy/sepolicy.py:169 +msgid "list all SELinux port types" msgstr "" -#: ../gui/selinux.tbl:56 -msgid "Disable SELinux protection for cupsd daemon" +#: ../sepolicy/sepolicy.py:172 +msgid "show SELinux type related to the port" msgstr "" -#: ../gui/selinux.tbl:57 -msgid "Disable SELinux protection for cupsd_lpd" +#: ../sepolicy/sepolicy.py:175 +msgid "Show ports defined for this SELinux type" msgstr "" -#: ../gui/selinux.tbl:58 -msgid "CVS" +#: ../sepolicy/sepolicy.py:178 +msgid "show ports to which this domain can bind and/or connect" msgstr "" -#: ../gui/selinux.tbl:58 -msgid "Disable SELinux protection for cvs daemon" +#: ../sepolicy/sepolicy.py:192 +msgid "query SELinux policy to see if domains can communicate with each other" msgstr "" -#: ../gui/selinux.tbl:59 -msgid "Disable SELinux protection for cyrus daemon" +#: ../sepolicy/sepolicy.py:195 +msgid "Source Domain" msgstr "" -#: ../gui/selinux.tbl:60 -msgid "Disable SELinux protection for dbskkd daemon" +#: ../sepolicy/sepolicy.py:198 +msgid "Target Domain" msgstr "" -#: ../gui/selinux.tbl:61 -msgid "Disable SELinux protection for dbusd daemon" +#: ../sepolicy/sepolicy.py:215 +msgid "query SELinux Policy to see description of booleans" msgstr "" -#: ../gui/selinux.tbl:62 -msgid "Disable SELinux protection for dccd" +#: ../sepolicy/sepolicy.py:219 +msgid "get all booleans desctiption" msgstr "" -#: ../gui/selinux.tbl:63 -msgid "Disable SELinux protection for dccifd" +#: ../sepolicy/sepolicy.py:221 +msgid "boolean to get description" msgstr "" -#: ../gui/selinux.tbl:64 -msgid "Disable SELinux protection for dccm" +#: ../sepolicy/sepolicy.py:231 +msgid "" +"query SELinux Policy to see how a source process domain can transition to " +"the target process domain" msgstr "" -#: ../gui/selinux.tbl:65 -msgid "Disable SELinux protection for ddt daemon" +#: ../sepolicy/sepolicy.py:234 +msgid "source process domain" msgstr "" -#: ../gui/selinux.tbl:66 -msgid "Disable SELinux protection for devfsd daemon" +#: ../sepolicy/sepolicy.py:237 +msgid "target process domain" msgstr "" -#: ../gui/selinux.tbl:67 -msgid "Disable SELinux protection for dhcpc daemon" +#: ../sepolicy/sepolicy.py:259 +msgid "Generate SELinux Policy module template" msgstr "" -#: ../gui/selinux.tbl:68 -msgid "Disable SELinux protection for dhcpd daemon" +#: ../sepolicy/sepolicy.py:265 +msgid "name of policy to generate" msgstr "" -#: ../gui/selinux.tbl:69 -msgid "Disable SELinux protection for dictd daemon" +#: ../sepolicy/sepolicy.py:267 +msgid "executable to confine" msgstr "" -#: ../gui/selinux.tbl:70 -msgid "Allow sysadm_t to directly start daemons" +#: ../sepolicy/sepolicy.py:269 +msgid "run policy generation test suite" msgstr "" -#: ../gui/selinux.tbl:71 -msgid "Disable SELinux protection for Evolution" +#: ../sepolicy/sepolicy.py:274 +msgid "commands" msgstr "" -#: ../gui/selinux.tbl:72 -msgid "Games" +#: ../sepolicy/sepolicy/generate.py:185 +msgid "Internet Services Daemon" msgstr "" -#: ../gui/selinux.tbl:72 -msgid "Disable SELinux protection for games" +#: ../sepolicy/sepolicy/generate.py:198 +msgid "Valid Types:\n" msgstr "" -#: ../gui/selinux.tbl:73 -msgid "Disable SELinux protection for the web browsers" +#: ../sepolicy/sepolicy/generate.py:232 +#, python-format +msgid "Ports must be numbers or ranges of numbers from 1 to %d " msgstr "" -#: ../gui/selinux.tbl:74 -msgid "Disable SELinux protection for Thunderbird" +#: ../sepolicy/sepolicy/generate.py:359 +msgid "You must enter a name for your confined process/user" msgstr "" -#: ../gui/selinux.tbl:75 -msgid "Disable SELinux protection for distccd daemon" +#: ../sepolicy/sepolicy/generate.py:361 +msgid "" +"Name must be alpha numberic with no spaces. Consider using option \"-n " +"MODULENAME\"" msgstr "" -#: ../gui/selinux.tbl:76 -msgid "Disable SELinux protection for dmesg daemon" +#: ../sepolicy/sepolicy/generate.py:449 +msgid "User Role types can not be assigned executables." msgstr "" -#: ../gui/selinux.tbl:77 -msgid "Disable SELinux protection for dnsmasq daemon" +#: ../sepolicy/sepolicy/generate.py:455 +msgid "Only Daemon apps can use an init script.." msgstr "" -#: ../gui/selinux.tbl:78 -msgid "Disable SELinux protection for dovecot daemon" +#: ../sepolicy/sepolicy/generate.py:473 +msgid "use_resolve must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:79 -msgid "Disable SELinux protection for entropyd daemon" +#: ../sepolicy/sepolicy/generate.py:479 +msgid "use_syslog must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:80 -msgid "Disable SELinux protection for fetchmail" +#: ../sepolicy/sepolicy/generate.py:485 +msgid "use_kerberos must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:81 -msgid "Disable SELinux protection for fingerd daemon" +#: ../sepolicy/sepolicy/generate.py:491 +msgid "manage_krb5_rcache must be a boolean value " msgstr "" -#: ../gui/selinux.tbl:82 -msgid "Disable SELinux protection for freshclam daemon" +#: ../sepolicy/sepolicy/generate.py:521 +msgid "USER Types automatically get a tmp type" msgstr "" -#: ../gui/selinux.tbl:83 -msgid "Disable SELinux protection for fsdaemon daemon" +#: ../sepolicy/sepolicy/generate.py:1039 +msgid "You must enter the executable path for your confined process" msgstr "" -#: ../gui/selinux.tbl:84 -msgid "Disable SELinux protection for gpm daemon" +#: ../sepolicy/sepolicy/generate.py:1272 +msgid "Type Enforcement file" msgstr "" -#: ../gui/selinux.tbl:85 ../gui/selinux.tbl:125 -msgid "NFS" +#: ../sepolicy/sepolicy/generate.py:1273 +msgid "Interface file" msgstr "" -#: ../gui/selinux.tbl:85 -msgid "Disable SELinux protection for gss daemon" +#: ../sepolicy/sepolicy/generate.py:1274 +msgid "File Contexts file" msgstr "" -#: ../gui/selinux.tbl:86 -msgid "Disable SELinux protection for Hal daemon" +#: ../sepolicy/sepolicy/generate.py:1275 +msgid "Spec file" msgstr "" -#: ../gui/selinux.tbl:87 -msgid "Compatibility" +#: ../sepolicy/sepolicy/generate.py:1276 +msgid "Setup Script" msgstr "" -#: ../gui/selinux.tbl:87 +#: booleans.py:1 msgid "" -"Do not audit things that we know to be broken but which are not security " -"risks" +"Allow ABRT to modify public files used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:88 -msgid "Disable SELinux protection for hostname daemon" +#: booleans.py:2 +msgid "" +"Allow ABRT to run in abrt_handle_event_t domain to handle ABRT event scripts" msgstr "" -#: ../gui/selinux.tbl:89 -msgid "Disable SELinux protection for hotplug daemon" +#: booleans.py:3 +msgid "Allow amavis to use JIT compiler" msgstr "" -#: ../gui/selinux.tbl:90 -msgid "Disable SELinux protection for howl daemon" +#: booleans.py:4 +msgid "Allow antivirus programs to read non security files on a system" msgstr "" -#: ../gui/selinux.tbl:91 -msgid "Disable SELinux protection for cups hplip daemon" +#: booleans.py:5 +msgid "" +"Allow users to resolve user passwd entries directly from ldap rather then " +"using a sssd server" msgstr "" -#: ../gui/selinux.tbl:92 -msgid "Disable SELinux protection for httpd rotatelogs" +#: booleans.py:6 +msgid "Allow users to login using a radius server" msgstr "" -#: ../gui/selinux.tbl:93 ../gui/selinux.tbl:232 ../gui/selinux.tbl:233 -msgid "HTTPD Service" +#: booleans.py:7 +msgid "Allow users to login using a yubikey server" msgstr "" -#: ../gui/selinux.tbl:93 -msgid "Disable SELinux protection for http suexec" +#: booleans.py:8 +msgid "" +"Allow cdrecord to read various content. nfs, samba, removable devices, user " +"temp and untrusted content files" msgstr "" -#: ../gui/selinux.tbl:94 -msgid "Disable SELinux protection for hwclock daemon" +#: booleans.py:9 +msgid "Allow clamd to use JIT compiler" msgstr "" -#: ../gui/selinux.tbl:95 -msgid "Disable SELinux protection for i18n daemon" +#: booleans.py:10 +msgid "Allow clamscan to non security files on a system" msgstr "" -#: ../gui/selinux.tbl:96 -msgid "Disable SELinux protection for imazesrv daemon" +#: booleans.py:11 +msgid "Allow clamscan to read user content" msgstr "" -#: ../gui/selinux.tbl:97 -msgid "Disable SELinux protection for inetd child daemons" +#: booleans.py:12 +msgid "" +"Allow Cobbler to modify public files used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:98 -msgid "Disable SELinux protection for inetd daemon" +#: booleans.py:13 +msgid "Allow Cobbler to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:99 -msgid "Disable SELinux protection for innd daemon" +#: booleans.py:14 +msgid "Allow Cobbler to access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:100 -msgid "Disable SELinux protection for iptables daemon" +#: booleans.py:15 +msgid "Allow Cobbler to access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:101 -msgid "Disable SELinux protection for ircd daemon" +#: booleans.py:16 +msgid "Allow collectd to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:102 -msgid "Disable SELinux protection for irqbalance daemon" +#: booleans.py:17 +msgid "Allow codnor domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:103 -msgid "Disable SELinux protection for iscsi daemon" +#: booleans.py:18 +msgid "" +"Allow system cron jobs to relabel filesystem for restoring file contexts." msgstr "" -#: ../gui/selinux.tbl:104 -msgid "Disable SELinux protection for jabberd daemon" +#: booleans.py:19 +msgid "Allow cvs daemon to read shadow" msgstr "" -#: ../gui/selinux.tbl:105 ../gui/selinux.tbl:107 -msgid "Kerberos" +#: booleans.py:20 +msgid "Allow all daemons to write corefiles to /" msgstr "" -#: ../gui/selinux.tbl:105 -msgid "Disable SELinux protection for kadmind daemon" +#: booleans.py:21 +msgid "Allow all daemons to use tcp wrappers." msgstr "" -#: ../gui/selinux.tbl:106 -msgid "Disable SELinux protection for klogd daemon" +#: booleans.py:22 +msgid "Allow all daemons the ability to read/write terminals" msgstr "" -#: ../gui/selinux.tbl:107 -msgid "Disable SELinux protection for krb5kdc daemon" +#: booleans.py:23 +msgid "Allow dbadm to manage files in users home directories" msgstr "" -#: ../gui/selinux.tbl:108 -msgid "Disable SELinux protection for ktalk daemons" +#: booleans.py:24 +msgid "Allow dbadm to read files in users home directories" msgstr "" -#: ../gui/selinux.tbl:109 -msgid "Disable SELinux protection for kudzu daemon" +#: booleans.py:25 +msgid "" +"Deny user domains applications to map a memory region as both executable and " +"writable, this is dangerous and the executable should be reported in bugzilla" msgstr "" -#: ../gui/selinux.tbl:110 -msgid "Disable SELinux protection for locate daemon" +#: booleans.py:26 +msgid "Allow sysadm to debug or ptrace all processes." msgstr "" -#: ../gui/selinux.tbl:111 -msgid "Disable SELinux protection for lpd daemon" +#: booleans.py:27 +msgid "Allow dhcpc client applications to execute iptables commands" msgstr "" -#: ../gui/selinux.tbl:112 -msgid "Disable SELinux protection for lrrd daemon" +#: booleans.py:28 +msgid "Allow DHCP daemon to use LDAP backends" msgstr "" -#: ../gui/selinux.tbl:113 -msgid "Disable SELinux protection for lvm daemon" +#: booleans.py:29 +msgid "Allow all domains to use other domains file descriptors" msgstr "" -#: ../gui/selinux.tbl:114 -msgid "Disable SELinux protection for mailman" +#: booleans.py:30 +msgid "Allow all domains to have the kernel load modules" msgstr "" -#: ../gui/selinux.tbl:115 -msgid "Allow evolution and thunderbird to read user files" +#: booleans.py:31 +msgid "Allow the use of the audio devices as the source for the entropy feeds" msgstr "" -#: ../gui/selinux.tbl:116 -msgid "Disable SELinux protection for mdadm daemon" +#: booleans.py:32 +msgid "Allow exim to connect to databases (postgres, mysql)" msgstr "" -#: ../gui/selinux.tbl:117 -msgid "Disable SELinux protection for monopd daemon" +#: booleans.py:33 +msgid "Allow exim to create, read, write, and delete unprivileged user files." msgstr "" -#: ../gui/selinux.tbl:118 -msgid "Allow the mozilla browser to read user files" +#: booleans.py:34 +msgid "Allow exim to read unprivileged user files." msgstr "" -#: ../gui/selinux.tbl:119 -msgid "Disable SELinux protection for mrtg daemon" +#: booleans.py:35 +msgid "Enable extra rules in the cron domain to support fcron." msgstr "" -#: ../gui/selinux.tbl:120 -msgid "Disable SELinux protection for mysqld daemon" +#: booleans.py:36 +msgid "Allow fenced domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:121 -msgid "Disable SELinux protection for nagios daemon" +#: booleans.py:37 +msgid "Allow fenced domain to execute ssh." msgstr "" -#: ../gui/selinux.tbl:122 ../gui/selinux.tbl:128 -msgid "Name Service" +#: booleans.py:38 +msgid "Allow ftp to read and write files in the user home directories" msgstr "" -#: ../gui/selinux.tbl:122 -msgid "Disable SELinux protection for named daemon" +#: booleans.py:39 +msgid "" +"Allow ftp servers to upload files, used for public file transfer services. " +"Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:123 -msgid "Disable SELinux protection for nessusd daemon" +#: booleans.py:40 +msgid "Allow ftp servers to connect to all ports > 1023" msgstr "" -#: ../gui/selinux.tbl:124 -msgid "Disable SELinux protection for NetworkManager" +#: booleans.py:41 +msgid "Allow ftp servers to connect to mysql database ports" msgstr "" -#: ../gui/selinux.tbl:125 -msgid "Disable SELinux protection for nfsd daemon" +#: booleans.py:42 +msgid "" +"Allow ftp servers to login to local users and read/write all files on the " +"system, governed by DAC." msgstr "" -#: ../gui/selinux.tbl:126 ../gui/selinux.tbl:163 ../gui/selinux.tbl:176 -#: ../gui/selinux.tbl:221 -msgid "Samba" +#: booleans.py:43 +msgid "Allow ftp servers to use cifs used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:126 -msgid "Disable SELinux protection for nmbd daemon" +#: booleans.py:44 +msgid "Allow ftp servers to use nfs used for public file transfer services." msgstr "" -#: ../gui/selinux.tbl:127 -msgid "Disable SELinux protection for nrpe daemon" +#: booleans.py:45 +msgid "Allow ftp servers to use bind to all unreserved ports for passive mode" msgstr "" -#: ../gui/selinux.tbl:128 -msgid "Disable SELinux protection for nscd daemon" +#: booleans.py:46 +msgid "Determine whether Git CGI can search home directories." msgstr "" -#: ../gui/selinux.tbl:129 -msgid "Disable SELinux protection for nsd daemon" +#: booleans.py:47 +msgid "Determine whether Git CGI can access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:130 -msgid "Disable SELinux protection for ntpd daemon" +#: booleans.py:48 +msgid "Determine whether Git CGI can access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:131 -msgid "Disable SELinux protection for oddjob" +#: booleans.py:49 +msgid "" +"Determine whether Git session daemon can bind TCP sockets to all unreserved " +"ports." msgstr "" -#: ../gui/selinux.tbl:132 -msgid "Disable SELinux protection for oddjob_mkhomedir" +#: booleans.py:50 +msgid "" +"Determine whether calling user domains can execute Git daemon in the " +"git_session_t domain." msgstr "" -#: ../gui/selinux.tbl:133 -msgid "Disable SELinux protection for openvpn daemon" +#: booleans.py:51 +msgid "Determine whether Git system daemon can search home directories." msgstr "" -#: ../gui/selinux.tbl:134 -msgid "Disable SELinux protection for pam daemon" +#: booleans.py:52 +msgid "Determine whether Git system daemon can access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:135 -msgid "Disable SELinux protection for pegasus" +#: booleans.py:53 +msgid "Determine whether Git system daemon can access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:136 -msgid "Disable SELinux protection for perdition daemon" +#: booleans.py:54 +msgid "Allow gitisis daemon to send mail" msgstr "" -#: ../gui/selinux.tbl:137 -msgid "Disable SELinux protection for portmap daemon" +#: booleans.py:55 +msgid "Enable reading of urandom for all domains." msgstr "" -#: ../gui/selinux.tbl:138 -msgid "Disable SELinux protection for portslave daemon" +#: booleans.py:56 +msgid "" +"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-" +"agent to manage user files." msgstr "" -#: ../gui/selinux.tbl:139 -msgid "Disable SELinux protection for postfix" +#: booleans.py:57 +msgid "" +"Allow gpg web domain to modify public files used for public file transfer " +"services." msgstr "" -#: ../gui/selinux.tbl:140 -msgid "Disable SELinux protection for postgresql daemon" +#: booleans.py:58 +msgid "Allow gssd to read temp directory. For access to kerberos tgt." msgstr "" -#: ../gui/selinux.tbl:141 -msgid "pppd" +#: booleans.py:59 +msgid "" +"Allow Apache to modify public files used for public file transfer services. " +"Directories/Files must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:141 -msgid "Allow pppd to be run for a regular user" +#: booleans.py:60 +msgid "Allow httpd to use built in scripting (usually php)" msgstr "" -#: ../gui/selinux.tbl:142 -msgid "Disable SELinux protection for pptp" +#: booleans.py:61 +msgid "Allow http daemon to check spam" msgstr "" -#: ../gui/selinux.tbl:143 -msgid "Disable SELinux protection for prelink daemon" +#: booleans.py:62 +msgid "" +"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral " +"ports" msgstr "" -#: ../gui/selinux.tbl:144 -msgid "Disable SELinux protection for privoxy daemon" +#: booleans.py:63 +msgid "Allow httpd to connect to the ldap port" msgstr "" -#: ../gui/selinux.tbl:145 -msgid "Disable SELinux protection for ptal daemon" +#: booleans.py:64 +msgid "Allow http daemon to connect to zabbix" msgstr "" -#: ../gui/selinux.tbl:146 -msgid "Disable SELinux protection for pxe daemon" +#: booleans.py:65 +msgid "Allow HTTPD scripts and modules to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:147 -msgid "Disable SELinux protection for pyzord" +#: booleans.py:66 +msgid "Allow HTTPD scripts and modules to connect to cobbler over the network." msgstr "" -#: ../gui/selinux.tbl:148 -msgid "Disable SELinux protection for quota daemon" +#: booleans.py:67 +msgid "" +"Allow HTTPD scripts and modules to connect to databases over the network." msgstr "" -#: ../gui/selinux.tbl:149 -msgid "Disable SELinux protection for radiusd daemon" +#: booleans.py:68 +msgid "Allow httpd to connect to memcache server" msgstr "" -#: ../gui/selinux.tbl:150 -msgid "Disable SELinux protection for radvd daemon" +#: booleans.py:69 +msgid "Allow httpd to act as a relay" msgstr "" -#: ../gui/selinux.tbl:151 -msgid "Disable SELinux protection for rdisc" +#: booleans.py:70 +msgid "Allow http daemon to send mail" msgstr "" -#: ../gui/selinux.tbl:152 -msgid "Disable SELinux protection for readahead" +#: booleans.py:71 +msgid "Allow Apache to communicate with avahi service via dbus" msgstr "" -#: ../gui/selinux.tbl:153 -msgid "Allow programs to read files in non-standard locations (default_t)" +#: booleans.py:72 +msgid "Allow httpd cgi support" msgstr "" -#: ../gui/selinux.tbl:154 -msgid "Disable SELinux protection for restorecond" +#: booleans.py:73 +msgid "Allow httpd to act as a FTP server by listening on the ftp port." msgstr "" -#: ../gui/selinux.tbl:155 -msgid "Disable SELinux protection for rhgb daemon" +#: booleans.py:74 +msgid "Allow httpd to read home directories" msgstr "" -#: ../gui/selinux.tbl:156 -msgid "Disable SELinux protection for ricci" +#: booleans.py:75 +msgid "Allow httpd scripts and modules execmem/execstack" msgstr "" -#: ../gui/selinux.tbl:157 -msgid "Disable SELinux protection for ricci_modclusterd" +#: booleans.py:76 +msgid "Allow HTTPD to connect to port 80 for graceful shutdown" msgstr "" -#: ../gui/selinux.tbl:158 -msgid "Disable SELinux protection for rlogind daemon" +#: booleans.py:77 +msgid "Allow httpd processes to manage IPA content" msgstr "" -#: ../gui/selinux.tbl:159 -msgid "Disable SELinux protection for rpcd daemon" +#: booleans.py:78 +msgid "Allow Apache to use mod_auth_ntlm_winbind" msgstr "" -#: ../gui/selinux.tbl:160 -msgid "Disable SELinux protection for rshd" +#: booleans.py:79 +msgid "Allow Apache to use mod_auth_pam" msgstr "" -#: ../gui/selinux.tbl:161 -msgid "rsync" +#: booleans.py:80 +msgid "Allow httpd to read user content" msgstr "" -#: ../gui/selinux.tbl:161 -msgid "Disable SELinux protection for rsync daemon" +#: booleans.py:81 +msgid "Allow Apache to run in stickshift mode, not transition to passenger" msgstr "" -#: ../gui/selinux.tbl:162 -msgid "Allow ssh to run from inetd instead of as a daemon" +#: booleans.py:82 +msgid "Allow httpd daemon to change its resource limits" msgstr "" -#: ../gui/selinux.tbl:163 -msgid "Allow Samba to share nfs directories" +#: booleans.py:83 +msgid "" +"Allow HTTPD to run SSI executables in the same domain as system CGI scripts." msgstr "" -#: ../gui/selinux.tbl:164 ../gui/selinux.tbl:166 -msgid "SASL authentication server" +#: booleans.py:84 +msgid "" +"Allow apache scripts to write to public content, directories/files must be " +"labeled public_rw_content_t." msgstr "" -#: ../gui/selinux.tbl:164 -msgid "Allow sasl authentication server to read /etc/shadow" +#: booleans.py:85 +msgid "Allow Apache to execute tmp content." msgstr "" -#: ../gui/selinux.tbl:165 +#: booleans.py:86 msgid "" -"Allow X-Windows server to map a memory region as both executable and writable" +"Unify HTTPD to communicate with the terminal. Needed for entering the " +"passphrase for certificates at the terminal." msgstr "" -#: ../gui/selinux.tbl:166 -msgid "Disable SELinux protection for saslauthd daemon" +#: booleans.py:87 +msgid "Unify HTTPD handling of all content files." msgstr "" -#: ../gui/selinux.tbl:167 -msgid "Disable SELinux protection for scannerdaemon daemon" +#: booleans.py:88 +msgid "Allow httpd to access cifs file systems" msgstr "" -#: ../gui/selinux.tbl:168 -msgid "Do not allow transition to sysadm_t, sudo and su effected" +#: booleans.py:89 +msgid "Allow httpd to access FUSE file systems" msgstr "" -#: ../gui/selinux.tbl:169 -msgid "Do not allow any processes to load kernel modules" +#: booleans.py:90 +msgid "Allow httpd to run gpg" msgstr "" -#: ../gui/selinux.tbl:170 -msgid "Do not allow any processes to modify kernel SELinux policy" +#: booleans.py:91 +msgid "Allow httpd to access nfs file systems" msgstr "" -#: ../gui/selinux.tbl:171 -msgid "Disable SELinux protection for sendmail daemon" +#: booleans.py:92 +msgid "Allow httpd to communicate with oddjob to start up a service" msgstr "" -#: ../gui/selinux.tbl:172 -msgid "Disable SELinux protection for setrans" +#: booleans.py:93 +msgid "Allow httpd to access openstack ports" msgstr "" -#: ../gui/selinux.tbl:173 -msgid "Disable SELinux protection for setroubleshoot daemon" +#: booleans.py:94 +msgid "Allow icecast to connect to all ports, not just sound ports." msgstr "" -#: ../gui/selinux.tbl:174 -msgid "Disable SELinux protection for slapd daemon" +#: booleans.py:95 +msgid "" +"Allow the Irssi IRC Client to connect to any port, and to bind to any " +"unreserved port." msgstr "" -#: ../gui/selinux.tbl:175 -msgid "Disable SELinux protection for slrnpull daemon" +#: booleans.py:96 +msgid "Allow java executable stack" msgstr "" -#: ../gui/selinux.tbl:176 -msgid "Disable SELinux protection for smbd daemon" +#: booleans.py:97 +msgid "Allow confined applications to run with kerberos." msgstr "" -#: ../gui/selinux.tbl:177 -msgid "Disable SELinux protection for snmpd daemon" +#: booleans.py:98 +msgid "Allow syslogd daemon to send mail" msgstr "" -#: ../gui/selinux.tbl:178 -msgid "Disable SELinux protection for snort daemon" +#: booleans.py:99 +msgid "Allow syslogd the ability to read/write terminals" msgstr "" -#: ../gui/selinux.tbl:179 -msgid "Disable SELinux protection for soundd daemon" +#: booleans.py:100 +msgid "Allow logging in and using the system from /dev/console." msgstr "" -#: ../gui/selinux.tbl:180 -msgid "Disable SELinux protection for sound daemon" +#: booleans.py:101 +msgid "" +"Control the ability to mmap a low area of the address space, as configured " +"by /proc/sys/kernel/mmap_min_addr." msgstr "" -#: ../gui/selinux.tbl:181 ../gui/selinux.tbl:182 ../gui/selinux.tbl:183 -msgid "Spam Protection" +#: booleans.py:102 +msgid "Allow mock to read files in home directories." msgstr "" -#: ../gui/selinux.tbl:181 -msgid "Disable SELinux protection for spamd daemon" +#: booleans.py:103 +msgid "Allow the mount command to mount any directory or file." msgstr "" -#: ../gui/selinux.tbl:182 -msgid "Allow spamd to access home directories" +#: booleans.py:104 +msgid "Allow mozilla plugin domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:183 -msgid "Allow Spam Assassin daemon network access" +#: booleans.py:105 +msgid "" +"Allow mozilla_plugins to create random content in the users home directory" +msgstr "" + +#: booleans.py:106 +msgid "Allow confined web browsers to read home directory content" msgstr "" -#: ../gui/selinux.tbl:184 -msgid "Disable SELinux protection for speedmgmt daemon" +#: booleans.py:107 +msgid "Allow mplayer executable stack" msgstr "" -#: ../gui/selinux.tbl:185 ../gui/selinux.tbl:186 -msgid "Squid" +#: booleans.py:108 +msgid "Allow mysqld to connect to all ports" msgstr "" -#: ../gui/selinux.tbl:185 -msgid "Allow squid daemon to connect to the network" +#: booleans.py:109 +msgid "Allow BIND to bind apache port." msgstr "" -#: ../gui/selinux.tbl:186 -msgid "Disable SELinux protection for squid daemon" +#: booleans.py:110 +msgid "" +"Allow BIND to write the master zone files. Generally this is used for " +"dynamic DNS or zone transfers." msgstr "" -#: ../gui/selinux.tbl:187 -msgid "Disable SELinux protection for ssh daemon" +#: booleans.py:111 +msgid "Allow any files/directories to be exported read/only via NFS." msgstr "" -#: ../gui/selinux.tbl:188 -msgid "Allow ssh logins as sysadm_r:sysadm_t" +#: booleans.py:112 +msgid "Allow any files/directories to be exported read/write via NFS." msgstr "" -#: ../gui/selinux.tbl:189 +#: booleans.py:113 msgid "" -"Allow staff_r users to search the sysadm home dir and read files (such as ~/." -"bashrc)" +"Allow nfs servers to modify public files used for public file transfer " +"services. Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:190 ../gui/selinux.tbl:191 -msgid "Universal SSL tunnel" +#: booleans.py:114 +msgid "Allow system to run with NIS" msgstr "" -#: ../gui/selinux.tbl:190 -msgid "Disable SELinux protection for stunnel daemon" +#: booleans.py:115 +msgid "Allow confined applications to use nscd shared memory." msgstr "" -#: ../gui/selinux.tbl:191 -msgid "Allow stunnel daemon to run as standalone, outside of xinetd" +#: booleans.py:116 +msgid "Allow nsplugin code to connect to unreserved ports" msgstr "" -#: ../gui/selinux.tbl:192 -msgid "Disable SELinux protection for swat daemon" +#: booleans.py:117 +msgid "Allow nsplugin code to execmem/execstack" msgstr "" -#: ../gui/selinux.tbl:193 -msgid "Disable SELinux protection for sxid daemon" +#: booleans.py:118 +msgid "Allow openvpn to read home directories" msgstr "" -#: ../gui/selinux.tbl:194 -msgid "Disable SELinux protection for syslogd daemon" +#: booleans.py:119 +msgid "Allow piranha-lvs domain to connect to the network using TCP." msgstr "" -#: ../gui/selinux.tbl:195 -msgid "Disable SELinux protection for system cron jobs" +#: booleans.py:120 +msgid "Allow polipo to connect to all ports > 1023" msgstr "" -#: ../gui/selinux.tbl:196 -msgid "Disable SELinux protection for tcp daemon" +#: booleans.py:121 +msgid "" +"Determine whether Polipo session daemon can bind tcp sockets to all " +"unreserved ports." msgstr "" -#: ../gui/selinux.tbl:197 -msgid "Disable SELinux protection for telnet daemon" +#: booleans.py:122 +msgid "" +"Determine whether calling user domains can execute Polipo daemon in the " +"polipo_session_t domain." msgstr "" -#: ../gui/selinux.tbl:198 -msgid "Disable SELinux protection for tftpd daemon" +#: booleans.py:123 +msgid "Determine whether polipo can access cifs file systems." msgstr "" -#: ../gui/selinux.tbl:199 -msgid "Disable SELinux protection for transproxy daemon" +#: booleans.py:124 +msgid "Determine whether Polipo can access nfs file systems." msgstr "" -#: ../gui/selinux.tbl:200 -msgid "Disable SELinux protection for udev daemon" +#: booleans.py:125 +msgid "Enable polyinstantiated directory support." msgstr "" -#: ../gui/selinux.tbl:201 -msgid "Disable SELinux protection for uml daemon" +#: booleans.py:126 +msgid "Allow the portage domains to use NFS mounts (regular nfs_t)" msgstr "" -#: ../gui/selinux.tbl:202 -msgid "" -"Allow xinetd to run unconfined, including any services it starts that do not " -"have a domain transition explicitly defined" +#: booleans.py:127 +msgid "Allow postfix_local domain full write access to mail_spool directories" msgstr "" -#: ../gui/selinux.tbl:203 -msgid "" -"Allow rc scripts to run unconfined, including any daemon started by an rc " -"script that does not have a domain transition explicitly defined" +#: booleans.py:128 +msgid "Allow postgresql to use ssh and rsync for point-in-time recovery" msgstr "" -#: ../gui/selinux.tbl:204 -msgid "Allow rpm to run unconfined" +#: booleans.py:129 +msgid "Allow transmit client label to foreign database" msgstr "" -#: ../gui/selinux.tbl:205 -msgid "Allow privileged utilities like hotplug and insmod to run unconfined" +#: booleans.py:130 +msgid "Allow database admins to execute DML statement" msgstr "" -#: ../gui/selinux.tbl:206 -msgid "Disable SELinux protection for updfstab daemon" +#: booleans.py:131 +msgid "Allow unprivileged users to execute DDL statement" msgstr "" -#: ../gui/selinux.tbl:207 -msgid "Disable SELinux protection for uptimed daemon" +#: booleans.py:132 +msgid "Allow pppd to load kernel modules for certain modems" +msgstr "" + +#: booleans.py:133 +msgid "Allow pppd to be run for a regular user" msgstr "" -#: ../gui/selinux.tbl:208 +#: booleans.py:134 msgid "" -"Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only " -"staff_r can do so" +"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports." msgstr "" -#: ../gui/selinux.tbl:209 -msgid "Allow users to execute the mount command" +#: booleans.py:135 +msgid "Allow Puppet client to manage all file types." msgstr "" -#: ../gui/selinux.tbl:210 -msgid "Allow regular users direct mouse access (only allow the X server)" +#: booleans.py:136 +msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database" msgstr "" -#: ../gui/selinux.tbl:211 -msgid "Allow users to run the dmesg command" +#: booleans.py:137 +msgid "Allow qemu to connect fully to the network" msgstr "" -#: ../gui/selinux.tbl:212 -msgid "Allow users to control network interfaces (also needs USERCTL=true)" +#: booleans.py:138 +msgid "Allow qemu to use cifs/Samba file systems" msgstr "" -#: ../gui/selinux.tbl:213 -msgid "Allow normal user to execute ping" +#: booleans.py:139 +msgid "Allow qemu to use serial/parallel communication ports" msgstr "" -#: ../gui/selinux.tbl:214 -msgid "Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)" +#: booleans.py:140 +msgid "Allow qemu to use nfs file systems" msgstr "" -#: ../gui/selinux.tbl:215 -msgid "Allow users to rw usb devices" +#: booleans.py:141 +msgid "Allow qemu to use usb devices" msgstr "" -#: ../gui/selinux.tbl:216 +#: booleans.py:142 +msgid "Allow racoon to read shadow" +msgstr "" + +#: booleans.py:143 +msgid "Allow rgmanager domain to connect to the network using TCP." +msgstr "" + +#: booleans.py:144 msgid "" -"Allow users to run TCP servers (bind to ports and accept connection from the " -"same domain and outside users) disabling this forces FTP passive mode and " -"may change other protocols" +"Allow rsync to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/selinux.tbl:217 -msgid "Allow user to stat ttyfiles" +#: booleans.py:145 +msgid "Allow rsync to run as a client" msgstr "" -#: ../gui/selinux.tbl:218 -msgid "Disable SELinux protection for uucpd daemon" +#: booleans.py:146 +msgid "Allow rsync to export any files/directories read only." msgstr "" -#: ../gui/selinux.tbl:219 -msgid "Disable SELinux protection for vmware daemon" +#: booleans.py:147 +msgid "Allow rsync servers to share cifs files systems" msgstr "" -#: ../gui/selinux.tbl:220 -msgid "Disable SELinux protection for watchdog daemon" +#: booleans.py:148 +msgid "Allow rsync servers to share nfs files systems" msgstr "" -#: ../gui/selinux.tbl:221 -msgid "Disable SELinux protection for winbind daemon" +#: booleans.py:149 +msgid "Allow samba to create new home directories (e.g. via PAM)" msgstr "" -#: ../gui/selinux.tbl:222 -msgid "Disable SELinux protection for xdm daemon" +#: booleans.py:150 +msgid "" +"Allow samba to act as the domain controller, add users, groups and change " +"passwords." msgstr "" -#: ../gui/selinux.tbl:223 -msgid "Allow xdm logins as sysadm_r:sysadm_t" +#: booleans.py:151 +msgid "Allow samba to share users home directories." msgstr "" -#: ../gui/selinux.tbl:224 -msgid "Disable SELinux protection for xen daemon" +#: booleans.py:152 +msgid "Allow samba to share any file/directory read only." msgstr "" -#: ../gui/selinux.tbl:225 -msgid "XEN" +#: booleans.py:153 +msgid "Allow samba to share any file/directory read/write." msgstr "" -#: ../gui/selinux.tbl:225 -msgid "Allow xen to read/write physical disk devices" +#: booleans.py:154 +msgid "Allow samba to act as a portmapper" msgstr "" -#: ../gui/selinux.tbl:226 -msgid "Disable SELinux protection for xfs daemon" +#: booleans.py:155 +msgid "Allow samba to run unconfined scripts" msgstr "" -#: ../gui/selinux.tbl:227 -msgid "Disable SELinux protection for xen control" +#: booleans.py:156 +msgid "Allow samba to export ntfs/fusefs volumes." msgstr "" -#: ../gui/selinux.tbl:228 -msgid "Disable SELinux protection for ypbind daemon" +#: booleans.py:157 +msgid "Allow samba to export NFS volumes." msgstr "" -#: ../gui/selinux.tbl:229 -msgid "Disable SELinux protection for NIS Password Daemon" +#: booleans.py:158 +msgid "Allow sanlock to read/write fuse files" msgstr "" -#: ../gui/selinux.tbl:230 -msgid "Disable SELinux protection for ypserv daemon" +#: booleans.py:159 +msgid "Allow sanlock to manage nfs files" msgstr "" -#: ../gui/selinux.tbl:231 -msgid "Disable SELinux protection for NIS Transfer Daemon" +#: booleans.py:160 +msgid "Allow sanlock to manage cifs files" msgstr "" -#: ../gui/selinux.tbl:232 -msgid "Allow SELinux webadm user to manage unprivileged users home directories" +#: booleans.py:161 +msgid "Allow sasl to read shadow" msgstr "" -#: ../gui/selinux.tbl:233 -msgid "Allow SELinux webadm user to read unprivileged users home directories" +#: booleans.py:162 +msgid "" +"disallow programs, such as newrole, from transitioning to administrative " +"user domains." msgstr "" -#: ../gui/semanagePage.py:126 -#, python-format -msgid "Are you sure you want to delete %s '%s'?" +#: booleans.py:163 +msgid "Disable kernel module loading." msgstr "" -#: ../gui/semanagePage.py:126 -#, python-format -msgid "Delete %s" +#: booleans.py:164 +msgid "" +"Boolean to determine whether the system permits loading policy, setting " +"enforcing mode, and changing boolean values. Set this to true and you have " +"to reboot to set it back." msgstr "" -#: ../gui/semanagePage.py:134 -#, python-format -msgid "Add %s" +#: booleans.py:165 +msgid "Allow regular users direct dri device access" msgstr "" -#: ../gui/semanagePage.py:148 -#, python-format -msgid "Modify %s" +#: booleans.py:166 +msgid "" +"Allow unconfined executables to make their heap memory executable. Doing " +"this is a really bad idea. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: ../gui/statusPage.py:69 ../gui/system-config-selinux.glade:2819 -msgid "Permissive" +#: booleans.py:167 +msgid "" +"Allow all unconfined executables to use libraries requiring text relocation " +"that are not labeled textrel_shlib_t" msgstr "" -#: ../gui/statusPage.py:70 ../gui/system-config-selinux.glade:2837 -msgid "Enforcing" +#: booleans.py:168 +msgid "" +"Allow unconfined executables to make their stack executable. This should " +"never, ever be necessary. Probably indicates a badly coded executable, but " +"could indicate an attack. This executable should be reported in bugzilla" msgstr "" -#: ../gui/statusPage.py:94 -msgid "Status" +#: booleans.py:169 +msgid "Allow users to connect to the local mysql server" msgstr "" -#: ../gui/statusPage.py:133 +#: booleans.py:170 msgid "" -"Changing the policy type will cause a relabel of the entire file system on " -"the next boot. Relabeling takes a long time depending on the size of the " -"file system. Do you wish to continue?" +"Allow confined users the ability to execute the ping and traceroute commands." msgstr "" -#: ../gui/statusPage.py:147 +#: booleans.py:171 +msgid "Allow users to connect to PostgreSQL" +msgstr "" + +#: booleans.py:172 msgid "" -"Changing to SELinux disabled requires a reboot. It is not recommended. If " -"you later decide to turn SELinux back on, the system will be required to " -"relabel. If you just want to see if SELinux is causing a problem on your " -"system, you can go to permissive mode which will only log errors and not " -"enforce SELinux policy. Permissive mode does not require a reboot Do you " -"wish to continue?" +"Allow user to r/w files on filesystems that do not have extended attributes " +"(FAT, CDROM, FLOPPY)" msgstr "" -#: ../gui/statusPage.py:152 +#: booleans.py:173 msgid "" -"Changing to SELinux enabled will cause a relabel of the entire file system " -"on the next boot. Relabeling takes a long time depending on the size of the " -"file system. Do you wish to continue?" +"Allow users to run TCP servers (bind to ports and accept connection from the " +"same domain and outside users) disabling this forces FTP passive mode and " +"may change other protocols." msgstr "" -#: ../gui/system-config-selinux.glade:11 -msgid "system-config-selinux" +#: booleans.py:174 +msgid "Allow user music sharing" msgstr "" -#: ../gui/system-config-selinux.glade:12 +#: booleans.py:175 msgid "" -"Copyright (c)2006 Red Hat, Inc.\n" -"Copyright (c) 2006 Dan Walsh " +"Allow anon internal-sftp to upload files, used for public file transfer " +"services. Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/system-config-selinux.glade:22 -#: ../gui/system-config-selinux.glade:544 -msgid "Add SELinux Login Mapping" +#: booleans.py:176 +msgid "" +"Allow sftp-internal to read and write files in the user home directories" msgstr "" -#: ../gui/system-config-selinux.glade:257 -msgid "Add SELinux Network Ports" +#: booleans.py:177 +msgid "" +"Allow sftp-internal to login to local users and read/write all files on the " +"system, governed by DAC." msgstr "" -#: ../gui/system-config-selinux.glade:391 -#: ../gui/system-config-selinux.glade:678 -msgid "SELinux Type" +#: booleans.py:178 +msgid "" +"Allow internal-sftp to read and write files in the user ssh home directories." msgstr "" -#: ../gui/system-config-selinux.glade:622 -msgid "File Specification" +#: booleans.py:179 +msgid "Allow sge to connect to the network using any TCP port" msgstr "" -#: ../gui/system-config-selinux.glade:650 -msgid "File Type" +#: booleans.py:180 +msgid "Allow sge to access nfs file systems." msgstr "" -#: ../gui/system-config-selinux.glade:727 +#: booleans.py:181 msgid "" -"all files\n" -"regular file\n" -"directory\n" -"character device\n" -"block device\n" -"socket\n" -"symbolic link\n" -"named pipe\n" +"Enable additional permissions needed to support devices on 3ware controllers." msgstr "" -#: ../gui/system-config-selinux.glade:773 -msgid "MLS" +#: booleans.py:182 +msgid "" +"Allow samba to modify public files used for public file transfer services. " +"Files/Directories must be labeled public_content_rw_t." msgstr "" -#: ../gui/system-config-selinux.glade:837 -msgid "Add SELinux User" +#: booleans.py:183 +msgid "Allow user spamassassin clients to use the network." msgstr "" -#: ../gui/system-config-selinux.glade:1079 -msgid "SELinux Administration" +#: booleans.py:184 +msgid "Allow spamd to read/write user home directories." msgstr "" -#: ../gui/system-config-selinux.glade:1122 -msgid "Add" +#: booleans.py:185 +msgid "" +"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports." msgstr "" -#: ../gui/system-config-selinux.glade:1144 -msgid "_Properties" +#: booleans.py:186 +msgid "Allow squid to run as a transparent proxy (TPROXY)" msgstr "" -#: ../gui/system-config-selinux.glade:1166 -msgid "_Delete" +#: booleans.py:187 +msgid "" +"Allow ssh with chroot env to read and write files in the user home " +"directories" msgstr "" -#: ../gui/system-config-selinux.glade:1256 -msgid "Select Management Object" +#: booleans.py:188 +msgid "allow host key based authentication" msgstr "" -#: ../gui/system-config-selinux.glade:1273 -msgid "Select:" +#: booleans.py:189 +msgid "Allow ssh logins as sysadm_r:sysadm_t" msgstr "" -#: ../gui/system-config-selinux.glade:1326 -msgid "System Default Enforcing Mode" +#: booleans.py:190 +msgid "allow staff user to create and transition to svirt domains." msgstr "" -#: ../gui/system-config-selinux.glade:1354 +#: booleans.py:191 +msgid "Allow the Telepathy connection managers to connect to any network port." +msgstr "" + +#: booleans.py:192 msgid "" -"Disabled\n" -"Permissive\n" -"Enforcing\n" +"Allow the Telepathy connection managers to connect to any generic TCP port." msgstr "" -#: ../gui/system-config-selinux.glade:1373 -msgid "Current Enforcing Mode" +#: booleans.py:193 +msgid "" +"Allow tftp to modify public files used for public file transfer services." msgstr "" -#: ../gui/system-config-selinux.glade:1418 -msgid "System Default Policy Type: " +#: booleans.py:194 +msgid "Allow tor daemon to bind tcp sockets to all unreserved ports." msgstr "" -#: ../gui/system-config-selinux.glade:1463 +#: booleans.py:195 msgid "" -"Select if you wish to relabel then entire file system on next reboot. " -"Relabeling can take a very long time, depending on the size of the system. " -"If you are changing policy types or going from disabled to enforcing, a " -"relabel is required." +"allow unconfined users to transition to the chrome sandbox domains when " +"running chrome-sandbox" msgstr "" -#: ../gui/system-config-selinux.glade:1509 -msgid "Relabel on next reboot." +#: booleans.py:196 +msgid "Allow a user to login as an unconfined domain" msgstr "" -#: ../gui/system-config-selinux.glade:1561 -msgid "label37" +#: booleans.py:197 +msgid "" +"Allow unconfined users to transition to the Mozilla plugin domain when " +"running xulrunner plugin-container." msgstr "" -#: ../gui/system-config-selinux.glade:1598 -msgid "Revert boolean setting to system default" +#: booleans.py:198 +msgid "Allow video playing tools to run unconfined" msgstr "" -#: ../gui/system-config-selinux.glade:1614 -msgid "Toggle between Customized and All Booleans" +#: booleans.py:199 +msgid "Allow unprivledged user to create and transition to svirt domains." msgstr "" -#: ../gui/system-config-selinux.glade:1645 -#: ../gui/system-config-selinux.glade:1850 -#: ../gui/system-config-selinux.glade:2037 -#: ../gui/system-config-selinux.glade:2224 -#: ../gui/system-config-selinux.glade:2467 -#: ../gui/system-config-selinux.glade:2692 -#: ../gui/system-config-selinux.glade:2867 -msgid "Filter" +#: booleans.py:200 +msgid "Support ecryptfs home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1734 -msgid "label50" +#: booleans.py:201 +msgid "Support fusefs home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1771 -msgid "Add File Context" +#: booleans.py:202 +msgid "Use lpd server instead of cups" msgstr "" -#: ../gui/system-config-selinux.glade:1787 -msgid "Modify File Context" +#: booleans.py:203 +msgid "Support NFS home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1803 -msgid "Delete File Context" +#: booleans.py:204 +msgid "Support SAMBA home directories" msgstr "" -#: ../gui/system-config-selinux.glade:1819 -msgid "Toggle between all and customized file context" +#: booleans.py:205 +msgid "Allow varnishd to connect to all ports, not just HTTP." msgstr "" -#: ../gui/system-config-selinux.glade:1939 -msgid "label38" +#: booleans.py:206 +msgid "Ignore vbetool mmap_zero errors." msgstr "" -#: ../gui/system-config-selinux.glade:1976 -msgid "Add SELinux User Mapping" +#: booleans.py:207 +msgid "" +"Allow confined virtual guests to use serial/parallel communication ports" msgstr "" -#: ../gui/system-config-selinux.glade:1992 -msgid "Modify SELinux User Mapping" +#: booleans.py:208 +msgid "" +"Allow confined virtual guests to use executable memory and executable stack" msgstr "" -#: ../gui/system-config-selinux.glade:2008 -msgid "Delete SELinux User Mapping" +#: booleans.py:209 +msgid "Allow confined virtual guests to read fuse files" msgstr "" -#: ../gui/system-config-selinux.glade:2126 -msgid "label39" +#: booleans.py:210 +msgid "Allow confined virtual guests to manage nfs files" msgstr "" -#: ../gui/system-config-selinux.glade:2163 -msgid "Add User" +#: booleans.py:211 +msgid "Allow confined virtual guests to manage cifs files" msgstr "" -#: ../gui/system-config-selinux.glade:2179 -msgid "Modify User" +#: booleans.py:212 +msgid "Allow confined virtual guests to interact with the sanlock" msgstr "" -#: ../gui/system-config-selinux.glade:2195 -msgid "Delete User" +#: booleans.py:213 +msgid "Allow confined virtual guests to manage device configuration, (pci)" msgstr "" -#: ../gui/system-config-selinux.glade:2313 -msgid "label41" +#: booleans.py:214 +msgid "Allow confined virtual guests to use usb devices" msgstr "" -#: ../gui/system-config-selinux.glade:2350 -msgid "Add Network Port" +#: booleans.py:215 +msgid "Allow confined virtual guests to interact with the xserver" msgstr "" -#: ../gui/system-config-selinux.glade:2366 -msgid "Edit Network Port" +#: booleans.py:216 +msgid "Allow webadm to manage files in users home directories" msgstr "" -#: ../gui/system-config-selinux.glade:2382 -msgid "Delete Network Port" +#: booleans.py:217 +msgid "Allow webadm to read files in users home directories" msgstr "" -#: ../gui/system-config-selinux.glade:2418 -#: ../gui/system-config-selinux.glade:2436 -msgid "Toggle between Customized and All Ports" +#: booleans.py:218 +msgid "Ignore wine mmap_zero errors." msgstr "" -#: ../gui/system-config-selinux.glade:2556 -msgid "label42" +#: booleans.py:219 +msgid "Allow the graphical login program to execute bootloader" msgstr "" -#: ../gui/system-config-selinux.glade:2593 -msgid "Generate new policy module" +#: booleans.py:220 +msgid "" +"Allow the graphical login program to login directly as sysadm_r:sysadm_t" msgstr "" -#: ../gui/system-config-selinux.glade:2609 -msgid "Load policy module" +#: booleans.py:221 +msgid "Allow xen to manage nfs files" msgstr "" -#: ../gui/system-config-selinux.glade:2625 -msgid "Remove loadable policy module" +#: booleans.py:222 +msgid "" +"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated " +"logical volumes for disk images." msgstr "" -#: ../gui/system-config-selinux.glade:2661 +#: booleans.py:223 +msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb." +msgstr "" + +#: booleans.py:224 msgid "" -"Enable/Disable additional audit rules, that are normally not reported in the " -"log files." +"Allow xguest users to configure Network Manager and connect to apache ports" msgstr "" -#: ../gui/system-config-selinux.glade:2781 -msgid "label44" +#: booleans.py:225 +msgid "Allow xguest users to mount removable media" msgstr "" -#: ../gui/system-config-selinux.glade:2818 -msgid "Change process mode to permissive." +#: booleans.py:226 +msgid "Allow xguest to use blue tooth devices" msgstr "" -#: ../gui/system-config-selinux.glade:2836 -msgid "Change process mode to enforcing" +#: booleans.py:227 +msgid "Allows clients to write to the X server shared memory segments." msgstr "" -#: ../gui/system-config-selinux.glade:2928 -msgid "Process Domain" +#: booleans.py:228 +msgid "Allows XServer to execute writable memory" msgstr "" -#: ../gui/system-config-selinux.glade:2956 -msgid "label59" +#: booleans.py:229 +msgid "Support X userspace object manager" msgstr "" -#: ../gui/usersPage.py:138 -#, python-format -msgid "SELinux user '%s' is required" +#: booleans.py:230 +msgid "Allow zabbix to connect to unreserved ports" +msgstr "" + +#: booleans.py:231 +msgid "Allow zebra daemon to write it configuration files" +msgstr "" + +#: booleans.py:232 +msgid "" +"Allow ZoneMinder to modify public files used for public file transfer " +"services." msgstr "" diff --git a/policycoreutils/po/ar.po b/policycoreutils/po/ar.po index b908f48..e85ea9a 100644 --- a/policycoreutils/po/ar.po +++ b/policycoreutils/po/ar.po @@ -12,8 +12,8 @@ msgid "" msgstr "" "Project-Id-Version: Policycoreutils\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2012-05-25 07:28-0400\n" -"PO-Revision-Date: 2012-04-02 20:30+0000\n" +"POT-Creation-Date: 2012-10-16 12:24-0400\n" +"PO-Revision-Date: 2012-10-08 13:10+0000\n" "Last-Translator: dwalsh \n" "Language-Team: Arabic \n" "Language: ar\n" @@ -21,7 +21,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 " -"&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5\n" +"&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n" #: ../run_init/run_init.c:67 msgid "" @@ -33,7 +33,7 @@ msgstr "" " عند: