diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch index 20b77b0..06085d7 100644 --- a/policycoreutils-gui.patch +++ b/policycoreutils-gui.patch @@ -1,6 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.85/gui/booleansPage.py ---- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/booleansPage.py 2011-02-23 14:40:42.595005090 -0500 +diff -up policycoreutils-2.0.86/gui/booleansPage.py.gui policycoreutils-2.0.86/gui/booleansPage.py +--- policycoreutils-2.0.86/gui/booleansPage.py.gui 2011-04-12 10:52:07.463643555 -0400 ++++ policycoreutils-2.0.86/gui/booleansPage.py 2011-04-12 10:52:07.463643555 -0400 @@ -0,0 +1,247 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel @@ -249,9 +249,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py poli + self.load(self.filter) + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py policycoreutils-2.0.85/gui/domainsPage.py ---- nsapolicycoreutils/gui/domainsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/domainsPage.py 2011-02-23 14:40:42.595005090 -0500 +diff -up policycoreutils-2.0.86/gui/domainsPage.py.gui policycoreutils-2.0.86/gui/domainsPage.py +--- policycoreutils-2.0.86/gui/domainsPage.py.gui 2011-04-12 10:52:07.464643571 -0400 ++++ policycoreutils-2.0.86/gui/domainsPage.py 2011-04-12 10:52:07.464643571 -0400 @@ -0,0 +1,154 @@ +## domainsPage.py - show selinux domains +## Copyright (C) 2009 Red Hat, Inc. @@ -407,9 +407,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/domainsPage.py polic + + except ValueError, e: + self.error(e.args[0]) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.85/gui/fcontextPage.py ---- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/fcontextPage.py 2011-02-23 14:40:42.596005097 -0500 +diff -up policycoreutils-2.0.86/gui/fcontextPage.py.gui policycoreutils-2.0.86/gui/fcontextPage.py +--- policycoreutils-2.0.86/gui/fcontextPage.py.gui 2011-04-12 10:52:07.468643633 -0400 ++++ policycoreutils-2.0.86/gui/fcontextPage.py 2011-04-12 10:52:07.468643633 -0400 @@ -0,0 +1,223 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -634,9 +634,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py poli + self.store.set_value(iter, SPEC_COL, fspec) + self.store.set_value(iter, FTYPE_COL, ftype) + self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.85/gui/html_util.py ---- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/html_util.py 2011-02-23 14:40:42.597005104 -0500 +diff -up policycoreutils-2.0.86/gui/html_util.py.gui policycoreutils-2.0.86/gui/html_util.py +--- policycoreutils-2.0.86/gui/html_util.py.gui 2011-04-12 10:52:07.469643648 -0400 ++++ policycoreutils-2.0.86/gui/html_util.py 2011-04-12 10:52:07.470643663 -0400 @@ -0,0 +1,164 @@ +# Authors: John Dennis +# @@ -802,9 +802,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policyc + doc += tail + return doc + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.85/gui/lockdown.glade ---- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/lockdown.glade 2011-02-23 14:40:42.599005118 -0500 +diff -up policycoreutils-2.0.86/gui/lockdown.glade.gui policycoreutils-2.0.86/gui/lockdown.glade +--- policycoreutils-2.0.86/gui/lockdown.glade.gui 2011-04-12 10:52:07.471643678 -0400 ++++ policycoreutils-2.0.86/gui/lockdown.glade 2011-04-12 10:52:07.477643771 -0400 @@ -0,0 +1,771 @@ + + @@ -1577,9 +1577,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade polic + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.85/gui/lockdown.gladep ---- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/lockdown.gladep 2011-02-23 14:40:42.600005125 -0500 +diff -up policycoreutils-2.0.86/gui/lockdown.gladep.gui policycoreutils-2.0.86/gui/lockdown.gladep +--- policycoreutils-2.0.86/gui/lockdown.gladep.gui 2011-04-12 10:52:07.482643847 -0400 ++++ policycoreutils-2.0.86/gui/lockdown.gladep 2011-04-12 10:52:07.483643863 -0400 @@ -0,0 +1,7 @@ + + @@ -1588,9 +1588,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep poli + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.85/gui/lockdown.py ---- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/lockdown.py 2011-02-23 14:40:42.601005132 -0500 +diff -up policycoreutils-2.0.86/gui/lockdown.py.gui policycoreutils-2.0.86/gui/lockdown.py +--- policycoreutils-2.0.86/gui/lockdown.py.gui 2011-04-12 10:52:07.484643879 -0400 ++++ policycoreutils-2.0.86/gui/lockdown.py 2011-04-12 10:52:07.484643879 -0400 @@ -0,0 +1,382 @@ +#!/usr/bin/python -Es +# @@ -1974,9 +1974,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policyco + + app = booleanWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.85/gui/loginsPage.py ---- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/loginsPage.py 2011-02-23 14:40:42.601005132 -0500 +diff -up policycoreutils-2.0.86/gui/loginsPage.py.gui policycoreutils-2.0.86/gui/loginsPage.py +--- policycoreutils-2.0.86/gui/loginsPage.py.gui 2011-04-12 10:52:07.485643894 -0400 ++++ policycoreutils-2.0.86/gui/loginsPage.py 2011-04-12 10:52:07.486643909 -0400 @@ -0,0 +1,185 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2163,9 +2163,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policy + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.85/gui/Makefile ---- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/Makefile 2011-02-23 14:40:42.603005146 -0500 +diff -up policycoreutils-2.0.86/gui/Makefile.gui policycoreutils-2.0.86/gui/Makefile +--- policycoreutils-2.0.86/gui/Makefile.gui 2011-04-12 10:52:07.486643909 -0400 ++++ policycoreutils-2.0.86/gui/Makefile 2011-04-12 10:52:07.487643924 -0400 @@ -0,0 +1,40 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr @@ -2207,9 +2207,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreu +indent: + +relabel: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.85/gui/mappingsPage.py ---- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/mappingsPage.py 2011-02-23 14:40:42.604005153 -0500 +diff -up policycoreutils-2.0.86/gui/mappingsPage.py.gui policycoreutils-2.0.86/gui/mappingsPage.py +--- policycoreutils-2.0.86/gui/mappingsPage.py.gui 2011-04-12 10:52:07.487643924 -0400 ++++ policycoreutils-2.0.86/gui/mappingsPage.py 2011-04-12 10:52:07.492644000 -0400 @@ -0,0 +1,56 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2267,9 +2267,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py poli + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.85/gui/modulesPage.py ---- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/modulesPage.py 2011-02-23 14:40:42.605005160 -0500 +diff -up policycoreutils-2.0.86/gui/modulesPage.py.gui policycoreutils-2.0.86/gui/modulesPage.py +--- policycoreutils-2.0.86/gui/modulesPage.py.gui 2011-04-12 10:52:07.493644016 -0400 ++++ policycoreutils-2.0.86/gui/modulesPage.py 2011-04-12 10:52:07.493644016 -0400 @@ -0,0 +1,190 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006-2009 Red Hat, Inc. @@ -2461,9 +2461,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic + + except ValueError, e: + self.error(e.args[0]) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.85/gui/polgen.glade ---- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/polgen.glade 2011-02-24 13:17:00.341848958 -0500 +diff -up policycoreutils-2.0.86/gui/polgen.glade.gui policycoreutils-2.0.86/gui/polgen.glade +--- policycoreutils-2.0.86/gui/polgen.glade.gui 2011-04-12 10:52:07.505644201 -0400 ++++ policycoreutils-2.0.86/gui/polgen.glade 2011-04-12 10:52:07.507644232 -0400 @@ -0,0 +1,3432 @@ + + @@ -5897,9 +5897,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policycoreutils-2.0.85/gui/polgen.gladep ---- nsapolicycoreutils/gui/polgen.gladep 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/polgen.gladep 2011-02-23 14:40:42.613005216 -0500 +diff -up policycoreutils-2.0.86/gui/polgen.gladep.gui policycoreutils-2.0.86/gui/polgen.gladep +--- policycoreutils-2.0.86/gui/polgen.gladep.gui 2011-04-12 10:52:07.508644247 -0400 ++++ policycoreutils-2.0.86/gui/polgen.gladep 2011-04-12 10:52:07.508644247 -0400 @@ -0,0 +1,7 @@ + + @@ -5908,9 +5908,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.gladep policy + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.85/gui/polgengui.py ---- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/polgengui.py 2011-02-23 14:40:42.615005230 -0500 +diff -up policycoreutils-2.0.86/gui/polgengui.py.gui policycoreutils-2.0.86/gui/polgengui.py +--- policycoreutils-2.0.86/gui/polgengui.py.gui 2011-04-12 10:52:07.513644322 -0400 ++++ policycoreutils-2.0.86/gui/polgengui.py 2011-05-23 17:04:16.377786536 -0400 @@ -0,0 +1,750 @@ +#!/usr/bin/python -Es +# @@ -5918,7 +5918,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc +# +# Dan Walsh +# -+# Copyright 2007, 2008, 2009 Red Hat, Inc. ++# Copyright (C) 2007-2011 Red Hat +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by @@ -6662,13 +6662,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.85/gui/polgen.py ---- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/polgen.py 2011-02-23 14:40:42.619005258 -0500 +diff -up policycoreutils-2.0.86/gui/polgen.py.gui policycoreutils-2.0.86/gui/polgen.py +--- policycoreutils-2.0.86/gui/polgen.py.gui 2011-04-12 10:52:07.516644368 -0400 ++++ policycoreutils-2.0.86/gui/polgen.py 2011-05-23 17:04:04.539689964 -0400 @@ -0,0 +1,1346 @@ +#!/usr/bin/python -Es +# -+# Copyright (C) 2007-2010 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -8012,9 +8012,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore + sys.exit(0) + except ValueError, e: + usage(e) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.85/gui/portsPage.py ---- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/portsPage.py 2011-02-23 14:40:42.620005265 -0500 +diff -up policycoreutils-2.0.86/gui/portsPage.py.gui policycoreutils-2.0.86/gui/portsPage.py +--- policycoreutils-2.0.86/gui/portsPage.py.gui 2011-04-12 10:52:07.518644400 -0400 ++++ policycoreutils-2.0.86/gui/portsPage.py 2011-04-12 10:52:07.521644446 -0400 @@ -0,0 +1,259 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -8275,9 +8275,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policyc + + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.85/gui/selinux.tbl ---- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/selinux.tbl 2011-02-23 14:40:42.622005279 -0500 +diff -up policycoreutils-2.0.86/gui/selinux.tbl.gui policycoreutils-2.0.86/gui/selinux.tbl +--- policycoreutils-2.0.86/gui/selinux.tbl.gui 2011-04-12 10:52:07.522644461 -0400 ++++ policycoreutils-2.0.86/gui/selinux.tbl 2011-04-12 10:52:07.522644461 -0400 @@ -0,0 +1,234 @@ +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") @@ -8513,9 +8513,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policyco +webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories") +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories") + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.85/gui/semanagePage.py ---- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/semanagePage.py 2011-02-23 14:40:42.623005286 -0500 +diff -up policycoreutils-2.0.86/gui/semanagePage.py.gui policycoreutils-2.0.86/gui/semanagePage.py +--- policycoreutils-2.0.86/gui/semanagePage.py.gui 2011-04-12 10:52:07.523644476 -0400 ++++ policycoreutils-2.0.86/gui/semanagePage.py 2011-04-12 10:52:07.524644491 -0400 @@ -0,0 +1,168 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -8685,9 +8685,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py poli + self.load(self.filter) + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.85/gui/statusPage.py ---- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/statusPage.py 2011-02-23 14:40:42.624005292 -0500 +diff -up policycoreutils-2.0.86/gui/statusPage.py.gui policycoreutils-2.0.86/gui/statusPage.py +--- policycoreutils-2.0.86/gui/statusPage.py.gui 2011-04-12 10:52:07.530644584 -0400 ++++ policycoreutils-2.0.86/gui/statusPage.py 2011-04-12 10:52:07.530644584 -0400 @@ -0,0 +1,190 @@ +# statusPage.py - show selinux status +## Copyright (C) 2006-2009 Red Hat, Inc. @@ -8879,9 +8879,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policy + return self.types[self.selinuxTypeOptionMenu.get_active()] + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.85/gui/system-config-selinux.glade ---- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/system-config-selinux.glade 2011-02-23 14:40:42.629005326 -0500 +diff -up policycoreutils-2.0.86/gui/system-config-selinux.glade.gui policycoreutils-2.0.86/gui/system-config-selinux.glade +--- policycoreutils-2.0.86/gui/system-config-selinux.glade.gui 2011-04-12 10:52:07.534644645 -0400 ++++ policycoreutils-2.0.86/gui/system-config-selinux.glade 2011-04-12 10:52:07.539644720 -0400 @@ -0,0 +1,3024 @@ + + @@ -11907,9 +11907,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.gladep policycoreutils-2.0.85/gui/system-config-selinux.gladep ---- nsapolicycoreutils/gui/system-config-selinux.gladep 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/system-config-selinux.gladep 2011-02-23 14:40:42.631005340 -0500 +diff -up policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui policycoreutils-2.0.86/gui/system-config-selinux.gladep +--- policycoreutils-2.0.86/gui/system-config-selinux.gladep.gui 2011-04-12 10:52:07.540644736 -0400 ++++ policycoreutils-2.0.86/gui/system-config-selinux.gladep 2011-04-12 10:52:07.541644752 -0400 @@ -0,0 +1,7 @@ + + @@ -11918,9 +11918,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.85/gui/system-config-selinux.py ---- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/system-config-selinux.py 2011-02-23 14:40:42.631005340 -0500 +diff -up policycoreutils-2.0.86/gui/system-config-selinux.py.gui policycoreutils-2.0.86/gui/system-config-selinux.py +--- policycoreutils-2.0.86/gui/system-config-selinux.py.gui 2011-04-12 10:52:07.542644768 -0400 ++++ policycoreutils-2.0.86/gui/system-config-selinux.py 2011-04-12 10:52:07.542644768 -0400 @@ -0,0 +1,187 @@ +#!/usr/bin/python -Es +# @@ -12109,11 +12109,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.85/gui/templates/boolean.py ---- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/boolean.py 2011-02-23 14:40:42.633005354 -0500 +diff -up policycoreutils-2.0.86/gui/templates/boolean.py.gui policycoreutils-2.0.86/gui/templates/boolean.py +--- policycoreutils-2.0.86/gui/templates/boolean.py.gui 2011-04-12 10:52:07.543644784 -0400 ++++ policycoreutils-2.0.86/gui/templates/boolean.py 2011-05-23 16:59:42.369598714 -0400 @@ -0,0 +1,40 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12130,34 +12130,34 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### boolean Template File ########################### + +te_boolean=""" +## -+##

-+## DESCRIPTION -+##

++##

++## DESCRIPTION ++##

+## -+gen_tunable(BOOLEAN,false) ++gen_tunable(BOOLEAN, false) +""" + +te_rules=""" +tunable_policy(`BOOLEAN',` +#TRUE -+',` ++',` +#FALSE +') +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.85/gui/templates/etc_rw.py ---- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/etc_rw.py 2011-02-23 14:40:42.633005354 -0500 -@@ -0,0 +1,113 @@ -+# Copyright (C) 2007 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/etc_rw.py.gui policycoreutils-2.0.86/gui/templates/etc_rw.py +--- policycoreutils-2.0.86/gui/templates/etc_rw.py.gui 2011-04-12 10:52:07.546644829 -0400 ++++ policycoreutils-2.0.86/gui/templates/etc_rw.py 2011-05-23 16:59:53.369684469 -0400 +@@ -0,0 +1,112 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12174,10 +12174,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### etc_rw Template File ############################# + +########################### Type Enforcement File ############################# @@ -12227,15 +12227,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py + type TEMPLATETYPE_etc_rw_t; + ') + -+ allow $1 TEMPLATETYPE_etc_rw_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_etc_rw_t:file read_file_perms; + allow $1 TEMPLATETYPE_etc_rw_t:dir list_dir_perms; + files_search_etc($1) +') + +######################################## +## -+## Create, read, write, and delete -+## TEMPLATETYPE conf files. ++## Manage TEMPLATETYPE conf files. +## +## +## @@ -12248,14 +12247,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py + type TEMPLATETYPE_etc_rw_t; + ') + -+ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_etc_rw_t, TEMPLATETYPE_etc_rw_t) + files_search_etc($1) +') + +""" + +if_admin_types=""" -+ type TEMPLATETYPE_etc_rw_t;""" ++ type TEMPLATETYPE_etc_rw_t;""" + +if_admin_rules=""" + files_search_etc($1) @@ -12270,11 +12269,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.85/gui/templates/executable.py ---- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/executable.py 2011-02-23 14:40:42.635005368 -0500 -@@ -0,0 +1,447 @@ -+# Copyright (C) 2007-2009 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/executable.py.gui policycoreutils-2.0.86/gui/templates/executable.py +--- policycoreutils-2.0.86/gui/templates/executable.py.gui 2011-04-12 10:52:07.548644859 -0400 ++++ policycoreutils-2.0.86/gui/templates/executable.py 2011-05-23 17:03:10.575251921 -0400 +@@ -0,0 +1,451 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12291,13 +12290,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### Type Enforcement File ############################# +te_daemon_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12317,7 +12316,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +""" + +te_dbusd_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12332,7 +12331,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +""" + +te_inetd_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12347,7 +12346,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +""" + +te_userapp_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12363,7 +12362,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +""" + +te_sandbox_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12378,7 +12377,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +""" + +te_cgi_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -12447,8 +12446,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + +te_manage_krb5_rcache_rules=""" +optional_policy(` -+ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) -+ kerberos_manage_host_rcache(TEMPLATETYPE_t) ++ kerberos_keytab_template(TEMPLATETYPE, TEMPLATETYPE_t) ++ kerberos_manage_host_rcache(TEMPLATETYPE_t) +') +""" + @@ -12489,11 +12488,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + +######################################## +## -+## Execute a domain transition to run TEMPLATETYPE. ++## Transition to TEMPLATETYPE. +## +## +## -+## Domain allowed access. ++## Domain allowed to transition. +## +## +# @@ -12502,6 +12501,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + type TEMPLATETYPE_t, TEMPLATETYPE_exec_t; + ') + ++ corecmd_search_bin($1) + domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t) +') + @@ -12515,7 +12515,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +## +## +## -+## Domain allowed access ++## Domain allowed to transition +## +## +## @@ -12550,7 +12550,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +# +interface(`TEMPLATETYPE_role',` + gen_require(` -+ type TEMPLATETYPE_t; ++ type TEMPLATETYPE_t; + ') + + role $1 types TEMPLATETYPE_t; @@ -12571,7 +12571,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +## +## +## -+## Domain allowed access ++## Domain allowed to transition. +## +## +## @@ -12628,7 +12628,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable +## +## +## -+## The type of the process performing this action. ++## Domain allowed access. +## +## +# @@ -12639,6 +12639,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + + init_labeled_script_domtrans($1, TEMPLATETYPE_initrc_exec_t) +') ++ +""" + +if_dbus_rules=""" @@ -12662,6 +12663,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + allow $1 TEMPLATETYPE_t:dbus send_msg; + allow TEMPLATETYPE_t $1:dbus send_msg; +') ++ +""" + +if_begin_admin=""" @@ -12692,9 +12694,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + allow $1 TEMPLATETYPE_t:process { ptrace signal_perms }; + ps_process_pattern($1, TEMPLATETYPE_t) +""" -+ ++ +if_initscript_admin_types=""" -+ type TEMPLATETYPE_initrc_exec_t;""" ++ type TEMPLATETYPE_initrc_exec_t;""" + +if_initscript_admin=""" + TEMPLATETYPE_initrc_domtrans($1) @@ -12705,6 +12707,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + +if_end_admin=""" +') ++ +""" + +########################### File Context ################################## @@ -12721,12 +12724,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable + +EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_initrc_exec_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.85/gui/templates/__init__.py ---- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/__init__.py 2011-02-23 14:40:42.635005368 -0500 +diff -up policycoreutils-2.0.86/gui/templates/__init__.py.gui policycoreutils-2.0.86/gui/templates/__init__.py +--- policycoreutils-2.0.86/gui/templates/__init__.py.gui 2011-04-12 10:52:07.549644874 -0400 ++++ policycoreutils-2.0.86/gui/templates/__init__.py 2011-05-23 17:02:40.424008790 -0400 @@ -0,0 +1,18 @@ +# -+# Copyright (C) 2007 Red Hat, Inc. ++# Copyright (C) 2007-2011 Red Hat +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by @@ -12743,10 +12746,32 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.p +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.85/gui/templates/network.py ---- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/network.py 2011-03-16 17:00:52.485669534 -0400 -@@ -0,0 +1,80 @@ +diff -up policycoreutils-2.0.86/gui/templates/network.py.gui policycoreutils-2.0.86/gui/templates/network.py +--- policycoreutils-2.0.86/gui/templates/network.py.gui 2011-04-12 10:52:07.556644982 -0400 ++++ policycoreutils-2.0.86/gui/templates/network.py 2011-05-23 17:03:09.237241107 -0400 +@@ -0,0 +1,102 @@ ++# Copyright (C) 2007-2011 Red Hat ++# see file 'COPYING' for use and warranty information ++# ++# policygentool is a tool for the initial generation of SELinux policy ++# ++# This program is free software; you can redistribute it and/or ++# modify it under the terms of the GNU General Public License as ++# published by the Free Software Foundation; either version 2 of ++# the License, or (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# 02111-1307 USA ++# ++# ++########################### Type Enforcement File ############################# +te_port_types=""" +type TEMPLATETYPE_port_t; +corenet_port(TEMPLATETYPE_port_t) @@ -12827,11 +12852,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py +corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.85/gui/templates/rw.py ---- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/rw.py 2011-02-23 14:40:42.637005382 -0500 -@@ -0,0 +1,131 @@ -+# Copyright (C) 2007 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/rw.py.gui policycoreutils-2.0.86/gui/templates/rw.py +--- policycoreutils-2.0.86/gui/templates/rw.py.gui 2011-04-12 10:52:07.557644997 -0400 ++++ policycoreutils-2.0.86/gui/templates/rw.py 2011-05-23 16:59:48.308644991 -0400 +@@ -0,0 +1,129 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12848,10 +12873,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# + +########################### tmp Template File ############################# +te_types=""" @@ -12900,15 +12925,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli + type TEMPLATETYPE_rw_t; + ') + -+ allow $1 TEMPLATETYPE_rw_t:file r_file_perms; ++ allow $1 TEMPLATETYPE_rw_t:file read_file_perms; + allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms; + files_search_rw($1) +') + +######################################## +## -+## Create, read, write, and delete -+## TEMPLATETYPE rw files. ++## Manage TEMPLATETYPE rw files. +## +## +## @@ -12921,7 +12945,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli + type TEMPLATETYPE_rw_t; + ') + -+ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++ manage_files_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +') + +######################################## @@ -12940,20 +12964,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli + type TEMPLATETYPE_rw_t; + ') + -+ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_rw_t, TEMPLATETYPE_rw_t) +') + +""" + +if_admin_types=""" -+ type TEMPLATETYPE_rw_t;""" ++ type TEMPLATETYPE_rw_t;""" + +if_admin_rules=""" + files_search_etc($1) + admin_pattern($1, TEMPLATETYPE_rw_t) +""" + -+ +########################### File Context ################################## +fc_file=""" +FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) @@ -12962,11 +12985,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli +fc_dir=""" +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.85/gui/templates/script.py ---- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/script.py 2011-02-23 14:40:42.637005382 -0500 +diff -up policycoreutils-2.0.86/gui/templates/script.py.gui policycoreutils-2.0.86/gui/templates/script.py +--- policycoreutils-2.0.86/gui/templates/script.py.gui 2011-04-12 10:52:07.558645012 -0400 ++++ policycoreutils-2.0.86/gui/templates/script.py 2011-05-23 17:02:13.796795073 -0400 @@ -0,0 +1,126 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -12983,10 +13006,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# + +########################### tmp Template File ############################# +compile="""\ @@ -13072,9 +13095,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +TEMPLATETYPE_r:TEMPLATETYPE_t:s0 TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t +_EOF +fi +""" @@ -13085,18 +13108,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py +TEMPLATETYPE_r:TEMPLATETYPE_t TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:crond_t TEMPLATETYPE_r:TEMPLATETYPE_t +system_r:initrc_su_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t -+system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:local_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:remote_login_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:sshd_t TEMPLATETYPE_r:TEMPLATETYPE_t ++system_r:xdm_t TEMPLATETYPE_r:TEMPLATETYPE_t +_EOF +fi +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.85/gui/templates/semodule.py ---- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/semodule.py 2011-02-23 14:40:42.638005389 -0500 +diff -up policycoreutils-2.0.86/gui/templates/semodule.py.gui policycoreutils-2.0.86/gui/templates/semodule.py +--- policycoreutils-2.0.86/gui/templates/semodule.py.gui 2011-04-12 10:52:07.560645042 -0400 ++++ policycoreutils-2.0.86/gui/templates/semodule.py 2011-05-23 17:02:07.466744404 -0400 @@ -0,0 +1,41 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13137,11 +13160,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.p +semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.85/gui/templates/tmp.py ---- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/tmp.py 2011-02-23 14:40:42.639005396 -0500 +diff -up policycoreutils-2.0.86/gui/templates/tmp.py.gui policycoreutils-2.0.86/gui/templates/tmp.py +--- policycoreutils-2.0.86/gui/templates/tmp.py.gui 2011-04-12 10:52:07.561645058 -0400 ++++ policycoreutils-2.0.86/gui/templates/tmp.py 2011-05-23 17:01:55.736650663 -0400 @@ -0,0 +1,102 @@ -+# Copyright (C) 2007 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13158,10 +13181,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### tmp Template File ############################# + +te_types=""" @@ -13178,7 +13201,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol +if_rules=""" +######################################## +## -+## Do not audit attempts to read, ++## Do not audit attempts to read, +## TEMPLATETYPE tmp files +## +## @@ -13197,11 +13220,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + +######################################## +## -+## Allow domain to read, TEMPLATETYPE tmp files ++## Read TEMPLATETYPE tmp files +## +## +## -+## Domain to not audit. ++## Domain allowed access. +## +## +# @@ -13216,11 +13239,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + +######################################## +## -+## Allow domain to manage TEMPLATETYPE tmp files ++## Manage TEMPLATETYPE tmp files +## +## +## -+## Domain to not audit. ++## Domain allowed access. +## +## +# @@ -13229,25 +13252,25 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py pol + type TEMPLATETYPE_tmp_t; + ') + -+ files_search_tmp($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) -+ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ files_search_tmp($1) ++ manage_dirs_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ manage_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_tmp_t, TEMPLATETYPE_tmp_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_tmp_t;""" ++ type TEMPLATETYPE_tmp_t;""" + +if_admin_rules=""" -+ files_search_tmp($1) ++ files_search_tmp($1) + admin_pattern($1, TEMPLATETYPE_tmp_t) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.85/gui/templates/user.py ---- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/user.py 2011-02-23 14:40:42.639005396 -0500 -@@ -0,0 +1,205 @@ -+# Copyright (C) 2007 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/user.py.gui policycoreutils-2.0.86/gui/templates/user.py +--- policycoreutils-2.0.86/gui/templates/user.py.gui 2011-04-12 10:52:07.562645074 -0400 ++++ policycoreutils-2.0.86/gui/templates/user.py 2011-05-23 17:01:46.816579501 -0400 +@@ -0,0 +1,204 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13264,14 +13287,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### Type Enforcement File ############################# + +te_login_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13282,7 +13305,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" + +te_admin_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13293,7 +13316,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" + +te_min_login_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13304,7 +13327,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" + +te_x_login_user_types="""\ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13315,18 +13338,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +""" + +te_existing_user_types="""\ -+policy_module(myTEMPLATETYPE,1.0.0) ++policy_module(myTEMPLATETYPE, 1.0.0) + +gen_require(` -+ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; -+ role TEMPLATETYPE_r; ++ type TEMPLATETYPE_t, TEMPLATETYPE_devpts_t; ++ role TEMPLATETYPE_r; +') + +""" + +te_root_user_types="""\ -+ -+policy_module(TEMPLATETYPE,1.0.0) ++policy_module(TEMPLATETYPE, 1.0.0) + +######################################## +# @@ -13408,20 +13430,20 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +bool TEMPLATETYPE_manage_user_files false; + +if (TEMPLATETYPE_read_user_files) { -+ userdom_read_user_home_content_files(TEMPLATETYPE_t) -+ userdom_read_user_tmp_files(TEMPLATETYPE_t) ++ userdom_read_user_home_content_files(TEMPLATETYPE_t) ++ userdom_read_user_tmp_files(TEMPLATETYPE_t) +} + +if (TEMPLATETYPE_manage_user_files) { -+ userdom_manage_user_home_content(TEMPLATETYPE_t) -+ userdom_manage_user_tmp_files(TEMPLATETYPE_t) ++ userdom_manage_user_home_content(TEMPLATETYPE_t) ++ userdom_manage_user_tmp_files(TEMPLATETYPE_t) +} + +""" + +te_admin_trans_rules=""" +gen_require(` -+ role USER_r; ++ role USER_r; +') + +allow USER_r TEMPLATETYPE_r; @@ -13452,11 +13474,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py po +te_newrole_rules=""" +seutil_run_newrole(TEMPLATETYPE_t, TEMPLATETYPE_r) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache.py policycoreutils-2.0.85/gui/templates/var_cache.py ---- nsapolicycoreutils/gui/templates/var_cache.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/var_cache.py 2011-02-23 14:40:42.640005403 -0500 -@@ -0,0 +1,133 @@ -+# Copyright (C) 2010 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/var_cache.py.gui policycoreutils-2.0.86/gui/templates/var_cache.py +--- policycoreutils-2.0.86/gui/templates/var_cache.py.gui 2011-04-12 10:52:07.566645136 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_cache.py 2011-05-23 17:01:38.793515591 -0400 +@@ -0,0 +1,132 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13473,10 +13495,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### cache Template File ############################# + +########################### Type Enforcement File ############################# @@ -13528,7 +13550,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache. + ') + + files_search_var($1) -+ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t) ++ read_files_pattern($1, TEMPLATETYPE_cache_t TEMPLATETYPE_cache_t) +') + +######################################## @@ -13548,13 +13570,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache. + ') + + files_search_var($1) -+ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) ++ manage_files_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) +') + +######################################## +## -+## Create, read, write, and delete -+## TEMPLATETYPE cache dirs. ++## Manage TEMPLATETYPE cache dirs. +## +## +## @@ -13568,13 +13589,13 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache. + ') + + files_search_var($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_cache_t, TEMPLATETYPE_cache_t) +') + +""" + +if_admin_types=""" -+ type TEMPLATETYPE_cache_t;""" ++ type TEMPLATETYPE_cache_t;""" + +if_admin_rules=""" + files_search_var($1) @@ -13589,11 +13610,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_cache. +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_cache_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.85/gui/templates/var_lib.py ---- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/var_lib.py 2011-02-23 14:40:42.641005410 -0500 -@@ -0,0 +1,161 @@ -+# Copyright (C) 2007 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/var_lib.py.gui policycoreutils-2.0.86/gui/templates/var_lib.py +--- policycoreutils-2.0.86/gui/templates/var_lib.py.gui 2011-04-12 10:52:07.567645151 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_lib.py 2011-05-23 17:01:31.516457701 -0400 +@@ -0,0 +1,160 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13610,10 +13631,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_lib Template File ############################# + +########################### Type Enforcement File ############################# @@ -13624,7 +13645,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +te_rules=""" +manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) -+files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file } ) ++files_var_lib_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t, { dir file }) +""" + +te_stream_rules="""\ @@ -13670,13 +13691,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + ') + + files_search_var_lib($1) -+ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ read_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +######################################## +## -+## Create, read, write, and delete -+## TEMPLATETYPE lib files. ++## Manage TEMPLATETYPE lib files. +## +## +## @@ -13690,12 +13710,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + ') + + files_search_var_lib($1) -+ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ manage_files_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +######################################## +## -+## Manage TEMPLATETYPE lib dirs files. ++## Manage TEMPLATETYPE lib directories. +## +## +## @@ -13709,7 +13729,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + ') + + files_search_var_lib($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') + +""" @@ -13730,12 +13750,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py + type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t; + ') + -+ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) ++ stream_connect_pattern($1, TEMPLATETYPE_var_lib_t, TEMPLATETYPE_var_lib_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_var_lib_t;""" ++ type TEMPLATETYPE_var_lib_t;""" + +if_admin_rules=""" + files_search_var_lib($1) @@ -13754,11 +13774,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.85/gui/templates/var_log.py ---- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/var_log.py 2011-02-23 14:40:42.642005417 -0500 -@@ -0,0 +1,116 @@ -+# Copyright (C) 2007,2010 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/var_log.py.gui policycoreutils-2.0.86/gui/templates/var_log.py +--- policycoreutils-2.0.86/gui/templates/var_log.py.gui 2011-04-12 10:52:07.568645166 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_log.py 2011-05-23 17:01:22.948389639 -0400 +@@ -0,0 +1,114 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13775,10 +13795,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_log Template File ############################# + +########################### Type Enforcement File ############################# @@ -13790,14 +13810,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +te_rules=""" +manage_dirs_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +manage_files_pattern(TEMPLATETYPE_t, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file } ) ++logging_log_filetrans(TEMPLATETYPE_t, TEMPLATETYPE_log_t, { dir file }) +""" + +########################### Interface File ############################# +if_rules=""" +######################################## +## -+## Allow the specified domain to read TEMPLATETYPE's log files. ++## Read TEMPLATETYPE's log files. +## +## +## @@ -13812,18 +13832,17 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py + ') + + logging_search_logs($1) -+ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ read_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') + +######################################## +## -+## Allow the specified domain to append -+## TEMPLATETYPE log files. ++## Append to TEMPLATETYPE log files. +## +## -+## -+## Domain allowed to transition. -+## ++## ++## Domain allowed access. ++## +## +# +interface(`TEMPLATETYPE_append_log',` @@ -13832,16 +13851,16 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py + ') + + logging_search_logs($1) -+ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ append_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') + +######################################## +## -+## Allow domain to manage TEMPLATETYPE log files ++## Manage TEMPLATETYPE log files +## +## +## -+## Domain to not audit. ++## Domain allowed access. +## +## +# @@ -13851,14 +13870,14 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py + ') + + logging_search_logs($1) -+ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) -+ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_dirs_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) ++ manage_lnk_files_pattern($1, TEMPLATETYPE_log_t, TEMPLATETYPE_log_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_log_t;""" ++ type TEMPLATETYPE_log_t;""" + +if_admin_rules=""" + logging_search_logs($1) @@ -13873,12 +13892,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) +""" -+ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.85/gui/templates/var_run.py ---- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/var_run.py 2011-02-23 14:40:42.642005417 -0500 +diff -up policycoreutils-2.0.86/gui/templates/var_run.py.gui policycoreutils-2.0.86/gui/templates/var_run.py +--- policycoreutils-2.0.86/gui/templates/var_run.py.gui 2011-04-12 10:52:07.569645181 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_run.py 2011-05-23 17:01:11.639299961 -0400 @@ -0,0 +1,101 @@ -+# Copyright (C) 2007,2010 Red Hat ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -13895,10 +13913,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_run Template File ############################# + +te_types=""" @@ -13956,12 +13974,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py + ') + + files_search_pids($1) -+ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t) ++ stream_connect_pattern($1, TEMPLATETYPE_var_run_t, TEMPLATETYPE_var_run_t, TEMPLATETYPE_t) +') +""" + +if_admin_types=""" -+ type TEMPLATETYPE_var_run_t;""" ++ type TEMPLATETYPE_var_run_t;""" + +if_admin_rules=""" + files_search_pids($1) @@ -13979,11 +13997,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.85/gui/templates/var_spool.py ---- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/templates/var_spool.py 2011-02-23 14:40:42.643005424 -0500 -@@ -0,0 +1,133 @@ -+# Copyright (C) 2007 Red Hat +diff -up policycoreutils-2.0.86/gui/templates/var_spool.py.gui policycoreutils-2.0.86/gui/templates/var_spool.py +--- policycoreutils-2.0.86/gui/templates/var_spool.py.gui 2011-04-12 10:52:07.573645242 -0400 ++++ policycoreutils-2.0.86/gui/templates/var_spool.py 2011-05-25 16:09:23.350352658 -0400 +@@ -0,0 +1,131 @@ ++# Copyright (C) 2007-2011 Red Hat +# see file 'COPYING' for use and warranty information +# +# policygentool is a tool for the initial generation of SELinux policy @@ -14000,10 +14018,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software -+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA ++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +# 02111-1307 USA +# -+# ++# +########################### var_spool Template File ############################# + +########################### Type Enforcement File ############################# @@ -14055,13 +14073,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. + ') + + files_search_spool($1) -+ read_files_pattern($1, TEMPLATETYPE_spool_t TEMPLATETYPE_spool_t) ++ read_files_pattern($1, TEMPLATETYPE_spool_t, TEMPLATETYPE_spool_t) +') + +######################################## +## -+## Create, read, write, and delete -+## TEMPLATETYPE spool files. ++## Manage TEMPLATETYPE spool files. +## +## +## @@ -14080,8 +14097,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. + +######################################## +## -+## Create, read, write, and delete -+## TEMPLATETYPE spool dirs. ++## Manage TEMPLATETYPE spool dirs. +## +## +## @@ -14101,7 +14117,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +""" + +if_admin_types=""" -+ type TEMPLATETYPE_spool_t;""" ++ type TEMPLATETYPE_spool_t;""" + +if_admin_rules=""" + files_search_spool($1) @@ -14116,9 +14132,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool. +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.85/gui/usersPage.py ---- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.85/gui/usersPage.py 2011-02-23 14:40:42.644005431 -0500 +diff -up policycoreutils-2.0.86/gui/usersPage.py.gui policycoreutils-2.0.86/gui/usersPage.py +--- policycoreutils-2.0.86/gui/usersPage.py.gui 2011-04-12 10:52:07.578645320 -0400 ++++ policycoreutils-2.0.86/gui/usersPage.py 2011-04-12 10:52:07.578645320 -0400 @@ -0,0 +1,150 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006,2007,2008 Red Hat, Inc. diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch index 357171f..0703981 100644 --- a/policycoreutils-rhat.patch +++ b/policycoreutils-rhat.patch @@ -1642,7 +1642,7 @@ index ff0ee7c..0c8a085 100644 test: @python test_sandbox.py -v diff --git a/policycoreutils/sandbox/sandbox b/policycoreutils/sandbox/sandbox -index 48a26c2..29c99ed 100644 +index 48a26c2..5fa1d72 100644 --- a/policycoreutils/sandbox/sandbox +++ b/policycoreutils/sandbox/sandbox @@ -1,5 +1,6 @@ @@ -1702,7 +1702,7 @@ index 48a26c2..29c99ed 100644 if not os.path.exists(newdir): os.makedirs(newdir) dest = newdir + "/" + bname -@@ -81,9 +85,10 @@ def copyfile(file, dir, dest): +@@ -81,9 +85,12 @@ def copyfile(file, dir, dest): shutil.copytree(file, dest) else: shutil.copy2(file, dest) @@ -1711,11 +1711,13 @@ index 48a26c2..29c99ed 100644 - for e in elist: - sys.stderr.write(e[1]) + for e in elist.message: -+ sys.stderr.write(e[2]) ++ # ignore files that are missing ++ if not e[2].startswith("[Errno 2]"): ++ sys.stderr.write(e[2]) SAVE_FILES[file] = (dest, os.path.getmtime(dest)) -@@ -161,10 +166,10 @@ class Sandbox: +@@ -161,10 +168,10 @@ class Sandbox: if not self.__options.homedir or not self.__options.tmpdir: self.usage(_("Homedir and tempdir required for level mounts")) @@ -1729,7 +1731,7 @@ index 48a26c2..29c99ed 100644 def __mount_callback(self, option, opt, value, parser): self.__mount = True -@@ -172,6 +177,15 @@ class Sandbox: +@@ -172,6 +179,15 @@ class Sandbox: def __x_callback(self, option, opt, value, parser): self.__mount = True setattr(parser.values, option.dest, True) @@ -1745,7 +1747,7 @@ index 48a26c2..29c99ed 100644 def __validdir(self, option, opt, value, parser): if not os.path.isdir(value): -@@ -194,6 +208,8 @@ class Sandbox: +@@ -194,6 +210,8 @@ class Sandbox: self.__include(option, opt, i[:-1], parser) except IOError, e: sys.stderr.write(str(e)) @@ -1754,7 +1756,7 @@ index 48a26c2..29c99ed 100644 fd.close() def __copyfiles(self): -@@ -212,13 +228,15 @@ class Sandbox: +@@ -212,13 +230,15 @@ class Sandbox: /etc/gdm/Xsession """) else: @@ -1772,7 +1774,7 @@ index 48a26c2..29c99ed 100644 kill -TERM $WM_PID 2> /dev/null """ % (command, wm, command)) fd.close() -@@ -226,14 +244,25 @@ kill -TERM $WM_PID 2> /dev/null +@@ -226,14 +246,25 @@ kill -TERM $WM_PID 2> /dev/null def usage(self, message = ""): error_exit("%s\n%s" % (self.__parser.usage, message)) @@ -1802,7 +1804,7 @@ index 48a26c2..29c99ed 100644 parser = OptionParser(version=self.VERSION, usage=usage) parser.disable_interspersed_args() -@@ -268,6 +297,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -268,6 +299,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- action="callback", callback=self.__validdir, help=_("alternate /tmp directory to use for mounting")) @@ -1813,7 +1815,7 @@ index 48a26c2..29c99ed 100644 parser.add_option("-W", "--windowmanager", dest="wm", type="string", default="/usr/bin/matchbox-window-manager -use_titlebar no", -@@ -276,13 +309,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -276,13 +311,17 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- parser.add_option("-l", "--level", dest="level", help=_("MCS/MLS level for the sandbox")) @@ -1832,7 +1834,7 @@ index 48a26c2..29c99ed 100644 if self.__options.setype: self.setype = self.__options.setype -@@ -300,6 +337,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -300,6 +339,10 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- self.__homedir = self.__options.homedir self.__tmpdir = self.__options.tmpdir else: @@ -1843,7 +1845,7 @@ index 48a26c2..29c99ed 100644 if len(cmds) == 0: self.usage(_("Command required")) cmds[0] = fullpath(cmds[0]) -@@ -329,44 +370,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- +@@ -329,44 +372,43 @@ sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [- def __setup_dir(self): if self.__options.level or self.__options.session: return @@ -1907,7 +1909,7 @@ index 48a26c2..29c99ed 100644 selinux.setexeccon(self.__execcon) rc = subprocess.Popen(self.__cmds).wait() -@@ -404,7 +444,7 @@ if __name__ == '__main__': +@@ -404,7 +446,7 @@ if __name__ == '__main__': sandbox = Sandbox() rc = sandbox.main() except OSError, error: @@ -2057,19 +2059,22 @@ index ff8b3ef..8508647 100644 # Source function library. diff --git a/policycoreutils/sandbox/sandboxX.sh b/policycoreutils/sandbox/sandboxX.sh -index 8338203..e501b03 100644 +index 8338203..f9e23ec 100644 --- a/policycoreutils/sandbox/sandboxX.sh +++ b/policycoreutils/sandbox/sandboxX.sh @@ -1,13 +1,17 @@ #!/bin/bash - context=`id -Z | secon -t -l -P` - export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`" +-context=`id -Z | secon -t -l -P` +-export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`" -export SCREENSIZE="1000x700" -#export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'` ++context=`id -Z | secon -t ` ++export TITLE="`grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80` ($context)" +[ $# -eq 1 ] && export SCREENSIZE="$1" || export SCREENSIZE="1000x700" trap "exit 0" HUP - (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do +-(/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do ++(/usr/bin/Xephyr -nolisten tcp -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do export DISPLAY=:$D - python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])' + cat > ~/seremote << __EOF @@ -3194,7 +3199,7 @@ index 3f9efba..7c6d75a 100644 +/etc/selinux/{SELINUXTYPE}/seusers diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles -index ae519fc..7d21ea3 100755 +index ae519fc..8e47d94 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -21,6 +21,44 @@ @@ -3278,7 +3283,7 @@ index ae519fc..7d21ea3 100755 rpmlist() { rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' -@@ -121,24 +144,34 @@ if [ ! -z "$PREFC" ]; then +@@ -121,33 +144,45 @@ if [ ! -z "$PREFC" ]; then fi if [ ! -z "$RPMFILES" ]; then for i in `echo "$RPMFILES" | sed 's/,/ /g'`; do @@ -3321,10 +3326,13 @@ index ae519fc..7d21ea3 100755 +fi +${SETFILES} -q ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMS} 2>&1 | cat >> $LOGFILE +rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-* $TEMPFCFILE ++find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) \( -type s -o -type p \) -delete find /tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; find /var/tmp \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t tmp_t {} \; ++find /var/run \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t var_run_t {} \; ++[ -e /var/lib/debug ] && find /var/lib/debug \( -context "*:file_t*" -o -context "*:unlabeled_t*" \) -exec chcon -t lib_t {} \; exit $? -@@ -146,8 +179,7 @@ exit $? + } fullrelabel() { logit "Cleaning out /tmp" diff --git a/policycoreutils.spec b/policycoreutils.spec index feca9f3..e75ee5b 100644 --- a/policycoreutils.spec +++ b/policycoreutils.spec @@ -7,7 +7,7 @@ Summary: SELinux policy core utilities Name: policycoreutils Version: 2.0.85 -Release: 30%{?dist} +Release: 30.1%{?dist} License: GPLv2 Group: System Environment/Base # Based on git repository with tag 20101221 @@ -318,6 +318,20 @@ fi exit 0 %changelog +* Fri Jun 17 2011 Dan Walsh 2.0.86-30.1 +- Backport lots of fixes from F15 including: +- Do not drop capability bounding set in seunshare, this allows sandbox to +- run setuid apps. +- Cleanup policy generation template +- Pass dpi settings to sandbox +- Add .config/* to restorecond_users.conf +- Clean up some of the templates for sepolgen +- Apply patches from Christoph A. + * fix sandbox title + * stop xephyr from li +- Also ignore errors on sandbox include of directory missing files +- Change fixfiles restore to delete unlabeled sockets in /tmp + * Mon Apr 11 2011 Dan Walsh 2.0.85-30 - Add Elia Pinto patches to allow user to specify directories to ignore