diff --git a/policycoreutils/Makefile b/policycoreutils/Makefile
index 3980799..6624804 100644
--- a/policycoreutils/Makefile
+++ b/policycoreutils/Makefile
@@ -1,4 +1,4 @@
-SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow audit2why sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
+SUBDIRS = sepolicy setfiles semanage semanage/default_encoding load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
diff --git a/policycoreutils/audit2allow/Makefile b/policycoreutils/audit2allow/Makefile
index 88635d4..fc290ea 100644
--- a/policycoreutils/audit2allow/Makefile
+++ b/policycoreutils/audit2allow/Makefile
@@ -5,14 +5,19 @@ LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
LOCALEDIR ?= /usr/share/locale
-all: ;
+all: audit2why
+
+audit2why:
+ ln -sf audit2allow audit2why
install: all
-mkdir -p $(BINDIR)
install -m 755 audit2allow $(BINDIR)
+ (cd $(BINDIR); ln -sf audit2allow audit2why)
install -m 755 sepolgen-ifgen $(BINDIR)
-mkdir -p $(MANDIR)/man1
install -m 644 audit2allow.1 $(MANDIR)/man1/
+ install -m 644 audit2why.1 $(MANDIR)/man1/
clean:
rm -f *~
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 8e0c396..d282eee 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -18,7 +18,7 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
-import sys
+import sys, os
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -29,6 +29,8 @@ import sepolgen.defaults as defaults
import sepolgen.module as module
from sepolgen.sepolgeni18n import _
import selinux.audit2why as audit2why
+import locale
+locale.setlocale(locale.LC_ALL, '')
class AuditToPolicy:
VERSION = "%prog .1"
@@ -80,8 +82,7 @@ class AuditToPolicy:
parser.add_option("--interface-info", dest="interface_info", help="file name of interface information")
parser.add_option("--debug", dest="debug", action="store_true", default=False,
help="leave generated modules for -M")
-
- parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
+ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0])=="audit2why"),
help="Translates SELinux audit messages into a description of why the access was denied")
options, args = parser.parse_args()
@@ -267,12 +268,10 @@ class AuditToPolicy:
continue
if rc == audit2why.CONSTRAINT:
- print "\t\tPolicy constraint violation.\n"
- print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
- print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
- for reason in data:
- print "\t\tNote: Possible cause is the source and target %s differ\n" % reason
- continue
+ print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
+ print "#Constraint rule: \n\t" + data[0]
+ for reason in data[1:]:
+ print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
diff --git a/policycoreutils/audit2allow/audit2allow.1 b/policycoreutils/audit2allow/audit2allow.1
index a854a45..bc70938 100644
--- a/policycoreutils/audit2allow/audit2allow.1
+++ b/policycoreutils/audit2allow/audit2allow.1
@@ -171,7 +171,7 @@ $ semodule -i local.pp
.B Using audit2allow to generate and build module policy
$ cat /var/log/audit/audit.log | audit2allow -M local
-Generating type enforcment file: local.te
+Generating type enforcement file: local.te
Compiling policy: checkmodule -M -m -o local.mod local.te
Building package: semodule_package -o local.pp -m local.mod
diff --git a/policycoreutils/audit2allow/audit2why.1 b/policycoreutils/audit2allow/audit2why.1
new file mode 100644
index 0000000..a9e8893
--- /dev/null
+++ b/policycoreutils/audit2allow/audit2why.1
@@ -0,0 +1 @@
+.so man1/audit2allow.1
diff --git a/policycoreutils/audit2allow/sepolgen-ifgen b/policycoreutils/audit2allow/sepolgen-ifgen
index ef4bec3..3967ba5 100644
--- a/policycoreutils/audit2allow/sepolgen-ifgen
+++ b/policycoreutils/audit2allow/sepolgen-ifgen
@@ -62,6 +62,9 @@ def parse_options():
return options
def get_policy():
+ p = selinux.selinux_current_policy_path()
+ if os.path.exists(p):
+ return p
i = selinux.security_policyvers()
p = selinux.selinux_binary_policy_path() + "." + str(i)
while i > 0 and not os.path.exists(p):
diff --git a/policycoreutils/audit2why/Makefile b/policycoreutils/audit2why/Makefile
deleted file mode 100644
index 63eb8b3..0000000
--- a/policycoreutils/audit2why/Makefile
+++ /dev/null
@@ -1,18 +0,0 @@
-# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-BINDIR ?= $(PREFIX)/bin
-MANDIR ?= $(PREFIX)/share/man
-
-TARGETS=audit2why
-
-all: $(TARGETS)
-
-install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2why.1 $(MANDIR)/man1/
-
-clean:
-
-relabel:
diff --git a/policycoreutils/audit2why/audit2why b/policycoreutils/audit2why/audit2why
deleted file mode 100644
index 21a72aa..0000000
--- a/policycoreutils/audit2why/audit2why
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-/usr/bin/audit2allow -w $*
diff --git a/policycoreutils/audit2why/audit2why.1 b/policycoreutils/audit2why/audit2why.1
deleted file mode 100644
index a9e8893..0000000
--- a/policycoreutils/audit2why/audit2why.1
+++ /dev/null
@@ -1 +0,0 @@
-.so man1/audit2allow.1
diff --git a/policycoreutils/gui/Makefile b/policycoreutils/gui/Makefile
index b5abbb9..a8cf71f 100644
--- a/policycoreutils/gui/Makefile
+++ b/policycoreutils/gui/Makefile
@@ -1,7 +1,10 @@
# Installation directories.
PREFIX ?= ${DESTDIR}/usr
+SYSCONFDIR ?= ${DESTDIR}/etc
BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
+DATADIR ?= $(PREFIX)/share
+MANDIR = $(PREFIX)/share/man
TARGETS= \
booleansPage.py \
@@ -16,18 +19,30 @@ portsPage.py \
semanagePage.py \
statusPage.py \
system-config-selinux.glade \
+system-config-selinux.png \
usersPage.py
all: $(TARGETS) system-config-selinux.py polgengui.py
install: all
+ -mkdir -p $(MANDIR)/man8
-mkdir -p $(SHAREDIR)
-mkdir -p $(BINDIR)
+ -mkdir -p $(DATADIR)/pixmaps
+ -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(SYSCONFDIR)
+ -mkdir -p $(DATADIR)/polkit-1/actions/
install -m 755 system-config-selinux.py $(SHAREDIR)
+ install -m 755 system-config-selinux $(BINDIR)
install -m 755 polgengui.py $(SHAREDIR)
- install -m 755 sepolgen $(BINDIR)
install -m 644 $(TARGETS) $(SHAREDIR)
-
+ install -m 644 system-config-selinux.8 $(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(MANDIR)/man8
+ install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux
+ install -m 644 *.desktop $(DATADIR)/system-config-selinux
+ install -m 644 org.fedoraproject.config.selinux.policy $(DATADIR)/polkit-1/actions/
clean:
indent:
diff --git a/policycoreutils/gui/org.fedoraproject.config.selinux.policy b/policycoreutils/gui/org.fedoraproject.config.selinux.policy
new file mode 100644
index 0000000..fcfa81d
--- /dev/null
+++ b/policycoreutils/gui/org.fedoraproject.config.selinux.policy
@@ -0,0 +1,22 @@
+
+
+
+
+ System Config SELinux
+ http://fedorahosted.org/system-config-selinux
+
+
+ Run System Config SELinux
+ Authentication is required to run system-config-selinux
+ system-selinux
+
+ no
+ no
+ auth_admin
+
+ /usr/share/system-config-selinux/system-config-selinux.py
+ true
+
+
diff --git a/policycoreutils/gui/selinux-polgengui.8 b/policycoreutils/gui/selinux-polgengui.8
new file mode 100644
index 0000000..52bf7dd
--- /dev/null
+++ b/policycoreutils/gui/selinux-polgengui.8
@@ -0,0 +1,35 @@
+.TH "selinux-polgengui" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual"
+
+.SH NAME
+selinux\-polgengui \- SELinux Policy Generation Tool
+
+.SH SYNOPSIS
+.B selinux-polgengui
+
+.SH DESCRIPTION
+\fBselinux-polgengui\fP is a graphical tool, which can be used to create a framework for building SELinux Policy.
+.SH OPTIONS
+None
+
+.SH FILES
+\fi/usr/bin/selinux-polgengui\fP
+
+.SH Examples
+To run the program type:
+
+selinux-polgengui
+
+.PP
+.SH "SEE ALSO"
+.TP
+selinux(1), sepolicy(8), sepolicy-generate(8)
+.PP
+
+.SH REPORTING BUGS
+Report bugs to .
+
+.SH LICENSE AND AUTHORS
+\fBselinux-polgengui\fP is licensed under the GNU Public License and
+is copyrighted by Red Hat, Inc.
+.br
+This man page was written by Daniel Walsh
diff --git a/policycoreutils/gui/selinux-polgengui.desktop b/policycoreutils/gui/selinux-polgengui.desktop
new file mode 100644
index 0000000..0c2f399
--- /dev/null
+++ b/policycoreutils/gui/selinux-polgengui.desktop
@@ -0,0 +1,67 @@
+[Desktop Entry]
+Name=SELinux Policy Generation Tool
+Name[bn_IN]=SELinux Policy নির্মাণের সামগ্রী
+Name[ca]=Eina de generació de polítiques del SELinux
+Name[da]=Regelsætgenereringsværktøj til SELinux
+Name[de]=Tool zur Erstellung von SELinux-Richtlinien
+Name[es]=Generador de Políticas de SELinux
+Name[fi]=SELinux-käytäntöjen generointityökalu
+Name[fr]=Outil de génération de stratégies SELinux
+Name[gu]=SELinux પોલિસી બનાવટ સાધન
+Name[hi]=SELinux पॉलिसी जनन औजार
+Name[it]=Tool di generazione della policy di SELinux
+Name[ja]=SELinux ポリシー生成ツール
+Name[kn]=SELinux ಪಾಲಿಸಿ ಉತ್ಪಾದನಾ ಉಪಕರಣ
+Name[ko]=SELinux 정책 생성 도구
+Name[ml]=SELinux പോളിസി ഉത്പാദന പ്രയോഗം
+Name[mr]=SELinux करार निर्माण साधन
+Name[nl]=SELinux tactiek generatie gereedschap
+Name[or]=SELinux ନୀତି ସୃଷ୍ଟି ଉପକରଣ
+Name[pa]=SELinux ਪਾਲਿਸੀ ਨਿਰਮਾਣ ਜੰਤਰ
+Name[pl]=Narzędzie tworzenia polityki SELinuksa
+Name[pt]=Ferramenta de Geração de Políticas SELinux
+Name[pt_BR]=Ferramenta de criação de políticas do SELinux
+Name[ru]=Средство создания политики SELinux
+Name[sv]=Genereringsverktyg för SELinuxpolicy
+Name[ta]=SELinux பாலிசி உற்பத்தி கருவி
+Name[te]=SELinux నిర్వహణ
+Name[uk]=Утиліта генерації правил SELinux
+Name[zh_CN]=SELinux 策略生成工具
+Name[zh_TW]=SELinux 政策產生工具(SELinux Policy Generation Tool)
+Comment=Generate SELinux policy modules
+Comment[bn_IN]=SELinux নিয়মনীতির মডিউল নির্মাণ করুন
+Comment[ca]=Genera els mòduls de les polítiques de SELinux
+Comment[da]=Generér SELinux-regelsætmodul
+Comment[de]=Tool zur Erstellung von SELinux-Richtlinien
+Comment[es]=Generar módulos de política de SELinux
+Comment[fi]=Generoi SELinuxin käytäntömoduuleja
+Comment[fr]=Génére des modules de stratégie SELinux
+Comment[gu]=SELinux પોલિસી મોડ્યુલોને ઉત્પન્ન કરો
+Comment[hi]=नया पॉलिसी मॉड्यूल उत्पन्न करें
+Comment[it]=Genera moduli della politica di SELinux
+Comment[ja]=新しいポリシーモジュールの作成
+Comment[kn]=SELinux ಪಾಲಿಸಿ ಘಟಕಗಳನ್ನು ಉತ್ಪಾದಿಸು
+Comment[ko]=SELinux 정책 모듈 생성
+Comment[ml]=SELinux യ പോളിസി ഘങ്ങള് തയ്യാറാക്കുക
+Comment[mr]=SELinux करार घटके निर्माण करा
+Comment[nl]=Maak een SELinux tactiek module aan
+Comment[or]=SELinux ନୀତି ଏକକାଂଶ ସୃଷ୍ଟିକରନ୍ତୁ
+Comment[pa]=SELinux ਪਾਲਿਸੀ ਮੈਡਿਊਲ ਬਣਾਓ
+Comment[pl]=Tworzenie nowych modułów polityki SELinuksa
+Comment[pt]=Gerar módulos de políticas SELinux
+Comment[pt_BR]=Gerar módulos de política do SELinux
+Comment[ru]=Генерация модулей политики SELinux
+Comment[sv]=Generera SELinux-policymoduler
+Comment[ta]=SELinux கொள்கை தொகுதியை உருவாக்கவும்
+Comment[te]=SELinux పాలసీ మాడ్యూళ్ళను వుద్భవింపచేయుము
+Comment[uk]=Створення модулів контролю доступу SELinux
+Comment[zh_CN]=生成 SELinux 策略模块
+Comment[zh_TW]=產生 SELinux 政策模組
+StartupNotify=true
+Icon=system-config-selinux
+Exec=/usr/bin/selinux-polgengui
+Type=Application
+Terminal=false
+Categories=System;Security;
+X-Desktop-File-Install-Version=0.2
+Keywords=policy;security;selinux;avc;permission;mac;
diff --git a/policycoreutils/gui/system-config-selinux b/policycoreutils/gui/system-config-selinux
new file mode 100755
index 0000000..5be5ccd
--- /dev/null
+++ b/policycoreutils/gui/system-config-selinux
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /usr/bin/pkexec /usr/share/system-config-selinux/system-config-selinux.py
diff --git a/policycoreutils/gui/system-config-selinux.8 b/policycoreutils/gui/system-config-selinux.8
new file mode 100644
index 0000000..eca2024
--- /dev/null
+++ b/policycoreutils/gui/system-config-selinux.8
@@ -0,0 +1,37 @@
+.TH "system-config-selinux" "8" "8 April 2013" "System Config Tools Manual" "System Config Tools Manual"
+
+.SH NAME
+system\-config\-selinux \- SELinux Management tool
+
+.SH SYNOPSIS
+.B system-config-selinux
+
+.SH DESCRIPTION
+\fBsystem-config-selinux\fP provides a graphical interface for managing the
+SELinux configuration.
+
+.SH OPTIONS
+None
+
+.SH FILES
+\fi/usr/bin/system-config-selinux\fP
+
+.SH Examples
+To run the program type:
+
+system-config-selinux
+
+.PP
+.SH "SEE ALSO"
+.TP
+selinux(1), semanage(8)
+.PP
+
+.SH REPORTING BUGS
+Report bugs to .
+
+.SH LICENSE AND AUTHORS
+\fBsystem-config-selinux\fP is licensed under the GNU Public License and
+is copyrighted by Red Hat, Inc.
+.br
+This man page was written by Daniel Walsh
diff --git a/policycoreutils/gui/system-config-selinux.desktop b/policycoreutils/gui/system-config-selinux.desktop
new file mode 100644
index 0000000..8822ce2
--- /dev/null
+++ b/policycoreutils/gui/system-config-selinux.desktop
@@ -0,0 +1,67 @@
+[Desktop Entry]
+Name=SELinux Management
+Name[bn_IN]=SELinux পরিচালনা
+Name[da]=Håndtering af SELinux
+Name[de]=SELinux-Management
+Name[ca]=Gestió de SELinux
+Name[es]=Administración de SELinux
+Name[fi]=SELinuxin ylläpito
+Name[fr]=Gestion de SELinux
+Name[gu]=SELinux સંચાલન
+Name[hi]=SELinux प्रबंधन
+Name[jp]=SELinux 管理
+Name[it]=Gestione di SELinux
+Name[kn]=SELinux ವ್ಯವಸ್ಥಾಪನೆ
+Name[ko]=SELinux 관리
+Name[ml]=SELinux മാനേജ്മെന്റ്
+Name[mr]=SELinux मॅनेजमेंट
+Name[nl]=SELinux beheer
+Name[or]=SELinux ପରିଚାଳନା
+Name[pa]=SELinux ਮੈਨੇਜਮੈਂਟ
+Name[pl]=Zarządzanie SELinuksem
+Name[pt_BR]=Gerenciamento do SELinux
+Name[pt]=Gestão de SELinux
+Name[ru]=Управление SELinux
+Name[sv]=SELinux-hantering
+Name[ta]=SELinux மேலாண்மை
+Name[te]=SELinux నిర్వహణ
+Name[uk]=Керування SELinux
+Name[zh_CN]=SELinux 管理
+Name[zh_TW]=SELinux 管理
+Comment=Configure SELinux in a graphical setting
+Comment[bn_IN]=গ্রাফিক্যাল পরিবেশে SELinux কনফিগার করুন
+Comment[ca]=Configura SELinuc an mode de preferències gràfiques
+Comment[da]=Konfigurér SELinux i et grafisk miljø
+Comment[de]=SELinux in einer grafischen Einstellung konfigurieren
+Comment[es]=Defina SELinux en una configuración de interfaz gráfica
+Comment[fi]=Tee SELinuxin asetukset graafisesti
+Comment[fr]=Configure SELinux dans un environnement graphique
+Comment[gu]=ગ્રાફિકલ સુયોજનમાં SELinux ને રૂપરેખાંકિત કરો
+Comment[hi]=SELinux को आलेखी सेटिंग में विन्यस्त करें
+Comment[it]=Configura SELinux in una impostazione grafica
+Comment[jp]=グラフィカルな設定画面で SELinux を設定する
+Comment[ko]=SELinux를 그래픽 사용자 인터페이스로 설정
+Comment[kn]=SELinux ಅನ್ನು ಒಂದು ಚಿತ್ರಾತ್ಮಕ ಸಿದ್ದತೆಯಲ್ಲಿ ಸಂರಚಿಸಿ
+Comment[ml]=ഒരു ഗ്രാഫിക്കല് സജ്ജീകരണത്തില് SELinux ക്രമീകരിയ്ക്കുക
+Comment[mr]=ग्राफिकल सेटिंगमध्ये SELinux संरचीत करा
+Comment[nl]=Configureer SELinux in een grafische omgeving
+Comment[or]=SELinux କୁ ଆଲେଖିକ ସଂରଚନାରେ ବିନ୍ୟାସ କରନ୍ତୁ
+Comment[pa]=SELinux ਨੂੰ ਗਰਾਫੀਕਲ ਸੈਟਿੰਗ ਵਿੱਚ ਸੰਰਚਿਤ ਕਰੋ
+Comment[pl]=Konfiguracja SELinuksa w trybie graficznym
+Comment[pt]=Configurar o SELinux num ambiente gráfico
+Comment[pt_BR]=Configure o SELinux em uma configuração gráfica
+Comment[ru]=Настройка SELinux в графическом режиме
+Comment[sv]=Konfigurera SELinux i en grafisk miljö
+Comment[ta]=SELinuxஐ ஒரு வரைகலை அமைவில் கட்டமைக்கவும்
+Comment[te]=SELinuxను గ్రాఫికల్ అమర్పునందు ఆకృతీకరించుము
+Comment[uk]=Засіб для налаштування SELinux з графічним інтерфейсом
+Comment[zh_CN]=在图形设置中配置 SELinux
+Comment[zh_TW]=在圖形話設定中配置 SELinux
+StartupNotify=true
+Icon=system-config-selinux
+Exec=/usr/bin/system-config-selinux
+Type=Application
+Terminal=false
+Categories=System;Security;
+X-Desktop-File-Install-Version=0.2
+Keywords=policy;security;selinux;avc;permission;mac;
diff --git a/policycoreutils/gui/system-config-selinux.png b/policycoreutils/gui/system-config-selinux.png
new file mode 100644
index 0000000..68ffcb7
Binary files /dev/null and b/policycoreutils/gui/system-config-selinux.png differ
diff --git a/policycoreutils/load_policy/load_policy.8 b/policycoreutils/load_policy/load_policy.8
index f9ca36e..a86073f 100644
--- a/policycoreutils/load_policy/load_policy.8
+++ b/policycoreutils/load_policy/load_policy.8
@@ -19,7 +19,7 @@ values in the policy file.
suppress warning messages.
.TP
.B \-i
-inital policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
+initial policy load. Only use this if this is the first time policy is being loaded since boot (usually called from initramfs).
.SH "EXIT STATUS"
.TP
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
index 4963cdc..a55dbed 100644
--- a/policycoreutils/man/man5/selinux_config.5
+++ b/policycoreutils/man/man5/selinux_config.5
@@ -92,7 +92,7 @@ The binary policy name has by convention the SELinux policy version that it supp
.RS
This entry is deprecated and should be removed or set to \fI0\fR.
.sp
-If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customisation for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
+If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
.RE
.sp
.B REQUIRESEUSERS
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 8fbf2d0..4e59a06 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -547,9 +547,7 @@ static int drop_capabilities(int full)
if (!uid) return 0;
capng_setpid(getpid());
- capng_clear(CAPNG_SELECT_BOTH);
- if (capng_lock() < 0)
- return -1;
+ capng_clear(CAPNG_SELECT_CAPS);
/* Change uid */
if (setresuid(uid, uid, uid)) {
@@ -558,7 +556,7 @@ static int drop_capabilities(int full)
}
if (! full)
capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE);
- return capng_apply(CAPNG_SELECT_BOTH);
+ return capng_apply(CAPNG_SELECT_CAPS);
}
#elif defined(NAMESPACE_PRIV)
/**
@@ -576,20 +574,21 @@ static int drop_capabilities(int full)
*/
static int drop_capabilities(int full)
{
+ uid_t uid = getuid();
+ if (!uid) return 0;
+
capng_setpid(getpid());
- capng_clear(CAPNG_SELECT_BOTH);
- if (capng_lock() < 0)
- return -1;
+ capng_clear(CAPNG_SELECT_CAPS);
- uid_t uid = getuid();
/* Change uid */
if (setresuid(uid, uid, uid)) {
fprintf(stderr, _("Error changing uid, aborting.\n"));
return -1;
}
if (! full)
- capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1);
- return capng_apply(CAPNG_SELECT_BOTH);
+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_AUDIT_WRITE, -1);
+
+ return capng_apply(CAPNG_SELECT_CAPS);
}
#else
@@ -680,7 +679,7 @@ static int relabel_tty(const char *ttyn, security_context_t new_context,
security_context_t * tty_context,
security_context_t * new_tty_context)
{
- int fd;
+ int fd, rc;
int enforcing = security_getenforce();
security_context_t tty_con = NULL;
security_context_t new_tty_con = NULL;
@@ -699,7 +698,13 @@ static int relabel_tty(const char *ttyn, security_context_t new_context,
fprintf(stderr, _("Error! Could not open %s.\n"), ttyn);
return fd;
}
- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ /* this craziness is to make sure we cann't block on open and deadlock */
+ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ if (rc) {
+ fprintf(stderr, _("Error! Could not clear O_NONBLOCK on %s\n"), ttyn);
+ close(fd);
+ return rc;
+ }
if (fgetfilecon(fd, &tty_con) < 0) {
fprintf(stderr, _("%s! Could not get current context "
@@ -1010,9 +1015,9 @@ int main(int argc, char *argv[])
int fd;
pid_t childPid = 0;
char *shell_argv0 = NULL;
+ int rc;
#ifdef USE_PAM
- int rc;
int pam_status; /* pam return code */
pam_handle_t *pam_handle; /* opaque handle used by all PAM functions */
@@ -1226,15 +1231,23 @@ int main(int argc, char *argv[])
fd = open(ttyn, O_RDONLY | O_NONBLOCK);
if (fd != 0)
goto err_close_pam;
- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ if (rc)
+ goto err_close_pam;
+
fd = open(ttyn, O_RDWR | O_NONBLOCK);
if (fd != 1)
goto err_close_pam;
- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ if (rc)
+ goto err_close_pam;
+
fd = open(ttyn, O_RDWR | O_NONBLOCK);
if (fd != 2)
goto err_close_pam;
- fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
+ if (rc)
+ goto err_close_pam;
}
/*
@@ -1268,19 +1281,24 @@ int main(int argc, char *argv[])
}
#endif
- if (send_audit_message(1, old_context, new_context, ttyn))
+ if (send_audit_message(1, old_context, new_context, ttyn)) {
+ fprintf(stderr, _("Failed to send audit message"));
goto err_close_pam_session;
+ }
freecon(old_context); old_context=NULL;
freecon(new_context); new_context=NULL;
#ifdef NAMESPACE_PRIV
- if (transition_to_caller_uid())
+ if (transition_to_caller_uid()) {
+ fprintf(stderr, _("Failed to transition to namespace\n"));
goto err_close_pam_session;
+ }
#endif
- if (drop_capabilities(TRUE))
+ if (drop_capabilities(TRUE)) {
+ fprintf(stderr, _("Failed to drop capabilities %m\n"));
goto err_close_pam_session;
-
+ }
/* Handle environment changes */
if (restore_environment(preserve_environment, old_environ, &pw)) {
fprintf(stderr, _("Unable to restore the environment, "
diff --git a/policycoreutils/newrole/newrole.pamd b/policycoreutils/newrole/newrole.pamd
index d1b435c..de3582f 100644
--- a/policycoreutils/newrole/newrole.pamd
+++ b/policycoreutils/newrole/newrole.pamd
@@ -1,4 +1,6 @@
#%PAM-1.0
+# Uncomment the next line if you do not want to enter your passwd everytime
+# auth sufficient pam_rootok.so
auth include system-auth
account include system-auth
password include system-auth
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
index a377996..9c1486e 100644
--- a/policycoreutils/po/Makefile
+++ b/policycoreutils/po/Makefile
@@ -81,12 +81,16 @@ POTFILES = \
../sepolicy/sepolicy/templates/var_log.py \
../sepolicy/sepolicy/templates/var_run.py \
../sepolicy/sepolicy/templates/var_spool.py \
+ booleans.py
#default:: clean
all:: $(MOFILES)
-$(POTFILE): $(POTFILES)
+booleans.py:
+ sepolicy booleans -a > booleans.py
+
+$(POTFILE): $(POTFILES) booleans.py
$(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
@if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
rm -f $(NLSPACKAGE).po; \
@@ -95,6 +99,7 @@ $(POTFILE): $(POTFILES)
fi; \
update-po: Makefile $(POTFILE) refresh-po
+ @rm -f booleans.py
refresh-po: Makefile
for cat in $(POFILES); do \
diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po
index 961d921..16bdf77 100644
--- a/policycoreutils/po/af.po
+++ b/policycoreutils/po/af.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-01-04 12:01-0500\n"
+"POT-Creation-Date: 2013-04-08 15:08-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
@@ -24,7 +24,7 @@ msgid ""
" are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123
+#: ../run_init/run_init.c:126 ../newrole/newrole.c:1128
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
@@ -73,16 +73,16 @@ msgstr ""
msgid "authentication failed.\n"
msgstr ""
-#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257
+#: ../run_init/run_init.c:405 ../newrole/newrole.c:1270
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../audit2allow/audit2allow:232
+#: ../audit2allow/audit2allow:231
msgid "******************** IMPORTANT ***********************\n"
msgstr ""
-#: ../audit2allow/audit2allow:233
+#: ../audit2allow/audit2allow:232
msgid "To make this policy package active, execute:"
msgstr ""
@@ -169,786 +169,799 @@ msgstr ""
msgid "Customized Permissive Types"
msgstr ""
-#: ../semanage/seobject.py:412
+#: ../semanage/seobject.py:379
+msgid ""
+"The sepolgen python module is required to setup permissive domains.\n"
+"In some distributions it is included in the policycoreutils-devel patckage.\n"
+"# yum install policycoreutils-devel\n"
+"Or similar for your distro."
+msgstr ""
+
+#: ../semanage/seobject.py:416
#, python-format
msgid "Could not set permissive domain %s (module installation failed)"
msgstr ""
-#: ../semanage/seobject.py:418
+#: ../semanage/seobject.py:422
#, python-format
msgid "Could not remove permissive domain %s (remove failed)"
msgstr ""
-#: ../semanage/seobject.py:453 ../semanage/seobject.py:527
-#: ../semanage/seobject.py:573 ../semanage/seobject.py:695
-#: ../semanage/seobject.py:725 ../semanage/seobject.py:792
-#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104
-#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883
-#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025
-#: ../semanage/seobject.py:2076
+#: ../semanage/seobject.py:457 ../semanage/seobject.py:531
+#: ../semanage/seobject.py:577 ../semanage/seobject.py:699
+#: ../semanage/seobject.py:729 ../semanage/seobject.py:796
+#: ../semanage/seobject.py:853 ../semanage/seobject.py:1111
+#: ../semanage/seobject.py:1834 ../semanage/seobject.py:1897
+#: ../semanage/seobject.py:1916 ../semanage/seobject.py:2042
+#: ../semanage/seobject.py:2093
#, python-format
msgid "Could not create a key for %s"
msgstr ""
-#: ../semanage/seobject.py:457 ../semanage/seobject.py:531
-#: ../semanage/seobject.py:577 ../semanage/seobject.py:583
+#: ../semanage/seobject.py:461 ../semanage/seobject.py:535
+#: ../semanage/seobject.py:581 ../semanage/seobject.py:587
#, python-format
msgid "Could not check if login mapping for %s is defined"
msgstr ""
-#: ../semanage/seobject.py:466
+#: ../semanage/seobject.py:470
#, python-format
msgid "Linux Group %s does not exist"
msgstr ""
-#: ../semanage/seobject.py:471
+#: ../semanage/seobject.py:475
#, python-format
msgid "Linux User %s does not exist"
msgstr ""
-#: ../semanage/seobject.py:475
+#: ../semanage/seobject.py:479
#, python-format
msgid "Could not create login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:479 ../semanage/seobject.py:740
+#: ../semanage/seobject.py:483 ../semanage/seobject.py:744
#, python-format
msgid "Could not set name for %s"
msgstr ""
-#: ../semanage/seobject.py:484 ../semanage/seobject.py:750
+#: ../semanage/seobject.py:488 ../semanage/seobject.py:754
#, python-format
msgid "Could not set MLS range for %s"
msgstr ""
-#: ../semanage/seobject.py:488
+#: ../semanage/seobject.py:492
#, python-format
msgid "Could not set SELinux user for %s"
msgstr ""
-#: ../semanage/seobject.py:492
+#: ../semanage/seobject.py:496
#, python-format
msgid "Could not add login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:514
msgid "Requires seuser or serange"
msgstr ""
-#: ../semanage/seobject.py:533 ../semanage/seobject.py:579
+#: ../semanage/seobject.py:537 ../semanage/seobject.py:583
#, python-format
msgid "Login mapping for %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:537
+#: ../semanage/seobject.py:541
#, python-format
msgid "Could not query seuser for %s"
msgstr ""
-#: ../semanage/seobject.py:551
+#: ../semanage/seobject.py:555
#, python-format
msgid "Could not modify login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:585
+#: ../semanage/seobject.py:589
#, python-format
msgid "Login mapping for %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:589
+#: ../semanage/seobject.py:593
#, python-format
msgid "Could not delete login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:611 ../semanage/seobject.py:644
-#: ../semanage/seobject.py:892
+#: ../semanage/seobject.py:615 ../semanage/seobject.py:648
+#: ../semanage/seobject.py:896
msgid "Could not list login mappings"
msgstr ""
-#: ../semanage/seobject.py:672 ../semanage/seobject.py:684
+#: ../semanage/seobject.py:676 ../semanage/seobject.py:688
#: ../gui/system-config-selinux.glade:100
msgid "Login Name"
msgstr ""
-#: ../semanage/seobject.py:672 ../semanage/seobject.py:684
-#: ../semanage/seobject.py:942 ../semanage/seobject.py:947
+#: ../semanage/seobject.py:676 ../semanage/seobject.py:688
+#: ../semanage/seobject.py:946 ../semanage/seobject.py:951
#: ../gui/system-config-selinux.glade:128
#: ../gui/system-config-selinux.glade:915
#: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44
msgid "SELinux User"
msgstr ""
-#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156
+#: ../semanage/seobject.py:676 ../gui/system-config-selinux.glade:156
#: ../gui/system-config-selinux.glade:943
msgid "MLS/MCS Range"
msgstr ""
-#: ../semanage/seobject.py:672
+#: ../semanage/seobject.py:676
msgid "Service"
msgstr ""
-#: ../semanage/seobject.py:698 ../semanage/seobject.py:729
-#: ../semanage/seobject.py:796 ../semanage/seobject.py:853
-#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:702 ../semanage/seobject.py:733
+#: ../semanage/seobject.py:800 ../semanage/seobject.py:857
+#: ../semanage/seobject.py:863
#, python-format
msgid "Could not check if SELinux user %s is defined"
msgstr ""
-#: ../semanage/seobject.py:701 ../semanage/seobject.py:802
-#: ../semanage/seobject.py:865
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:806
+#: ../semanage/seobject.py:869
#, python-format
msgid "Could not query user for %s"
msgstr ""
-#: ../semanage/seobject.py:721
+#: ../semanage/seobject.py:725
#, python-format
msgid "You must add at least one role for %s"
msgstr ""
-#: ../semanage/seobject.py:736
+#: ../semanage/seobject.py:740
#, python-format
msgid "Could not create SELinux user for %s"
msgstr ""
-#: ../semanage/seobject.py:745
+#: ../semanage/seobject.py:749
#, python-format
msgid "Could not add role %s for %s"
msgstr ""
-#: ../semanage/seobject.py:754
+#: ../semanage/seobject.py:758
#, python-format
msgid "Could not set MLS level for %s"
msgstr ""
-#: ../semanage/seobject.py:757
+#: ../semanage/seobject.py:761
#, python-format
msgid "Could not add prefix %s for %s"
msgstr ""
-#: ../semanage/seobject.py:760
+#: ../semanage/seobject.py:764
#, python-format
msgid "Could not extract key for %s"
msgstr ""
-#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:768
#, python-format
msgid "Could not add SELinux user %s"
msgstr ""
-#: ../semanage/seobject.py:786
+#: ../semanage/seobject.py:790
msgid "Requires prefix, roles, level or range"
msgstr ""
-#: ../semanage/seobject.py:788
+#: ../semanage/seobject.py:792
msgid "Requires prefix or roles"
msgstr ""
-#: ../semanage/seobject.py:798 ../semanage/seobject.py:855
+#: ../semanage/seobject.py:802 ../semanage/seobject.py:859
#, python-format
msgid "SELinux user %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:827
+#: ../semanage/seobject.py:831
#, python-format
msgid "Could not modify SELinux user %s"
msgstr ""
-#: ../semanage/seobject.py:861
+#: ../semanage/seobject.py:865
#, python-format
msgid "SELinux user %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:872
+#: ../semanage/seobject.py:876
#, python-format
msgid "Could not delete SELinux user %s"
msgstr ""
-#: ../semanage/seobject.py:910
+#: ../semanage/seobject.py:914
msgid "Could not list SELinux users"
msgstr ""
-#: ../semanage/seobject.py:916
+#: ../semanage/seobject.py:920
#, python-format
msgid "Could not list roles for user %s"
msgstr ""
-#: ../semanage/seobject.py:941
+#: ../semanage/seobject.py:945
msgid "Labeling"
msgstr ""
-#: ../semanage/seobject.py:941
+#: ../semanage/seobject.py:945
msgid "MLS/"
msgstr ""
-#: ../semanage/seobject.py:942
+#: ../semanage/seobject.py:946
msgid "Prefix"
msgstr ""
-#: ../semanage/seobject.py:942
+#: ../semanage/seobject.py:946
msgid "MCS Level"
msgstr ""
-#: ../semanage/seobject.py:942
+#: ../semanage/seobject.py:946
msgid "MCS Range"
msgstr ""
-#: ../semanage/seobject.py:942 ../semanage/seobject.py:947
+#: ../semanage/seobject.py:946 ../semanage/seobject.py:951
#: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59
msgid "SELinux Roles"
msgstr ""
-#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:971
msgid "Protocol udp or tcp is required"
msgstr ""
-#: ../semanage/seobject.py:966
+#: ../semanage/seobject.py:973
msgid "Port is required"
msgstr ""
-#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:983
msgid "Invalid Port"
msgstr ""
-#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:987
#, python-format
msgid "Could not create a key for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:991
+#: ../semanage/seobject.py:998
msgid "Type is required"
msgstr ""
-#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056
-#: ../semanage/seobject.py:1814
+#: ../semanage/seobject.py:1001 ../semanage/seobject.py:1063
+#: ../semanage/seobject.py:1828
#, python-format
msgid "Type %s is invalid, must be a port type"
msgstr ""
-#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062
-#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123
+#: ../semanage/seobject.py:1007 ../semanage/seobject.py:1069
+#: ../semanage/seobject.py:1124 ../semanage/seobject.py:1130
#, python-format
msgid "Could not check if port %s/%s is defined"
msgstr ""
-#: ../semanage/seobject.py:1002
+#: ../semanage/seobject.py:1009
#, python-format
msgid "Port %s/%s already defined"
msgstr ""
-#: ../semanage/seobject.py:1006
+#: ../semanage/seobject.py:1013
#, python-format
msgid "Could not create port for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1012
+#: ../semanage/seobject.py:1019
#, python-format
msgid "Could not create context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1016
+#: ../semanage/seobject.py:1023
#, python-format
msgid "Could not set user in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1020
+#: ../semanage/seobject.py:1027
#, python-format
msgid "Could not set role in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1024
+#: ../semanage/seobject.py:1031
#, python-format
msgid "Could not set type in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1029
+#: ../semanage/seobject.py:1036
#, python-format
msgid "Could not set mls fields in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1033
+#: ../semanage/seobject.py:1040
#, python-format
msgid "Could not set port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1037
+#: ../semanage/seobject.py:1044
#, python-format
msgid "Could not add port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324
-#: ../semanage/seobject.py:1523
+#: ../semanage/seobject.py:1058 ../semanage/seobject.py:1334
+#: ../semanage/seobject.py:1533
msgid "Requires setype or serange"
msgstr ""
-#: ../semanage/seobject.py:1053
+#: ../semanage/seobject.py:1060
msgid "Requires setype"
msgstr ""
-#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119
+#: ../semanage/seobject.py:1071 ../semanage/seobject.py:1126
#, python-format
msgid "Port %s/%s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1068
+#: ../semanage/seobject.py:1075
#, python-format
msgid "Could not query port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1079
+#: ../semanage/seobject.py:1086
#, python-format
msgid "Could not modify port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1092
+#: ../semanage/seobject.py:1099
msgid "Could not list the ports"
msgstr ""
-#: ../semanage/seobject.py:1108
+#: ../semanage/seobject.py:1115
#, python-format
msgid "Could not delete the port %s"
msgstr ""
-#: ../semanage/seobject.py:1125
+#: ../semanage/seobject.py:1132
#, python-format
msgid "Port %s/%s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1129
+#: ../semanage/seobject.py:1136
#, python-format
msgid "Could not delete port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1174
msgid "Could not list ports"
msgstr ""
-#: ../semanage/seobject.py:1206
+#: ../semanage/seobject.py:1213
msgid "SELinux Port Type"
msgstr ""
-#: ../semanage/seobject.py:1206
+#: ../semanage/seobject.py:1213
msgid "Proto"
msgstr ""
-#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335
+#: ../semanage/seobject.py:1213 ../gui/system-config-selinux.glade:335
msgid "Port Number"
msgstr ""
-#: ../semanage/seobject.py:1227
+#: ../semanage/seobject.py:1237
msgid "Node Address is required"
msgstr ""
-#: ../semanage/seobject.py:1242
+#: ../semanage/seobject.py:1252
msgid "Unknown or missing protocol"
msgstr ""
-#: ../semanage/seobject.py:1256
+#: ../semanage/seobject.py:1266
msgid "SELinux node type is required"
msgstr ""
-#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327
+#: ../semanage/seobject.py:1269 ../semanage/seobject.py:1337
#, python-format
msgid "Type %s is invalid, must be a node type"
msgstr ""
-#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331
-#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465
-#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561
-#: ../semanage/seobject.py:1759
+#: ../semanage/seobject.py:1273 ../semanage/seobject.py:1341
+#: ../semanage/seobject.py:1377 ../semanage/seobject.py:1475
+#: ../semanage/seobject.py:1537 ../semanage/seobject.py:1571
+#: ../semanage/seobject.py:1773
#, python-format
msgid "Could not create key for %s"
msgstr ""
-#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335
-#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377
+#: ../semanage/seobject.py:1275 ../semanage/seobject.py:1345
+#: ../semanage/seobject.py:1381 ../semanage/seobject.py:1387
#, python-format
msgid "Could not check if addr %s is defined"
msgstr ""
-#: ../semanage/seobject.py:1274
+#: ../semanage/seobject.py:1284
#, python-format
msgid "Could not create addr for %s"
msgstr ""
-#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481
-#: ../semanage/seobject.py:1714
+#: ../semanage/seobject.py:1290 ../semanage/seobject.py:1491
+#: ../semanage/seobject.py:1728
#, python-format
msgid "Could not create context for %s"
msgstr ""
-#: ../semanage/seobject.py:1284
+#: ../semanage/seobject.py:1294
#, python-format
msgid "Could not set mask for %s"
msgstr ""
-#: ../semanage/seobject.py:1288
+#: ../semanage/seobject.py:1298
#, python-format
msgid "Could not set user in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1292
+#: ../semanage/seobject.py:1302
#, python-format
msgid "Could not set role in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1296
+#: ../semanage/seobject.py:1306
#, python-format
msgid "Could not set type in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1301
+#: ../semanage/seobject.py:1311
#, python-format
msgid "Could not set mls fields in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1305
+#: ../semanage/seobject.py:1315
#, python-format
msgid "Could not set addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1309
+#: ../semanage/seobject.py:1319
#, python-format
msgid "Could not add addr %s"
msgstr ""
-#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373
+#: ../semanage/seobject.py:1347 ../semanage/seobject.py:1383
#, python-format
msgid "Addr %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1341
+#: ../semanage/seobject.py:1351
#, python-format
msgid "Could not query addr %s"
msgstr ""
-#: ../semanage/seobject.py:1351
+#: ../semanage/seobject.py:1361
#, python-format
msgid "Could not modify addr %s"
msgstr ""
-#: ../semanage/seobject.py:1379
+#: ../semanage/seobject.py:1389
#, python-format
msgid "Addr %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1383
+#: ../semanage/seobject.py:1393
#, python-format
msgid "Could not delete addr %s"
msgstr ""
-#: ../semanage/seobject.py:1395
+#: ../semanage/seobject.py:1405
msgid "Could not deleteall node mappings"
msgstr ""
-#: ../semanage/seobject.py:1409
+#: ../semanage/seobject.py:1419
msgid "Could not list addrs"
msgstr ""
-#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752
+#: ../semanage/seobject.py:1471 ../semanage/seobject.py:1766
msgid "SELinux Type is required"
msgstr ""
-#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531
-#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571
+#: ../semanage/seobject.py:1479 ../semanage/seobject.py:1541
+#: ../semanage/seobject.py:1575 ../semanage/seobject.py:1581
#, python-format
msgid "Could not check if interface %s is defined"
msgstr ""
-#: ../semanage/seobject.py:1476
+#: ../semanage/seobject.py:1486
#, python-format
msgid "Could not create interface for %s"
msgstr ""
-#: ../semanage/seobject.py:1485
+#: ../semanage/seobject.py:1495
#, python-format
msgid "Could not set user in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1489
+#: ../semanage/seobject.py:1499
#, python-format
msgid "Could not set role in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1493
+#: ../semanage/seobject.py:1503
#, python-format
msgid "Could not set type in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1498
+#: ../semanage/seobject.py:1508
#, python-format
msgid "Could not set mls fields in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1502
+#: ../semanage/seobject.py:1512
#, python-format
msgid "Could not set interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1506
+#: ../semanage/seobject.py:1516
#, python-format
msgid "Could not set message context for %s"
msgstr ""
-#: ../semanage/seobject.py:1510
+#: ../semanage/seobject.py:1520
#, python-format
msgid "Could not add interface %s"
msgstr ""
-#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567
+#: ../semanage/seobject.py:1543 ../semanage/seobject.py:1577
#, python-format
msgid "Interface %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1537
+#: ../semanage/seobject.py:1547
#, python-format
msgid "Could not query interface %s"
msgstr ""
-#: ../semanage/seobject.py:1548
+#: ../semanage/seobject.py:1558
#, python-format
msgid "Could not modify interface %s"
msgstr ""
-#: ../semanage/seobject.py:1573
+#: ../semanage/seobject.py:1583
#, python-format
msgid "Interface %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1577
+#: ../semanage/seobject.py:1587
#, python-format
msgid "Could not delete interface %s"
msgstr ""
-#: ../semanage/seobject.py:1589
+#: ../semanage/seobject.py:1599
msgid "Could not delete all interface mappings"
msgstr ""
-#: ../semanage/seobject.py:1603
+#: ../semanage/seobject.py:1613
msgid "Could not list interfaces"
msgstr ""
-#: ../semanage/seobject.py:1628
+#: ../semanage/seobject.py:1638
msgid "SELinux Interface"
msgstr ""
-#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974
+#: ../semanage/seobject.py:1638 ../semanage/seobject.py:1988
msgid "Context"
msgstr ""
-#: ../semanage/seobject.py:1691
+#: ../semanage/seobject.py:1705
#, python-format
msgid "Equivalence class for %s already exists"
msgstr ""
-#: ../semanage/seobject.py:1697
+#: ../semanage/seobject.py:1711
#, python-format
msgid "File spec %s conflicts with equivalency rule '%s %s'"
msgstr ""
-#: ../semanage/seobject.py:1706
+#: ../semanage/seobject.py:1720
#, python-format
msgid "Equivalence class for %s does not exists"
msgstr ""
-#: ../semanage/seobject.py:1720
+#: ../semanage/seobject.py:1734
#, python-format
msgid "Could not set user in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1724
+#: ../semanage/seobject.py:1738
#, python-format
msgid "Could not set role in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789
+#: ../semanage/seobject.py:1743 ../semanage/seobject.py:1803
#, python-format
msgid "Could not set mls fields in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1735
+#: ../semanage/seobject.py:1749
msgid "Invalid file specification"
msgstr ""
-#: ../semanage/seobject.py:1737
+#: ../semanage/seobject.py:1751
msgid "File specification can not include spaces"
msgstr ""
-#: ../semanage/seobject.py:1742
+#: ../semanage/seobject.py:1756
#, python-format
msgid ""
"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead"
msgstr ""
-#: ../semanage/seobject.py:1755
+#: ../semanage/seobject.py:1769
#, python-format
msgid "Type %s is invalid, must be a file or device type"
msgstr ""
-#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768
-#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906
-#: ../semanage/seobject.py:1910
+#: ../semanage/seobject.py:1777 ../semanage/seobject.py:1782
+#: ../semanage/seobject.py:1838 ../semanage/seobject.py:1920
+#: ../semanage/seobject.py:1924
#, python-format
msgid "Could not check if file context for %s is defined"
msgstr ""
-#: ../semanage/seobject.py:1776
+#: ../semanage/seobject.py:1790
#, python-format
msgid "Could not create file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1784
+#: ../semanage/seobject.py:1798
#, python-format
msgid "Could not set type in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852
-#: ../semanage/seobject.py:1856
+#: ../semanage/seobject.py:1806 ../semanage/seobject.py:1866
+#: ../semanage/seobject.py:1870
#, python-format
msgid "Could not set file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1798
+#: ../semanage/seobject.py:1812
#, python-format
msgid "Could not add file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1812
+#: ../semanage/seobject.py:1826
msgid "Requires setype, serange or seuser"
msgstr ""
-#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914
+#: ../semanage/seobject.py:1842 ../semanage/seobject.py:1928
#, python-format
msgid "File context for %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1834
+#: ../semanage/seobject.py:1848
#, python-format
msgid "Could not query file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1860
+#: ../semanage/seobject.py:1874
#, python-format
msgid "Could not modify file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1873
+#: ../semanage/seobject.py:1887
msgid "Could not list the file contexts"
msgstr ""
-#: ../semanage/seobject.py:1887
+#: ../semanage/seobject.py:1901
#, python-format
msgid "Could not delete the file context %s"
msgstr ""
-#: ../semanage/seobject.py:1912
+#: ../semanage/seobject.py:1926
#, python-format
msgid "File context for %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1918
+#: ../semanage/seobject.py:1932
#, python-format
msgid "Could not delete file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1933
+#: ../semanage/seobject.py:1947
msgid "Could not list file contexts"
msgstr ""
-#: ../semanage/seobject.py:1937
+#: ../semanage/seobject.py:1951
msgid "Could not list local file contexts"
msgstr ""
-#: ../semanage/seobject.py:1974
+#: ../semanage/seobject.py:1988
msgid "SELinux fcontext"
msgstr ""
-#: ../semanage/seobject.py:1974
+#: ../semanage/seobject.py:1988
msgid "type"
msgstr ""
-#: ../semanage/seobject.py:1987
+#: ../semanage/seobject.py:2001
msgid ""
"\n"
"SELinux Distribution fcontext Equivalence \n"
msgstr ""
-#: ../semanage/seobject.py:1992
+#: ../semanage/seobject.py:2006
msgid ""
"\n"
"SELinux Local fcontext Equivalence \n"
msgstr ""
-#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079
-#: ../semanage/seobject.py:2085
+#: ../semanage/seobject.py:2036
+#, python-format
+msgid "Value Required for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:2045 ../semanage/seobject.py:2096
+#: ../semanage/seobject.py:2102
#, python-format
msgid "Could not check if boolean %s is defined"
msgstr ""
-#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081
+#: ../semanage/seobject.py:2047 ../semanage/seobject.py:2098
#, python-format
msgid "Boolean %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:2034
+#: ../semanage/seobject.py:2051
#, python-format
msgid "Could not query file context %s"
msgstr ""
-#: ../semanage/seobject.py:2039
+#: ../semanage/seobject.py:2056
#, python-format
msgid "You must specify one of the following values: %s"
msgstr ""
-#: ../semanage/seobject.py:2044
+#: ../semanage/seobject.py:2061
#, python-format
msgid "Could not set active value of boolean %s"
msgstr ""
-#: ../semanage/seobject.py:2047
+#: ../semanage/seobject.py:2064
#, python-format
msgid "Could not modify boolean %s"
msgstr ""
-#: ../semanage/seobject.py:2063
+#: ../semanage/seobject.py:2080
#, python-format
msgid "Bad format %s: Record %s"
msgstr ""
-#: ../semanage/seobject.py:2087
+#: ../semanage/seobject.py:2104
#, python-format
msgid "Boolean %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:2091
+#: ../semanage/seobject.py:2108
#, python-format
msgid "Could not delete boolean %s"
msgstr ""
-#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120
+#: ../semanage/seobject.py:2120 ../semanage/seobject.py:2137
msgid "Could not list booleans"
msgstr ""
-#: ../semanage/seobject.py:2155
+#: ../semanage/seobject.py:2172
msgid "off"
msgstr ""
-#: ../semanage/seobject.py:2155
+#: ../semanage/seobject.py:2172
msgid "on"
msgstr ""
-#: ../semanage/seobject.py:2169
+#: ../semanage/seobject.py:2186
msgid "SELinux boolean"
msgstr ""
-#: ../semanage/seobject.py:2169
+#: ../semanage/seobject.py:2186
msgid "State"
msgstr ""
-#: ../semanage/seobject.py:2169
+#: ../semanage/seobject.py:2186
msgid "Default"
msgstr ""
-#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113
+#: ../semanage/seobject.py:2186 ../gui/polgen.glade:113
#: ../gui/polgengui.py:269
msgid "Description"
msgstr ""
@@ -988,206 +1001,226 @@ msgstr ""
msgid "Unable to clear environment\n"
msgstr ""
-#: ../newrole/newrole.c:556 ../newrole/newrole.c:587 ../newrole/newrole.c:617
+#: ../newrole/newrole.c:554 ../newrole/newrole.c:585 ../newrole/newrole.c:616
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:612
+#: ../newrole/newrole.c:611
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:635
+#: ../newrole/newrole.c:634
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:641
+#: ../newrole/newrole.c:640
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:648
+#: ../newrole/newrole.c:647
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058
+#: ../newrole/newrole.c:691 ../newrole/newrole.c:1063
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:699
+#: ../newrole/newrole.c:698
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:705
+#: ../newrole/newrole.c:704
+#, c-format
+msgid "Error! Could not clear O_NONBLOCK on %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:715
+#: ../newrole/newrole.c:720
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:725
+#: ../newrole/newrole.c:730
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:772
+#: ../newrole/newrole.c:777
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:778
+#: ../newrole/newrole.c:783
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:835
+#: ../newrole/newrole.c:840
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:843
+#: ../newrole/newrole.c:848
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:850
+#: ../newrole/newrole.c:855
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:855
+#: ../newrole/newrole.c:860
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:865
+#: ../newrole/newrole.c:870
#, c-format
msgid "Error: you are not allowed to change levels on a non secure terminal \n"
msgstr ""
-#: ../newrole/newrole.c:891
+#: ../newrole/newrole.c:896
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:901
+#: ../newrole/newrole.c:906
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:908
+#: ../newrole/newrole.c:913
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:915
+#: ../newrole/newrole.c:920
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:925
+#: ../newrole/newrole.c:930
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:930
+#: ../newrole/newrole.c:935
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:938
+#: ../newrole/newrole.c:943
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:943
+#: ../newrole/newrole.c:948
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:950
+#: ../newrole/newrole.c:955
#, c-format
msgid "Unable to allocate memory for new_context"
msgstr ""
-#: ../newrole/newrole.c:976
+#: ../newrole/newrole.c:981
#, c-format
msgid "Unable to obtain empty signal set\n"
msgstr ""
-#: ../newrole/newrole.c:984
+#: ../newrole/newrole.c:989
#, c-format
msgid "Unable to set SIGHUP handler\n"
msgstr ""
-#: ../newrole/newrole.c:1036
+#: ../newrole/newrole.c:1041
msgid "Sorry, newrole failed to drop capabilities\n"
msgstr ""
-#: ../newrole/newrole.c:1052
+#: ../newrole/newrole.c:1057
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:1069
+#: ../newrole/newrole.c:1074
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:1076
+#: ../newrole/newrole.c:1081
#, c-format
msgid "Warning! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:1097
+#: ../newrole/newrole.c:1102
#, c-format
msgid "error on reading PAM service configuration.\n"
msgstr ""
-#: ../newrole/newrole.c:1132
+#: ../newrole/newrole.c:1137
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:1159
+#: ../newrole/newrole.c:1164
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185
+#: ../newrole/newrole.c:1167 ../newrole/newrole.c:1190
#, c-format
msgid "Unable to restore tty label...\n"
msgstr ""
-#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191
+#: ../newrole/newrole.c:1169 ../newrole/newrole.c:1196
#, c-format
msgid "Failed to close tty properly\n"
msgstr ""
-#: ../newrole/newrole.c:1223
+#: ../newrole/newrole.c:1228
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:1250
+#: ../newrole/newrole.c:1263
#, c-format
msgid "Error allocating shell's argv0.\n"
msgstr ""
-#: ../newrole/newrole.c:1286
+#: ../newrole/newrole.c:1285
+#, c-format
+msgid "Failed to send audit message"
+msgstr ""
+
+#: ../newrole/newrole.c:1293
+#, c-format
+msgid "Failed to transition to namespace\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1299
+#, c-format
+msgid "Failed to drop capabilities %m\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1304
#, c-format
msgid "Unable to restore the environment, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:1297
+#: ../newrole/newrole.c:1315
msgid "failed to exec shell\n"
msgstr ""
@@ -1414,7 +1447,7 @@ msgstr ""
msgid "Applications"
msgstr ""
-#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171
+#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:130
msgid "Standard Init Daemon"
msgstr ""
@@ -1424,7 +1457,7 @@ msgid ""
"requires a script in /etc/rc.d/init.d"
msgstr ""
-#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172
+#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:131
msgid "DBUS System Daemon"
msgstr ""
@@ -1436,7 +1469,7 @@ msgstr ""
msgid "Internet Services Daemon are daemons started by xinetd"
msgstr ""
-#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174
+#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:133
msgid "Web Application/Script (CGI)"
msgstr ""
@@ -1445,7 +1478,7 @@ msgid ""
"Web Applications/Script (CGI) CGI scripts started by the web server (apache)"
msgstr ""
-#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176
+#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:135
msgid "User Application"
msgstr ""
@@ -1455,7 +1488,7 @@ msgid ""
"started by a user"
msgstr ""
-#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175
+#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:134
msgid "Sandbox"
msgstr ""
@@ -2159,261 +2192,313 @@ msgstr ""
msgid "SELinux user '%s' is required"
msgstr ""
-#: ../sepolicy/sepolicy.py:202
+#: ../sepolicy/sepolicy.py:257
msgid "Generate SELinux man pages"
msgstr ""
-#: ../sepolicy/sepolicy.py:205
+#: ../sepolicy/sepolicy.py:260
msgid "path in which the generated SELinux man pages will be stored"
msgstr ""
-#: ../sepolicy/sepolicy.py:207
+#: ../sepolicy/sepolicy.py:262
msgid "name of the OS for man pages"
msgstr ""
-#: ../sepolicy/sepolicy.py:209
+#: ../sepolicy/sepolicy.py:264
msgid "Generate HTML man pages structure for selected SELinux man page"
msgstr ""
-#: ../sepolicy/sepolicy.py:213
+#: ../sepolicy/sepolicy.py:266
+msgid "Alternate root directory, defaults to /"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:270
msgid "All domains"
msgstr ""
-#: ../sepolicy/sepolicy.py:216
+#: ../sepolicy/sepolicy.py:273
msgid "Domain name(s) of man pages to be created"
msgstr ""
-#: ../sepolicy/sepolicy.py:221
+#: ../sepolicy/sepolicy.py:278
msgid "Query SELinux policy network information"
msgstr ""
-#: ../sepolicy/sepolicy.py:226
+#: ../sepolicy/sepolicy.py:283
msgid "list all SELinux port types"
msgstr ""
-#: ../sepolicy/sepolicy.py:229
+#: ../sepolicy/sepolicy.py:286
msgid "show SELinux type related to the port"
msgstr ""
-#: ../sepolicy/sepolicy.py:232
+#: ../sepolicy/sepolicy.py:289
msgid "Show ports defined for this SELinux type"
msgstr ""
-#: ../sepolicy/sepolicy.py:235
+#: ../sepolicy/sepolicy.py:292
msgid "show ports to which this domain can bind and/or connect"
msgstr ""
-#: ../sepolicy/sepolicy.py:250
+#: ../sepolicy/sepolicy.py:307
msgid "query SELinux policy to see if domains can communicate with each other"
msgstr ""
-#: ../sepolicy/sepolicy.py:253
+#: ../sepolicy/sepolicy.py:310
msgid "Source Domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:256
+#: ../sepolicy/sepolicy.py:313
msgid "Target Domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:276
+#: ../sepolicy/sepolicy.py:332
msgid "query SELinux Policy to see description of booleans"
msgstr ""
-#: ../sepolicy/sepolicy.py:280
+#: ../sepolicy/sepolicy.py:336
msgid "get all booleans descriptions"
msgstr ""
-#: ../sepolicy/sepolicy.py:282
+#: ../sepolicy/sepolicy.py:339
msgid "boolean to get description"
msgstr ""
-#: ../sepolicy/sepolicy.py:301
+#: ../sepolicy/sepolicy.py:349
msgid ""
"query SELinux Policy to see how a source process domain can transition to "
"the target process domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:304
+#: ../sepolicy/sepolicy.py:352
msgid "source process domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:307
+#: ../sepolicy/sepolicy.py:355
msgid "target process domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:327
+#: ../sepolicy/sepolicy.py:382
+#, python-format
+msgid "sepolicy generate: error: one of the arguments %s is required"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:387
msgid "Command required for this type of policy"
msgstr ""
-#: ../sepolicy/sepolicy.py:347
+#: ../sepolicy/sepolicy.py:398
+msgid ""
+"-t option can not be used with this option. Read usage for more details."
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:403
+msgid ""
+"-d option can not be used with this option. Read usage for more details."
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:407
+msgid ""
+"-a option can not be used with this option. Read usage for more details."
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:426
msgid "List SELinux Policy interfaces"
msgstr ""
-#: ../sepolicy/sepolicy.py:362
+#: ../sepolicy/sepolicy.py:444
msgid "Generate SELinux Policy module template"
msgstr ""
-#: ../sepolicy/sepolicy.py:365
+#: ../sepolicy/sepolicy.py:447
msgid "Enter domain type which you will be extending"
msgstr ""
-#: ../sepolicy/sepolicy.py:368
+#: ../sepolicy/sepolicy.py:450
msgid "Enter SELinux user(s) which will transition to this domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:371
+#: ../sepolicy/sepolicy.py:453
msgid "Enter domain(s) that this confined admin will administrate"
msgstr ""
-#: ../sepolicy/sepolicy.py:374
+#: ../sepolicy/sepolicy.py:456
msgid "name of policy to generate"
msgstr ""
-#: ../sepolicy/sepolicy.py:378
+#: ../sepolicy/sepolicy.py:463
msgid "path in which the generated policy files will be stored"
msgstr ""
-#: ../sepolicy/sepolicy.py:380
-msgid "executable to confine"
+#: ../sepolicy/sepolicy.py:465
+msgid "path to which the confined processes will need to write"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:466
+msgid "Policy types which require a command"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:470 ../sepolicy/sepolicy.py:473
+#: ../sepolicy/sepolicy.py:476 ../sepolicy/sepolicy.py:479
+#: ../sepolicy/sepolicy.py:482 ../sepolicy/sepolicy.py:488
+#: ../sepolicy/sepolicy.py:491 ../sepolicy/sepolicy.py:494
+#: ../sepolicy/sepolicy.py:500 ../sepolicy/sepolicy.py:503
+#: ../sepolicy/sepolicy.py:506 ../sepolicy/sepolicy.py:509
+#, python-format
+msgid "Generate '%s' policy"
msgstr ""
-#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387
-#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393
-#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399
-#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405
-#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411
-#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417
+#: ../sepolicy/sepolicy.py:497
#, python-format
-msgid "Generate Policy for %s"
+msgid "Generate '%s' policy "
msgstr ""
-#: ../sepolicy/sepolicy.py:422
+#: ../sepolicy/sepolicy.py:511
+msgid "executable to confine"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:516
msgid "commands"
msgstr ""
-#: ../sepolicy/sepolicy.py:425
+#: ../sepolicy/sepolicy.py:519
msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy"
msgstr ""
-#: ../sepolicy/sepolicy/__init__.py:48
+#: ../sepolicy/sepolicy/__init__.py:72
msgid "No SELinux Policy installed"
msgstr ""
-#: ../sepolicy/sepolicy/__init__.py:54
+#: ../sepolicy/sepolicy/__init__.py:239
#, python-format
msgid "Failed to read %s policy file"
msgstr ""
-#: ../sepolicy/sepolicy/__init__.py:127
+#: ../sepolicy/sepolicy/__init__.py:298
msgid "unknown"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:173
+#: ../sepolicy/sepolicy/generate.py:132
msgid "Internet Services Daemon"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:177
+#: ../sepolicy/sepolicy/generate.py:136
msgid "Existing Domain Type"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:178
+#: ../sepolicy/sepolicy/generate.py:137
msgid "Minimal Terminal Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:179
+#: ../sepolicy/sepolicy/generate.py:138
msgid "Minimal X Windows Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:180
+#: ../sepolicy/sepolicy/generate.py:139
msgid "Desktop Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:181
+#: ../sepolicy/sepolicy/generate.py:140
msgid "Administrator Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:182
+#: ../sepolicy/sepolicy/generate.py:141
msgid "Confined Root Administrator Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:187
+#: ../sepolicy/sepolicy/generate.py:142
+msgid "Module information for a new type"
+msgstr ""
+
+#: ../sepolicy/sepolicy/generate.py:147
msgid "Valid Types:\n"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:221
+#: ../sepolicy/sepolicy/generate.py:181
#, python-format
msgid "Ports must be numbers or ranges of numbers from 1 to %d "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:231
+#: ../sepolicy/sepolicy/generate.py:192
msgid "You must enter a valid policy type"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:234
+#: ../sepolicy/sepolicy/generate.py:195
#, python-format
msgid "You must enter a name for your policy module for your %s."
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:355
+#: ../sepolicy/sepolicy/generate.py:327
msgid ""
"Name must be alpha numberic with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:447
+#: ../sepolicy/sepolicy/generate.py:419
msgid "User Role types can not be assigned executables."
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:453
+#: ../sepolicy/sepolicy/generate.py:425
msgid "Only Daemon apps can use an init script.."
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:471
+#: ../sepolicy/sepolicy/generate.py:443
msgid "use_resolve must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:477
+#: ../sepolicy/sepolicy/generate.py:449
msgid "use_syslog must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:483
+#: ../sepolicy/sepolicy/generate.py:455
msgid "use_kerberos must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:489
+#: ../sepolicy/sepolicy/generate.py:461
msgid "manage_krb5_rcache must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:519
+#: ../sepolicy/sepolicy/generate.py:491
msgid "USER Types automatically get a tmp type"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:857
+#: ../sepolicy/sepolicy/generate.py:832
#, python-format
msgid "%s policy modules require existing domains"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1059
+#: ../sepolicy/sepolicy/generate.py:857
+msgid "Type field required"
+msgstr ""
+
+#: ../sepolicy/sepolicy/generate.py:869
+#, python-format
+msgid ""
+"You need to define a new type which ends with: \n"
+" %s"
+msgstr ""
+
+#: ../sepolicy/sepolicy/generate.py:1088
msgid "You must enter the executable path for your confined process"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1321
+#: ../sepolicy/sepolicy/generate.py:1351
msgid "Type Enforcement file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1322
+#: ../sepolicy/sepolicy/generate.py:1352
msgid "Interface file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1323
+#: ../sepolicy/sepolicy/generate.py:1353
msgid "File Contexts file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1324
+#: ../sepolicy/sepolicy/generate.py:1354
msgid "Spec file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1325
+#: ../sepolicy/sepolicy/generate.py:1355
msgid "Setup Script"
msgstr ""
@@ -2428,11 +2513,11 @@ msgid ""
msgstr ""
#: booleans.py:3
-msgid "Allow amavis to use JIT compiler"
+msgid "Allow antivirus programs to read non security files on a system"
msgstr ""
#: booleans.py:4
-msgid "Allow antivirus programs to read non security files on a system"
+msgid "Determine whether can antivirus programs use JIT compiler."
msgstr ""
#: booleans.py:5
@@ -2454,50 +2539,54 @@ msgid "Allow users to login using a yubikey server"
msgstr ""
#: booleans.py:9
-msgid "Allow awstats to purge Apache logs"
+msgid "Determine whether awstats can purge httpd log files."
msgstr ""
#: booleans.py:10
msgid ""
-"Allow cdrecord to read various content. nfs, samba, removable devices, user "
-"temp and untrusted content files"
+"Determine whether cdrecord can read various content. nfs, samba, removable "
+"devices, user temp and untrusted content files"
msgstr ""
#: booleans.py:11
-msgid "Allow clamd to use JIT compiler"
+msgid ""
+"Allow cluster administrative domains to connect to the network using TCP."
msgstr ""
#: booleans.py:12
-msgid "Allow clamscan to non security files on a system"
+msgid "Allow cluster administrative domains to manage all files on a system."
msgstr ""
#: booleans.py:13
-msgid "Allow clamscan to read user content"
+msgid ""
+"Allow cluster administrative cluster domains memcheck-amd64- to use "
+"executable memory"
msgstr ""
#: booleans.py:14
msgid ""
-"Allow Cobbler to modify public files used for public file transfer services."
+"Determine whether Cobbler can modify public files used for public file "
+"transfer services."
msgstr ""
#: booleans.py:15
-msgid "Allow Cobbler to connect to the network using TCP."
+msgid "Determine whether Cobbler can connect to the network using TCP."
msgstr ""
#: booleans.py:16
-msgid "Allow Cobbler to access cifs file systems."
+msgid "Determine whether Cobbler can access cifs file systems."
msgstr ""
#: booleans.py:17
-msgid "Allow Cobbler to access nfs file systems."
+msgid "Determine whether Cobbler can access nfs file systems."
msgstr ""
#: booleans.py:18
-msgid "Allow collectd to connect to the network using TCP."
+msgid "Determine whether collectd can connect to the network using TCP."
msgstr ""
#: booleans.py:19
-msgid "Allow codnor domain to connect to the network using TCP."
+msgid "Determine whether Condor can connect to the network using TCP."
msgstr ""
#: booleans.py:20
@@ -2506,7 +2595,7 @@ msgid ""
msgstr ""
#: booleans.py:21
-msgid "Allow cvs daemon to read shadow"
+msgid "Determine whether cvs can read shadow password files."
msgstr ""
#: booleans.py:22
@@ -2522,951 +2611,996 @@ msgid "Allow all daemons the ability to read/write terminals"
msgstr ""
#: booleans.py:25
-msgid "Allow dan to manage user files"
+msgid "Determine whether dbadm can manage generic user files."
msgstr ""
#: booleans.py:26
-msgid "Allow dan to read user files"
+msgid "Determine whether dbadm can read generic user files."
msgstr ""
#: booleans.py:27
-msgid "Allow dbadm to manage files in users home directories"
+msgid ""
+"Deny user domains applications to map a memory region as both executable and "
+"writable, this is dangerous and the executable should be reported in bugzilla"
msgstr ""
#: booleans.py:28
-msgid "Allow dbadm to read files in users home directories"
+msgid "Allow sysadm to debug or ptrace all processes."
msgstr ""
#: booleans.py:29
-msgid ""
-"Deny user domains applications to map a memory region as both executable and "
-"writable, this is dangerous and the executable should be reported in bugzilla"
+msgid "Allow dhcpc client applications to execute iptables commands"
msgstr ""
#: booleans.py:30
-msgid "Allow sysadm to debug or ptrace all processes."
+msgid "Determine whether DHCP daemon can use LDAP backends."
msgstr ""
#: booleans.py:31
-msgid "Allow dhcpc client applications to execute iptables commands"
+msgid "Allow all domains to use other domains file descriptors"
msgstr ""
#: booleans.py:32
-msgid "Allow DHCP daemon to use LDAP backends"
+msgid "Allow all domains to have the kernel load modules"
msgstr ""
#: booleans.py:33
-msgid "Allow all domains to use other domains file descriptors"
+msgid ""
+"Determine whether entropyd can use audio devices as the source for the "
+"entropy feeds."
msgstr ""
#: booleans.py:34
-msgid "Allow all domains to have the kernel load modules"
+msgid "Determine whether exim can connect to databases."
msgstr ""
#: booleans.py:35
-msgid "Allow the use of the audio devices as the source for the entropy feeds"
+msgid ""
+"Determine whether exim can create, read, write, and delete generic user "
+"content files."
msgstr ""
#: booleans.py:36
-msgid "Allow exim to connect to databases (postgres, mysql)"
+msgid "Determine whether exim can read generic user content files."
msgstr ""
#: booleans.py:37
-msgid "Allow exim to create, read, write, and delete unprivileged user files."
+msgid "Enable extra rules in the cron domain to support fcron."
msgstr ""
#: booleans.py:38
-msgid "Allow exim to read unprivileged user files."
+msgid "Determine whether fenced can connect to the TCP network."
msgstr ""
#: booleans.py:39
-msgid "Enable extra rules in the cron domain to support fcron."
+msgid "Determine whether fenced can use ssh."
msgstr ""
#: booleans.py:40
-msgid "Allow fenced domain to connect to the network using TCP."
+msgid "Allow all domains to execute in fips_mode"
msgstr ""
#: booleans.py:41
-msgid "Allow fenced domain to execute ssh."
+msgid ""
+"Determine whether ftpd can read and write files in user home directories."
msgstr ""
#: booleans.py:42
-msgid "Allow all domains to execute in fips_mode"
+msgid ""
+"Determine whether ftpd can modify public files used for public file transfer "
+"services. Directories/Files must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:43
-msgid "Allow ftp to read and write files in the user home directories"
+msgid "Determine whether ftpd can connect to all unreserved ports."
msgstr ""
#: booleans.py:44
-msgid ""
-"Allow ftp servers to upload files, used for public file transfer services. "
-"Directories must be labeled public_content_rw_t."
+msgid "Determine whether ftpd can connect to databases over the TCP network."
msgstr ""
#: booleans.py:45
-msgid "Allow ftp servers to connect to all ports > 1023"
+msgid ""
+"Determine whether ftpd can login to local users and can read and write all "
+"files on the system, governed by DAC."
msgstr ""
#: booleans.py:46
-msgid "Allow ftp servers to connect to mysql database ports"
+msgid ""
+"Determine whether ftpd can use CIFS used for public file transfer services."
msgstr ""
-#: booleans.py:47
-msgid ""
-"Allow ftp servers to login to local users and read/write all files on the "
-"system, governed by DAC."
+#: booleans.py:47 booleans.py:165
+msgid "Allow samba to export ntfs/fusefs volumes."
msgstr ""
#: booleans.py:48
-msgid "Allow ftp servers to use cifs used for public file transfer services."
+msgid ""
+"Determine whether ftpd can use NFS used for public file transfer services."
msgstr ""
#: booleans.py:49
-msgid "Allow ftp servers to use nfs used for public file transfer services."
+msgid ""
+"Determine whether ftpd can bind to all unreserved ports for passive mode."
msgstr ""
#: booleans.py:50
-msgid "Allow ftp servers to use bind to all unreserved ports for passive mode"
-msgstr ""
-
-#: booleans.py:51
msgid "Determine whether Git CGI can search home directories."
msgstr ""
-#: booleans.py:52
+#: booleans.py:51
msgid "Determine whether Git CGI can access cifs file systems."
msgstr ""
-#: booleans.py:53
+#: booleans.py:52
msgid "Determine whether Git CGI can access nfs file systems."
msgstr ""
-#: booleans.py:54
+#: booleans.py:53
msgid ""
"Determine whether Git session daemon can bind TCP sockets to all unreserved "
"ports."
msgstr ""
-#: booleans.py:55
+#: booleans.py:54
msgid ""
"Determine whether calling user domains can execute Git daemon in the "
"git_session_t domain."
msgstr ""
-#: booleans.py:56
+#: booleans.py:55
msgid "Determine whether Git system daemon can search home directories."
msgstr ""
-#: booleans.py:57
+#: booleans.py:56
msgid "Determine whether Git system daemon can access cifs file systems."
msgstr ""
-#: booleans.py:58
+#: booleans.py:57
msgid "Determine whether Git system daemon can access nfs file systems."
msgstr ""
+#: booleans.py:58
+msgid "Determine whether Gitosis can send mail."
+msgstr ""
+
#: booleans.py:59
-msgid "Allow gitisis daemon to send mail"
+msgid "Enable reading of urandom for all domains."
msgstr ""
#: booleans.py:60
-msgid "Enable reading of urandom for all domains."
+msgid ""
+"Allow glusterfsd to modify public files used for public file transfer "
+"services. Files/Directories must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:61
+msgid "Allow glusterfsd to share any file/directory read only."
+msgstr ""
+
+#: booleans.py:62
+msgid "Allow glusterfsd to share any file/directory read/write."
+msgstr ""
+
+#: booleans.py:63
msgid ""
"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-"
"agent to manage user files."
msgstr ""
-#: booleans.py:62
+#: booleans.py:64
msgid ""
"Allow gpg web domain to modify public files used for public file transfer "
"services."
msgstr ""
-#: booleans.py:63
+#: booleans.py:65
msgid "Allow gssd to read temp directory. For access to kerberos tgt."
msgstr ""
-#: booleans.py:64
+#: booleans.py:66
msgid "Allow guest to exec content"
msgstr ""
-#: booleans.py:65
+#: booleans.py:67
msgid ""
"Allow Apache to modify public files used for public file transfer services. "
"Directories/Files must be labeled public_content_rw_t."
msgstr ""
-#: booleans.py:66
+#: booleans.py:68
msgid "Allow httpd to use built in scripting (usually php)"
msgstr ""
-#: booleans.py:67
+#: booleans.py:69
msgid "Allow http daemon to check spam"
msgstr ""
-#: booleans.py:68
+#: booleans.py:70
msgid ""
"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral "
"ports"
msgstr ""
-#: booleans.py:69
+#: booleans.py:71
msgid "Allow httpd to connect to the ldap port"
msgstr ""
-#: booleans.py:70
+#: booleans.py:72
msgid "Allow http daemon to connect to zabbix"
msgstr ""
-#: booleans.py:71
+#: booleans.py:73
msgid "Allow HTTPD scripts and modules to connect to the network using TCP."
msgstr ""
-#: booleans.py:72
+#: booleans.py:74
msgid "Allow HTTPD scripts and modules to connect to cobbler over the network."
msgstr ""
-#: booleans.py:73
+#: booleans.py:75
msgid ""
"Allow HTTPD scripts and modules to connect to databases over the network."
msgstr ""
-#: booleans.py:74
+#: booleans.py:76
msgid "Allow httpd to connect to memcache server"
msgstr ""
-#: booleans.py:75
+#: booleans.py:77
msgid "Allow httpd to act as a relay"
msgstr ""
-#: booleans.py:76
+#: booleans.py:78
msgid "Allow http daemon to send mail"
msgstr ""
-#: booleans.py:77
+#: booleans.py:79
msgid "Allow Apache to communicate with avahi service via dbus"
msgstr ""
-#: booleans.py:78
+#: booleans.py:80
msgid "Allow httpd cgi support"
msgstr ""
-#: booleans.py:79
+#: booleans.py:81
msgid "Allow httpd to act as a FTP server by listening on the ftp port."
msgstr ""
-#: booleans.py:80
+#: booleans.py:82
msgid "Allow httpd to read home directories"
msgstr ""
-#: booleans.py:81
+#: booleans.py:83
msgid "Allow httpd scripts and modules execmem/execstack"
msgstr ""
-#: booleans.py:82
+#: booleans.py:84
msgid "Allow HTTPD to connect to port 80 for graceful shutdown"
msgstr ""
-#: booleans.py:83
+#: booleans.py:85
msgid "Allow httpd processes to manage IPA content"
msgstr ""
-#: booleans.py:84
+#: booleans.py:86
msgid "Allow Apache to use mod_auth_ntlm_winbind"
msgstr ""
-#: booleans.py:85
+#: booleans.py:87
msgid "Allow Apache to use mod_auth_pam"
msgstr ""
-#: booleans.py:86
+#: booleans.py:88
msgid "Allow httpd to read user content"
msgstr ""
-#: booleans.py:87
+#: booleans.py:89
msgid "Allow Apache to run in stickshift mode, not transition to passenger"
msgstr ""
-#: booleans.py:88
+#: booleans.py:90
msgid "Allow httpd daemon to change its resource limits"
msgstr ""
-#: booleans.py:89
+#: booleans.py:91
msgid ""
"Allow HTTPD to run SSI executables in the same domain as system CGI scripts."
msgstr ""
-#: booleans.py:90
+#: booleans.py:92
msgid ""
"Allow apache scripts to write to public content, directories/files must be "
"labeled public_rw_content_t."
msgstr ""
-#: booleans.py:91
+#: booleans.py:93
msgid "Allow Apache to execute tmp content."
msgstr ""
-#: booleans.py:92
+#: booleans.py:94
msgid ""
"Unify HTTPD to communicate with the terminal. Needed for entering the "
"passphrase for certificates at the terminal."
msgstr ""
-#: booleans.py:93
-msgid "Unify HTTPD handling of all content files."
-msgstr ""
-
-#: booleans.py:94
-msgid "Allow httpd to access cifs file systems"
-msgstr ""
-
#: booleans.py:95
-msgid "Allow httpd to access FUSE file systems"
+msgid "Unify HTTPD handling of all content files."
msgstr ""
#: booleans.py:96
-msgid "Allow httpd to run gpg"
+msgid "Allow httpd to access cifs file systems"
msgstr ""
#: booleans.py:97
-msgid "Allow httpd to access nfs file systems"
+msgid "Allow httpd to access FUSE file systems"
msgstr ""
#: booleans.py:98
-msgid "Allow httpd to communicate with oddjob to start up a service"
+msgid "Allow httpd to run gpg"
msgstr ""
#: booleans.py:99
-msgid "Allow httpd to access openstack ports"
+msgid "Allow httpd to access nfs file systems"
msgstr ""
#: booleans.py:100
-msgid "Allow Apache to query NS records"
+msgid "Allow httpd to communicate with oddjob to start up a service"
msgstr ""
#: booleans.py:101
-msgid "Allow icecast to connect to all ports, not just sound ports."
+msgid "Allow httpd to access openstack ports"
msgstr ""
#: booleans.py:102
-msgid ""
-"Allow the Irssi IRC Client to connect to any port, and to bind to any "
-"unreserved port."
+msgid "Allow Apache to query NS records"
msgstr ""
#: booleans.py:103
-msgid "Allow confined applications to run with kerberos."
+msgid "Determine whether icecast can listen on and connect to any TCP port."
msgstr ""
#: booleans.py:104
-msgid "Allow syslogd daemon to send mail"
+msgid ""
+"Determine whether irc clients can listen on and connect to any unreserved "
+"TCP ports."
msgstr ""
#: booleans.py:105
-msgid "Allow syslogd the ability to read/write terminals"
+msgid ""
+"Allow the Irssi IRC Client to connect to any port, and to bind to any "
+"unreserved port."
msgstr ""
#: booleans.py:106
-msgid "Allow logging in and using the system from /dev/console."
+msgid "Allow confined applications to run with kerberos."
msgstr ""
#: booleans.py:107
-msgid ""
-"Control the ability to mmap a low area of the address space, as configured "
-"by /proc/sys/kernel/mmap_min_addr."
+msgid "Allow ksmtuned to use cifs/Samba file systems"
msgstr ""
#: booleans.py:108
-msgid "Allow mock to read files in home directories."
+msgid "Allow ksmtuned to use nfs file systems"
msgstr ""
#: booleans.py:109
-msgid "Allow the mount command to mount any directory or file."
+msgid "Allow syslogd daemon to send mail"
msgstr ""
#: booleans.py:110
-msgid "Allow mozilla plugin domain to connect to the network using TCP."
+msgid "Allow syslogd the ability to read/write terminals"
msgstr ""
#: booleans.py:111
-msgid ""
-"Allow mozilla_plugins to create random content in the users home directory"
+msgid "Allow logging in and using the system from /dev/console."
msgstr ""
#: booleans.py:112
-msgid "Allow confined web browsers to read home directory content"
+msgid "Allow mailman to access FUSE file systems"
msgstr ""
#: booleans.py:113
-msgid "Allow mplayer executable stack"
+msgid "Determine whether mcelog supports client mode."
msgstr ""
#: booleans.py:114
-msgid "Allow mysqld to connect to all ports"
+msgid "Determine whether mcelog can execute scripts."
msgstr ""
#: booleans.py:115
-msgid "Allow BIND to bind apache port."
+msgid "Determine whether mcelog can use all the user ttys."
msgstr ""
#: booleans.py:116
-msgid ""
-"Allow BIND to write the master zone files. Generally this is used for "
-"dynamic DNS or zone transfers."
+msgid "Determine whether mcelog supports server mode."
msgstr ""
#: booleans.py:117
-msgid "Allow any files/directories to be exported read/only via NFS."
+msgid ""
+"Control the ability to mmap a low area of the address space, as configured "
+"by /proc/sys/kernel/mmap_min_addr."
msgstr ""
#: booleans.py:118
-msgid "Allow any files/directories to be exported read/write via NFS."
+msgid "Allow mock to read files in home directories."
msgstr ""
#: booleans.py:119
-msgid ""
-"Allow nfs servers to modify public files used for public file transfer "
-"services. Files/Directories must be labeled public_content_rw_t."
+msgid "Allow the mount command to mount any directory or file."
msgstr ""
#: booleans.py:120
-msgid "Allow system to run with NIS"
+msgid "Allow mozilla plugin domain to connect to the network using TCP."
msgstr ""
#: booleans.py:121
-msgid "Allow confined applications to use nscd shared memory."
+msgid "Allow confined web browsers to read home directory content"
msgstr ""
#: booleans.py:122
-msgid "Allow openshift to lockdown app"
+msgid "Determine whether mpd can traverse user home directories."
msgstr ""
#: booleans.py:123
-msgid "Allow openvpn to read home directories"
+msgid "Determine whether mpd can use cifs file systems."
msgstr ""
#: booleans.py:124
-msgid "Allow piranha-lvs domain to connect to the network using TCP."
+msgid "Determine whether mpd can use nfs file systems."
msgstr ""
#: booleans.py:125
-msgid "Allow polipo to connect to all ports > 1023"
+msgid "Determine whether mplayer can make its stack executable."
msgstr ""
#: booleans.py:126
-msgid ""
-"Determine whether Polipo session daemon can bind tcp sockets to all "
-"unreserved ports."
+msgid "Allow mysqld to connect to all ports"
msgstr ""
#: booleans.py:127
-msgid ""
-"Determine whether calling user domains can execute Polipo daemon in the "
-"polipo_session_t domain."
+msgid "Determine whether Bind can bind tcp socket to http ports."
msgstr ""
#: booleans.py:128
-msgid "Determine whether polipo can access cifs file systems."
+msgid ""
+"Determine whether Bind can write to master zone files. Generally this is "
+"used for dynamic DNS or zone transfers."
msgstr ""
#: booleans.py:129
-msgid "Determine whether Polipo can access nfs file systems."
+msgid "Allow any files/directories to be exported read/only via NFS."
msgstr ""
#: booleans.py:130
-msgid "Enable polyinstantiated directory support."
+msgid "Allow any files/directories to be exported read/write via NFS."
msgstr ""
#: booleans.py:131
-msgid "Allow postfix_local domain full write access to mail_spool directories"
+msgid ""
+"Allow nfs servers to modify public files used for public file transfer "
+"services. Files/Directories must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:132
-msgid "Allow postgresql to use ssh and rsync for point-in-time recovery"
+msgid "Allow system to run with NIS"
msgstr ""
#: booleans.py:133
-msgid "Allow transmit client label to foreign database"
+msgid "Allow confined applications to use nscd shared memory."
msgstr ""
#: booleans.py:134
-msgid "Allow database admins to execute DML statement"
+msgid "Allow openshift to lockdown app"
msgstr ""
#: booleans.py:135
-msgid "Allow unprivileged users to execute DDL statement"
+msgid "Determine whether openvpn can read generic user home content files."
msgstr ""
#: booleans.py:136
-msgid "Allow pppd to load kernel modules for certain modems"
+msgid "Allow piranha-lvs domain to connect to the network using TCP."
msgstr ""
#: booleans.py:137
-msgid "Allow pppd to be run for a regular user"
+msgid "Allow polipo to connect to all ports > 1023"
msgstr ""
#: booleans.py:138
msgid ""
-"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports."
+"Determine whether Polipo session daemon can bind tcp sockets to all "
+"unreserved ports."
msgstr ""
#: booleans.py:139
-msgid "Allow Puppet client to manage all file types."
+msgid ""
+"Determine whether calling user domains can execute Polipo daemon in the "
+"polipo_session_t domain."
msgstr ""
#: booleans.py:140
-msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database"
+msgid "Determine whether polipo can access cifs file systems."
msgstr ""
#: booleans.py:141
-msgid "Allow racoon to read shadow"
+msgid "Determine whether Polipo can access nfs file systems."
msgstr ""
#: booleans.py:142
-msgid "Allow rgmanager domain to connect to the network using TCP."
+msgid "Enable polyinstantiated directory support."
msgstr ""
#: booleans.py:143
-msgid ""
-"Allow rsync to modify public files used for public file transfer services. "
-"Files/Directories must be labeled public_content_rw_t."
+msgid "Allow postfix_local domain full write access to mail_spool directories"
msgstr ""
#: booleans.py:144
-msgid "Allow rsync to run as a client"
+msgid "Allow postgresql to use ssh and rsync for point-in-time recovery"
msgstr ""
#: booleans.py:145
-msgid "Allow rsync to export any files/directories read only."
+msgid "Allow transmit client label to foreign database"
msgstr ""
#: booleans.py:146
-msgid "Allow rsync servers to share cifs files systems"
+msgid "Allow database admins to execute DML statement"
msgstr ""
#: booleans.py:147
-msgid "Allow rsync servers to share nfs files systems"
+msgid "Allow unprivileged users to execute DDL statement"
msgstr ""
#: booleans.py:148
-msgid "Allow samba to create new home directories (e.g. via PAM)"
+msgid "Allow pppd to load kernel modules for certain modems"
msgstr ""
#: booleans.py:149
-msgid ""
-"Allow samba to act as the domain controller, add users, groups and change "
-"passwords."
+msgid "Allow pppd to be run for a regular user"
msgstr ""
#: booleans.py:150
-msgid "Allow samba to share users home directories."
+msgid "Determine whether privoxy can connect to all tcp ports."
msgstr ""
#: booleans.py:151
-msgid "Allow samba to share any file/directory read only."
+msgid "Allow Puppet client to manage all file types."
msgstr ""
#: booleans.py:152
-msgid "Allow samba to share any file/directory read/write."
+msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database"
msgstr ""
#: booleans.py:153
-msgid "Allow samba to act as a portmapper"
+msgid "Allow racoon to read shadow"
msgstr ""
#: booleans.py:154
-msgid "Allow samba to run unconfined scripts"
+msgid ""
+"Allow rsync to modify public files used for public file transfer services. "
+"Files/Directories must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:155
-msgid "Allow samba to export ntfs/fusefs volumes."
+msgid "Allow rsync to run as a client"
msgstr ""
#: booleans.py:156
-msgid "Allow samba to export NFS volumes."
+msgid "Allow rsync to export any files/directories read only."
msgstr ""
#: booleans.py:157
-msgid "Allow sanlock to read/write fuse files"
+msgid "Allow rsync server to manage all files/directories on the system."
msgstr ""
#: booleans.py:158
-msgid "Allow sanlock to manage nfs files"
+msgid "Allow samba to create new home directories (e.g. via PAM)"
msgstr ""
#: booleans.py:159
-msgid "Allow sanlock to manage cifs files"
+msgid ""
+"Allow samba to act as the domain controller, add users, groups and change "
+"passwords."
msgstr ""
#: booleans.py:160
-msgid "Allow sasl to read shadow"
+msgid "Allow samba to share users home directories."
msgstr ""
#: booleans.py:161
-msgid "Allow secadm to exec content"
+msgid "Allow samba to share any file/directory read only."
msgstr ""
#: booleans.py:162
+msgid "Allow samba to share any file/directory read/write."
+msgstr ""
+
+#: booleans.py:163
+msgid "Allow samba to act as a portmapper"
+msgstr ""
+
+#: booleans.py:164
+msgid "Allow samba to run unconfined scripts"
+msgstr ""
+
+#: booleans.py:166
+msgid "Allow samba to export NFS volumes."
+msgstr ""
+
+#: booleans.py:167
+msgid "Allow sanlock to read/write fuse files"
+msgstr ""
+
+#: booleans.py:168
+msgid "Allow sanlock to manage nfs files"
+msgstr ""
+
+#: booleans.py:169
+msgid "Allow sanlock to manage cifs files"
+msgstr ""
+
+#: booleans.py:170
+msgid "Allow sasl to read shadow"
+msgstr ""
+
+#: booleans.py:171
+msgid "Allow secadm to exec content"
+msgstr ""
+
+#: booleans.py:172
msgid ""
"disallow programs, such as newrole, from transitioning to administrative "
"user domains."
msgstr ""
-#: booleans.py:163
+#: booleans.py:173
msgid "Disable kernel module loading."
msgstr ""
-#: booleans.py:164
+#: booleans.py:174
msgid ""
"Boolean to determine whether the system permits loading policy, setting "
"enforcing mode, and changing boolean values. Set this to true and you have "
"to reboot to set it back."
msgstr ""
-#: booleans.py:165
+#: booleans.py:175
msgid "Allow regular users direct dri device access"
msgstr ""
-#: booleans.py:166
+#: booleans.py:176
msgid ""
"Allow unconfined executables to make their heap memory executable. Doing "
"this is a really bad idea. Probably indicates a badly coded executable, but "
"could indicate an attack. This executable should be reported in bugzilla"
msgstr ""
-#: booleans.py:167
+#: booleans.py:177
msgid ""
"Allow all unconfined executables to use libraries requiring text relocation "
"that are not labeled textrel_shlib_t"
msgstr ""
-#: booleans.py:168
+#: booleans.py:178
msgid ""
"Allow unconfined executables to make their stack executable. This should "
"never, ever be necessary. Probably indicates a badly coded executable, but "
"could indicate an attack. This executable should be reported in bugzilla"
msgstr ""
-#: booleans.py:169
+#: booleans.py:179
msgid "Allow users to connect to the local mysql server"
msgstr ""
-#: booleans.py:170
+#: booleans.py:180
msgid ""
"Allow confined users the ability to execute the ping and traceroute commands."
msgstr ""
-#: booleans.py:171
+#: booleans.py:181
msgid "Allow users to connect to PostgreSQL"
msgstr ""
-#: booleans.py:172
+#: booleans.py:182
msgid ""
"Allow user to r/w files on filesystems that do not have extended attributes "
"(FAT, CDROM, FLOPPY)"
msgstr ""
-#: booleans.py:173
+#: booleans.py:183
msgid ""
"Allow users to run TCP servers (bind to ports and accept connection from the "
"same domain and outside users) disabling this forces FTP passive mode and "
"may change other protocols."
msgstr ""
-#: booleans.py:174
+#: booleans.py:184
msgid "Allow user to use ssh chroot environment."
msgstr ""
-#: booleans.py:175
+#: booleans.py:185
msgid "Allow user music sharing"
msgstr ""
-#: booleans.py:176
+#: booleans.py:186
msgid ""
-"Allow anon internal-sftp to upload files, used for public file transfer "
-"services. Directories must be labeled public_content_rw_t."
+"Determine whether sftpd can modify public files used for public file "
+"transfer services. Directories/Files must be labeled public_content_rw_t."
msgstr ""
-#: booleans.py:177
+#: booleans.py:187
msgid ""
-"Allow sftp-internal to read and write files in the user home directories"
+"Determine whether sftpd-can read and write files in user home directories."
msgstr ""
-#: booleans.py:178
+#: booleans.py:188
msgid ""
-"Allow sftp-internal to login to local users and read/write all files on the "
-"system, governed by DAC."
+"Determine whether sftpd-can login to local users and read and write all "
+"files on the system, governed by DAC."
msgstr ""
-#: booleans.py:179
+#: booleans.py:189
msgid ""
-"Allow internal-sftp to read and write files in the user ssh home directories."
+"Determine whether sftpd can read and write files in user ssh home "
+"directories."
msgstr ""
-#: booleans.py:180
+#: booleans.py:190
msgid "Allow sge to connect to the network using any TCP port"
msgstr ""
-#: booleans.py:181
+#: booleans.py:191
msgid "Allow sge to access nfs file systems."
msgstr ""
-#: booleans.py:182
-msgid ""
-"Enable additional permissions needed to support devices on 3ware controllers."
+#: booleans.py:192
+msgid "Determine whether smartmon can support devices on 3ware controllers."
msgstr ""
-#: booleans.py:183
+#: booleans.py:193
msgid ""
"Allow samba to modify public files used for public file transfer services. "
"Files/Directories must be labeled public_content_rw_t."
msgstr ""
-#: booleans.py:184
+#: booleans.py:194
msgid "Allow user spamassassin clients to use the network."
msgstr ""
-#: booleans.py:185
+#: booleans.py:195
msgid "Allow spamd to read/write user home directories."
msgstr ""
-#: booleans.py:186
-msgid ""
-"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports."
+#: booleans.py:196
+msgid "Determine whether squid can connect to all TCP ports."
msgstr ""
-#: booleans.py:187
-msgid "Allow squid to run as a transparent proxy (TPROXY)"
+#: booleans.py:197
+msgid "Determine whether squid can run as a transparent proxy."
msgstr ""
-#: booleans.py:188
+#: booleans.py:198
msgid ""
"Allow ssh with chroot env to read and write files in the user home "
"directories"
msgstr ""
-#: booleans.py:189
+#: booleans.py:199
msgid "allow host key based authentication"
msgstr ""
-#: booleans.py:190
+#: booleans.py:200
msgid "Allow ssh logins as sysadm_r:sysadm_t"
msgstr ""
-#: booleans.py:191
+#: booleans.py:201
msgid "Allow staff to exec content"
msgstr ""
-#: booleans.py:192
+#: booleans.py:202
msgid "allow staff user to create and transition to svirt domains."
msgstr ""
-#: booleans.py:193
+#: booleans.py:203
msgid "Allow sysadm to exec content"
msgstr ""
-#: booleans.py:194
+#: booleans.py:204
msgid "Allow the Telepathy connection managers to connect to any network port."
msgstr ""
-#: booleans.py:195
+#: booleans.py:205
msgid ""
"Allow the Telepathy connection managers to connect to any generic TCP port."
msgstr ""
-#: booleans.py:196
+#: booleans.py:206
msgid ""
"Allow tftp to modify public files used for public file transfer services."
msgstr ""
-#: booleans.py:197
+#: booleans.py:207
msgid "Allow tftp to read and write files in the user home directories"
msgstr ""
-#: booleans.py:198
-msgid "Allow tor daemon to bind tcp sockets to all unreserved ports."
+#: booleans.py:208
+msgid "Determine whether tor can bind tcp sockets to all unreserved ports."
msgstr ""
-#: booleans.py:199
+#: booleans.py:209
msgid "Allow tor to act as a relay"
msgstr ""
-#: booleans.py:200
+#: booleans.py:210
msgid ""
"allow unconfined users to transition to the chrome sandbox domains when "
"running chrome-sandbox"
msgstr ""
-#: booleans.py:201
+#: booleans.py:211
msgid "Allow a user to login as an unconfined domain"
msgstr ""
-#: booleans.py:202
+#: booleans.py:212
msgid ""
"Allow unconfined users to transition to the Mozilla plugin domain when "
"running xulrunner plugin-container."
msgstr ""
-#: booleans.py:203
+#: booleans.py:213
msgid "Allow video playing tools to run unconfined"
msgstr ""
-#: booleans.py:204
+#: booleans.py:214
msgid "Allow unprivledged user to create and transition to svirt domains."
msgstr ""
-#: booleans.py:205
+#: booleans.py:215
msgid "Support ecryptfs home directories"
msgstr ""
-#: booleans.py:206
+#: booleans.py:216
msgid "Support fusefs home directories"
msgstr ""
-#: booleans.py:207
-msgid "Use lpd server instead of cups"
+#: booleans.py:217
+msgid "Determine whether to support lpd server."
msgstr ""
-#: booleans.py:208
+#: booleans.py:218
msgid "Support NFS home directories"
msgstr ""
-#: booleans.py:209
+#: booleans.py:219
msgid "Support SAMBA home directories"
msgstr ""
-#: booleans.py:210
+#: booleans.py:220
msgid "Allow user to exec content"
msgstr ""
-#: booleans.py:211
-msgid "Allow varnishd to connect to all ports, not just HTTP."
+#: booleans.py:221
+msgid "Determine whether varnishd can use the full TCP network."
msgstr ""
-#: booleans.py:212
-msgid "Ignore vbetool mmap_zero errors."
+#: booleans.py:222
+msgid ""
+"Determine whether attempts by vbetool to mmap low regions should be silently "
+"blocked."
msgstr ""
-#: booleans.py:213
+#: booleans.py:223
msgid ""
"Allow confined virtual guests to use serial/parallel communication ports"
msgstr ""
-#: booleans.py:214
+#: booleans.py:224
msgid ""
"Allow confined virtual guests to use executable memory and executable stack"
msgstr ""
-#: booleans.py:215
+#: booleans.py:225
msgid "Allow confined virtual guests to read fuse files"
msgstr ""
-#: booleans.py:216
+#: booleans.py:226
msgid "Allow confined virtual guests to manage nfs files"
msgstr ""
-#: booleans.py:217
+#: booleans.py:227
msgid "Allow confined virtual guests to interact with rawip sockets"
msgstr ""
-#: booleans.py:218
+#: booleans.py:228
msgid "Allow confined virtual guests to manage cifs files"
msgstr ""
-#: booleans.py:219
+#: booleans.py:229
msgid "Allow confined virtual guests to interact with the sanlock"
msgstr ""
-#: booleans.py:220
-msgid "Allow confined virtual guests to manage device configuration, (pci)"
-msgstr ""
-
-#: booleans.py:221
+#: booleans.py:230
msgid "Allow confined virtual guests to use usb devices"
msgstr ""
-#: booleans.py:222
+#: booleans.py:231
msgid "Allow confined virtual guests to interact with the xserver"
msgstr ""
-#: booleans.py:223
-msgid "Allow webadm to manage files in users home directories"
+#: booleans.py:232
+msgid "Determine whether webadm can manage generic user files."
msgstr ""
-#: booleans.py:224
-msgid "Allow webadm to read files in users home directories"
+#: booleans.py:233
+msgid "Determine whether webadm can read generic user files."
msgstr ""
-#: booleans.py:225
-msgid "Ignore wine mmap_zero errors."
+#: booleans.py:234
+msgid ""
+"Determine whether attempts by wine to mmap low regions should be silently "
+"blocked."
msgstr ""
-#: booleans.py:226
+#: booleans.py:235
msgid "Allow the graphical login program to execute bootloader"
msgstr ""
-#: booleans.py:227
+#: booleans.py:236
msgid ""
"Allow the graphical login program to login directly as sysadm_r:sysadm_t"
msgstr ""
-#: booleans.py:228
+#: booleans.py:237
msgid "Allow xen to manage nfs files"
msgstr ""
-#: booleans.py:229
+#: booleans.py:238
msgid ""
"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated "
"logical volumes for disk images."
msgstr ""
-#: booleans.py:230
+#: booleans.py:239
msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb."
msgstr ""
-#: booleans.py:231
+#: booleans.py:240
msgid ""
"Allow xguest users to configure Network Manager and connect to apache ports"
msgstr ""
-#: booleans.py:232
+#: booleans.py:241
msgid "Allow xguest to exec content"
msgstr ""
-#: booleans.py:233
+#: booleans.py:242
msgid "Allow xguest users to mount removable media"
msgstr ""
-#: booleans.py:234
+#: booleans.py:243
msgid "Allow xguest to use blue tooth devices"
msgstr ""
-#: booleans.py:235
+#: booleans.py:244
msgid "Allows clients to write to the X server shared memory segments."
msgstr ""
-#: booleans.py:236
+#: booleans.py:245
msgid "Allows XServer to execute writable memory"
msgstr ""
-#: booleans.py:237
+#: booleans.py:246
msgid "Support X userspace object manager"
msgstr ""
-#: booleans.py:238
-msgid "Allow zabbix to connect to unreserved ports"
+#: booleans.py:247
+msgid "Determine whether zabbix can connect to all TCP ports"
msgstr ""
-#: booleans.py:239
+#: booleans.py:248
msgid "Allow zebra daemon to write it configuration files"
msgstr ""
-#: booleans.py:240
+#: booleans.py:249
msgid ""
"Allow ZoneMinder to modify public files used for public file transfer "
"services."
diff --git a/policycoreutils/po/am.po b/policycoreutils/po/am.po
index 961d921..16bdf77 100644
--- a/policycoreutils/po/am.po
+++ b/policycoreutils/po/am.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-01-04 12:01-0500\n"
+"POT-Creation-Date: 2013-04-08 15:08-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME \n"
"Language-Team: LANGUAGE \n"
@@ -24,7 +24,7 @@ msgid ""
" are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:126 ../newrole/newrole.c:1123
+#: ../run_init/run_init.c:126 ../newrole/newrole.c:1128
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
@@ -73,16 +73,16 @@ msgstr ""
msgid "authentication failed.\n"
msgstr ""
-#: ../run_init/run_init.c:405 ../newrole/newrole.c:1257
+#: ../run_init/run_init.c:405 ../newrole/newrole.c:1270
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../audit2allow/audit2allow:232
+#: ../audit2allow/audit2allow:231
msgid "******************** IMPORTANT ***********************\n"
msgstr ""
-#: ../audit2allow/audit2allow:233
+#: ../audit2allow/audit2allow:232
msgid "To make this policy package active, execute:"
msgstr ""
@@ -169,786 +169,799 @@ msgstr ""
msgid "Customized Permissive Types"
msgstr ""
-#: ../semanage/seobject.py:412
+#: ../semanage/seobject.py:379
+msgid ""
+"The sepolgen python module is required to setup permissive domains.\n"
+"In some distributions it is included in the policycoreutils-devel patckage.\n"
+"# yum install policycoreutils-devel\n"
+"Or similar for your distro."
+msgstr ""
+
+#: ../semanage/seobject.py:416
#, python-format
msgid "Could not set permissive domain %s (module installation failed)"
msgstr ""
-#: ../semanage/seobject.py:418
+#: ../semanage/seobject.py:422
#, python-format
msgid "Could not remove permissive domain %s (remove failed)"
msgstr ""
-#: ../semanage/seobject.py:453 ../semanage/seobject.py:527
-#: ../semanage/seobject.py:573 ../semanage/seobject.py:695
-#: ../semanage/seobject.py:725 ../semanage/seobject.py:792
-#: ../semanage/seobject.py:849 ../semanage/seobject.py:1104
-#: ../semanage/seobject.py:1820 ../semanage/seobject.py:1883
-#: ../semanage/seobject.py:1902 ../semanage/seobject.py:2025
-#: ../semanage/seobject.py:2076
+#: ../semanage/seobject.py:457 ../semanage/seobject.py:531
+#: ../semanage/seobject.py:577 ../semanage/seobject.py:699
+#: ../semanage/seobject.py:729 ../semanage/seobject.py:796
+#: ../semanage/seobject.py:853 ../semanage/seobject.py:1111
+#: ../semanage/seobject.py:1834 ../semanage/seobject.py:1897
+#: ../semanage/seobject.py:1916 ../semanage/seobject.py:2042
+#: ../semanage/seobject.py:2093
#, python-format
msgid "Could not create a key for %s"
msgstr ""
-#: ../semanage/seobject.py:457 ../semanage/seobject.py:531
-#: ../semanage/seobject.py:577 ../semanage/seobject.py:583
+#: ../semanage/seobject.py:461 ../semanage/seobject.py:535
+#: ../semanage/seobject.py:581 ../semanage/seobject.py:587
#, python-format
msgid "Could not check if login mapping for %s is defined"
msgstr ""
-#: ../semanage/seobject.py:466
+#: ../semanage/seobject.py:470
#, python-format
msgid "Linux Group %s does not exist"
msgstr ""
-#: ../semanage/seobject.py:471
+#: ../semanage/seobject.py:475
#, python-format
msgid "Linux User %s does not exist"
msgstr ""
-#: ../semanage/seobject.py:475
+#: ../semanage/seobject.py:479
#, python-format
msgid "Could not create login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:479 ../semanage/seobject.py:740
+#: ../semanage/seobject.py:483 ../semanage/seobject.py:744
#, python-format
msgid "Could not set name for %s"
msgstr ""
-#: ../semanage/seobject.py:484 ../semanage/seobject.py:750
+#: ../semanage/seobject.py:488 ../semanage/seobject.py:754
#, python-format
msgid "Could not set MLS range for %s"
msgstr ""
-#: ../semanage/seobject.py:488
+#: ../semanage/seobject.py:492
#, python-format
msgid "Could not set SELinux user for %s"
msgstr ""
-#: ../semanage/seobject.py:492
+#: ../semanage/seobject.py:496
#, python-format
msgid "Could not add login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:510
+#: ../semanage/seobject.py:514
msgid "Requires seuser or serange"
msgstr ""
-#: ../semanage/seobject.py:533 ../semanage/seobject.py:579
+#: ../semanage/seobject.py:537 ../semanage/seobject.py:583
#, python-format
msgid "Login mapping for %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:537
+#: ../semanage/seobject.py:541
#, python-format
msgid "Could not query seuser for %s"
msgstr ""
-#: ../semanage/seobject.py:551
+#: ../semanage/seobject.py:555
#, python-format
msgid "Could not modify login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:585
+#: ../semanage/seobject.py:589
#, python-format
msgid "Login mapping for %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:589
+#: ../semanage/seobject.py:593
#, python-format
msgid "Could not delete login mapping for %s"
msgstr ""
-#: ../semanage/seobject.py:611 ../semanage/seobject.py:644
-#: ../semanage/seobject.py:892
+#: ../semanage/seobject.py:615 ../semanage/seobject.py:648
+#: ../semanage/seobject.py:896
msgid "Could not list login mappings"
msgstr ""
-#: ../semanage/seobject.py:672 ../semanage/seobject.py:684
+#: ../semanage/seobject.py:676 ../semanage/seobject.py:688
#: ../gui/system-config-selinux.glade:100
msgid "Login Name"
msgstr ""
-#: ../semanage/seobject.py:672 ../semanage/seobject.py:684
-#: ../semanage/seobject.py:942 ../semanage/seobject.py:947
+#: ../semanage/seobject.py:676 ../semanage/seobject.py:688
+#: ../semanage/seobject.py:946 ../semanage/seobject.py:951
#: ../gui/system-config-selinux.glade:128
#: ../gui/system-config-selinux.glade:915
#: ../gui/system-config-selinux.glade:2285 ../gui/usersPage.py:44
msgid "SELinux User"
msgstr ""
-#: ../semanage/seobject.py:672 ../gui/system-config-selinux.glade:156
+#: ../semanage/seobject.py:676 ../gui/system-config-selinux.glade:156
#: ../gui/system-config-selinux.glade:943
msgid "MLS/MCS Range"
msgstr ""
-#: ../semanage/seobject.py:672
+#: ../semanage/seobject.py:676
msgid "Service"
msgstr ""
-#: ../semanage/seobject.py:698 ../semanage/seobject.py:729
-#: ../semanage/seobject.py:796 ../semanage/seobject.py:853
-#: ../semanage/seobject.py:859
+#: ../semanage/seobject.py:702 ../semanage/seobject.py:733
+#: ../semanage/seobject.py:800 ../semanage/seobject.py:857
+#: ../semanage/seobject.py:863
#, python-format
msgid "Could not check if SELinux user %s is defined"
msgstr ""
-#: ../semanage/seobject.py:701 ../semanage/seobject.py:802
-#: ../semanage/seobject.py:865
+#: ../semanage/seobject.py:705 ../semanage/seobject.py:806
+#: ../semanage/seobject.py:869
#, python-format
msgid "Could not query user for %s"
msgstr ""
-#: ../semanage/seobject.py:721
+#: ../semanage/seobject.py:725
#, python-format
msgid "You must add at least one role for %s"
msgstr ""
-#: ../semanage/seobject.py:736
+#: ../semanage/seobject.py:740
#, python-format
msgid "Could not create SELinux user for %s"
msgstr ""
-#: ../semanage/seobject.py:745
+#: ../semanage/seobject.py:749
#, python-format
msgid "Could not add role %s for %s"
msgstr ""
-#: ../semanage/seobject.py:754
+#: ../semanage/seobject.py:758
#, python-format
msgid "Could not set MLS level for %s"
msgstr ""
-#: ../semanage/seobject.py:757
+#: ../semanage/seobject.py:761
#, python-format
msgid "Could not add prefix %s for %s"
msgstr ""
-#: ../semanage/seobject.py:760
+#: ../semanage/seobject.py:764
#, python-format
msgid "Could not extract key for %s"
msgstr ""
-#: ../semanage/seobject.py:764
+#: ../semanage/seobject.py:768
#, python-format
msgid "Could not add SELinux user %s"
msgstr ""
-#: ../semanage/seobject.py:786
+#: ../semanage/seobject.py:790
msgid "Requires prefix, roles, level or range"
msgstr ""
-#: ../semanage/seobject.py:788
+#: ../semanage/seobject.py:792
msgid "Requires prefix or roles"
msgstr ""
-#: ../semanage/seobject.py:798 ../semanage/seobject.py:855
+#: ../semanage/seobject.py:802 ../semanage/seobject.py:859
#, python-format
msgid "SELinux user %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:827
+#: ../semanage/seobject.py:831
#, python-format
msgid "Could not modify SELinux user %s"
msgstr ""
-#: ../semanage/seobject.py:861
+#: ../semanage/seobject.py:865
#, python-format
msgid "SELinux user %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:872
+#: ../semanage/seobject.py:876
#, python-format
msgid "Could not delete SELinux user %s"
msgstr ""
-#: ../semanage/seobject.py:910
+#: ../semanage/seobject.py:914
msgid "Could not list SELinux users"
msgstr ""
-#: ../semanage/seobject.py:916
+#: ../semanage/seobject.py:920
#, python-format
msgid "Could not list roles for user %s"
msgstr ""
-#: ../semanage/seobject.py:941
+#: ../semanage/seobject.py:945
msgid "Labeling"
msgstr ""
-#: ../semanage/seobject.py:941
+#: ../semanage/seobject.py:945
msgid "MLS/"
msgstr ""
-#: ../semanage/seobject.py:942
+#: ../semanage/seobject.py:946
msgid "Prefix"
msgstr ""
-#: ../semanage/seobject.py:942
+#: ../semanage/seobject.py:946
msgid "MCS Level"
msgstr ""
-#: ../semanage/seobject.py:942
+#: ../semanage/seobject.py:946
msgid "MCS Range"
msgstr ""
-#: ../semanage/seobject.py:942 ../semanage/seobject.py:947
+#: ../semanage/seobject.py:946 ../semanage/seobject.py:951
#: ../gui/system-config-selinux.glade:992 ../gui/usersPage.py:59
msgid "SELinux Roles"
msgstr ""
-#: ../semanage/seobject.py:964
+#: ../semanage/seobject.py:971
msgid "Protocol udp or tcp is required"
msgstr ""
-#: ../semanage/seobject.py:966
+#: ../semanage/seobject.py:973
msgid "Port is required"
msgstr ""
-#: ../semanage/seobject.py:976
+#: ../semanage/seobject.py:983
msgid "Invalid Port"
msgstr ""
-#: ../semanage/seobject.py:980
+#: ../semanage/seobject.py:987
#, python-format
msgid "Could not create a key for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:991
+#: ../semanage/seobject.py:998
msgid "Type is required"
msgstr ""
-#: ../semanage/seobject.py:994 ../semanage/seobject.py:1056
-#: ../semanage/seobject.py:1814
+#: ../semanage/seobject.py:1001 ../semanage/seobject.py:1063
+#: ../semanage/seobject.py:1828
#, python-format
msgid "Type %s is invalid, must be a port type"
msgstr ""
-#: ../semanage/seobject.py:1000 ../semanage/seobject.py:1062
-#: ../semanage/seobject.py:1117 ../semanage/seobject.py:1123
+#: ../semanage/seobject.py:1007 ../semanage/seobject.py:1069
+#: ../semanage/seobject.py:1124 ../semanage/seobject.py:1130
#, python-format
msgid "Could not check if port %s/%s is defined"
msgstr ""
-#: ../semanage/seobject.py:1002
+#: ../semanage/seobject.py:1009
#, python-format
msgid "Port %s/%s already defined"
msgstr ""
-#: ../semanage/seobject.py:1006
+#: ../semanage/seobject.py:1013
#, python-format
msgid "Could not create port for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1012
+#: ../semanage/seobject.py:1019
#, python-format
msgid "Could not create context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1016
+#: ../semanage/seobject.py:1023
#, python-format
msgid "Could not set user in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1020
+#: ../semanage/seobject.py:1027
#, python-format
msgid "Could not set role in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1024
+#: ../semanage/seobject.py:1031
#, python-format
msgid "Could not set type in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1029
+#: ../semanage/seobject.py:1036
#, python-format
msgid "Could not set mls fields in port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1033
+#: ../semanage/seobject.py:1040
#, python-format
msgid "Could not set port context for %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1037
+#: ../semanage/seobject.py:1044
#, python-format
msgid "Could not add port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1051 ../semanage/seobject.py:1324
-#: ../semanage/seobject.py:1523
+#: ../semanage/seobject.py:1058 ../semanage/seobject.py:1334
+#: ../semanage/seobject.py:1533
msgid "Requires setype or serange"
msgstr ""
-#: ../semanage/seobject.py:1053
+#: ../semanage/seobject.py:1060
msgid "Requires setype"
msgstr ""
-#: ../semanage/seobject.py:1064 ../semanage/seobject.py:1119
+#: ../semanage/seobject.py:1071 ../semanage/seobject.py:1126
#, python-format
msgid "Port %s/%s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1068
+#: ../semanage/seobject.py:1075
#, python-format
msgid "Could not query port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1079
+#: ../semanage/seobject.py:1086
#, python-format
msgid "Could not modify port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1092
+#: ../semanage/seobject.py:1099
msgid "Could not list the ports"
msgstr ""
-#: ../semanage/seobject.py:1108
+#: ../semanage/seobject.py:1115
#, python-format
msgid "Could not delete the port %s"
msgstr ""
-#: ../semanage/seobject.py:1125
+#: ../semanage/seobject.py:1132
#, python-format
msgid "Port %s/%s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1129
+#: ../semanage/seobject.py:1136
#, python-format
msgid "Could not delete port %s/%s"
msgstr ""
-#: ../semanage/seobject.py:1145 ../semanage/seobject.py:1167
+#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1174
msgid "Could not list ports"
msgstr ""
-#: ../semanage/seobject.py:1206
+#: ../semanage/seobject.py:1213
msgid "SELinux Port Type"
msgstr ""
-#: ../semanage/seobject.py:1206
+#: ../semanage/seobject.py:1213
msgid "Proto"
msgstr ""
-#: ../semanage/seobject.py:1206 ../gui/system-config-selinux.glade:335
+#: ../semanage/seobject.py:1213 ../gui/system-config-selinux.glade:335
msgid "Port Number"
msgstr ""
-#: ../semanage/seobject.py:1227
+#: ../semanage/seobject.py:1237
msgid "Node Address is required"
msgstr ""
-#: ../semanage/seobject.py:1242
+#: ../semanage/seobject.py:1252
msgid "Unknown or missing protocol"
msgstr ""
-#: ../semanage/seobject.py:1256
+#: ../semanage/seobject.py:1266
msgid "SELinux node type is required"
msgstr ""
-#: ../semanage/seobject.py:1259 ../semanage/seobject.py:1327
+#: ../semanage/seobject.py:1269 ../semanage/seobject.py:1337
#, python-format
msgid "Type %s is invalid, must be a node type"
msgstr ""
-#: ../semanage/seobject.py:1263 ../semanage/seobject.py:1331
-#: ../semanage/seobject.py:1367 ../semanage/seobject.py:1465
-#: ../semanage/seobject.py:1527 ../semanage/seobject.py:1561
-#: ../semanage/seobject.py:1759
+#: ../semanage/seobject.py:1273 ../semanage/seobject.py:1341
+#: ../semanage/seobject.py:1377 ../semanage/seobject.py:1475
+#: ../semanage/seobject.py:1537 ../semanage/seobject.py:1571
+#: ../semanage/seobject.py:1773
#, python-format
msgid "Could not create key for %s"
msgstr ""
-#: ../semanage/seobject.py:1265 ../semanage/seobject.py:1335
-#: ../semanage/seobject.py:1371 ../semanage/seobject.py:1377
+#: ../semanage/seobject.py:1275 ../semanage/seobject.py:1345
+#: ../semanage/seobject.py:1381 ../semanage/seobject.py:1387
#, python-format
msgid "Could not check if addr %s is defined"
msgstr ""
-#: ../semanage/seobject.py:1274
+#: ../semanage/seobject.py:1284
#, python-format
msgid "Could not create addr for %s"
msgstr ""
-#: ../semanage/seobject.py:1280 ../semanage/seobject.py:1481
-#: ../semanage/seobject.py:1714
+#: ../semanage/seobject.py:1290 ../semanage/seobject.py:1491
+#: ../semanage/seobject.py:1728
#, python-format
msgid "Could not create context for %s"
msgstr ""
-#: ../semanage/seobject.py:1284
+#: ../semanage/seobject.py:1294
#, python-format
msgid "Could not set mask for %s"
msgstr ""
-#: ../semanage/seobject.py:1288
+#: ../semanage/seobject.py:1298
#, python-format
msgid "Could not set user in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1292
+#: ../semanage/seobject.py:1302
#, python-format
msgid "Could not set role in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1296
+#: ../semanage/seobject.py:1306
#, python-format
msgid "Could not set type in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1301
+#: ../semanage/seobject.py:1311
#, python-format
msgid "Could not set mls fields in addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1305
+#: ../semanage/seobject.py:1315
#, python-format
msgid "Could not set addr context for %s"
msgstr ""
-#: ../semanage/seobject.py:1309
+#: ../semanage/seobject.py:1319
#, python-format
msgid "Could not add addr %s"
msgstr ""
-#: ../semanage/seobject.py:1337 ../semanage/seobject.py:1373
+#: ../semanage/seobject.py:1347 ../semanage/seobject.py:1383
#, python-format
msgid "Addr %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1341
+#: ../semanage/seobject.py:1351
#, python-format
msgid "Could not query addr %s"
msgstr ""
-#: ../semanage/seobject.py:1351
+#: ../semanage/seobject.py:1361
#, python-format
msgid "Could not modify addr %s"
msgstr ""
-#: ../semanage/seobject.py:1379
+#: ../semanage/seobject.py:1389
#, python-format
msgid "Addr %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1383
+#: ../semanage/seobject.py:1393
#, python-format
msgid "Could not delete addr %s"
msgstr ""
-#: ../semanage/seobject.py:1395
+#: ../semanage/seobject.py:1405
msgid "Could not deleteall node mappings"
msgstr ""
-#: ../semanage/seobject.py:1409
+#: ../semanage/seobject.py:1419
msgid "Could not list addrs"
msgstr ""
-#: ../semanage/seobject.py:1461 ../semanage/seobject.py:1752
+#: ../semanage/seobject.py:1471 ../semanage/seobject.py:1766
msgid "SELinux Type is required"
msgstr ""
-#: ../semanage/seobject.py:1469 ../semanage/seobject.py:1531
-#: ../semanage/seobject.py:1565 ../semanage/seobject.py:1571
+#: ../semanage/seobject.py:1479 ../semanage/seobject.py:1541
+#: ../semanage/seobject.py:1575 ../semanage/seobject.py:1581
#, python-format
msgid "Could not check if interface %s is defined"
msgstr ""
-#: ../semanage/seobject.py:1476
+#: ../semanage/seobject.py:1486
#, python-format
msgid "Could not create interface for %s"
msgstr ""
-#: ../semanage/seobject.py:1485
+#: ../semanage/seobject.py:1495
#, python-format
msgid "Could not set user in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1489
+#: ../semanage/seobject.py:1499
#, python-format
msgid "Could not set role in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1493
+#: ../semanage/seobject.py:1503
#, python-format
msgid "Could not set type in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1498
+#: ../semanage/seobject.py:1508
#, python-format
msgid "Could not set mls fields in interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1502
+#: ../semanage/seobject.py:1512
#, python-format
msgid "Could not set interface context for %s"
msgstr ""
-#: ../semanage/seobject.py:1506
+#: ../semanage/seobject.py:1516
#, python-format
msgid "Could not set message context for %s"
msgstr ""
-#: ../semanage/seobject.py:1510
+#: ../semanage/seobject.py:1520
#, python-format
msgid "Could not add interface %s"
msgstr ""
-#: ../semanage/seobject.py:1533 ../semanage/seobject.py:1567
+#: ../semanage/seobject.py:1543 ../semanage/seobject.py:1577
#, python-format
msgid "Interface %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1537
+#: ../semanage/seobject.py:1547
#, python-format
msgid "Could not query interface %s"
msgstr ""
-#: ../semanage/seobject.py:1548
+#: ../semanage/seobject.py:1558
#, python-format
msgid "Could not modify interface %s"
msgstr ""
-#: ../semanage/seobject.py:1573
+#: ../semanage/seobject.py:1583
#, python-format
msgid "Interface %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1577
+#: ../semanage/seobject.py:1587
#, python-format
msgid "Could not delete interface %s"
msgstr ""
-#: ../semanage/seobject.py:1589
+#: ../semanage/seobject.py:1599
msgid "Could not delete all interface mappings"
msgstr ""
-#: ../semanage/seobject.py:1603
+#: ../semanage/seobject.py:1613
msgid "Could not list interfaces"
msgstr ""
-#: ../semanage/seobject.py:1628
+#: ../semanage/seobject.py:1638
msgid "SELinux Interface"
msgstr ""
-#: ../semanage/seobject.py:1628 ../semanage/seobject.py:1974
+#: ../semanage/seobject.py:1638 ../semanage/seobject.py:1988
msgid "Context"
msgstr ""
-#: ../semanage/seobject.py:1691
+#: ../semanage/seobject.py:1705
#, python-format
msgid "Equivalence class for %s already exists"
msgstr ""
-#: ../semanage/seobject.py:1697
+#: ../semanage/seobject.py:1711
#, python-format
msgid "File spec %s conflicts with equivalency rule '%s %s'"
msgstr ""
-#: ../semanage/seobject.py:1706
+#: ../semanage/seobject.py:1720
#, python-format
msgid "Equivalence class for %s does not exists"
msgstr ""
-#: ../semanage/seobject.py:1720
+#: ../semanage/seobject.py:1734
#, python-format
msgid "Could not set user in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1724
+#: ../semanage/seobject.py:1738
#, python-format
msgid "Could not set role in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1729 ../semanage/seobject.py:1789
+#: ../semanage/seobject.py:1743 ../semanage/seobject.py:1803
#, python-format
msgid "Could not set mls fields in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1735
+#: ../semanage/seobject.py:1749
msgid "Invalid file specification"
msgstr ""
-#: ../semanage/seobject.py:1737
+#: ../semanage/seobject.py:1751
msgid "File specification can not include spaces"
msgstr ""
-#: ../semanage/seobject.py:1742
+#: ../semanage/seobject.py:1756
#, python-format
msgid ""
"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead"
msgstr ""
-#: ../semanage/seobject.py:1755
+#: ../semanage/seobject.py:1769
#, python-format
msgid "Type %s is invalid, must be a file or device type"
msgstr ""
-#: ../semanage/seobject.py:1763 ../semanage/seobject.py:1768
-#: ../semanage/seobject.py:1824 ../semanage/seobject.py:1906
-#: ../semanage/seobject.py:1910
+#: ../semanage/seobject.py:1777 ../semanage/seobject.py:1782
+#: ../semanage/seobject.py:1838 ../semanage/seobject.py:1920
+#: ../semanage/seobject.py:1924
#, python-format
msgid "Could not check if file context for %s is defined"
msgstr ""
-#: ../semanage/seobject.py:1776
+#: ../semanage/seobject.py:1790
#, python-format
msgid "Could not create file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1784
+#: ../semanage/seobject.py:1798
#, python-format
msgid "Could not set type in file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1792 ../semanage/seobject.py:1852
-#: ../semanage/seobject.py:1856
+#: ../semanage/seobject.py:1806 ../semanage/seobject.py:1866
+#: ../semanage/seobject.py:1870
#, python-format
msgid "Could not set file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1798
+#: ../semanage/seobject.py:1812
#, python-format
msgid "Could not add file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1812
+#: ../semanage/seobject.py:1826
msgid "Requires setype, serange or seuser"
msgstr ""
-#: ../semanage/seobject.py:1828 ../semanage/seobject.py:1914
+#: ../semanage/seobject.py:1842 ../semanage/seobject.py:1928
#, python-format
msgid "File context for %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:1834
+#: ../semanage/seobject.py:1848
#, python-format
msgid "Could not query file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1860
+#: ../semanage/seobject.py:1874
#, python-format
msgid "Could not modify file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1873
+#: ../semanage/seobject.py:1887
msgid "Could not list the file contexts"
msgstr ""
-#: ../semanage/seobject.py:1887
+#: ../semanage/seobject.py:1901
#, python-format
msgid "Could not delete the file context %s"
msgstr ""
-#: ../semanage/seobject.py:1912
+#: ../semanage/seobject.py:1926
#, python-format
msgid "File context for %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:1918
+#: ../semanage/seobject.py:1932
#, python-format
msgid "Could not delete file context for %s"
msgstr ""
-#: ../semanage/seobject.py:1933
+#: ../semanage/seobject.py:1947
msgid "Could not list file contexts"
msgstr ""
-#: ../semanage/seobject.py:1937
+#: ../semanage/seobject.py:1951
msgid "Could not list local file contexts"
msgstr ""
-#: ../semanage/seobject.py:1974
+#: ../semanage/seobject.py:1988
msgid "SELinux fcontext"
msgstr ""
-#: ../semanage/seobject.py:1974
+#: ../semanage/seobject.py:1988
msgid "type"
msgstr ""
-#: ../semanage/seobject.py:1987
+#: ../semanage/seobject.py:2001
msgid ""
"\n"
"SELinux Distribution fcontext Equivalence \n"
msgstr ""
-#: ../semanage/seobject.py:1992
+#: ../semanage/seobject.py:2006
msgid ""
"\n"
"SELinux Local fcontext Equivalence \n"
msgstr ""
-#: ../semanage/seobject.py:2028 ../semanage/seobject.py:2079
-#: ../semanage/seobject.py:2085
+#: ../semanage/seobject.py:2036
+#, python-format
+msgid "Value Required for %s"
+msgstr ""
+
+#: ../semanage/seobject.py:2045 ../semanage/seobject.py:2096
+#: ../semanage/seobject.py:2102
#, python-format
msgid "Could not check if boolean %s is defined"
msgstr ""
-#: ../semanage/seobject.py:2030 ../semanage/seobject.py:2081
+#: ../semanage/seobject.py:2047 ../semanage/seobject.py:2098
#, python-format
msgid "Boolean %s is not defined"
msgstr ""
-#: ../semanage/seobject.py:2034
+#: ../semanage/seobject.py:2051
#, python-format
msgid "Could not query file context %s"
msgstr ""
-#: ../semanage/seobject.py:2039
+#: ../semanage/seobject.py:2056
#, python-format
msgid "You must specify one of the following values: %s"
msgstr ""
-#: ../semanage/seobject.py:2044
+#: ../semanage/seobject.py:2061
#, python-format
msgid "Could not set active value of boolean %s"
msgstr ""
-#: ../semanage/seobject.py:2047
+#: ../semanage/seobject.py:2064
#, python-format
msgid "Could not modify boolean %s"
msgstr ""
-#: ../semanage/seobject.py:2063
+#: ../semanage/seobject.py:2080
#, python-format
msgid "Bad format %s: Record %s"
msgstr ""
-#: ../semanage/seobject.py:2087
+#: ../semanage/seobject.py:2104
#, python-format
msgid "Boolean %s is defined in policy, cannot be deleted"
msgstr ""
-#: ../semanage/seobject.py:2091
+#: ../semanage/seobject.py:2108
#, python-format
msgid "Could not delete boolean %s"
msgstr ""
-#: ../semanage/seobject.py:2103 ../semanage/seobject.py:2120
+#: ../semanage/seobject.py:2120 ../semanage/seobject.py:2137
msgid "Could not list booleans"
msgstr ""
-#: ../semanage/seobject.py:2155
+#: ../semanage/seobject.py:2172
msgid "off"
msgstr ""
-#: ../semanage/seobject.py:2155
+#: ../semanage/seobject.py:2172
msgid "on"
msgstr ""
-#: ../semanage/seobject.py:2169
+#: ../semanage/seobject.py:2186
msgid "SELinux boolean"
msgstr ""
-#: ../semanage/seobject.py:2169
+#: ../semanage/seobject.py:2186
msgid "State"
msgstr ""
-#: ../semanage/seobject.py:2169
+#: ../semanage/seobject.py:2186
msgid "Default"
msgstr ""
-#: ../semanage/seobject.py:2169 ../gui/polgen.glade:113
+#: ../semanage/seobject.py:2186 ../gui/polgen.glade:113
#: ../gui/polgengui.py:269
msgid "Description"
msgstr ""
@@ -988,206 +1001,226 @@ msgstr ""
msgid "Unable to clear environment\n"
msgstr ""
-#: ../newrole/newrole.c:556 ../newrole/newrole.c:587 ../newrole/newrole.c:617
+#: ../newrole/newrole.c:554 ../newrole/newrole.c:585 ../newrole/newrole.c:616
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:612
+#: ../newrole/newrole.c:611
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:635
+#: ../newrole/newrole.c:634
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:641
+#: ../newrole/newrole.c:640
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:648
+#: ../newrole/newrole.c:647
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:692 ../newrole/newrole.c:1058
+#: ../newrole/newrole.c:691 ../newrole/newrole.c:1063
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:699
+#: ../newrole/newrole.c:698
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:705
+#: ../newrole/newrole.c:704
+#, c-format
+msgid "Error! Could not clear O_NONBLOCK on %s\n"
+msgstr ""
+
+#: ../newrole/newrole.c:710
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:715
+#: ../newrole/newrole.c:720
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:725
+#: ../newrole/newrole.c:730
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:772
+#: ../newrole/newrole.c:777
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:778
+#: ../newrole/newrole.c:783
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:835
+#: ../newrole/newrole.c:840
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:843
+#: ../newrole/newrole.c:848
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:850
+#: ../newrole/newrole.c:855
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:855
+#: ../newrole/newrole.c:860
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:865
+#: ../newrole/newrole.c:870
#, c-format
msgid "Error: you are not allowed to change levels on a non secure terminal \n"
msgstr ""
-#: ../newrole/newrole.c:891
+#: ../newrole/newrole.c:896
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:901
+#: ../newrole/newrole.c:906
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:908
+#: ../newrole/newrole.c:913
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:915
+#: ../newrole/newrole.c:920
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:925
+#: ../newrole/newrole.c:930
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:930
+#: ../newrole/newrole.c:935
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:938
+#: ../newrole/newrole.c:943
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:943
+#: ../newrole/newrole.c:948
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:950
+#: ../newrole/newrole.c:955
#, c-format
msgid "Unable to allocate memory for new_context"
msgstr ""
-#: ../newrole/newrole.c:976
+#: ../newrole/newrole.c:981
#, c-format
msgid "Unable to obtain empty signal set\n"
msgstr ""
-#: ../newrole/newrole.c:984
+#: ../newrole/newrole.c:989
#, c-format
msgid "Unable to set SIGHUP handler\n"
msgstr ""
-#: ../newrole/newrole.c:1036
+#: ../newrole/newrole.c:1041
msgid "Sorry, newrole failed to drop capabilities\n"
msgstr ""
-#: ../newrole/newrole.c:1052
+#: ../newrole/newrole.c:1057
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:1069
+#: ../newrole/newrole.c:1074
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:1076
+#: ../newrole/newrole.c:1081
#, c-format
msgid "Warning! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:1097
+#: ../newrole/newrole.c:1102
#, c-format
msgid "error on reading PAM service configuration.\n"
msgstr ""
-#: ../newrole/newrole.c:1132
+#: ../newrole/newrole.c:1137
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:1159
+#: ../newrole/newrole.c:1164
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:1162 ../newrole/newrole.c:1185
+#: ../newrole/newrole.c:1167 ../newrole/newrole.c:1190
#, c-format
msgid "Unable to restore tty label...\n"
msgstr ""
-#: ../newrole/newrole.c:1164 ../newrole/newrole.c:1191
+#: ../newrole/newrole.c:1169 ../newrole/newrole.c:1196
#, c-format
msgid "Failed to close tty properly\n"
msgstr ""
-#: ../newrole/newrole.c:1223
+#: ../newrole/newrole.c:1228
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:1250
+#: ../newrole/newrole.c:1263
#, c-format
msgid "Error allocating shell's argv0.\n"
msgstr ""
-#: ../newrole/newrole.c:1286
+#: ../newrole/newrole.c:1285
+#, c-format
+msgid "Failed to send audit message"
+msgstr ""
+
+#: ../newrole/newrole.c:1293
+#, c-format
+msgid "Failed to transition to namespace\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1299
+#, c-format
+msgid "Failed to drop capabilities %m\n"
+msgstr ""
+
+#: ../newrole/newrole.c:1304
#, c-format
msgid "Unable to restore the environment, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:1297
+#: ../newrole/newrole.c:1315
msgid "failed to exec shell\n"
msgstr ""
@@ -1414,7 +1447,7 @@ msgstr ""
msgid "Applications"
msgstr ""
-#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:171
+#: ../gui/polgen.glade:316 ../sepolicy/sepolicy/generate.py:130
msgid "Standard Init Daemon"
msgstr ""
@@ -1424,7 +1457,7 @@ msgid ""
"requires a script in /etc/rc.d/init.d"
msgstr ""
-#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:172
+#: ../gui/polgen.glade:332 ../sepolicy/sepolicy/generate.py:131
msgid "DBUS System Daemon"
msgstr ""
@@ -1436,7 +1469,7 @@ msgstr ""
msgid "Internet Services Daemon are daemons started by xinetd"
msgstr ""
-#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:174
+#: ../gui/polgen.glade:366 ../sepolicy/sepolicy/generate.py:133
msgid "Web Application/Script (CGI)"
msgstr ""
@@ -1445,7 +1478,7 @@ msgid ""
"Web Applications/Script (CGI) CGI scripts started by the web server (apache)"
msgstr ""
-#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:176
+#: ../gui/polgen.glade:383 ../sepolicy/sepolicy/generate.py:135
msgid "User Application"
msgstr ""
@@ -1455,7 +1488,7 @@ msgid ""
"started by a user"
msgstr ""
-#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:175
+#: ../gui/polgen.glade:400 ../sepolicy/sepolicy/generate.py:134
msgid "Sandbox"
msgstr ""
@@ -2159,261 +2192,313 @@ msgstr ""
msgid "SELinux user '%s' is required"
msgstr ""
-#: ../sepolicy/sepolicy.py:202
+#: ../sepolicy/sepolicy.py:257
msgid "Generate SELinux man pages"
msgstr ""
-#: ../sepolicy/sepolicy.py:205
+#: ../sepolicy/sepolicy.py:260
msgid "path in which the generated SELinux man pages will be stored"
msgstr ""
-#: ../sepolicy/sepolicy.py:207
+#: ../sepolicy/sepolicy.py:262
msgid "name of the OS for man pages"
msgstr ""
-#: ../sepolicy/sepolicy.py:209
+#: ../sepolicy/sepolicy.py:264
msgid "Generate HTML man pages structure for selected SELinux man page"
msgstr ""
-#: ../sepolicy/sepolicy.py:213
+#: ../sepolicy/sepolicy.py:266
+msgid "Alternate root directory, defaults to /"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:270
msgid "All domains"
msgstr ""
-#: ../sepolicy/sepolicy.py:216
+#: ../sepolicy/sepolicy.py:273
msgid "Domain name(s) of man pages to be created"
msgstr ""
-#: ../sepolicy/sepolicy.py:221
+#: ../sepolicy/sepolicy.py:278
msgid "Query SELinux policy network information"
msgstr ""
-#: ../sepolicy/sepolicy.py:226
+#: ../sepolicy/sepolicy.py:283
msgid "list all SELinux port types"
msgstr ""
-#: ../sepolicy/sepolicy.py:229
+#: ../sepolicy/sepolicy.py:286
msgid "show SELinux type related to the port"
msgstr ""
-#: ../sepolicy/sepolicy.py:232
+#: ../sepolicy/sepolicy.py:289
msgid "Show ports defined for this SELinux type"
msgstr ""
-#: ../sepolicy/sepolicy.py:235
+#: ../sepolicy/sepolicy.py:292
msgid "show ports to which this domain can bind and/or connect"
msgstr ""
-#: ../sepolicy/sepolicy.py:250
+#: ../sepolicy/sepolicy.py:307
msgid "query SELinux policy to see if domains can communicate with each other"
msgstr ""
-#: ../sepolicy/sepolicy.py:253
+#: ../sepolicy/sepolicy.py:310
msgid "Source Domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:256
+#: ../sepolicy/sepolicy.py:313
msgid "Target Domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:276
+#: ../sepolicy/sepolicy.py:332
msgid "query SELinux Policy to see description of booleans"
msgstr ""
-#: ../sepolicy/sepolicy.py:280
+#: ../sepolicy/sepolicy.py:336
msgid "get all booleans descriptions"
msgstr ""
-#: ../sepolicy/sepolicy.py:282
+#: ../sepolicy/sepolicy.py:339
msgid "boolean to get description"
msgstr ""
-#: ../sepolicy/sepolicy.py:301
+#: ../sepolicy/sepolicy.py:349
msgid ""
"query SELinux Policy to see how a source process domain can transition to "
"the target process domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:304
+#: ../sepolicy/sepolicy.py:352
msgid "source process domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:307
+#: ../sepolicy/sepolicy.py:355
msgid "target process domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:327
+#: ../sepolicy/sepolicy.py:382
+#, python-format
+msgid "sepolicy generate: error: one of the arguments %s is required"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:387
msgid "Command required for this type of policy"
msgstr ""
-#: ../sepolicy/sepolicy.py:347
+#: ../sepolicy/sepolicy.py:398
+msgid ""
+"-t option can not be used with this option. Read usage for more details."
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:403
+msgid ""
+"-d option can not be used with this option. Read usage for more details."
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:407
+msgid ""
+"-a option can not be used with this option. Read usage for more details."
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:426
msgid "List SELinux Policy interfaces"
msgstr ""
-#: ../sepolicy/sepolicy.py:362
+#: ../sepolicy/sepolicy.py:444
msgid "Generate SELinux Policy module template"
msgstr ""
-#: ../sepolicy/sepolicy.py:365
+#: ../sepolicy/sepolicy.py:447
msgid "Enter domain type which you will be extending"
msgstr ""
-#: ../sepolicy/sepolicy.py:368
+#: ../sepolicy/sepolicy.py:450
msgid "Enter SELinux user(s) which will transition to this domain"
msgstr ""
-#: ../sepolicy/sepolicy.py:371
+#: ../sepolicy/sepolicy.py:453
msgid "Enter domain(s) that this confined admin will administrate"
msgstr ""
-#: ../sepolicy/sepolicy.py:374
+#: ../sepolicy/sepolicy.py:456
msgid "name of policy to generate"
msgstr ""
-#: ../sepolicy/sepolicy.py:378
+#: ../sepolicy/sepolicy.py:463
msgid "path in which the generated policy files will be stored"
msgstr ""
-#: ../sepolicy/sepolicy.py:380
-msgid "executable to confine"
+#: ../sepolicy/sepolicy.py:465
+msgid "path to which the confined processes will need to write"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:466
+msgid "Policy types which require a command"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:470 ../sepolicy/sepolicy.py:473
+#: ../sepolicy/sepolicy.py:476 ../sepolicy/sepolicy.py:479
+#: ../sepolicy/sepolicy.py:482 ../sepolicy/sepolicy.py:488
+#: ../sepolicy/sepolicy.py:491 ../sepolicy/sepolicy.py:494
+#: ../sepolicy/sepolicy.py:500 ../sepolicy/sepolicy.py:503
+#: ../sepolicy/sepolicy.py:506 ../sepolicy/sepolicy.py:509
+#, python-format
+msgid "Generate '%s' policy"
msgstr ""
-#: ../sepolicy/sepolicy.py:384 ../sepolicy/sepolicy.py:387
-#: ../sepolicy/sepolicy.py:390 ../sepolicy/sepolicy.py:393
-#: ../sepolicy/sepolicy.py:396 ../sepolicy/sepolicy.py:399
-#: ../sepolicy/sepolicy.py:402 ../sepolicy/sepolicy.py:405
-#: ../sepolicy/sepolicy.py:408 ../sepolicy/sepolicy.py:411
-#: ../sepolicy/sepolicy.py:414 ../sepolicy/sepolicy.py:417
+#: ../sepolicy/sepolicy.py:497
#, python-format
-msgid "Generate Policy for %s"
+msgid "Generate '%s' policy "
msgstr ""
-#: ../sepolicy/sepolicy.py:422
+#: ../sepolicy/sepolicy.py:511
+msgid "executable to confine"
+msgstr ""
+
+#: ../sepolicy/sepolicy.py:516
msgid "commands"
msgstr ""
-#: ../sepolicy/sepolicy.py:425
+#: ../sepolicy/sepolicy.py:519
msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy"
msgstr ""
-#: ../sepolicy/sepolicy/__init__.py:48
+#: ../sepolicy/sepolicy/__init__.py:72
msgid "No SELinux Policy installed"
msgstr ""
-#: ../sepolicy/sepolicy/__init__.py:54
+#: ../sepolicy/sepolicy/__init__.py:239
#, python-format
msgid "Failed to read %s policy file"
msgstr ""
-#: ../sepolicy/sepolicy/__init__.py:127
+#: ../sepolicy/sepolicy/__init__.py:298
msgid "unknown"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:173
+#: ../sepolicy/sepolicy/generate.py:132
msgid "Internet Services Daemon"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:177
+#: ../sepolicy/sepolicy/generate.py:136
msgid "Existing Domain Type"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:178
+#: ../sepolicy/sepolicy/generate.py:137
msgid "Minimal Terminal Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:179
+#: ../sepolicy/sepolicy/generate.py:138
msgid "Minimal X Windows Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:180
+#: ../sepolicy/sepolicy/generate.py:139
msgid "Desktop Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:181
+#: ../sepolicy/sepolicy/generate.py:140
msgid "Administrator Login User Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:182
+#: ../sepolicy/sepolicy/generate.py:141
msgid "Confined Root Administrator Role"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:187
+#: ../sepolicy/sepolicy/generate.py:142
+msgid "Module information for a new type"
+msgstr ""
+
+#: ../sepolicy/sepolicy/generate.py:147
msgid "Valid Types:\n"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:221
+#: ../sepolicy/sepolicy/generate.py:181
#, python-format
msgid "Ports must be numbers or ranges of numbers from 1 to %d "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:231
+#: ../sepolicy/sepolicy/generate.py:192
msgid "You must enter a valid policy type"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:234
+#: ../sepolicy/sepolicy/generate.py:195
#, python-format
msgid "You must enter a name for your policy module for your %s."
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:355
+#: ../sepolicy/sepolicy/generate.py:327
msgid ""
"Name must be alpha numberic with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:447
+#: ../sepolicy/sepolicy/generate.py:419
msgid "User Role types can not be assigned executables."
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:453
+#: ../sepolicy/sepolicy/generate.py:425
msgid "Only Daemon apps can use an init script.."
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:471
+#: ../sepolicy/sepolicy/generate.py:443
msgid "use_resolve must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:477
+#: ../sepolicy/sepolicy/generate.py:449
msgid "use_syslog must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:483
+#: ../sepolicy/sepolicy/generate.py:455
msgid "use_kerberos must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:489
+#: ../sepolicy/sepolicy/generate.py:461
msgid "manage_krb5_rcache must be a boolean value "
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:519
+#: ../sepolicy/sepolicy/generate.py:491
msgid "USER Types automatically get a tmp type"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:857
+#: ../sepolicy/sepolicy/generate.py:832
#, python-format
msgid "%s policy modules require existing domains"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1059
+#: ../sepolicy/sepolicy/generate.py:857
+msgid "Type field required"
+msgstr ""
+
+#: ../sepolicy/sepolicy/generate.py:869
+#, python-format
+msgid ""
+"You need to define a new type which ends with: \n"
+" %s"
+msgstr ""
+
+#: ../sepolicy/sepolicy/generate.py:1088
msgid "You must enter the executable path for your confined process"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1321
+#: ../sepolicy/sepolicy/generate.py:1351
msgid "Type Enforcement file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1322
+#: ../sepolicy/sepolicy/generate.py:1352
msgid "Interface file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1323
+#: ../sepolicy/sepolicy/generate.py:1353
msgid "File Contexts file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1324
+#: ../sepolicy/sepolicy/generate.py:1354
msgid "Spec file"
msgstr ""
-#: ../sepolicy/sepolicy/generate.py:1325
+#: ../sepolicy/sepolicy/generate.py:1355
msgid "Setup Script"
msgstr ""
@@ -2428,11 +2513,11 @@ msgid ""
msgstr ""
#: booleans.py:3
-msgid "Allow amavis to use JIT compiler"
+msgid "Allow antivirus programs to read non security files on a system"
msgstr ""
#: booleans.py:4
-msgid "Allow antivirus programs to read non security files on a system"
+msgid "Determine whether can antivirus programs use JIT compiler."
msgstr ""
#: booleans.py:5
@@ -2454,50 +2539,54 @@ msgid "Allow users to login using a yubikey server"
msgstr ""
#: booleans.py:9
-msgid "Allow awstats to purge Apache logs"
+msgid "Determine whether awstats can purge httpd log files."
msgstr ""
#: booleans.py:10
msgid ""
-"Allow cdrecord to read various content. nfs, samba, removable devices, user "
-"temp and untrusted content files"
+"Determine whether cdrecord can read various content. nfs, samba, removable "
+"devices, user temp and untrusted content files"
msgstr ""
#: booleans.py:11
-msgid "Allow clamd to use JIT compiler"
+msgid ""
+"Allow cluster administrative domains to connect to the network using TCP."
msgstr ""
#: booleans.py:12
-msgid "Allow clamscan to non security files on a system"
+msgid "Allow cluster administrative domains to manage all files on a system."
msgstr ""
#: booleans.py:13
-msgid "Allow clamscan to read user content"
+msgid ""
+"Allow cluster administrative cluster domains memcheck-amd64- to use "
+"executable memory"
msgstr ""
#: booleans.py:14
msgid ""
-"Allow Cobbler to modify public files used for public file transfer services."
+"Determine whether Cobbler can modify public files used for public file "
+"transfer services."
msgstr ""
#: booleans.py:15
-msgid "Allow Cobbler to connect to the network using TCP."
+msgid "Determine whether Cobbler can connect to the network using TCP."
msgstr ""
#: booleans.py:16
-msgid "Allow Cobbler to access cifs file systems."
+msgid "Determine whether Cobbler can access cifs file systems."
msgstr ""
#: booleans.py:17
-msgid "Allow Cobbler to access nfs file systems."
+msgid "Determine whether Cobbler can access nfs file systems."
msgstr ""
#: booleans.py:18
-msgid "Allow collectd to connect to the network using TCP."
+msgid "Determine whether collectd can connect to the network using TCP."
msgstr ""
#: booleans.py:19
-msgid "Allow codnor domain to connect to the network using TCP."
+msgid "Determine whether Condor can connect to the network using TCP."
msgstr ""
#: booleans.py:20
@@ -2506,7 +2595,7 @@ msgid ""
msgstr ""
#: booleans.py:21
-msgid "Allow cvs daemon to read shadow"
+msgid "Determine whether cvs can read shadow password files."
msgstr ""
#: booleans.py:22
@@ -2522,951 +2611,996 @@ msgid "Allow all daemons the ability to read/write terminals"
msgstr ""
#: booleans.py:25
-msgid "Allow dan to manage user files"
+msgid "Determine whether dbadm can manage generic user files."
msgstr ""
#: booleans.py:26
-msgid "Allow dan to read user files"
+msgid "Determine whether dbadm can read generic user files."
msgstr ""
#: booleans.py:27
-msgid "Allow dbadm to manage files in users home directories"
+msgid ""
+"Deny user domains applications to map a memory region as both executable and "
+"writable, this is dangerous and the executable should be reported in bugzilla"
msgstr ""
#: booleans.py:28
-msgid "Allow dbadm to read files in users home directories"
+msgid "Allow sysadm to debug or ptrace all processes."
msgstr ""
#: booleans.py:29
-msgid ""
-"Deny user domains applications to map a memory region as both executable and "
-"writable, this is dangerous and the executable should be reported in bugzilla"
+msgid "Allow dhcpc client applications to execute iptables commands"
msgstr ""
#: booleans.py:30
-msgid "Allow sysadm to debug or ptrace all processes."
+msgid "Determine whether DHCP daemon can use LDAP backends."
msgstr ""
#: booleans.py:31
-msgid "Allow dhcpc client applications to execute iptables commands"
+msgid "Allow all domains to use other domains file descriptors"
msgstr ""
#: booleans.py:32
-msgid "Allow DHCP daemon to use LDAP backends"
+msgid "Allow all domains to have the kernel load modules"
msgstr ""
#: booleans.py:33
-msgid "Allow all domains to use other domains file descriptors"
+msgid ""
+"Determine whether entropyd can use audio devices as the source for the "
+"entropy feeds."
msgstr ""
#: booleans.py:34
-msgid "Allow all domains to have the kernel load modules"
+msgid "Determine whether exim can connect to databases."
msgstr ""
#: booleans.py:35
-msgid "Allow the use of the audio devices as the source for the entropy feeds"
+msgid ""
+"Determine whether exim can create, read, write, and delete generic user "
+"content files."
msgstr ""
#: booleans.py:36
-msgid "Allow exim to connect to databases (postgres, mysql)"
+msgid "Determine whether exim can read generic user content files."
msgstr ""
#: booleans.py:37
-msgid "Allow exim to create, read, write, and delete unprivileged user files."
+msgid "Enable extra rules in the cron domain to support fcron."
msgstr ""
#: booleans.py:38
-msgid "Allow exim to read unprivileged user files."
+msgid "Determine whether fenced can connect to the TCP network."
msgstr ""
#: booleans.py:39
-msgid "Enable extra rules in the cron domain to support fcron."
+msgid "Determine whether fenced can use ssh."
msgstr ""
#: booleans.py:40
-msgid "Allow fenced domain to connect to the network using TCP."
+msgid "Allow all domains to execute in fips_mode"
msgstr ""
#: booleans.py:41
-msgid "Allow fenced domain to execute ssh."
+msgid ""
+"Determine whether ftpd can read and write files in user home directories."
msgstr ""
#: booleans.py:42
-msgid "Allow all domains to execute in fips_mode"
+msgid ""
+"Determine whether ftpd can modify public files used for public file transfer "
+"services. Directories/Files must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:43
-msgid "Allow ftp to read and write files in the user home directories"
+msgid "Determine whether ftpd can connect to all unreserved ports."
msgstr ""
#: booleans.py:44
-msgid ""
-"Allow ftp servers to upload files, used for public file transfer services. "
-"Directories must be labeled public_content_rw_t."
+msgid "Determine whether ftpd can connect to databases over the TCP network."
msgstr ""
#: booleans.py:45
-msgid "Allow ftp servers to connect to all ports > 1023"
+msgid ""
+"Determine whether ftpd can login to local users and can read and write all "
+"files on the system, governed by DAC."
msgstr ""
#: booleans.py:46
-msgid "Allow ftp servers to connect to mysql database ports"
+msgid ""
+"Determine whether ftpd can use CIFS used for public file transfer services."
msgstr ""
-#: booleans.py:47
-msgid ""
-"Allow ftp servers to login to local users and read/write all files on the "
-"system, governed by DAC."
+#: booleans.py:47 booleans.py:165
+msgid "Allow samba to export ntfs/fusefs volumes."
msgstr ""
#: booleans.py:48
-msgid "Allow ftp servers to use cifs used for public file transfer services."
+msgid ""
+"Determine whether ftpd can use NFS used for public file transfer services."
msgstr ""
#: booleans.py:49
-msgid "Allow ftp servers to use nfs used for public file transfer services."
+msgid ""
+"Determine whether ftpd can bind to all unreserved ports for passive mode."
msgstr ""
#: booleans.py:50
-msgid "Allow ftp servers to use bind to all unreserved ports for passive mode"
-msgstr ""
-
-#: booleans.py:51
msgid "Determine whether Git CGI can search home directories."
msgstr ""
-#: booleans.py:52
+#: booleans.py:51
msgid "Determine whether Git CGI can access cifs file systems."
msgstr ""
-#: booleans.py:53
+#: booleans.py:52
msgid "Determine whether Git CGI can access nfs file systems."
msgstr ""
-#: booleans.py:54
+#: booleans.py:53
msgid ""
"Determine whether Git session daemon can bind TCP sockets to all unreserved "
"ports."
msgstr ""
-#: booleans.py:55
+#: booleans.py:54
msgid ""
"Determine whether calling user domains can execute Git daemon in the "
"git_session_t domain."
msgstr ""
-#: booleans.py:56
+#: booleans.py:55
msgid "Determine whether Git system daemon can search home directories."
msgstr ""
-#: booleans.py:57
+#: booleans.py:56
msgid "Determine whether Git system daemon can access cifs file systems."
msgstr ""
-#: booleans.py:58
+#: booleans.py:57
msgid "Determine whether Git system daemon can access nfs file systems."
msgstr ""
+#: booleans.py:58
+msgid "Determine whether Gitosis can send mail."
+msgstr ""
+
#: booleans.py:59
-msgid "Allow gitisis daemon to send mail"
+msgid "Enable reading of urandom for all domains."
msgstr ""
#: booleans.py:60
-msgid "Enable reading of urandom for all domains."
+msgid ""
+"Allow glusterfsd to modify public files used for public file transfer "
+"services. Files/Directories must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:61
+msgid "Allow glusterfsd to share any file/directory read only."
+msgstr ""
+
+#: booleans.py:62
+msgid "Allow glusterfsd to share any file/directory read/write."
+msgstr ""
+
+#: booleans.py:63
msgid ""
"Allow usage of the gpg-agent --write-env-file option. This also allows gpg-"
"agent to manage user files."
msgstr ""
-#: booleans.py:62
+#: booleans.py:64
msgid ""
"Allow gpg web domain to modify public files used for public file transfer "
"services."
msgstr ""
-#: booleans.py:63
+#: booleans.py:65
msgid "Allow gssd to read temp directory. For access to kerberos tgt."
msgstr ""
-#: booleans.py:64
+#: booleans.py:66
msgid "Allow guest to exec content"
msgstr ""
-#: booleans.py:65
+#: booleans.py:67
msgid ""
"Allow Apache to modify public files used for public file transfer services. "
"Directories/Files must be labeled public_content_rw_t."
msgstr ""
-#: booleans.py:66
+#: booleans.py:68
msgid "Allow httpd to use built in scripting (usually php)"
msgstr ""
-#: booleans.py:67
+#: booleans.py:69
msgid "Allow http daemon to check spam"
msgstr ""
-#: booleans.py:68
+#: booleans.py:70
msgid ""
"Allow httpd to act as a FTP client connecting to the ftp port and ephemeral "
"ports"
msgstr ""
-#: booleans.py:69
+#: booleans.py:71
msgid "Allow httpd to connect to the ldap port"
msgstr ""
-#: booleans.py:70
+#: booleans.py:72
msgid "Allow http daemon to connect to zabbix"
msgstr ""
-#: booleans.py:71
+#: booleans.py:73
msgid "Allow HTTPD scripts and modules to connect to the network using TCP."
msgstr ""
-#: booleans.py:72
+#: booleans.py:74
msgid "Allow HTTPD scripts and modules to connect to cobbler over the network."
msgstr ""
-#: booleans.py:73
+#: booleans.py:75
msgid ""
"Allow HTTPD scripts and modules to connect to databases over the network."
msgstr ""
-#: booleans.py:74
+#: booleans.py:76
msgid "Allow httpd to connect to memcache server"
msgstr ""
-#: booleans.py:75
+#: booleans.py:77
msgid "Allow httpd to act as a relay"
msgstr ""
-#: booleans.py:76
+#: booleans.py:78
msgid "Allow http daemon to send mail"
msgstr ""
-#: booleans.py:77
+#: booleans.py:79
msgid "Allow Apache to communicate with avahi service via dbus"
msgstr ""
-#: booleans.py:78
+#: booleans.py:80
msgid "Allow httpd cgi support"
msgstr ""
-#: booleans.py:79
+#: booleans.py:81
msgid "Allow httpd to act as a FTP server by listening on the ftp port."
msgstr ""
-#: booleans.py:80
+#: booleans.py:82
msgid "Allow httpd to read home directories"
msgstr ""
-#: booleans.py:81
+#: booleans.py:83
msgid "Allow httpd scripts and modules execmem/execstack"
msgstr ""
-#: booleans.py:82
+#: booleans.py:84
msgid "Allow HTTPD to connect to port 80 for graceful shutdown"
msgstr ""
-#: booleans.py:83
+#: booleans.py:85
msgid "Allow httpd processes to manage IPA content"
msgstr ""
-#: booleans.py:84
+#: booleans.py:86
msgid "Allow Apache to use mod_auth_ntlm_winbind"
msgstr ""
-#: booleans.py:85
+#: booleans.py:87
msgid "Allow Apache to use mod_auth_pam"
msgstr ""
-#: booleans.py:86
+#: booleans.py:88
msgid "Allow httpd to read user content"
msgstr ""
-#: booleans.py:87
+#: booleans.py:89
msgid "Allow Apache to run in stickshift mode, not transition to passenger"
msgstr ""
-#: booleans.py:88
+#: booleans.py:90
msgid "Allow httpd daemon to change its resource limits"
msgstr ""
-#: booleans.py:89
+#: booleans.py:91
msgid ""
"Allow HTTPD to run SSI executables in the same domain as system CGI scripts."
msgstr ""
-#: booleans.py:90
+#: booleans.py:92
msgid ""
"Allow apache scripts to write to public content, directories/files must be "
"labeled public_rw_content_t."
msgstr ""
-#: booleans.py:91
+#: booleans.py:93
msgid "Allow Apache to execute tmp content."
msgstr ""
-#: booleans.py:92
+#: booleans.py:94
msgid ""
"Unify HTTPD to communicate with the terminal. Needed for entering the "
"passphrase for certificates at the terminal."
msgstr ""
-#: booleans.py:93
-msgid "Unify HTTPD handling of all content files."
-msgstr ""
-
-#: booleans.py:94
-msgid "Allow httpd to access cifs file systems"
-msgstr ""
-
#: booleans.py:95
-msgid "Allow httpd to access FUSE file systems"
+msgid "Unify HTTPD handling of all content files."
msgstr ""
#: booleans.py:96
-msgid "Allow httpd to run gpg"
+msgid "Allow httpd to access cifs file systems"
msgstr ""
#: booleans.py:97
-msgid "Allow httpd to access nfs file systems"
+msgid "Allow httpd to access FUSE file systems"
msgstr ""
#: booleans.py:98
-msgid "Allow httpd to communicate with oddjob to start up a service"
+msgid "Allow httpd to run gpg"
msgstr ""
#: booleans.py:99
-msgid "Allow httpd to access openstack ports"
+msgid "Allow httpd to access nfs file systems"
msgstr ""
#: booleans.py:100
-msgid "Allow Apache to query NS records"
+msgid "Allow httpd to communicate with oddjob to start up a service"
msgstr ""
#: booleans.py:101
-msgid "Allow icecast to connect to all ports, not just sound ports."
+msgid "Allow httpd to access openstack ports"
msgstr ""
#: booleans.py:102
-msgid ""
-"Allow the Irssi IRC Client to connect to any port, and to bind to any "
-"unreserved port."
+msgid "Allow Apache to query NS records"
msgstr ""
#: booleans.py:103
-msgid "Allow confined applications to run with kerberos."
+msgid "Determine whether icecast can listen on and connect to any TCP port."
msgstr ""
#: booleans.py:104
-msgid "Allow syslogd daemon to send mail"
+msgid ""
+"Determine whether irc clients can listen on and connect to any unreserved "
+"TCP ports."
msgstr ""
#: booleans.py:105
-msgid "Allow syslogd the ability to read/write terminals"
+msgid ""
+"Allow the Irssi IRC Client to connect to any port, and to bind to any "
+"unreserved port."
msgstr ""
#: booleans.py:106
-msgid "Allow logging in and using the system from /dev/console."
+msgid "Allow confined applications to run with kerberos."
msgstr ""
#: booleans.py:107
-msgid ""
-"Control the ability to mmap a low area of the address space, as configured "
-"by /proc/sys/kernel/mmap_min_addr."
+msgid "Allow ksmtuned to use cifs/Samba file systems"
msgstr ""
#: booleans.py:108
-msgid "Allow mock to read files in home directories."
+msgid "Allow ksmtuned to use nfs file systems"
msgstr ""
#: booleans.py:109
-msgid "Allow the mount command to mount any directory or file."
+msgid "Allow syslogd daemon to send mail"
msgstr ""
#: booleans.py:110
-msgid "Allow mozilla plugin domain to connect to the network using TCP."
+msgid "Allow syslogd the ability to read/write terminals"
msgstr ""
#: booleans.py:111
-msgid ""
-"Allow mozilla_plugins to create random content in the users home directory"
+msgid "Allow logging in and using the system from /dev/console."
msgstr ""
#: booleans.py:112
-msgid "Allow confined web browsers to read home directory content"
+msgid "Allow mailman to access FUSE file systems"
msgstr ""
#: booleans.py:113
-msgid "Allow mplayer executable stack"
+msgid "Determine whether mcelog supports client mode."
msgstr ""
#: booleans.py:114
-msgid "Allow mysqld to connect to all ports"
+msgid "Determine whether mcelog can execute scripts."
msgstr ""
#: booleans.py:115
-msgid "Allow BIND to bind apache port."
+msgid "Determine whether mcelog can use all the user ttys."
msgstr ""
#: booleans.py:116
-msgid ""
-"Allow BIND to write the master zone files. Generally this is used for "
-"dynamic DNS or zone transfers."
+msgid "Determine whether mcelog supports server mode."
msgstr ""
#: booleans.py:117
-msgid "Allow any files/directories to be exported read/only via NFS."
+msgid ""
+"Control the ability to mmap a low area of the address space, as configured "
+"by /proc/sys/kernel/mmap_min_addr."
msgstr ""
#: booleans.py:118
-msgid "Allow any files/directories to be exported read/write via NFS."
+msgid "Allow mock to read files in home directories."
msgstr ""
#: booleans.py:119
-msgid ""
-"Allow nfs servers to modify public files used for public file transfer "
-"services. Files/Directories must be labeled public_content_rw_t."
+msgid "Allow the mount command to mount any directory or file."
msgstr ""
#: booleans.py:120
-msgid "Allow system to run with NIS"
+msgid "Allow mozilla plugin domain to connect to the network using TCP."
msgstr ""
#: booleans.py:121
-msgid "Allow confined applications to use nscd shared memory."
+msgid "Allow confined web browsers to read home directory content"
msgstr ""
#: booleans.py:122
-msgid "Allow openshift to lockdown app"
+msgid "Determine whether mpd can traverse user home directories."
msgstr ""
#: booleans.py:123
-msgid "Allow openvpn to read home directories"
+msgid "Determine whether mpd can use cifs file systems."
msgstr ""
#: booleans.py:124
-msgid "Allow piranha-lvs domain to connect to the network using TCP."
+msgid "Determine whether mpd can use nfs file systems."
msgstr ""
#: booleans.py:125
-msgid "Allow polipo to connect to all ports > 1023"
+msgid "Determine whether mplayer can make its stack executable."
msgstr ""
#: booleans.py:126
-msgid ""
-"Determine whether Polipo session daemon can bind tcp sockets to all "
-"unreserved ports."
+msgid "Allow mysqld to connect to all ports"
msgstr ""
#: booleans.py:127
-msgid ""
-"Determine whether calling user domains can execute Polipo daemon in the "
-"polipo_session_t domain."
+msgid "Determine whether Bind can bind tcp socket to http ports."
msgstr ""
#: booleans.py:128
-msgid "Determine whether polipo can access cifs file systems."
+msgid ""
+"Determine whether Bind can write to master zone files. Generally this is "
+"used for dynamic DNS or zone transfers."
msgstr ""
#: booleans.py:129
-msgid "Determine whether Polipo can access nfs file systems."
+msgid "Allow any files/directories to be exported read/only via NFS."
msgstr ""
#: booleans.py:130
-msgid "Enable polyinstantiated directory support."
+msgid "Allow any files/directories to be exported read/write via NFS."
msgstr ""
#: booleans.py:131
-msgid "Allow postfix_local domain full write access to mail_spool directories"
+msgid ""
+"Allow nfs servers to modify public files used for public file transfer "
+"services. Files/Directories must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:132
-msgid "Allow postgresql to use ssh and rsync for point-in-time recovery"
+msgid "Allow system to run with NIS"
msgstr ""
#: booleans.py:133
-msgid "Allow transmit client label to foreign database"
+msgid "Allow confined applications to use nscd shared memory."
msgstr ""
#: booleans.py:134
-msgid "Allow database admins to execute DML statement"
+msgid "Allow openshift to lockdown app"
msgstr ""
#: booleans.py:135
-msgid "Allow unprivileged users to execute DDL statement"
+msgid "Determine whether openvpn can read generic user home content files."
msgstr ""
#: booleans.py:136
-msgid "Allow pppd to load kernel modules for certain modems"
+msgid "Allow piranha-lvs domain to connect to the network using TCP."
msgstr ""
#: booleans.py:137
-msgid "Allow pppd to be run for a regular user"
+msgid "Allow polipo to connect to all ports > 1023"
msgstr ""
#: booleans.py:138
msgid ""
-"Allow privoxy to connect to all ports, not just HTTP, FTP, and Gopher ports."
+"Determine whether Polipo session daemon can bind tcp sockets to all "
+"unreserved ports."
msgstr ""
#: booleans.py:139
-msgid "Allow Puppet client to manage all file types."
+msgid ""
+"Determine whether calling user domains can execute Polipo daemon in the "
+"polipo_session_t domain."
msgstr ""
#: booleans.py:140
-msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database"
+msgid "Determine whether polipo can access cifs file systems."
msgstr ""
#: booleans.py:141
-msgid "Allow racoon to read shadow"
+msgid "Determine whether Polipo can access nfs file systems."
msgstr ""
#: booleans.py:142
-msgid "Allow rgmanager domain to connect to the network using TCP."
+msgid "Enable polyinstantiated directory support."
msgstr ""
#: booleans.py:143
-msgid ""
-"Allow rsync to modify public files used for public file transfer services. "
-"Files/Directories must be labeled public_content_rw_t."
+msgid "Allow postfix_local domain full write access to mail_spool directories"
msgstr ""
#: booleans.py:144
-msgid "Allow rsync to run as a client"
+msgid "Allow postgresql to use ssh and rsync for point-in-time recovery"
msgstr ""
#: booleans.py:145
-msgid "Allow rsync to export any files/directories read only."
+msgid "Allow transmit client label to foreign database"
msgstr ""
#: booleans.py:146
-msgid "Allow rsync servers to share cifs files systems"
+msgid "Allow database admins to execute DML statement"
msgstr ""
#: booleans.py:147
-msgid "Allow rsync servers to share nfs files systems"
+msgid "Allow unprivileged users to execute DDL statement"
msgstr ""
#: booleans.py:148
-msgid "Allow samba to create new home directories (e.g. via PAM)"
+msgid "Allow pppd to load kernel modules for certain modems"
msgstr ""
#: booleans.py:149
-msgid ""
-"Allow samba to act as the domain controller, add users, groups and change "
-"passwords."
+msgid "Allow pppd to be run for a regular user"
msgstr ""
#: booleans.py:150
-msgid "Allow samba to share users home directories."
+msgid "Determine whether privoxy can connect to all tcp ports."
msgstr ""
#: booleans.py:151
-msgid "Allow samba to share any file/directory read only."
+msgid "Allow Puppet client to manage all file types."
msgstr ""
#: booleans.py:152
-msgid "Allow samba to share any file/directory read/write."
+msgid "Allow Puppet master to use connect to MySQL and PostgreSQL database"
msgstr ""
#: booleans.py:153
-msgid "Allow samba to act as a portmapper"
+msgid "Allow racoon to read shadow"
msgstr ""
#: booleans.py:154
-msgid "Allow samba to run unconfined scripts"
+msgid ""
+"Allow rsync to modify public files used for public file transfer services. "
+"Files/Directories must be labeled public_content_rw_t."
msgstr ""
#: booleans.py:155
-msgid "Allow samba to export ntfs/fusefs volumes."
+msgid "Allow rsync to run as a client"
msgstr ""
#: booleans.py:156
-msgid "Allow samba to export NFS volumes."
+msgid "Allow rsync to export any files/directories read only."
msgstr ""
#: booleans.py:157
-msgid "Allow sanlock to read/write fuse files"
+msgid "Allow rsync server to manage all files/directories on the system."
msgstr ""
#: booleans.py:158
-msgid "Allow sanlock to manage nfs files"
+msgid "Allow samba to create new home directories (e.g. via PAM)"
msgstr ""
#: booleans.py:159
-msgid "Allow sanlock to manage cifs files"
+msgid ""
+"Allow samba to act as the domain controller, add users, groups and change "
+"passwords."
msgstr ""
#: booleans.py:160
-msgid "Allow sasl to read shadow"
+msgid "Allow samba to share users home directories."
msgstr ""
#: booleans.py:161
-msgid "Allow secadm to exec content"
+msgid "Allow samba to share any file/directory read only."
msgstr ""
#: booleans.py:162
+msgid "Allow samba to share any file/directory read/write."
+msgstr ""
+
+#: booleans.py:163
+msgid "Allow samba to act as a portmapper"
+msgstr ""
+
+#: booleans.py:164
+msgid "Allow samba to run unconfined scripts"
+msgstr ""
+
+#: booleans.py:166
+msgid "Allow samba to export NFS volumes."
+msgstr ""
+
+#: booleans.py:167
+msgid "Allow sanlock to read/write fuse files"
+msgstr ""
+
+#: booleans.py:168
+msgid "Allow sanlock to manage nfs files"
+msgstr ""
+
+#: booleans.py:169
+msgid "Allow sanlock to manage cifs files"
+msgstr ""
+
+#: booleans.py:170
+msgid "Allow sasl to read shadow"
+msgstr ""
+
+#: booleans.py:171
+msgid "Allow secadm to exec content"
+msgstr ""
+
+#: booleans.py:172
msgid ""
"disallow programs, such as newrole, from transitioning to administrative "
"user domains."
msgstr ""
-#: booleans.py:163
+#: booleans.py:173
msgid "Disable kernel module loading."
msgstr ""
-#: booleans.py:164
+#: booleans.py:174
msgid ""
"Boolean to determine whether the system permits loading policy, setting "
"enforcing mode, and changing boolean values. Set this to true and you have "
"to reboot to set it back."
msgstr ""
-#: booleans.py:165
+#: booleans.py:175
msgid "Allow regular users direct dri device access"
msgstr ""
-#: booleans.py:166
+#: booleans.py:176
msgid ""
"Allow unconfined executables to make their heap memory executable. Doing "
"this is a really bad idea. Probably indicates a badly coded executable, but "
"could indicate an attack. This executable should be reported in bugzilla"
msgstr ""
-#: booleans.py:167
+#: booleans.py:177
msgid ""
"Allow all unconfined executables to use libraries requiring text relocation "
"that are not labeled textrel_shlib_t"
msgstr ""
-#: booleans.py:168
+#: booleans.py:178
msgid ""
"Allow unconfined executables to make their stack executable. This should "
"never, ever be necessary. Probably indicates a badly coded executable, but "
"could indicate an attack. This executable should be reported in bugzilla"
msgstr ""
-#: booleans.py:169
+#: booleans.py:179
msgid "Allow users to connect to the local mysql server"
msgstr ""
-#: booleans.py:170
+#: booleans.py:180
msgid ""
"Allow confined users the ability to execute the ping and traceroute commands."
msgstr ""
-#: booleans.py:171
+#: booleans.py:181
msgid "Allow users to connect to PostgreSQL"
msgstr ""
-#: booleans.py:172
+#: booleans.py:182
msgid ""
"Allow user to r/w files on filesystems that do not have extended attributes "
"(FAT, CDROM, FLOPPY)"
msgstr ""
-#: booleans.py:173
+#: booleans.py:183
msgid ""
"Allow users to run TCP servers (bind to ports and accept connection from the "
"same domain and outside users) disabling this forces FTP passive mode and "
"may change other protocols."
msgstr ""
-#: booleans.py:174
+#: booleans.py:184
msgid "Allow user to use ssh chroot environment."
msgstr ""
-#: booleans.py:175
+#: booleans.py:185
msgid "Allow user music sharing"
msgstr ""
-#: booleans.py:176
+#: booleans.py:186
msgid ""
-"Allow anon internal-sftp to upload files, used for public file transfer "
-"services. Directories must be labeled public_content_rw_t."
+"Determine whether sftpd can modify public files used for public file "
+"transfer services. Directories/Files must be labeled public_content_rw_t."
msgstr ""
-#: booleans.py:177
+#: booleans.py:187
msgid ""
-"Allow sftp-internal to read and write files in the user home directories"
+"Determine whether sftpd-can read and write files in user home directories."
msgstr ""
-#: booleans.py:178
+#: booleans.py:188
msgid ""
-"Allow sftp-internal to login to local users and read/write all files on the "
-"system, governed by DAC."
+"Determine whether sftpd-can login to local users and read and write all "
+"files on the system, governed by DAC."
msgstr ""
-#: booleans.py:179
+#: booleans.py:189
msgid ""
-"Allow internal-sftp to read and write files in the user ssh home directories."
+"Determine whether sftpd can read and write files in user ssh home "
+"directories."
msgstr ""
-#: booleans.py:180
+#: booleans.py:190
msgid "Allow sge to connect to the network using any TCP port"
msgstr ""
-#: booleans.py:181
+#: booleans.py:191
msgid "Allow sge to access nfs file systems."
msgstr ""
-#: booleans.py:182
-msgid ""
-"Enable additional permissions needed to support devices on 3ware controllers."
+#: booleans.py:192
+msgid "Determine whether smartmon can support devices on 3ware controllers."
msgstr ""
-#: booleans.py:183
+#: booleans.py:193
msgid ""
"Allow samba to modify public files used for public file transfer services. "
"Files/Directories must be labeled public_content_rw_t."
msgstr ""
-#: booleans.py:184
+#: booleans.py:194
msgid "Allow user spamassassin clients to use the network."
msgstr ""
-#: booleans.py:185
+#: booleans.py:195
msgid "Allow spamd to read/write user home directories."
msgstr ""
-#: booleans.py:186
-msgid ""
-"Allow squid to connect to all ports, not just HTTP, FTP, and Gopher ports."
+#: booleans.py:196
+msgid "Determine whether squid can connect to all TCP ports."
msgstr ""
-#: booleans.py:187
-msgid "Allow squid to run as a transparent proxy (TPROXY)"
+#: booleans.py:197
+msgid "Determine whether squid can run as a transparent proxy."
msgstr ""
-#: booleans.py:188
+#: booleans.py:198
msgid ""
"Allow ssh with chroot env to read and write files in the user home "
"directories"
msgstr ""
-#: booleans.py:189
+#: booleans.py:199
msgid "allow host key based authentication"
msgstr ""
-#: booleans.py:190
+#: booleans.py:200
msgid "Allow ssh logins as sysadm_r:sysadm_t"
msgstr ""
-#: booleans.py:191
+#: booleans.py:201
msgid "Allow staff to exec content"
msgstr ""
-#: booleans.py:192
+#: booleans.py:202
msgid "allow staff user to create and transition to svirt domains."
msgstr ""
-#: booleans.py:193
+#: booleans.py:203
msgid "Allow sysadm to exec content"
msgstr ""
-#: booleans.py:194
+#: booleans.py:204
msgid "Allow the Telepathy connection managers to connect to any network port."
msgstr ""
-#: booleans.py:195
+#: booleans.py:205
msgid ""
"Allow the Telepathy connection managers to connect to any generic TCP port."
msgstr ""
-#: booleans.py:196
+#: booleans.py:206
msgid ""
"Allow tftp to modify public files used for public file transfer services."
msgstr ""
-#: booleans.py:197
+#: booleans.py:207
msgid "Allow tftp to read and write files in the user home directories"
msgstr ""
-#: booleans.py:198
-msgid "Allow tor daemon to bind tcp sockets to all unreserved ports."
+#: booleans.py:208
+msgid "Determine whether tor can bind tcp sockets to all unreserved ports."
msgstr ""
-#: booleans.py:199
+#: booleans.py:209
msgid "Allow tor to act as a relay"
msgstr ""
-#: booleans.py:200
+#: booleans.py:210
msgid ""
"allow unconfined users to transition to the chrome sandbox domains when "
"running chrome-sandbox"
msgstr ""
-#: booleans.py:201
+#: booleans.py:211
msgid "Allow a user to login as an unconfined domain"
msgstr ""
-#: booleans.py:202
+#: booleans.py:212
msgid ""
"Allow unconfined users to transition to the Mozilla plugin domain when "
"running xulrunner plugin-container."
msgstr ""
-#: booleans.py:203
+#: booleans.py:213
msgid "Allow video playing tools to run unconfined"
msgstr ""
-#: booleans.py:204
+#: booleans.py:214
msgid "Allow unprivledged user to create and transition to svirt domains."
msgstr ""
-#: booleans.py:205
+#: booleans.py:215
msgid "Support ecryptfs home directories"
msgstr ""
-#: booleans.py:206
+#: booleans.py:216
msgid "Support fusefs home directories"
msgstr ""
-#: booleans.py:207
-msgid "Use lpd server instead of cups"
+#: booleans.py:217
+msgid "Determine whether to support lpd server."
msgstr ""
-#: booleans.py:208
+#: booleans.py:218
msgid "Support NFS home directories"
msgstr ""
-#: booleans.py:209
+#: booleans.py:219
msgid "Support SAMBA home directories"
msgstr ""
-#: booleans.py:210
+#: booleans.py:220
msgid "Allow user to exec content"
msgstr ""
-#: booleans.py:211
-msgid "Allow varnishd to connect to all ports, not just HTTP."
+#: booleans.py:221
+msgid "Determine whether varnishd can use the full TCP network."
msgstr ""
-#: booleans.py:212
-msgid "Ignore vbetool mmap_zero errors."
+#: booleans.py:222
+msgid ""
+"Determine whether attempts by vbetool to mmap low regions should be silently "
+"blocked."
msgstr ""
-#: booleans.py:213
+#: booleans.py:223
msgid ""
"Allow confined virtual guests to use serial/parallel communication ports"
msgstr ""
-#: booleans.py:214
+#: booleans.py:224
msgid ""
"Allow confined virtual guests to use executable memory and executable stack"
msgstr ""
-#: booleans.py:215
+#: booleans.py:225
msgid "Allow confined virtual guests to read fuse files"
msgstr ""
-#: booleans.py:216
+#: booleans.py:226
msgid "Allow confined virtual guests to manage nfs files"
msgstr ""
-#: booleans.py:217
+#: booleans.py:227
msgid "Allow confined virtual guests to interact with rawip sockets"
msgstr ""
-#: booleans.py:218
+#: booleans.py:228
msgid "Allow confined virtual guests to manage cifs files"
msgstr ""
-#: booleans.py:219
+#: booleans.py:229
msgid "Allow confined virtual guests to interact with the sanlock"
msgstr ""
-#: booleans.py:220
-msgid "Allow confined virtual guests to manage device configuration, (pci)"
-msgstr ""
-
-#: booleans.py:221
+#: booleans.py:230
msgid "Allow confined virtual guests to use usb devices"
msgstr ""
-#: booleans.py:222
+#: booleans.py:231
msgid "Allow confined virtual guests to interact with the xserver"
msgstr ""
-#: booleans.py:223
-msgid "Allow webadm to manage files in users home directories"
+#: booleans.py:232
+msgid "Determine whether webadm can manage generic user files."
msgstr ""
-#: booleans.py:224
-msgid "Allow webadm to read files in users home directories"
+#: booleans.py:233
+msgid "Determine whether webadm can read generic user files."
msgstr ""
-#: booleans.py:225
-msgid "Ignore wine mmap_zero errors."
+#: booleans.py:234
+msgid ""
+"Determine whether attempts by wine to mmap low regions should be silently "
+"blocked."
msgstr ""
-#: booleans.py:226
+#: booleans.py:235
msgid "Allow the graphical login program to execute bootloader"
msgstr ""
-#: booleans.py:227
+#: booleans.py:236
msgid ""
"Allow the graphical login program to login directly as sysadm_r:sysadm_t"
msgstr ""
-#: booleans.py:228
+#: booleans.py:237
msgid "Allow xen to manage nfs files"
msgstr ""
-#: booleans.py:229
+#: booleans.py:238
msgid ""
"Allow xend to run blktapctrl/tapdisk. Not required if using dedicated "
"logical volumes for disk images."
msgstr ""
-#: booleans.py:230
+#: booleans.py:239
msgid "Allow xend to run qemu-dm. Not required if using paravirt and no vfb."
msgstr ""
-#: booleans.py:231
+#: booleans.py:240
msgid ""
"Allow xguest users to configure Network Manager and connect to apache ports"
msgstr ""
-#: booleans.py:232
+#: booleans.py:241
msgid "Allow xguest to exec content"
msgstr ""
-#: booleans.py:233
+#: booleans.py:242
msgid "Allow xguest users to mount removable media"
msgstr ""
-#: booleans.py:234
+#: booleans.py:243
msgid "Allow xguest to use blue tooth devices"
msgstr ""
-#: booleans.py:235
+#: booleans.py:244
msgid "Allows clients to write to the X server shared memory segments."
msgstr ""
-#: booleans.py:236
+#: booleans.py:245
msgid "Allows XServer to execute writable memory"
msgstr ""
-#: booleans.py:237
+#: booleans.py:246
msgid "Support X userspace object manager"
msgstr ""
-#: booleans.py:238
-msgid "Allow zabbix to connect to unreserved ports"
+#: booleans.py:247
+msgid "Determine whether zabbix can connect to all TCP ports"
msgstr ""
-#: booleans.py:239
+#: booleans.py:248
msgid "Allow zebra daemon to write it configuration files"
msgstr ""
-#: booleans.py:240
+#: booleans.py:249
msgid ""
"Allow ZoneMinder to modify public files used for public file transfer "
"services."
diff --git a/policycoreutils/po/ar.po b/policycoreutils/po/ar.po
index 151ca6a..9e76fea 100644
--- a/policycoreutils/po/ar.po
+++ b/policycoreutils/po/ar.po
@@ -1,7 +1,7 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.
-#
+#
# Translators:
# Ali Al-Ammari , 2010.
# Amjad Al-Obaili , 2010.
@@ -12,24 +12,28 @@ msgid ""
msgstr ""
"Project-Id-Version: Policycoreutils\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2013-01-04 12:01-0500\n"
+"POT-Creation-Date: 2013-04-08 15:08-0400\n"
"PO-Revision-Date: 2013-01-04 17:02+0000\n"
"Last-Translator: dwalsh \n"
"Language-Team: Arabic \n"
+"Language: ar\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
-"Language: ar\n"
-"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n"
+"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 "
+"&& n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n"
#: ../run_init/run_init.c:67
msgid ""
"USAGE: run_init