Mailinglist Archive: opensuse-commit (1828 mails)

< Previous Next >
commit policycoreutils
  • From: root@xxxxxxxxxxxxxxx (h_root)
  • Date: Tue, 02 Sep 2008 12:29:56 +0200
  • Message-id: <20080902102957.326C667815E@xxxxxxxxxxxxxxx>

Hello community,

here is the log from the commit of package policycoreutils
checked in at Tue Sep 2 12:29:56 CEST 2008.


--------
--- policycoreutils/policycoreutils.changes 2008-08-04 01:00:56.000000000
+0200
+++ /mounts/work_src_done/STABLE/policycoreutils/policycoreutils.changes
2008-09-02 12:33:15.000000000 +0200
@@ -1,0 +2,14 @@
+Tue Sep 2 12:25:39 CEST 2008 - prusnak@xxxxxxx
+
+- updated to 2.0.55
+ * Merged semanage node support from Christian Kuester.
+- updated to 2.0.54
+ * Add support for boolean files and group support for seusers from Dan Walsh.
+ * Ensure that setfiles -p output is newline terminated from Russell Coker.
+- updated to 2.0.53
+ * Change setfiles to validate all file_contexts files when using -c from
Stephen Smalley.
+- updated sepolgen to 1.0.13
+ * Only append s0 suffix if MLS is enabled from Karl MacMillan.
+- added missing preun/post/postun scriptlets
+
+-------------------------------------------------------------------



Old:
----
policycoreutils-2.0.52.tar.bz2
sepolgen-1.0.12.tar.bz2

New:
----
policycoreutils-2.0.55.tar.bz2
sepolgen-1.0.13.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ policycoreutils.spec ++++++
--- /var/tmp/diff_new_pack.E11949/_old 2008-09-02 12:29:13.000000000 +0200
+++ /var/tmp/diff_new_pack.E11949/_new 2008-09-02 12:29:13.000000000 +0200
@@ -1,10 +1,17 @@
#
-# spec file for package policycoreutils (Version 2.0.52)
+# spec file for package policycoreutils (Version 2.0.55)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

@@ -14,11 +21,11 @@
%define libsepol_ver 2.0.19
%define libsemanage_ver 2.0.5
%define libselinux_ver 2.0.46
-%define sepolgen_ver 1.0.12
+%define sepolgen_ver 1.0.13

Name: policycoreutils
-Version: 2.0.52
-Release: 2
+Version: 2.0.55
+Release: 1
Url: http://www.nsa.gov/selinux/
License: GPL v2 or later
Group: Productivity/Security
@@ -47,14 +54,14 @@
Requires: util-linux gawk rpm checkpolicy python-selinux
audit-libs-python

%description
-Security-enhanced Linux is a feature of the Linux� kernel and a number
-of utilities with enhanced security functionality designed to add
-mandatory access controls to Linux. The Security-enhanced Linux kernel
-contains new architectural components originally developed to improve
-the security of the Flask operating system. These architectural
+Security-enhanced Linux is a feature of the Linux(R) kernel and a
+number of utilities with enhanced security functionality designed to
+add mandatory access controls to Linux. The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
-concepts of Type Enforcement�, Role-based Access Control, and
+concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.

policycoreutils contains the policy core utilities that are required
@@ -75,14 +82,14 @@
Requires: setools-console

%description gui
-Security-enhanced Linux is a feature of the Linux� kernel and a number
-of utilities with enhanced security functionality designed to add
-mandatory access controls to Linux. The Security-enhanced Linux kernel
-contains new architectural components originally developed to improve
-the security of the Flask operating system. These architectural
+Security-enhanced Linux is a feature of the Linux(R) kernel and a
+number of utilities with enhanced security functionality designed to
+add mandatory access controls to Linux. The Security-enhanced Linux
+kernel contains new architectural components originally developed to
+improve the security of the Flask operating system. These architectural
components provide general support for the enforcement of many kinds of
mandatory access control policies, including those based on the
-concepts of Type Enforcement�, Role-based Access Control, and
+concepts of Type Enforcement(R), Role-based Access Control, and
Multi-level Security.

policycoreutils contains the policy core utilities that are required
@@ -209,7 +216,34 @@
# %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux
# %config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui

+%preun
+if [ "$1" -eq "0" ]; then
+ %stop_on_removal restorecond
+ %insserv_cleanup
+fi
+
+%post
+%fillup_and_insserv restorecond
+[ -f %{_datadir}/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen
/dev/null
+exit 0
+
+%postun
+if [ "$1" -ge "1" ]; then
+ %restart_on_update rsyncd
+fi
+
%changelog
+* Tue Sep 02 2008 prusnak@xxxxxxx
+- updated to 2.0.55
+ * Merged semanage node support from Christian Kuester.
+- updated to 2.0.54
+ * Add support for boolean files and group support for seusers from Dan Walsh.
+ * Ensure that setfiles -p output is newline terminated from Russell Coker.
+- updated to 2.0.53
+ * Change setfiles to validate all file_contexts files when using -c from
Stephen Smalley.
+- updated sepolgen to 1.0.13
+ * Only append s0 suffix if MLS is enabled from Karl MacMillan.
+- added missing preun/post/postun scriptlets
* Mon Aug 04 2008 ro@xxxxxxx
- add directory to filelist to fix build
* Tue Jul 15 2008 prusnak@xxxxxxx

++++++ policycoreutils-2.0.52.tar.bz2 -> policycoreutils-2.0.55.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/ChangeLog
new/policycoreutils-2.0.55/ChangeLog
--- old/policycoreutils-2.0.52/ChangeLog 2008-07-02 23:19:33.000000000
+0200
+++ new/policycoreutils-2.0.55/ChangeLog 2008-08-28 15:35:50.000000000
+0200
@@ -1,3 +1,13 @@
+2.0.55 2008-08-26
+ * Merged semanage node support from Christian Kuester.
+
+2.0.54 2008-08-05
+ * Add support for boolean files and group support for seusers from Dan
Walsh.
+ * Ensure that setfiles -p output is newline terminated from Russell
Coker.
+
+2.0.53 2008-07-29
+ * Change setfiles to validate all file_contexts files when using -c
from Stephen Smalley.
+
2.0.52 2008-07-02
* Add permissive domain capability to semanage from Dan Walsh.

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/restorecond/restorecond.c
new/policycoreutils-2.0.55/restorecond/restorecond.c
--- old/policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-02
23:19:34.000000000 +0200
+++ new/policycoreutils-2.0.55/restorecond/restorecond.c 2008-08-28
15:35:50.000000000 +0200
@@ -210,9 +210,10 @@
}

if (fsetfilecon(fd, scontext) < 0) {
- syslog(LOG_ERR,
- "set context %s->%s failed:'%s'\n",
- filename, scontext, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR,
+ "set context %s->%s
failed:'%s'\n",
+ filename, scontext,
strerror(errno));
if (retcontext >= 0)
free(prev_context);
free(scontext);
@@ -225,8 +226,9 @@
if (retcontext >= 0)
free(prev_context);
} else {
- syslog(LOG_ERR, "get context on %s failed: '%s'\n",
- filename, strerror(errno));
+ if (errno != EOPNOTSUPP)
+ syslog(LOG_ERR, "get context on %s failed: '%s'\n",
+ filename, strerror(errno));
}
free(scontext);
close(fd);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/semanage/semanage
new/policycoreutils-2.0.55/semanage/semanage
--- old/policycoreutils-2.0.52/semanage/semanage 2008-07-02
23:19:34.000000000 +0200
+++ new/policycoreutils-2.0.55/semanage/semanage 2008-08-28
15:35:50.000000000 +0200
@@ -44,14 +44,15 @@

def usage(message = ""):
print _("""
-semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
-semanage login -{a|d|m} [-sr] login_name
+semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D}
[-n]
+semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
semanage interface -{a|d|m} [-tr] interface_spec
+semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr
semanage fcontext -{a|d|m} [-frst] file_spec
semanage translation -{a|d|m} [-T] level
-semanage boolean -{d|m} boolean
+semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
semanage permissive -{d|a} type

Primary Options:
@@ -79,7 +80,9 @@
-l (symbolic link)
-p (named pipe)

- -p, --proto Port protocol (tcp or udp)
+ -F, --file Treat target as an input file for command, change
multiple settings
+ -p, --proto Port protocol (tcp or udp) or internet protocol
version of node (ipv4 or ipv6)
+ -M, --mask Netmask
-P, --prefix Prefix for home directory labeling
-L, --level Default SELinux Level (MLS/MCS Systems only)
-R, --roles SELinux Roles (ex: "sysadm_r staff_r")
@@ -108,13 +111,15 @@
valid_option["port"] = []
valid_option["port"] += valid_everyone + [ '-t', '--type',
'-r', '--range', '-p', '--proto' ]
valid_option["interface"] = []
- valid_option["interface"] += valid_everyone + [ '-t', '--type',
'-r', '--range']
+ valid_option["interface"] += valid_everyone + [ '-t', '--type',
'-r', '--range']
+ valid_option["node"] = []
+ valid_option["node"] += valid_everyone + [ '-M', '--mask',
'-t', '--type', '-r', '--range', '-p', '--protocol']
valid_option["fcontext"] = []
valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype',
'-s', '--seuser', '-t', '--type', '-r', '--range']
valid_option["translation"] = []
valid_option["translation"] += valid_everyone + [ '-T',
'--trans' ]
valid_option["boolean"] = []
- valid_option["boolean"] += valid_everyone + [ '--on', "--off",
"-1", "-0" ]
+ valid_option["boolean"] += valid_everyone + [ '--on', "--off",
"-1", "-0", "-F", "--file"]
valid_option["permissive"] = []
valid_option["permissive"] += [ '-a', '--add', '-d',
'--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D',
'--deleteall' ]
return valid_option
@@ -128,21 +133,23 @@
serange = ""
port = ""
proto = ""
+ mask = ""
selevel = ""
setype = ""
ftype = ""
setrans = ""
roles = ""
seuser = ""
- prefix = ""
- heading=1
- value=0
- add = 0
- modify = 0
- delete = 0
- deleteall = 0
- list = 0
- locallist = 0
+ prefix = "user"
+ heading = True
+ value = None
+ add = False
+ modify = False
+ delete = False
+ deleteall = False
+ list = False
+ locallist = False
+ use_file = False
store = ""
if len(sys.argv) < 3:
usage(_("Requires 2 or more arguments"))
@@ -155,11 +162,12 @@
args = sys.argv[2:]

gopts, cmds = getopt.getopt(args,
- '01adf:lhmnp:s:CDR:L:r:t:T:P:S:',
+ '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:M:',
['add',
'delete',
'deleteall',
'ftype=',
+ 'file',
'help',
'list',
'modify',
@@ -175,7 +183,8 @@
'roles=',
'type=',
'trans=',
- 'prefix='
+ 'prefix=',
+ 'mask='
])
for o, a in gopts:
if o not in option_dict[object]:
@@ -185,31 +194,35 @@
if o == "-a" or o == "--add":
if modify or delete:
usage()
- add = 1
+ add = True

if o == "-d" or o == "--delete":
if modify or add:
usage()
- delete = 1
+ delete = True
if o == "-D" or o == "--deleteall":
if modify:
usage()
- deleteall = 1
+ deleteall = True
if o == "-f" or o == "--ftype":
ftype=a
+
+ if o == "-F" or o == "--file":
+ use_file = True
+
if o == "-h" or o == "--help":
usage()

if o == "-n" or o == "--noheading":
- heading=0
+ heading = False

if o == "-C" or o == "--locallist":
- locallist=1
+ locallist = True

if o == "-m"or o == "--modify":
if delete or add:
usage()
- modify = 1
+ modify = True

if o == "-S" or o == '--store':
store = a
@@ -220,7 +233,7 @@
serange = a

if o == "-l" or o == "--list":
- list = 1
+ list = True

if o == "-L" or o == '--level':
if is_mls_enabled == 0:
@@ -239,6 +252,9 @@
if o == "-s" or o == "--seuser":
seuser = a

+ if o == "-M" or o == '--mask':
+ mask = a
+
if o == "-t" or o == "--type":
setype = a

@@ -246,9 +262,9 @@
setrans = a

if o == "--on" or o == "-1":
- value = 1
- if o == "-off" or o == "-0":
- value = 0
+ value = "on"
+ if o == "--off" or o == "-0":
+ value = "off"

if object == "login":
OBJECT = seobject.loginRecords(store)
@@ -261,6 +277,9 @@

if object == "interface":
OBJECT = seobject.interfaceRecords(store)
+
+ if object == "node":
+ OBJECT = seobject.nodeRecords(store)

if object == "fcontext":
OBJECT = seobject.fcontextRecords(store)
@@ -275,7 +294,10 @@
OBJECT = seobject.permissiveRecords(store)

if list:
- OBJECT.list(heading, locallist)
+ if object == "boolean":
+ OBJECT.list(heading, locallist, use_file)
+ else:
+ OBJECT.list(heading, locallist)
sys.exit(0);

if deleteall:
@@ -295,12 +317,10 @@
OBJECT.add(target, setrans)

if object == "user":
- rlist = roles.split()
- if len(rlist) == 0:
- raise ValueError(_("You must specify a
role"))
- if prefix == "":
- raise ValueError(_("You must specify a
prefix"))
- OBJECT.add(target, rlist, selevel, serange,
prefix)
+ rlist = []
+ if not use_file:
+ rlist = roles.split()
+ OBJECT.add(target, rlist, selevel, serange,
prefix)

if object == "port":
OBJECT.add(target, proto, serange, setype)
@@ -308,6 +328,9 @@
if object == "interface":
OBJECT.add(target, serange, setype)

+ if object == "node":
+ OBJECT.add(target, mask, proto, serange, setype)
+
if object == "fcontext":
OBJECT.add(target, setype, ftype, serange,
seuser)
if object == "permissive":
@@ -317,7 +340,7 @@

if modify:
if object == "boolean":
- OBJECT.modify(target, value)
+ OBJECT.modify(target, value, use_file)

if object == "login":
OBJECT.modify(target, seuser, serange)
@@ -335,6 +358,9 @@
if object == "interface":
OBJECT.modify(target, serange, setype)

+ if object == "node":
+ OBJECT.modify(target, mask, proto, serange,
setype)
+
if object == "fcontext":
OBJECT.modify(target, setype, ftype, serange,
seuser)

@@ -347,6 +373,9 @@
elif object == "fcontext":
OBJECT.delete(target, ftype)

+ elif object == "node":
+ OBJECT.delete(target, mask, proto)
+
else:
OBJECT.delete(target)

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/semanage/semanage.8
new/policycoreutils-2.0.55/semanage/semanage.8
--- old/policycoreutils-2.0.52/semanage/semanage.8 2008-07-02
23:19:34.000000000 +0200
+++ new/policycoreutils-2.0.55/semanage/semanage.8 2008-08-28
15:35:50.000000000 +0200
@@ -3,11 +3,11 @@
semanage \- SELinux Policy Management tool

.SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|fcontext|translation}
\-{l|lC|D} [\-n]
+.B semanage {boolean|login|user|port|interface|node|fcontext|translation}
\-{l|D} [\-n] [\-S store]
.br
-.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
+.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file
.br
-.B semanage login \-{a|d|m} [\-sr] login_name
+.B semanage login \-{a|d|m} [\-sr] login_name | %groupname
.br
.B semanage user \-{a|d|m} [\-LrRP] selinux_name
.br
@@ -15,6 +15,8 @@
.br
.B semanage interface \-{a|d|m} [\-tr] interface_spec
.br
+.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address
+.br
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
.br
.B semanage permissive \-{a|d} type
@@ -54,6 +56,11 @@
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match
only directories or -- to match only regular files.
.TP
+.I \-F, \-\-file
+Set multiple records from the input file. When used with the \-l \-\-list, it
will output the current settings to stdout in the proper format.
+
+Currently booleans only.
+.TP
.I \-h, \-\-help
display this message
.TP
@@ -73,7 +80,7 @@
Do not print heading when listing OBJECTS.
.TP
.I \-p, \-\-proto
-Protocol for the specified port (tcp|udp).
+Protocol for the specified port (tcp|udp) or internet protocol version for the
specified node (ipv4|ipv6).
.TP
.I \-r, \-\-range
MLS/MCS Security Range (MLS/MCS Systems only)
@@ -87,6 +94,9 @@
.I \-s, \-\-seuser
SELinux user name
.TP
+.I \-S, \-\-store
+Select and alternate SELinux store to manage
+.TP
.I \-t, \-\-type
SELinux Type for the object
.TP
@@ -99,6 +109,8 @@
$ semanage user -l
# Allow joe to login as staff_u
$ semanage login -a -s staff_u joe
+# Allow the group clerks to login as user_u
+$ semanage login -a -s user_u %clerks
# Add file-context for everything under /web (used by restorecon)
$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
# Allow Apache to listen on port 81
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/semanage/seobject.py
new/policycoreutils-2.0.55/semanage/seobject.py
--- old/policycoreutils-2.0.52/semanage/seobject.py 2008-07-02
23:19:34.000000000 +0200
+++ new/policycoreutils-2.0.55/semanage/seobject.py 2008-08-28
15:35:50.000000000 +0200
@@ -21,7 +21,7 @@
#
#

-import pwd, string, selinux, tempfile, os, re, sys
+import pwd, grp, string, selinux, tempfile, os, re, sys
from semanage import *;
PROGNAME="policycoreutils"
import sepolgen.module as module
@@ -330,20 +330,15 @@
for name in dirs:
os.rmdir(os.path.join(root, name))

- if rc != 0:
- raise ValueError(out)
-
-
def delete(self, name):
for n in name.split():
rc = semanage_module_remove(self.sh, "permissive_%s" %
n)
if rc < 0:
raise ValueError(_("Could not remove permissive
domain %s (remove failed)") % name)
- rc = semanage_commit(self.sh)
- if rc < 0:
- raise ValueError(_("Could not remove permissive domain
%s (commit failed)") % name)
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive
domain %s (commit failed)") % name)

-
def deleteall(self):
l = self.get_all()
if len(l) > 0:
@@ -402,10 +397,16 @@
raise ValueError(_("Could not check if login
mapping for %s is defined") % name)
if exists:
raise ValueError(_("Login mapping for %s is
already defined") % name)
- try:
- pwd.getpwnam(name)
- except:
- raise ValueError(_("Linux User %s does not
exist") % name)
+ if name[0] == '%':
+ try:
+ grp.getgrnam(name[1:])
+ except:
+ raise ValueError(_("Linux Group %s does
not exist") % name[1:])
+ else:
+ try:
+ pwd.getpwnam(name)
+ except:
+ raise ValueError(_("Linux User %s does
not exist") % name)

(rc,u) = semanage_seuser_create(self.sh)
if rc < 0:
@@ -1030,6 +1031,231 @@
rec += ", %s" % p
print rec

+class nodeRecords(semanageRecords):
+ def __init__(self, store = ""):
+ semanageRecords.__init__(self,store)
+
+ def add(self, addr, mask, proto, serange, ctype):
+ if addr == "":
+ raise ValueError(_("Node Address is required"))
+
+ if mask == "":
+ raise ValueError(_("Node Netmask is required"))
+
+ if proto == "ipv4":
+ proto = 0
+ elif proto == "ipv6":
+ proto = 1
+ else:
+ raise ValueError(_("Unknown or missing protocol"))
+
+
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+ else:
+ serange = untranslate(serange)
+
+ if ctype == "":
+ raise ValueError(_("SELinux Type is required"))
+
+ (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") %
addr)
+ if rc < 0:
+ raise ValueError(_("Could not check if addr %s is
defined") % addr)
+
+ (rc,exists) = semanage_node_exists(self.sh, k)
+ if exists:
+ raise ValueError(_("Addr %s already defined") % addr)
+
+ (rc,node) = semanage_node_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create addr for %s") %
addr)
+
+ rc = semanage_node_set_addr(self.sh, node, proto, addr)
+ (rc, con) = semanage_context_create(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not create context for %s") %
addr)
+
+ rc = semanage_node_set_mask(self.sh, node, proto, mask)
+ if rc < 0:
+ raise ValueError(_("Could not set mask for %s") % addr)
+
+
+ rc = semanage_context_set_user(self.sh, con, "system_u")
+ if rc < 0:
+ raise ValueError(_("Could not set user in addr context
for %s") % addr)
+
+ rc = semanage_context_set_role(self.sh, con, "object_r")
+ if rc < 0:
+ raise ValueError(_("Could not set role in addr context
for %s") % addr)
+
+ rc = semanage_context_set_type(self.sh, con, ctype)
+ if rc < 0:
+ raise ValueError(_("Could not set type in addr context
for %s") % addr)
+
+ if serange != "":
+ rc = semanage_context_set_mls(self.sh, con, serange)
+ if rc < 0:
+ raise ValueError(_("Could not set mls fields in
addr context for %s") % addr)
+
+ rc = semanage_node_set_con(self.sh, node, con)
+ if rc < 0:
+ raise ValueError(_("Could not set addr context for %s")
% addr)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage
transaction"))
+
+ rc = semanage_node_modify_local(self.sh, k, node)
+ if rc < 0:
+ raise ValueError(_("Could not add addr %s") % addr)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not add addr %s") % addr)
+
+ semanage_context_free(con)
+ semanage_node_key_free(k)
+ semanage_node_free(node)
+
+ def modify(self, addr, mask, proto, serange, setype):
+ if addr == "":
+ raise ValueError(_("Node Address is required"))
+
+ if mask == "":
+ raise ValueError(_("Node Netmask is required"))
+ if proto == "ipv4":
+ proto = 0
+ elif proto == "ipv6":
+ proto = 1
+ else:
+ raise ValueError(_("Unknown or missing protocol"))
+
+
+ if serange == "" and setype == "":
+ raise ValueError(_("Requires setype or serange"))
+
+ (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") %
addr)
+
+ (rc,exists) = semanage_node_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if addr %s is
defined") % addr)
+ if not exists:
+ raise ValueError(_("Addr %s is not defined") % addr)
+
+ (rc,node) = semanage_node_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query addr %s") % addr)
+
+ con = semanage_node_get_con(node)
+
+ if serange != "":
+ semanage_context_set_mls(self.sh, con,
untranslate(serange))
+ if setype != "":
+ semanage_context_set_type(self.sh, con, setype)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage
transaction"))
+
+ rc = semanage_node_modify_local(self.sh, k, node)
+ if rc < 0:
+ raise ValueError(_("Could not modify addr %s") % addr)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not modify addr %s") % addr)
+
+ semanage_node_key_free(k)
+ semanage_node_free(node)
+
+ def delete(self, addr, mask, proto):
+ if addr == "":
+ raise ValueError(_("Node Address is required"))
+
+ if mask == "":
+ raise ValueError(_("Node Netmask is required"))
+
+ if proto == "ipv4":
+ proto = 0
+ elif proto == "ipv6":
+ proto = 1
+ else:
+ raise ValueError(_("Unknown or missing protocol"))
+
+ (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto)
+ if rc < 0:
+ raise ValueError(_("Could not create key for %s") %
addr)
+
+ (rc,exists) = semanage_node_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if addr %s is
defined") % addr)
+ if not exists:
+ raise ValueError(_("Addr %s is not defined") % addr)
+
+ (rc,exists) = semanage_node_exists_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if addr %s is
defined") % addr)
+ if not exists:
+ raise ValueError(_("Addr %s is defined in policy,
cannot be deleted") % addr)
+
+ rc = semanage_begin_transaction(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not start semanage
transaction"))
+
+ rc = semanage_node_del_local(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not delete addr %s") % addr)
+
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not delete addr %s") % addr)
+
+ semanage_node_key_free(k)
+
+ def get_all(self, locallist = 0):
+ ddict = {}
+ if locallist :
+ (rc, self.ilist) = semanage_node_list_local(self.sh)
+ else:
+ (rc, self.ilist) = semanage_node_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list addrs"))
+
+ for node in self.ilist:
+ con = semanage_node_get_con(node)
+ addr = semanage_node_get_addr(self.sh, node)
+ mask = semanage_node_get_mask(self.sh, node)
+ proto = semanage_node_get_proto(node)
+ if proto == 0:
+ proto = "ipv4"
+ elif proto == 1:
+ proto = "ipv6"
+ ddict[(addr[1], mask[1], proto)] =
(semanage_context_get_user(con), semanage_context_get_role(con),
semanage_context_get_type(con), semanage_context_get_mls(con))
+
+ return ddict
+
+ def list(self, heading = 1, locallist = 0):
+ if heading:
+ print "%-18s %-18s %-5s %-5s\n" % ("IP Address",
"Netmask", "Protocol", "Context")
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ keys.sort()
+ if is_mls_enabled:
+ for k in keys:
+ val = ''
+ for fields in k:
+ val = val + '\t' + str(fields)
+ print "%-18s %-18s %-5s %s:%s:%s:%s " %
(k[0],k[1],k[2],ddict[k][0], ddict[k][1],ddict[k][2], translate(ddict[k][3],
False))
+ else:
+ for k in keys:
+ print "%-18s %-18s %-5s %s:%s:%s " %
(k[0],k[1],k[2],ddict[k][0], ddict[k][1],ddict[k][2])
+
+
class interfaceRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
@@ -1447,54 +1673,72 @@
class booleanRecords(semanageRecords):
def __init__(self, store = ""):
semanageRecords.__init__(self, store)
+ self.dict={}
+ self.dict["TRUE"] = 1
+ self.dict["FALSE"] = 0
+ self.dict["ON"] = 1
+ self.dict["OFF"] = 0
+ self.dict["1"] = 1
+ self.dict["0"] = 0

- def modify(self, name, value = ""):
- if value == "":
- raise ValueError(_("Requires value"))
-
- (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") %
name)
-
- (rc,exists) = semanage_bool_exists(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not check if boolean %s is
defined") % name)
- if not exists:
- raise ValueError(_("Boolean %s is not defined") % name)
-
- (rc,b) = semanage_bool_query(self.sh, k)
- if rc < 0:
- raise ValueError(_("Could not query file context %s") %
name)
+ def __mod(self, name, value):
+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") %
name)
+ (rc,exists) = semanage_bool_exists(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not check if boolean %s is
defined") % name)
+ if not exists:
+ raise ValueError(_("Boolean %s is not defined") % name)
+
+ (rc,b) = semanage_bool_query(self.sh, k)
+ if rc < 0:
+ raise ValueError(_("Could not query file context %s") %
name)

- if value != "":
- nvalue = int(value)
- semanage_bool_set_value(b, nvalue)
+ if value.upper() in self.dict:
+ semanage_bool_set_value(b, self.dict[value.upper()])
else:
- raise ValueError(_("You must specify a value"))
+ raise ValueError(_("You must specify one of the
following values: %s") % ", ".join(self.dict.keys()) )
+
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of
boolean %s") % name)
+ rc = semanage_bool_modify_local(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not modify boolean %s") %
name)
+ semanage_bool_key_free(k)
+ semanage_bool_free(b)

+ def modify(self, name, value=None, use_file=False):
+
rc = semanage_begin_transaction(self.sh)
if rc < 0:
raise ValueError(_("Could not start semanage
transaction"))
-
- rc = semanage_bool_set_active(self.sh, k, b)
- if rc < 0:
- raise ValueError(_("Could not set active value of
boolean %s") % name)
- rc = semanage_bool_modify_local(self.sh, k, b)
- if rc < 0:
- raise ValueError(_("Could not modify boolean %s") %
name)
+ if use_file:
+ fd = open(name)
+ for b in fd.read().split("\n"):
+ b = b.strip()
+ if len(b) == 0:
+ continue
+
+ try:
+ boolname, val = b.split("=")
+ except ValueError, e:
+ raise ValueError(_("Bad format %s: Record
%s" % ( name, b) ))
+ self.__mod(boolname.strip(), val.strip())
+ fd.close()
+ else:
+ self.__mod(name, value)

rc = semanage_commit(self.sh)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") %
name)

- semanage_bool_key_free(k)
- semanage_bool_free(b)
-
def delete(self, name):
- (rc,k) = semanage_bool_key_create(self.sh, name)
- if rc < 0:
- raise ValueError(_("Could not create a key for %s") %
name)

+ (rc,k) = semanage_bool_key_create(self.sh, name)
+ if rc < 0:
+ raise ValueError(_("Could not create a key for %s") %
name)
(rc,exists) = semanage_bool_exists(self.sh, k)
if rc < 0:
raise ValueError(_("Could not check if boolean %s is
defined") % name)
@@ -1571,8 +1815,15 @@
else:
return _("unknown")

- def list(self, heading = 1, locallist = 0):
+ def list(self, heading = True, locallist = False, use_file = False):
on_off = (_("off"),_("on"))
+ if use_file:
+ ddict = self.get_all(locallist)
+ keys = ddict.keys()
+ for k in keys:
+ if ddict[k]:
+ print "%s=%s" % (k, ddict[k][2])
+ return
if heading:
print "%-40s %s\n" % (_("SELinux boolean"),
_("Description"))
ddict = self.get_all(locallist)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/setfiles/setfiles.c
new/policycoreutils-2.0.55/setfiles/setfiles.c
--- old/policycoreutils-2.0.52/setfiles/setfiles.c 2008-07-02
23:19:34.000000000 +0200
+++ new/policycoreutils-2.0.55/setfiles/setfiles.c 2008-08-28
15:35:50.000000000 +0200
@@ -72,7 +72,6 @@
static int abort_on_error; /* Abort the file tree walk upon an error. */
static int add_assoc; /* Track inode associations for conflict detection. */
static int nftw_flags; /* Flags to nftw, e.g. follow links, follow mounts */
-static int base_only; /* Don't use local file_contexts customizations */
static int ctx_validate; /* Validate contexts */
static const char *altpath; /* Alternate path to file_contexts */

@@ -748,7 +747,6 @@
char *base;
struct selinux_opt opts[] = {
{ SELABEL_OPT_VALIDATE, NULL },
- { SELABEL_OPT_BASEONLY, NULL },
{ SELABEL_OPT_PATH, NULL }
};

@@ -836,10 +834,6 @@
}
fclose(policystream);

- /* Only process the specified file_contexts
file, not
- any .homedirs or .local files, and do not
perform
- context translations. */
- base_only = 1;
ctx_validate = 1;

break;
@@ -972,10 +966,9 @@

/* Load the file contexts configuration and check it. */
opts[0].value = (ctx_validate ? (char*)1 : NULL);
- opts[1].value = (base_only ? (char *)1 : NULL);
- opts[2].value = altpath;
+ opts[1].value = altpath;

- hnd = selabel_open(SELABEL_CTX_FILE, opts, 3);
+ hnd = selabel_open(SELABEL_CTX_FILE, opts, 2);
if (!hnd) {
perror(altpath);
exit(1);
@@ -1024,5 +1017,7 @@
free(excludeArray[i].directory);
}

+ if (progress)
+ printf("\n");
exit(errors);
}
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/policycoreutils-2.0.52/VERSION
new/policycoreutils-2.0.55/VERSION
--- old/policycoreutils-2.0.52/VERSION 2008-07-02 23:19:34.000000000 +0200
+++ new/policycoreutils-2.0.55/VERSION 2008-08-28 15:35:50.000000000 +0200
@@ -1 +1 @@
-2.0.52
+2.0.55

++++++ policycoreutils-gui.patch.bz2 ++++++
--- /var/tmp/diff_new_pack.E11949/_old 2008-09-02 12:29:15.000000000 +0200
+++ /var/tmp/diff_new_pack.E11949/_new 2008-09-02 12:29:16.000000000 +0200
@@ -1,7 +1,7 @@
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile
policycoreutils-2.0.52/gui/Makefile
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile
policycoreutils-2.0.54/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/Makefile 2008-07-03 16:17:11.000000000
-0400
-@@ -0,0 +1,36 @@
++++ policycoreutils-2.0.54/gui/Makefile 2008-08-11 12:20:26.000000000
-0400
+@@ -0,0 +1,37 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
@@ -9,6 +9,7 @@
+TARGETS= \
+booleansPage.py \
+fcontextPage.py \
++html_util.py \
+loginsPage.py \
+mappingsPage.py \
+modulesPage.py \
@@ -38,9 +39,9 @@
+indent:
+
+relabel:
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py
policycoreutils-2.0.52/gui/booleansPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py
policycoreutils-2.0.54/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/booleansPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/booleansPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,237 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
@@ -279,9 +280,9 @@
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py
policycoreutils-2.0.52/gui/fcontextPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py
policycoreutils-2.0.54/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/fcontextPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/fcontextPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,217 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -500,9 +501,177 @@
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls))
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade
policycoreutils-2.0.52/gui/lockdown.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py
policycoreutils-2.0.54/gui/html_util.py
+--- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000
-0500
++++ policycoreutils-2.0.54/gui/html_util.py 2008-08-11 11:54:46.000000000
-0400
+@@ -0,0 +1,164 @@
++# Authors: John Dennis <jdennis@xxxxxxxxxx>
++#
++# Copyright (C) 2007 Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
++#
++
++
++__all__ = [
++ 'escape_html',
++ 'unescape_html',
++ 'html_to_text',
++
++ 'html_document',
++]
++
++import htmllib
++import formatter as Formatter
++import string
++from types import *
++import StringIO
++
++#------------------------------------------------------------------------------
++
++class TextWriter(Formatter.DumbWriter):
++ def __init__(self, file=None, maxcol=80, indent_width=4):
++ Formatter.DumbWriter.__init__(self, file, maxcol)
++ self.indent_level = 0
++ self.indent_width = indent_width
++ self._set_indent()
++
++ def _set_indent(self):
++ self.indent_col = self.indent_level * self.indent_width
++ self.indent = ' ' * self.indent_col
++
++ def new_margin(self, margin, level):
++ self.indent_level = level
++ self._set_indent()
++
++ def send_label_data(self, data):
++ data = data + ' '
++ if len(data) > self.indent_col:
++ self.send_literal_data(data)
++ else:
++ offset = self.indent_col - len(data)
++ self.send_literal_data(' ' * offset + data)
++
++ def send_flowing_data(self, data):
++ if not data: return
++ atbreak = self.atbreak or data[0] in string.whitespace
++ col = self.col
++ maxcol = self.maxcol
++ write = self.file.write
++ col = self.col
++ if col == 0:
++ write(self.indent)
++ col = self.indent_col
++ for word in data.split():
++ if atbreak:
++ if col + len(word) >= maxcol:
++ write('\n' + self.indent)
++ col = self.indent_col
++ else:
++ write(' ')
++ col = col + 1
++ write(word)
++ col = col + len(word)
++ atbreak = 1
++ self.col = col
++ self.atbreak = data[-1] in string.whitespace
++
++class HTMLParserAnchor(htmllib.HTMLParser):
++
++ def __init__(self, formatter, verbose=0):
++ htmllib.HTMLParser.__init__(self, formatter, verbose)
++
++ def anchor_bgn(self, href, name, type):
++ self.anchor = href
++
++ def anchor_end(self):
++ if self.anchor:
++ self.handle_data(' (%s) ' % self.anchor)
++ self.anchor = None
++
++#------------------------------------------------------------------------------
++
++def escape_html(s):
++ if s is None: return None
++ s = s.replace("&", "&amp;") # Must be done first!
++ s = s.replace("<", "&lt;")
++ s = s.replace(">", "&gt;")
++ s = s.replace("'", "&apos;")
++ s = s.replace('"', "&quot;")
++ return s
++
++
++def unescape_html(s):
++ if s is None: return None
++ if '&' not in s:
++ return s
++ s = s.replace("&lt;", "<")
++ s = s.replace("&gt;", ">")
++ s = s.replace("&apos;", "'")
++ s = s.replace("&quot;", '"')
++ s = s.replace("&amp;", "&") # Must be last
++ return s
++
++def html_to_text(html, maxcol=80):
++ try:
++ buffer = StringIO.StringIO()
++ formatter = Formatter.AbstractFormatter(TextWriter(buffer, maxcol))
++ parser = HTMLParserAnchor(formatter)
++ parser.feed(html)
++ parser.close()
++ text = buffer.getvalue()
++ buffer.close()
++ return text
++ except Exception, e:
++ log_program.error('cannot convert html to text: %s' % e)
++ return None
++
++def html_document(*body_components):
++ '''Wrap the body components in a HTML document structure with a valid
header.
++ Accepts a variable number of arguments of of which canb be:
++ * string
++ * a sequences of strings (tuple or list).
++ * a callable object taking no parameters and returning a string or
sequence of strings.
++ '''
++ head = '<html>\n <head>\n <meta http-equiv="Content-Type"
content="text/html; charset=utf-8"/>\n </head>\n <body>\n'
++ tail = '\n </body>\n</html>'
++
++ doc = head
++
++ for body_component in body_components:
++ if type(body_component) is StringTypes:
++ doc += body_component
++ elif type(body_component) in [TupleType, ListType]:
++ for item in body_component:
++ doc += item
++ elif callable(body_component):
++ result = body_component()
++ if type(result) in [TupleType, ListType]:
++ for item in result:
++ doc += item
++ else:
++ doc += result
++ else:
++ doc += body_component
++
++ doc += tail
++ return doc
++
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade
policycoreutils-2.0.54/gui/lockdown.glade
--- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/lockdown.glade 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/lockdown.glade 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,771 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd";>
@@ -1275,9 +1444,9 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep
policycoreutils-2.0.52/gui/lockdown.gladep
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep
policycoreutils-2.0.54/gui/lockdown.gladep
--- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/lockdown.gladep 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/lockdown.gladep 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,7 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd";>
@@ -1286,9 +1455,9 @@
+ <name></name>
+ <program_name></program_name>
+</glade-project>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py
policycoreutils-2.0.52/gui/lockdown.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py
policycoreutils-2.0.54/gui/lockdown.py
--- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/lockdown.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/lockdown.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,382 @@
+#!/usr/bin/python
+#
@@ -1672,9 +1841,9 @@
+
+ app = booleanWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py
policycoreutils-2.0.52/gui/loginsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py
policycoreutils-2.0.54/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/loginsPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/loginsPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,185 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -1861,9 +2030,9 @@
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py
policycoreutils-2.0.52/gui/mappingsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py
policycoreutils-2.0.54/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/mappingsPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/mappingsPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -1921,9 +2090,9 @@
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py
policycoreutils-2.0.52/gui/modulesPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py
policycoreutils-2.0.54/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/modulesPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/modulesPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,195 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -2120,9 +2289,9 @@
+
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade
policycoreutils-2.0.52/gui/polgen.glade
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade
policycoreutils-2.0.54/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/polgen.glade 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/polgen.glade 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,3284 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd";>
@@ -5408,9 +5577,9 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py
policycoreutils-2.0.52/gui/polgen.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py
policycoreutils-2.0.54/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/polgen.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/polgen.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,925 @@
+#!/usr/bin/python
+#
@@ -6337,9 +6506,9 @@
+ sys.exit(0)
+
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py
policycoreutils-2.0.52/gui/polgengui.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py
policycoreutils-2.0.54/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/polgengui.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/polgengui.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,623 @@
+#!/usr/bin/python -E
+#
@@ -6964,9 +7133,9 @@
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py
policycoreutils-2.0.52/gui/portsPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py
policycoreutils-2.0.54/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/portsPage.py 2008-07-08 15:48:27.000000000
-0400
++++ policycoreutils-2.0.54/gui/portsPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,259 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -7227,9 +7396,9 @@
+
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl
policycoreutils-2.0.52/gui/selinux.tbl
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl
policycoreutils-2.0.54/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/selinux.tbl 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/selinux.tbl 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,234 @@
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux
protection for acct daemon")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to
/")
@@ -7465,9 +7634,9 @@
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to
manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to
read unprivileged users home directories")
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py
policycoreutils-2.0.52/gui/semanagePage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py
policycoreutils-2.0.54/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/semanagePage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/semanagePage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,169 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
@@ -7638,9 +7807,9 @@
+ self.load(self.filter)
+ return True
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py
policycoreutils-2.0.52/gui/statusPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py
policycoreutils-2.0.54/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/statusPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/statusPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,191 @@
+# statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
@@ -7833,9 +8002,9 @@
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/system-config-selinux.glade
policycoreutils-2.0.52/gui/system-config-selinux.glade
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/system-config-selinux.glade
policycoreutils-2.0.54/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/system-config-selinux.glade 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/system-config-selinux.glade 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,3221 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd";>
@@ -11058,9 +11227,9 @@
+</widget>
+
+</glade-interface>
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/system-config-selinux.py
policycoreutils-2.0.52/gui/system-config-selinux.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/system-config-selinux.py
policycoreutils-2.0.54/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/system-config-selinux.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/system-config-selinux.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,187 @@
+#!/usr/bin/python
+#
@@ -11249,9 +11418,9 @@
+
+ app = childWindow()
+ app.stand_alone()
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/__init__.py
policycoreutils-2.0.52/gui/templates/__init__.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/__init__.py
policycoreutils-2.0.54/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/__init__.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/__init__.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
@@ -11271,9 +11440,9 @@
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/boolean.py
policycoreutils-2.0.52/gui/templates/boolean.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/boolean.py
policycoreutils-2.0.54/gui/templates/boolean.py
--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/boolean.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/boolean.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,40 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11315,9 +11484,9 @@
+')
+"""
+
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/etc_rw.py
policycoreutils-2.0.52/gui/templates/etc_rw.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/etc_rw.py
policycoreutils-2.0.54/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/templates/etc_rw.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/etc_rw.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11448,9 +11617,9 @@
+fc_dir="""\
+FILENAME(/.*)?
gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/executable.py
policycoreutils-2.0.52/gui/templates/executable.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/executable.py
policycoreutils-2.0.54/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/executable.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/executable.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,327 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11779,9 +11948,9 @@
+EXECUTABLE --
gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/network.py
policycoreutils-2.0.52/gui/templates/network.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/network.py
policycoreutils-2.0.54/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/network.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/network.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
@@ -11863,9 +12032,9 @@
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py
policycoreutils-2.0.52/gui/templates/rw.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py
policycoreutils-2.0.54/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/templates/rw.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/templates/rw.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -11995,9 +12164,9 @@
+fc_dir="""
+FILENAME(/.*)?
gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/script.py
policycoreutils-2.0.52/gui/templates/script.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/script.py
policycoreutils-2.0.54/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/templates/script.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/script.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,105 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12104,9 +12273,9 @@
+# Adding roles to SELinux user USER
+/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/semodule.py
policycoreutils-2.0.52/gui/templates/semodule.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/semodule.py
policycoreutils-2.0.54/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/semodule.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/semodule.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12149,9 +12318,9 @@
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py
policycoreutils-2.0.52/gui/templates/tmp.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py
policycoreutils-2.0.54/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/templates/tmp.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/tmp.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12250,9 +12419,9 @@
+ TEMPLATETYPE_manage_tmp($1)
+"""
+
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py
policycoreutils-2.0.52/gui/templates/user.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py
policycoreutils-2.0.54/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/templates/user.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/user.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,182 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12436,9 +12605,9 @@
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t
TEMPLATETYPE_tty_device_t })
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_lib.py
policycoreutils-2.0.52/gui/templates/var_lib.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_lib.py
policycoreutils-2.0.54/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/var_lib.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/var_lib.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,158 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12598,9 +12767,9 @@
+fc_dir="""\
+FILENAME(/.*)?
gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_log.py
policycoreutils-2.0.52/gui/templates/var_log.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_log.py
policycoreutils-2.0.54/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/var_log.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/var_log.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,110 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12712,9 +12881,9 @@
+fc_dir="""\
+FILENAME(/.*)?
gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_run.py
policycoreutils-2.0.52/gui/templates/var_run.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_run.py
policycoreutils-2.0.54/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/var_run.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/var_run.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,118 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12834,9 +13003,9 @@
+FILENAME(/.*)?
gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_spool.py
policycoreutils-2.0.52/gui/templates/var_spool.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/templates/var_spool.py
policycoreutils-2.0.54/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31
19:00:00.000000000 -0500
-+++ policycoreutils-2.0.52/gui/templates/var_spool.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/templates/var_spool.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,129 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -12967,9 +13136,9 @@
+fc_dir="""\
+FILENAME(/.*)?
gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
-diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/translationsPage.py
policycoreutils-2.0.52/gui/translationsPage.py
+diff --exclude-from=exclude -N -u -r
nsapolicycoreutils/gui/translationsPage.py
policycoreutils-2.0.54/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/translationsPage.py 2008-07-03
16:17:11.000000000 -0400
++++ policycoreutils-2.0.54/gui/translationsPage.py 2008-08-06
18:05:28.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
@@ -13089,9 +13258,9 @@
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
-diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py
policycoreutils-2.0.52/gui/usersPage.py
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py
policycoreutils-2.0.54/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000
-0500
-+++ policycoreutils-2.0.52/gui/usersPage.py 2008-07-03 16:17:11.000000000
-0400
++++ policycoreutils-2.0.54/gui/usersPage.py 2008-08-06 18:05:28.000000000
-0400
@@ -0,0 +1,150 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006,2007,2008 Red Hat, Inc.

++++++ policycoreutils-po.patch.bz2 ++++++
++++ 196460 lines (skipped)
++++ between policycoreutils/policycoreutils-po.patch.bz2
++++ and
/mounts/work_src_done/STABLE/policycoreutils/policycoreutils-po.patch.bz2

++++++ policycoreutils-rhat.patch ++++++
++++ 2111 lines (skipped)
++++ between policycoreutils/policycoreutils-rhat.patch
++++ and /mounts/work_src_done/STABLE/policycoreutils/policycoreutils-rhat.patch

++++++ policycoreutils-sepolgen.patch ++++++
--- /var/tmp/diff_new_pack.E11949/_old 2008-09-02 12:29:20.000000000 +0200
+++ /var/tmp/diff_new_pack.E11949/_new 2008-09-02 12:29:20.000000000 +0200
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py
policycoreutils-2.0.49/sepolgen-1.0.12/src/sepolgen/refparser.py
---- nsasepolgen/src/sepolgen/refparser.py 2008-06-12 23:25:26.000000000
-0400
-+++ policycoreutils-2.0.49/sepolgen-1.0.12/src/sepolgen/refparser.py
2008-06-27 07:21:06.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py
policycoreutils-2.0.52/sepolgen-1.0.13/src/sepolgen/refparser.py
+--- nsasepolgen/src/sepolgen/refparser.py 2008-06-13 23:25:26.000000000
-0400
++++ policycoreutils-2.0.52/sepolgen-1.0.13/src/sepolgen/refparser.py
2008-07-29 09:06:29.000000000 -0400
@@ -919,7 +919,7 @@
def list_headers(root):
modules = []



++++++ sepolgen-1.0.12.tar.bz2 -> sepolgen-1.0.13.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/sepolgen-1.0.12/ChangeLog new/sepolgen-1.0.13/ChangeLog
--- old/sepolgen-1.0.12/ChangeLog 2008-06-30 17:13:21.000000000 +0200
+++ new/sepolgen-1.0.13/ChangeLog 2008-07-29 15:26:03.000000000 +0200
@@ -1,3 +1,6 @@
+1.0.13 2008-07-29
+ * Only append s0 suffix if MLS is enabled from Karl MacMillan.
+
1.0.12 2008-06-30
* Fix generation of role-type and role allow rules from Karl MacMillan.

diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/sepolgen-1.0.12/src/sepolgen/refpolicy.py
new/sepolgen-1.0.13/src/sepolgen/refpolicy.py
--- old/sepolgen-1.0.12/src/sepolgen/refpolicy.py 2008-06-30
17:13:21.000000000 +0200
+++ new/sepolgen-1.0.13/src/sepolgen/refpolicy.py 2008-07-29
15:26:03.000000000 +0200
@@ -19,6 +19,7 @@

import string
import itertools
+import selinux

# OVERVIEW
#
@@ -265,7 +266,7 @@
self.user = ""
self.role = ""
self.type = ""
- self.level = ""
+ self.level = None
if context is not None:
self.from_string(context)

@@ -288,7 +289,7 @@
# FUTURE - normalize level fields to allow more comparisons to
succeed.
self.level = string.join(fields[3:], ':')
else:
- self.level = ""
+ self.level = None

def __eq__(self, other):
"""Compare two SecurityContext objects - all fields must be exactly the
@@ -301,7 +302,7 @@
self.type == other.type and \
self.level == other.level

- def to_string(self, default_level="s0"):
+ def to_string(self, default_level=None):
"""Return a string representing this security context.

By default, the string will contiain a MCS / MLS level
@@ -317,8 +318,11 @@
'user:role:type:level'.
"""
fields = [self.user, self.role, self.type]
- if self.level == "":
- if default_level != "":
+ if self.level is None:
+ if default_level is None:
+ if selinux.is_selinux_mls_enabled() == 1:
+ fields.append("s0")
+ else:
fields.append(default_level)
else:
fields.append(self.level)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/sepolgen-1.0.12/tests/test_refpolicy.py
new/sepolgen-1.0.13/tests/test_refpolicy.py
--- old/sepolgen-1.0.12/tests/test_refpolicy.py 2008-06-30 17:13:21.000000000
+0200
+++ new/sepolgen-1.0.13/tests/test_refpolicy.py 2008-07-29 15:26:03.000000000
+0200
@@ -19,6 +19,7 @@

import unittest
import sepolgen.refpolicy as refpolicy
+import selinux

class TestIdSet(unittest.TestCase):
def test_set_to_str(self):
@@ -40,8 +41,11 @@
self.assertEquals(sc.user, "user_u")
self.assertEquals(sc.role, "object_r")
self.assertEquals(sc.type, "foo_t")
- self.assertEquals(sc.level, "")
- self.assertEquals(str(sc), context + ":s0")
+ self.assertEquals(sc.level, None)
+ if selinux.is_selinux_mls_enabled():
+ self.assertEquals(str(sc), context + ":s0")
+ else:
+ self.assertEquals(str(sc), context)
self.assertEquals(sc.to_string(default_level="s1"), context + ":s1")

context = "user_u:object_r:foo_t:s0-s0:c0-c255"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn
--exclude=.svnignore old/sepolgen-1.0.12/VERSION new/sepolgen-1.0.13/VERSION
--- old/sepolgen-1.0.12/VERSION 2008-06-30 17:13:21.000000000 +0200
+++ new/sepolgen-1.0.13/VERSION 2008-07-29 15:26:03.000000000 +0200
@@ -1 +1 @@
-1.0.12
+1.0.13






++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous Next >
This Thread