Hello community, here is the log from the commit of package policycoreutils checked in at Tue Sep 2 12:29:56 CEST 2008. -------- --- policycoreutils/policycoreutils.changes 2008-08-04 01:00:56.000000000 +0200 +++ /mounts/work_src_done/STABLE/policycoreutils/policycoreutils.changes 2008-09-02 12:33:15.000000000 +0200 @@ -1,0 +2,14 @@ +Tue Sep 2 12:25:39 CEST 2008 - prusnak@suse.cz + +- updated to 2.0.55 + * Merged semanage node support from Christian Kuester. +- updated to 2.0.54 + * Add support for boolean files and group support for seusers from Dan Walsh. + * Ensure that setfiles -p output is newline terminated from Russell Coker. +- updated to 2.0.53 + * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. +- updated sepolgen to 1.0.13 + * Only append s0 suffix if MLS is enabled from Karl MacMillan. +- added missing preun/post/postun scriptlets + +------------------------------------------------------------------- Old: ---- policycoreutils-2.0.52.tar.bz2 sepolgen-1.0.12.tar.bz2 New: ---- policycoreutils-2.0.55.tar.bz2 sepolgen-1.0.13.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ policycoreutils.spec ++++++ --- /var/tmp/diff_new_pack.E11949/_old 2008-09-02 12:29:13.000000000 +0200 +++ /var/tmp/diff_new_pack.E11949/_new 2008-09-02 12:29:13.000000000 +0200 @@ -1,10 +1,17 @@ # -# spec file for package policycoreutils (Version 2.0.52) +# spec file for package policycoreutils (Version 2.0.55) # # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. -# This file and all modifications and additions to the pristine -# package are under the same license as the package itself. # +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + # Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -14,11 +21,11 @@ %define libsepol_ver 2.0.19 %define libsemanage_ver 2.0.5 %define libselinux_ver 2.0.46 -%define sepolgen_ver 1.0.12 +%define sepolgen_ver 1.0.13 Name: policycoreutils -Version: 2.0.52 -Release: 2 +Version: 2.0.55 +Release: 1 Url: http://www.nsa.gov/selinux/ License: GPL v2 or later Group: Productivity/Security @@ -47,14 +54,14 @@ Requires: util-linux gawk rpm checkpolicy python-selinux audit-libs-python %description -Security-enhanced Linux is a feature of the Linux� kernel and a number -of utilities with enhanced security functionality designed to add -mandatory access controls to Linux. The Security-enhanced Linux kernel -contains new architectural components originally developed to improve -the security of the Flask operating system. These architectural +Security-enhanced Linux is a feature of the Linux(R) kernel and a +number of utilities with enhanced security functionality designed to +add mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the -concepts of Type Enforcement�, Role-based Access Control, and +concepts of Type Enforcement(R), Role-based Access Control, and Multi-level Security. policycoreutils contains the policy core utilities that are required @@ -75,14 +82,14 @@ Requires: setools-console %description gui -Security-enhanced Linux is a feature of the Linux� kernel and a number -of utilities with enhanced security functionality designed to add -mandatory access controls to Linux. The Security-enhanced Linux kernel -contains new architectural components originally developed to improve -the security of the Flask operating system. These architectural +Security-enhanced Linux is a feature of the Linux(R) kernel and a +number of utilities with enhanced security functionality designed to +add mandatory access controls to Linux. The Security-enhanced Linux +kernel contains new architectural components originally developed to +improve the security of the Flask operating system. These architectural components provide general support for the enforcement of many kinds of mandatory access control policies, including those based on the -concepts of Type Enforcement�, Role-based Access Control, and +concepts of Type Enforcement(R), Role-based Access Control, and Multi-level Security. policycoreutils contains the policy core utilities that are required @@ -209,7 +216,34 @@ # %config(noreplace) %{_sysconfdir}/security/console.apps/system-config-selinux # %config(noreplace) %{_sysconfdir}/security/console.apps/selinux-polgengui +%preun +if [ "$1" -eq "0" ]; then + %stop_on_removal restorecond + %insserv_cleanup +fi + +%post +%fillup_and_insserv restorecond +[ -f %{_datadir}/selinux/devel/include/build.conf ] && /usr/bin/sepolgen-ifgen > /dev/null +exit 0 + +%postun +if [ "$1" -ge "1" ]; then + %restart_on_update rsyncd +fi + %changelog +* Tue Sep 02 2008 prusnak@suse.cz +- updated to 2.0.55 + * Merged semanage node support from Christian Kuester. +- updated to 2.0.54 + * Add support for boolean files and group support for seusers from Dan Walsh. + * Ensure that setfiles -p output is newline terminated from Russell Coker. +- updated to 2.0.53 + * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. +- updated sepolgen to 1.0.13 + * Only append s0 suffix if MLS is enabled from Karl MacMillan. +- added missing preun/post/postun scriptlets * Mon Aug 04 2008 ro@suse.de - add directory to filelist to fix build * Tue Jul 15 2008 prusnak@suse.cz ++++++ policycoreutils-2.0.52.tar.bz2 -> policycoreutils-2.0.55.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/ChangeLog new/policycoreutils-2.0.55/ChangeLog --- old/policycoreutils-2.0.52/ChangeLog 2008-07-02 23:19:33.000000000 +0200 +++ new/policycoreutils-2.0.55/ChangeLog 2008-08-28 15:35:50.000000000 +0200 @@ -1,3 +1,13 @@ +2.0.55 2008-08-26 + * Merged semanage node support from Christian Kuester. + +2.0.54 2008-08-05 + * Add support for boolean files and group support for seusers from Dan Walsh. + * Ensure that setfiles -p output is newline terminated from Russell Coker. + +2.0.53 2008-07-29 + * Change setfiles to validate all file_contexts files when using -c from Stephen Smalley. + 2.0.52 2008-07-02 * Add permissive domain capability to semanage from Dan Walsh. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/restorecond/restorecond.c new/policycoreutils-2.0.55/restorecond/restorecond.c --- old/policycoreutils-2.0.52/restorecond/restorecond.c 2008-07-02 23:19:34.000000000 +0200 +++ new/policycoreutils-2.0.55/restorecond/restorecond.c 2008-08-28 15:35:50.000000000 +0200 @@ -210,9 +210,10 @@ } if (fsetfilecon(fd, scontext) < 0) { - syslog(LOG_ERR, - "set context %s->%s failed:'%s'\n", - filename, scontext, strerror(errno)); + if (errno != EOPNOTSUPP) + syslog(LOG_ERR, + "set context %s->%s failed:'%s'\n", + filename, scontext, strerror(errno)); if (retcontext >= 0) free(prev_context); free(scontext); @@ -225,8 +226,9 @@ if (retcontext >= 0) free(prev_context); } else { - syslog(LOG_ERR, "get context on %s failed: '%s'\n", - filename, strerror(errno)); + if (errno != EOPNOTSUPP) + syslog(LOG_ERR, "get context on %s failed: '%s'\n", + filename, strerror(errno)); } free(scontext); close(fd); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/semanage/semanage new/policycoreutils-2.0.55/semanage/semanage --- old/policycoreutils-2.0.52/semanage/semanage 2008-07-02 23:19:34.000000000 +0200 +++ new/policycoreutils-2.0.55/semanage/semanage 2008-08-28 15:35:50.000000000 +0200 @@ -44,14 +44,15 @@ def usage(message = ""): print _(""" -semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] -semanage login -{a|d|m} [-sr] login_name +semanage {boolean|login|user|port|interface|node|fcontext|translation} -{l|D} [-n] +semanage login -{a|d|m} [-sr] login_name | %groupname semanage user -{a|d|m} [-LrRP] selinux_name semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range semanage interface -{a|d|m} [-tr] interface_spec +semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] addr semanage fcontext -{a|d|m} [-frst] file_spec semanage translation -{a|d|m} [-T] level -semanage boolean -{d|m} boolean +semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file semanage permissive -{d|a} type Primary Options: @@ -79,7 +80,9 @@ -l (symbolic link) -p (named pipe) - -p, --proto Port protocol (tcp or udp) + -F, --file Treat target as an input file for command, change multiple settings + -p, --proto Port protocol (tcp or udp) or internet protocol version of node (ipv4 or ipv6) + -M, --mask Netmask -P, --prefix Prefix for home directory labeling -L, --level Default SELinux Level (MLS/MCS Systems only) -R, --roles SELinux Roles (ex: "sysadm_r staff_r") @@ -108,13 +111,15 @@ valid_option["port"] = [] valid_option["port"] += valid_everyone + [ '-t', '--type', '-r', '--range', '-p', '--proto' ] valid_option["interface"] = [] - valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] + valid_option["interface"] += valid_everyone + [ '-t', '--type', '-r', '--range'] + valid_option["node"] = [] + valid_option["node"] += valid_everyone + [ '-M', '--mask', '-t', '--type', '-r', '--range', '-p', '--protocol'] valid_option["fcontext"] = [] valid_option["fcontext"] += valid_everyone + [ '-f', '--ftype', '-s', '--seuser', '-t', '--type', '-r', '--range'] valid_option["translation"] = [] valid_option["translation"] += valid_everyone + [ '-T', '--trans' ] valid_option["boolean"] = [] - valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ] + valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0", "-F", "--file"] valid_option["permissive"] = [] valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ] return valid_option @@ -128,21 +133,23 @@ serange = "" port = "" proto = "" + mask = "" selevel = "" setype = "" ftype = "" setrans = "" roles = "" seuser = "" - prefix = "" - heading=1 - value=0 - add = 0 - modify = 0 - delete = 0 - deleteall = 0 - list = 0 - locallist = 0 + prefix = "user" + heading = True + value = None + add = False + modify = False + delete = False + deleteall = False + list = False + locallist = False + use_file = False store = "" if len(sys.argv) < 3: usage(_("Requires 2 or more arguments")) @@ -155,11 +162,12 @@ args = sys.argv[2:] gopts, cmds = getopt.getopt(args, - '01adf:lhmnp:s:CDR:L:r:t:T:P:S:', + '01adf:lhmnp:s:FCDR:L:r:t:T:P:S:M:', ['add', 'delete', 'deleteall', 'ftype=', + 'file', 'help', 'list', 'modify', @@ -175,7 +183,8 @@ 'roles=', 'type=', 'trans=', - 'prefix=' + 'prefix=', + 'mask=' ]) for o, a in gopts: if o not in option_dict[object]: @@ -185,31 +194,35 @@ if o == "-a" or o == "--add": if modify or delete: usage() - add = 1 + add = True if o == "-d" or o == "--delete": if modify or add: usage() - delete = 1 + delete = True if o == "-D" or o == "--deleteall": if modify: usage() - deleteall = 1 + deleteall = True if o == "-f" or o == "--ftype": ftype=a + + if o == "-F" or o == "--file": + use_file = True + if o == "-h" or o == "--help": usage() if o == "-n" or o == "--noheading": - heading=0 + heading = False if o == "-C" or o == "--locallist": - locallist=1 + locallist = True if o == "-m"or o == "--modify": if delete or add: usage() - modify = 1 + modify = True if o == "-S" or o == '--store': store = a @@ -220,7 +233,7 @@ serange = a if o == "-l" or o == "--list": - list = 1 + list = True if o == "-L" or o == '--level': if is_mls_enabled == 0: @@ -239,6 +252,9 @@ if o == "-s" or o == "--seuser": seuser = a + if o == "-M" or o == '--mask': + mask = a + if o == "-t" or o == "--type": setype = a @@ -246,9 +262,9 @@ setrans = a if o == "--on" or o == "-1": - value = 1 - if o == "-off" or o == "-0": - value = 0 + value = "on" + if o == "--off" or o == "-0": + value = "off" if object == "login": OBJECT = seobject.loginRecords(store) @@ -261,6 +277,9 @@ if object == "interface": OBJECT = seobject.interfaceRecords(store) + + if object == "node": + OBJECT = seobject.nodeRecords(store) if object == "fcontext": OBJECT = seobject.fcontextRecords(store) @@ -275,7 +294,10 @@ OBJECT = seobject.permissiveRecords(store) if list: - OBJECT.list(heading, locallist) + if object == "boolean": + OBJECT.list(heading, locallist, use_file) + else: + OBJECT.list(heading, locallist) sys.exit(0); if deleteall: @@ -295,12 +317,10 @@ OBJECT.add(target, setrans) if object == "user": - rlist = roles.split() - if len(rlist) == 0: - raise ValueError(_("You must specify a role")) - if prefix == "": - raise ValueError(_("You must specify a prefix")) - OBJECT.add(target, rlist, selevel, serange, prefix) + rlist = [] + if not use_file: + rlist = roles.split() + OBJECT.add(target, rlist, selevel, serange, prefix) if object == "port": OBJECT.add(target, proto, serange, setype) @@ -308,6 +328,9 @@ if object == "interface": OBJECT.add(target, serange, setype) + if object == "node": + OBJECT.add(target, mask, proto, serange, setype) + if object == "fcontext": OBJECT.add(target, setype, ftype, serange, seuser) if object == "permissive": @@ -317,7 +340,7 @@ if modify: if object == "boolean": - OBJECT.modify(target, value) + OBJECT.modify(target, value, use_file) if object == "login": OBJECT.modify(target, seuser, serange) @@ -335,6 +358,9 @@ if object == "interface": OBJECT.modify(target, serange, setype) + if object == "node": + OBJECT.modify(target, mask, proto, serange, setype) + if object == "fcontext": OBJECT.modify(target, setype, ftype, serange, seuser) @@ -347,6 +373,9 @@ elif object == "fcontext": OBJECT.delete(target, ftype) + elif object == "node": + OBJECT.delete(target, mask, proto) + else: OBJECT.delete(target) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/semanage/semanage.8 new/policycoreutils-2.0.55/semanage/semanage.8 --- old/policycoreutils-2.0.52/semanage/semanage.8 2008-07-02 23:19:34.000000000 +0200 +++ new/policycoreutils-2.0.55/semanage/semanage.8 2008-08-28 15:35:50.000000000 +0200 @@ -3,11 +3,11 @@ semanage \- SELinux Policy Management tool .SH "SYNOPSIS" -.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n] +.B semanage {boolean|login|user|port|interface|node|fcontext|translation} \-{l|D} [\-n] [\-S store] .br -.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean +.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] -F boolean | boolean_file .br -.B semanage login \-{a|d|m} [\-sr] login_name +.B semanage login \-{a|d|m} [\-sr] login_name | %groupname .br .B semanage user \-{a|d|m} [\-LrRP] selinux_name .br @@ -15,6 +15,8 @@ .br .B semanage interface \-{a|d|m} [\-tr] interface_spec .br +.B semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask] address +.br .B semanage fcontext \-{a|d|m} [\-frst] file_spec .br .B semanage permissive \-{a|d} type @@ -54,6 +56,11 @@ File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. .TP +.I \-F, \-\-file +Set multiple records from the input file. When used with the \-l \-\-list, it will output the current settings to stdout in the proper format. + +Currently booleans only. +.TP .I \-h, \-\-help display this message .TP @@ -73,7 +80,7 @@ Do not print heading when listing OBJECTS. .TP .I \-p, \-\-proto -Protocol for the specified port (tcp|udp). +Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6). .TP .I \-r, \-\-range MLS/MCS Security Range (MLS/MCS Systems only) @@ -87,6 +94,9 @@ .I \-s, \-\-seuser SELinux user name .TP +.I \-S, \-\-store +Select and alternate SELinux store to manage +.TP .I \-t, \-\-type SELinux Type for the object .TP @@ -99,6 +109,8 @@ $ semanage user -l # Allow joe to login as staff_u $ semanage login -a -s staff_u joe +# Allow the group clerks to login as user_u +$ semanage login -a -s user_u %clerks # Add file-context for everything under /web (used by restorecon) $ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" # Allow Apache to listen on port 81 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/semanage/seobject.py new/policycoreutils-2.0.55/semanage/seobject.py --- old/policycoreutils-2.0.52/semanage/seobject.py 2008-07-02 23:19:34.000000000 +0200 +++ new/policycoreutils-2.0.55/semanage/seobject.py 2008-08-28 15:35:50.000000000 +0200 @@ -21,7 +21,7 @@ # # -import pwd, string, selinux, tempfile, os, re, sys +import pwd, grp, string, selinux, tempfile, os, re, sys from semanage import *; PROGNAME="policycoreutils" import sepolgen.module as module @@ -330,20 +330,15 @@ for name in dirs: os.rmdir(os.path.join(root, name)) - if rc != 0: - raise ValueError(out) - - def delete(self, name): for n in name.split(): rc = semanage_module_remove(self.sh, "permissive_%s" % n) if rc < 0: raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name) - rc = semanage_commit(self.sh) - if rc < 0: - raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name) + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name) - def deleteall(self): l = self.get_all() if len(l) > 0: @@ -402,10 +397,16 @@ raise ValueError(_("Could not check if login mapping for %s is defined") % name) if exists: raise ValueError(_("Login mapping for %s is already defined") % name) - try: - pwd.getpwnam(name) - except: - raise ValueError(_("Linux User %s does not exist") % name) + if name[0] == '%': + try: + grp.getgrnam(name[1:]) + except: + raise ValueError(_("Linux Group %s does not exist") % name[1:]) + else: + try: + pwd.getpwnam(name) + except: + raise ValueError(_("Linux User %s does not exist") % name) (rc,u) = semanage_seuser_create(self.sh) if rc < 0: @@ -1030,6 +1031,231 @@ rec += ", %s" % p print rec +class nodeRecords(semanageRecords): + def __init__(self, store = ""): + semanageRecords.__init__(self,store) + + def add(self, addr, mask, proto, serange, ctype): + if addr == "": + raise ValueError(_("Node Address is required")) + + if mask == "": + raise ValueError(_("Node Netmask is required")) + + if proto == "ipv4": + proto = 0 + elif proto == "ipv6": + proto = 1 + else: + raise ValueError(_("Unknown or missing protocol")) + + + if is_mls_enabled == 1: + if serange == "": + serange = "s0" + else: + serange = untranslate(serange) + + if ctype == "": + raise ValueError(_("SELinux Type is required")) + + (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) + if rc < 0: + raise ValueError(_("Could not create key for %s") % addr) + if rc < 0: + raise ValueError(_("Could not check if addr %s is defined") % addr) + + (rc,exists) = semanage_node_exists(self.sh, k) + if exists: + raise ValueError(_("Addr %s already defined") % addr) + + (rc,node) = semanage_node_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create addr for %s") % addr) + + rc = semanage_node_set_addr(self.sh, node, proto, addr) + (rc, con) = semanage_context_create(self.sh) + if rc < 0: + raise ValueError(_("Could not create context for %s") % addr) + + rc = semanage_node_set_mask(self.sh, node, proto, mask) + if rc < 0: + raise ValueError(_("Could not set mask for %s") % addr) + + + rc = semanage_context_set_user(self.sh, con, "system_u") + if rc < 0: + raise ValueError(_("Could not set user in addr context for %s") % addr) + + rc = semanage_context_set_role(self.sh, con, "object_r") + if rc < 0: + raise ValueError(_("Could not set role in addr context for %s") % addr) + + rc = semanage_context_set_type(self.sh, con, ctype) + if rc < 0: + raise ValueError(_("Could not set type in addr context for %s") % addr) + + if serange != "": + rc = semanage_context_set_mls(self.sh, con, serange) + if rc < 0: + raise ValueError(_("Could not set mls fields in addr context for %s") % addr) + + rc = semanage_node_set_con(self.sh, node, con) + if rc < 0: + raise ValueError(_("Could not set addr context for %s") % addr) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + + rc = semanage_node_modify_local(self.sh, k, node) + if rc < 0: + raise ValueError(_("Could not add addr %s") % addr) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError(_("Could not add addr %s") % addr) + + semanage_context_free(con) + semanage_node_key_free(k) + semanage_node_free(node) + + def modify(self, addr, mask, proto, serange, setype): + if addr == "": + raise ValueError(_("Node Address is required")) + + if mask == "": + raise ValueError(_("Node Netmask is required")) + if proto == "ipv4": + proto = 0 + elif proto == "ipv6": + proto = 1 + else: + raise ValueError(_("Unknown or missing protocol")) + + + if serange == "" and setype == "": + raise ValueError(_("Requires setype or serange")) + + (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) + if rc < 0: + raise ValueError(_("Could not create key for %s") % addr) + + (rc,exists) = semanage_node_exists(self.sh, k) + if rc < 0: + raise ValueError(_("Could not check if addr %s is defined") % addr) + if not exists: + raise ValueError(_("Addr %s is not defined") % addr) + + (rc,node) = semanage_node_query(self.sh, k) + if rc < 0: + raise ValueError(_("Could not query addr %s") % addr) + + con = semanage_node_get_con(node) + + if serange != "": + semanage_context_set_mls(self.sh, con, untranslate(serange)) + if setype != "": + semanage_context_set_type(self.sh, con, setype) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + + rc = semanage_node_modify_local(self.sh, k, node) + if rc < 0: + raise ValueError(_("Could not modify addr %s") % addr) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError(_("Could not modify addr %s") % addr) + + semanage_node_key_free(k) + semanage_node_free(node) + + def delete(self, addr, mask, proto): + if addr == "": + raise ValueError(_("Node Address is required")) + + if mask == "": + raise ValueError(_("Node Netmask is required")) + + if proto == "ipv4": + proto = 0 + elif proto == "ipv6": + proto = 1 + else: + raise ValueError(_("Unknown or missing protocol")) + + (rc,k) = semanage_node_key_create(self.sh, addr, mask, proto) + if rc < 0: + raise ValueError(_("Could not create key for %s") % addr) + + (rc,exists) = semanage_node_exists(self.sh, k) + if rc < 0: + raise ValueError(_("Could not check if addr %s is defined") % addr) + if not exists: + raise ValueError(_("Addr %s is not defined") % addr) + + (rc,exists) = semanage_node_exists_local(self.sh, k) + if rc < 0: + raise ValueError(_("Could not check if addr %s is defined") % addr) + if not exists: + raise ValueError(_("Addr %s is defined in policy, cannot be deleted") % addr) + + rc = semanage_begin_transaction(self.sh) + if rc < 0: + raise ValueError(_("Could not start semanage transaction")) + + rc = semanage_node_del_local(self.sh, k) + if rc < 0: + raise ValueError(_("Could not delete addr %s") % addr) + + rc = semanage_commit(self.sh) + if rc < 0: + raise ValueError(_("Could not delete addr %s") % addr) + + semanage_node_key_free(k) + + def get_all(self, locallist = 0): + ddict = {} + if locallist : + (rc, self.ilist) = semanage_node_list_local(self.sh) + else: + (rc, self.ilist) = semanage_node_list(self.sh) + if rc < 0: + raise ValueError(_("Could not list addrs")) + + for node in self.ilist: + con = semanage_node_get_con(node) + addr = semanage_node_get_addr(self.sh, node) + mask = semanage_node_get_mask(self.sh, node) + proto = semanage_node_get_proto(node) + if proto == 0: + proto = "ipv4" + elif proto == 1: + proto = "ipv6" + ddict[(addr[1], mask[1], proto)] = (semanage_context_get_user(con), semanage_context_get_role(con), semanage_context_get_type(con), semanage_context_get_mls(con)) + + return ddict + + def list(self, heading = 1, locallist = 0): + if heading: + print "%-18s %-18s %-5s %-5s\n" % ("IP Address", "Netmask", "Protocol", "Context") + ddict = self.get_all(locallist) + keys = ddict.keys() + keys.sort() + if is_mls_enabled: + for k in keys: + val = '' + for fields in k: + val = val + '\t' + str(fields) + print "%-18s %-18s %-5s %s:%s:%s:%s " % (k[0],k[1],k[2],ddict[k][0], ddict[k][1],ddict[k][2], translate(ddict[k][3], False)) + else: + for k in keys: + print "%-18s %-18s %-5s %s:%s:%s " % (k[0],k[1],k[2],ddict[k][0], ddict[k][1],ddict[k][2]) + + class interfaceRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) @@ -1447,54 +1673,72 @@ class booleanRecords(semanageRecords): def __init__(self, store = ""): semanageRecords.__init__(self, store) + self.dict={} + self.dict["TRUE"] = 1 + self.dict["FALSE"] = 0 + self.dict["ON"] = 1 + self.dict["OFF"] = 0 + self.dict["1"] = 1 + self.dict["0"] = 0 - def modify(self, name, value = ""): - if value == "": - raise ValueError(_("Requires value")) - - (rc,k) = semanage_bool_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) - - (rc,exists) = semanage_bool_exists(self.sh, k) - if rc < 0: - raise ValueError(_("Could not check if boolean %s is defined") % name) - if not exists: - raise ValueError(_("Boolean %s is not defined") % name) - - (rc,b) = semanage_bool_query(self.sh, k) - if rc < 0: - raise ValueError(_("Could not query file context %s") % name) + def __mod(self, name, value): + (rc,k) = semanage_bool_key_create(self.sh, name) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) + (rc,exists) = semanage_bool_exists(self.sh, k) + if rc < 0: + raise ValueError(_("Could not check if boolean %s is defined") % name) + if not exists: + raise ValueError(_("Boolean %s is not defined") % name) + + (rc,b) = semanage_bool_query(self.sh, k) + if rc < 0: + raise ValueError(_("Could not query file context %s") % name) - if value != "": - nvalue = int(value) - semanage_bool_set_value(b, nvalue) + if value.upper() in self.dict: + semanage_bool_set_value(b, self.dict[value.upper()]) else: - raise ValueError(_("You must specify a value")) + raise ValueError(_("You must specify one of the following values: %s") % ", ".join(self.dict.keys()) ) + + rc = semanage_bool_set_active(self.sh, k, b) + if rc < 0: + raise ValueError(_("Could not set active value of boolean %s") % name) + rc = semanage_bool_modify_local(self.sh, k, b) + if rc < 0: + raise ValueError(_("Could not modify boolean %s") % name) + semanage_bool_key_free(k) + semanage_bool_free(b) + def modify(self, name, value=None, use_file=False): + rc = semanage_begin_transaction(self.sh) if rc < 0: raise ValueError(_("Could not start semanage transaction")) - - rc = semanage_bool_set_active(self.sh, k, b) - if rc < 0: - raise ValueError(_("Could not set active value of boolean %s") % name) - rc = semanage_bool_modify_local(self.sh, k, b) - if rc < 0: - raise ValueError(_("Could not modify boolean %s") % name) + if use_file: + fd = open(name) + for b in fd.read().split("\n"): + b = b.strip() + if len(b) == 0: + continue + + try: + boolname, val = b.split("=") + except ValueError, e: + raise ValueError(_("Bad format %s: Record %s" % ( name, b) )) + self.__mod(boolname.strip(), val.strip()) + fd.close() + else: + self.__mod(name, value) rc = semanage_commit(self.sh) if rc < 0: raise ValueError(_("Could not modify boolean %s") % name) - semanage_bool_key_free(k) - semanage_bool_free(b) - def delete(self, name): - (rc,k) = semanage_bool_key_create(self.sh, name) - if rc < 0: - raise ValueError(_("Could not create a key for %s") % name) + (rc,k) = semanage_bool_key_create(self.sh, name) + if rc < 0: + raise ValueError(_("Could not create a key for %s") % name) (rc,exists) = semanage_bool_exists(self.sh, k) if rc < 0: raise ValueError(_("Could not check if boolean %s is defined") % name) @@ -1571,8 +1815,15 @@ else: return _("unknown") - def list(self, heading = 1, locallist = 0): + def list(self, heading = True, locallist = False, use_file = False): on_off = (_("off"),_("on")) + if use_file: + ddict = self.get_all(locallist) + keys = ddict.keys() + for k in keys: + if ddict[k]: + print "%s=%s" % (k, ddict[k][2]) + return if heading: print "%-40s %s\n" % (_("SELinux boolean"), _("Description")) ddict = self.get_all(locallist) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/setfiles/setfiles.c new/policycoreutils-2.0.55/setfiles/setfiles.c --- old/policycoreutils-2.0.52/setfiles/setfiles.c 2008-07-02 23:19:34.000000000 +0200 +++ new/policycoreutils-2.0.55/setfiles/setfiles.c 2008-08-28 15:35:50.000000000 +0200 @@ -72,7 +72,6 @@ static int abort_on_error; /* Abort the file tree walk upon an error. */ static int add_assoc; /* Track inode associations for conflict detection. */ static int nftw_flags; /* Flags to nftw, e.g. follow links, follow mounts */ -static int base_only; /* Don't use local file_contexts customizations */ static int ctx_validate; /* Validate contexts */ static const char *altpath; /* Alternate path to file_contexts */ @@ -748,7 +747,6 @@ char *base; struct selinux_opt opts[] = { { SELABEL_OPT_VALIDATE, NULL }, - { SELABEL_OPT_BASEONLY, NULL }, { SELABEL_OPT_PATH, NULL } }; @@ -836,10 +834,6 @@ } fclose(policystream); - /* Only process the specified file_contexts file, not - any .homedirs or .local files, and do not perform - context translations. */ - base_only = 1; ctx_validate = 1; break; @@ -972,10 +966,9 @@ /* Load the file contexts configuration and check it. */ opts[0].value = (ctx_validate ? (char*)1 : NULL); - opts[1].value = (base_only ? (char *)1 : NULL); - opts[2].value = altpath; + opts[1].value = altpath; - hnd = selabel_open(SELABEL_CTX_FILE, opts, 3); + hnd = selabel_open(SELABEL_CTX_FILE, opts, 2); if (!hnd) { perror(altpath); exit(1); @@ -1024,5 +1017,7 @@ free(excludeArray[i].directory); } + if (progress) + printf("\n"); exit(errors); } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/policycoreutils-2.0.52/VERSION new/policycoreutils-2.0.55/VERSION --- old/policycoreutils-2.0.52/VERSION 2008-07-02 23:19:34.000000000 +0200 +++ new/policycoreutils-2.0.55/VERSION 2008-08-28 15:35:50.000000000 +0200 @@ -1 +1 @@ -2.0.52 +2.0.55 ++++++ policycoreutils-gui.patch.bz2 ++++++ --- /var/tmp/diff_new_pack.E11949/_old 2008-09-02 12:29:15.000000000 +0200 +++ /var/tmp/diff_new_pack.E11949/_new 2008-09-02 12:29:16.000000000 +0200 @@ -1,7 +1,7 @@ -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.52/gui/Makefile +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.54/gui/Makefile --- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/Makefile 2008-07-03 16:17:11.000000000 -0400 -@@ -0,0 +1,36 @@ ++++ policycoreutils-2.0.54/gui/Makefile 2008-08-11 12:20:26.000000000 -0400 +@@ -0,0 +1,37 @@ +# Installation directories. +PREFIX ?= ${DESTDIR}/usr +SHAREDIR ?= $(PREFIX)/share/system-config-selinux @@ -9,6 +9,7 @@ +TARGETS= \ +booleansPage.py \ +fcontextPage.py \ ++html_util.py \ +loginsPage.py \ +mappingsPage.py \ +modulesPage.py \ @@ -38,9 +39,9 @@ +indent: + +relabel: -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.52/gui/booleansPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.54/gui/booleansPage.py --- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/booleansPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/booleansPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,237 @@ +# +# booleansPage.py - GUI for Booleans page in system-config-securitylevel @@ -279,9 +280,9 @@ + self.load(self.filter) + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.52/gui/fcontextPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.54/gui/fcontextPage.py --- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/fcontextPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/fcontextPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,217 @@ +## fcontextPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -500,9 +501,177 @@ + self.store.set_value(iter, SPEC_COL, fspec) + self.store.set_value(iter, FTYPE_COL, ftype) + self.store.set_value(iter, TYPE_COL, "%s:%s" % (type, mls)) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.52/gui/lockdown.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/html_util.py policycoreutils-2.0.54/gui/html_util.py +--- nsapolicycoreutils/gui/html_util.py 1969-12-31 19:00:00.000000000 -0500 ++++ policycoreutils-2.0.54/gui/html_util.py 2008-08-11 11:54:46.000000000 -0400 +@@ -0,0 +1,164 @@ ++# Authors: John Dennis <jdennis@redhat.com> ++# ++# Copyright (C) 2007 Red Hat, Inc. ++# ++# This program is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++ ++ ++__all__ = [ ++ 'escape_html', ++ 'unescape_html', ++ 'html_to_text', ++ ++ 'html_document', ++] ++ ++import htmllib ++import formatter as Formatter ++import string ++from types import * ++import StringIO ++ ++#------------------------------------------------------------------------------ ++ ++class TextWriter(Formatter.DumbWriter): ++ def __init__(self, file=None, maxcol=80, indent_width=4): ++ Formatter.DumbWriter.__init__(self, file, maxcol) ++ self.indent_level = 0 ++ self.indent_width = indent_width ++ self._set_indent() ++ ++ def _set_indent(self): ++ self.indent_col = self.indent_level * self.indent_width ++ self.indent = ' ' * self.indent_col ++ ++ def new_margin(self, margin, level): ++ self.indent_level = level ++ self._set_indent() ++ ++ def send_label_data(self, data): ++ data = data + ' ' ++ if len(data) > self.indent_col: ++ self.send_literal_data(data) ++ else: ++ offset = self.indent_col - len(data) ++ self.send_literal_data(' ' * offset + data) ++ ++ def send_flowing_data(self, data): ++ if not data: return ++ atbreak = self.atbreak or data[0] in string.whitespace ++ col = self.col ++ maxcol = self.maxcol ++ write = self.file.write ++ col = self.col ++ if col == 0: ++ write(self.indent) ++ col = self.indent_col ++ for word in data.split(): ++ if atbreak: ++ if col + len(word) >= maxcol: ++ write('\n' + self.indent) ++ col = self.indent_col ++ else: ++ write(' ') ++ col = col + 1 ++ write(word) ++ col = col + len(word) ++ atbreak = 1 ++ self.col = col ++ self.atbreak = data[-1] in string.whitespace ++ ++class HTMLParserAnchor(htmllib.HTMLParser): ++ ++ def __init__(self, formatter, verbose=0): ++ htmllib.HTMLParser.__init__(self, formatter, verbose) ++ ++ def anchor_bgn(self, href, name, type): ++ self.anchor = href ++ ++ def anchor_end(self): ++ if self.anchor: ++ self.handle_data(' (%s) ' % self.anchor) ++ self.anchor = None ++ ++#------------------------------------------------------------------------------ ++ ++def escape_html(s): ++ if s is None: return None ++ s = s.replace("&", "&") # Must be done first! ++ s = s.replace("<", "<") ++ s = s.replace(">", ">") ++ s = s.replace("'", "'") ++ s = s.replace('"', """) ++ return s ++ ++ ++def unescape_html(s): ++ if s is None: return None ++ if '&' not in s: ++ return s ++ s = s.replace("<", "<") ++ s = s.replace(">", ">") ++ s = s.replace("'", "'") ++ s = s.replace(""", '"') ++ s = s.replace("&", "&") # Must be last ++ return s ++ ++def html_to_text(html, maxcol=80): ++ try: ++ buffer = StringIO.StringIO() ++ formatter = Formatter.AbstractFormatter(TextWriter(buffer, maxcol)) ++ parser = HTMLParserAnchor(formatter) ++ parser.feed(html) ++ parser.close() ++ text = buffer.getvalue() ++ buffer.close() ++ return text ++ except Exception, e: ++ log_program.error('cannot convert html to text: %s' % e) ++ return None ++ ++def html_document(*body_components): ++ '''Wrap the body components in a HTML document structure with a valid header. ++ Accepts a variable number of arguments of of which canb be: ++ * string ++ * a sequences of strings (tuple or list). ++ * a callable object taking no parameters and returning a string or sequence of strings. ++ ''' ++ head = '<html>\n <head>\n <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>\n </head>\n <body>\n' ++ tail = '\n </body>\n</html>' ++ ++ doc = head ++ ++ for body_component in body_components: ++ if type(body_component) is StringTypes: ++ doc += body_component ++ elif type(body_component) in [TupleType, ListType]: ++ for item in body_component: ++ doc += item ++ elif callable(body_component): ++ result = body_component() ++ if type(result) in [TupleType, ListType]: ++ for item in result: ++ doc += item ++ else: ++ doc += result ++ else: ++ doc += body_component ++ ++ doc += tail ++ return doc ++ +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.glade policycoreutils-2.0.54/gui/lockdown.glade --- nsapolicycoreutils/gui/lockdown.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/lockdown.glade 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/lockdown.glade 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,771 @@ +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*--> +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd"> @@ -1275,9 +1444,9 @@ +</widget> + +</glade-interface> -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.52/gui/lockdown.gladep +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.gladep policycoreutils-2.0.54/gui/lockdown.gladep --- nsapolicycoreutils/gui/lockdown.gladep 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/lockdown.gladep 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/lockdown.gladep 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,7 @@ +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*--> +<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd"> @@ -1286,9 +1455,9 @@ + <name></name> + <program_name></program_name> +</glade-project> -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.52/gui/lockdown.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/lockdown.py policycoreutils-2.0.54/gui/lockdown.py --- nsapolicycoreutils/gui/lockdown.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/lockdown.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/lockdown.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,382 @@ +#!/usr/bin/python +# @@ -1672,9 +1841,9 @@ + + app = booleanWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.52/gui/loginsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.54/gui/loginsPage.py --- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/loginsPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/loginsPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,185 @@ +## loginsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -1861,9 +2030,9 @@ + self.store.set_value(iter, 1, seuser) + self.store.set_value(iter, 2, seobject.translate(serange)) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.52/gui/mappingsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.54/gui/mappingsPage.py --- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/mappingsPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/mappingsPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,56 @@ +## mappingsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -1921,9 +2090,9 @@ + for k in keys: + print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1])) + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.52/gui/modulesPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.54/gui/modulesPage.py --- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/modulesPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/modulesPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,195 @@ +## modulesPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -2120,9 +2289,9 @@ + + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.52/gui/polgen.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.54/gui/polgen.glade --- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/polgen.glade 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/polgen.glade 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,3284 @@ +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*--> +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd"> @@ -5408,9 +5577,9 @@ +</widget> + +</glade-interface> -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.52/gui/polgen.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.54/gui/polgen.py --- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/polgen.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/polgen.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,925 @@ +#!/usr/bin/python +# @@ -6337,9 +6506,9 @@ + sys.exit(0) + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.52/gui/polgengui.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.54/gui/polgengui.py --- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/polgengui.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/polgengui.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,623 @@ +#!/usr/bin/python -E +# @@ -6964,9 +7133,9 @@ + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.52/gui/portsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.54/gui/portsPage.py --- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/portsPage.py 2008-07-08 15:48:27.000000000 -0400 ++++ policycoreutils-2.0.54/gui/portsPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,259 @@ +## portsPage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -7227,9 +7396,9 @@ + + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.52/gui/selinux.tbl +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.54/gui/selinux.tbl --- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/selinux.tbl 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/selinux.tbl 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,234 @@ +acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon") +allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /") @@ -7465,9 +7634,9 @@ +webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories") +webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories") + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.52/gui/semanagePage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.54/gui/semanagePage.py --- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/semanagePage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/semanagePage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,169 @@ +## semanagePage.py - show selinux mappings +## Copyright (C) 2006 Red Hat, Inc. @@ -7638,9 +7807,9 @@ + self.load(self.filter) + return True + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.52/gui/statusPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.54/gui/statusPage.py --- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/statusPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/statusPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,191 @@ +# statusPage.py - show selinux status +## Copyright (C) 2006 Red Hat, Inc. @@ -7833,9 +8002,9 @@ + return self.types[self.selinuxTypeOptionMenu.get_active()] + + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.52/gui/system-config-selinux.glade +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.54/gui/system-config-selinux.glade --- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/system-config-selinux.glade 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/system-config-selinux.glade 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,3221 @@ +<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*--> +<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd"> @@ -11058,9 +11227,9 @@ +</widget> + +</glade-interface> -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.52/gui/system-config-selinux.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.54/gui/system-config-selinux.py --- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/system-config-selinux.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/system-config-selinux.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,187 @@ +#!/usr/bin/python +# @@ -11249,9 +11418,9 @@ + + app = childWindow() + app.stand_alone() -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.52/gui/templates/__init__.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.54/gui/templates/__init__.py --- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/__init__.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/__init__.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,18 @@ +# +# Copyright (C) 2007 Red Hat, Inc. @@ -11271,9 +11440,9 @@ +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.52/gui/templates/boolean.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.54/gui/templates/boolean.py --- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/boolean.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/boolean.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,40 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11315,9 +11484,9 @@ +') +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.52/gui/templates/etc_rw.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.54/gui/templates/etc_rw.py --- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/etc_rw.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/etc_rw.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11448,9 +11617,9 @@ +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_etc_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.52/gui/templates/executable.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.54/gui/templates/executable.py --- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/executable.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/executable.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,327 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11779,9 +11948,9 @@ +EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.52/gui/templates/network.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.54/gui/templates/network.py --- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/network.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/network.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,80 @@ +te_port_types=""" +type TEMPLATETYPE_port_t; @@ -11863,9 +12032,9 @@ +corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.52/gui/templates/rw.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.54/gui/templates/rw.py --- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/rw.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/rw.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,128 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -11995,9 +12164,9 @@ +fc_dir=""" +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.52/gui/templates/script.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.54/gui/templates/script.py --- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/script.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/script.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,105 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12104,9 +12273,9 @@ +# Adding roles to SELinux user USER +/usr/sbin/semanage user -m -R +TEMPLATETYPE_r USER +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.52/gui/templates/semodule.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.54/gui/templates/semodule.py --- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/semodule.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/semodule.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,41 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12149,9 +12318,9 @@ +semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.52/gui/templates/tmp.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.54/gui/templates/tmp.py --- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/tmp.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/tmp.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,97 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12250,9 +12419,9 @@ + TEMPLATETYPE_manage_tmp($1) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.52/gui/templates/user.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.54/gui/templates/user.py --- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/user.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/user.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,182 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12436,9 +12605,9 @@ +te_newrole_rules=""" +seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t }) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.52/gui/templates/var_lib.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.54/gui/templates/var_lib.py --- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/var_lib.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/var_lib.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,158 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12598,9 +12767,9 @@ +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.52/gui/templates/var_log.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.54/gui/templates/var_log.py --- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/var_log.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/var_log.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,110 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12712,9 +12881,9 @@ +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.52/gui/templates/var_run.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.54/gui/templates/var_run.py --- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/var_run.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/var_run.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,118 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12834,9 +13003,9 @@ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0) +""" + -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.52/gui/templates/var_spool.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.54/gui/templates/var_spool.py --- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/templates/var_spool.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/templates/var_spool.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,129 @@ +# Copyright (C) 2007 Red Hat +# see file 'COPYING' for use and warranty information @@ -12967,9 +13136,9 @@ +fc_dir="""\ +FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0) +""" -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.52/gui/translationsPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.54/gui/translationsPage.py --- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/translationsPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/translationsPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,118 @@ +## translationsPage.py - show selinux translations +## Copyright (C) 2006 Red Hat, Inc. @@ -13089,9 +13258,9 @@ + store, iter = self.view.get_selection().get_selected() + self.store.set_value(iter, 0, level) + self.store.set_value(iter, 1, translation) -diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.52/gui/usersPage.py +diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.54/gui/usersPage.py --- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500 -+++ policycoreutils-2.0.52/gui/usersPage.py 2008-07-03 16:17:11.000000000 -0400 ++++ policycoreutils-2.0.54/gui/usersPage.py 2008-08-06 18:05:28.000000000 -0400 @@ -0,0 +1,150 @@ +## usersPage.py - show selinux mappings +## Copyright (C) 2006,2007,2008 Red Hat, Inc. ++++++ policycoreutils-po.patch.bz2 ++++++ ++++ 196460 lines (skipped) ++++ between policycoreutils/policycoreutils-po.patch.bz2 ++++ and /mounts/work_src_done/STABLE/policycoreutils/policycoreutils-po.patch.bz2 ++++++ policycoreutils-rhat.patch ++++++ ++++ 2111 lines (skipped) ++++ between policycoreutils/policycoreutils-rhat.patch ++++ and /mounts/work_src_done/STABLE/policycoreutils/policycoreutils-rhat.patch ++++++ policycoreutils-sepolgen.patch ++++++ --- /var/tmp/diff_new_pack.E11949/_old 2008-09-02 12:29:20.000000000 +0200 +++ /var/tmp/diff_new_pack.E11949/_new 2008-09-02 12:29:20.000000000 +0200 @@ -1,6 +1,6 @@ -diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.49/sepolgen-1.0.12/src/sepolgen/refparser.py ---- nsasepolgen/src/sepolgen/refparser.py 2008-06-12 23:25:26.000000000 -0400 -+++ policycoreutils-2.0.49/sepolgen-1.0.12/src/sepolgen/refparser.py 2008-06-27 07:21:06.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsasepolgen/src/sepolgen/refparser.py policycoreutils-2.0.52/sepolgen-1.0.13/src/sepolgen/refparser.py +--- nsasepolgen/src/sepolgen/refparser.py 2008-06-13 23:25:26.000000000 -0400 ++++ policycoreutils-2.0.52/sepolgen-1.0.13/src/sepolgen/refparser.py 2008-07-29 09:06:29.000000000 -0400 @@ -919,7 +919,7 @@ def list_headers(root): modules = [] ++++++ sepolgen-1.0.12.tar.bz2 -> sepolgen-1.0.13.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/sepolgen-1.0.12/ChangeLog new/sepolgen-1.0.13/ChangeLog --- old/sepolgen-1.0.12/ChangeLog 2008-06-30 17:13:21.000000000 +0200 +++ new/sepolgen-1.0.13/ChangeLog 2008-07-29 15:26:03.000000000 +0200 @@ -1,3 +1,6 @@ +1.0.13 2008-07-29 + * Only append s0 suffix if MLS is enabled from Karl MacMillan. + 1.0.12 2008-06-30 * Fix generation of role-type and role allow rules from Karl MacMillan. diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/sepolgen-1.0.12/src/sepolgen/refpolicy.py new/sepolgen-1.0.13/src/sepolgen/refpolicy.py --- old/sepolgen-1.0.12/src/sepolgen/refpolicy.py 2008-06-30 17:13:21.000000000 +0200 +++ new/sepolgen-1.0.13/src/sepolgen/refpolicy.py 2008-07-29 15:26:03.000000000 +0200 @@ -19,6 +19,7 @@ import string import itertools +import selinux # OVERVIEW # @@ -265,7 +266,7 @@ self.user = "" self.role = "" self.type = "" - self.level = "" + self.level = None if context is not None: self.from_string(context) @@ -288,7 +289,7 @@ # FUTURE - normalize level fields to allow more comparisons to succeed. self.level = string.join(fields[3:], ':') else: - self.level = "" + self.level = None def __eq__(self, other): """Compare two SecurityContext objects - all fields must be exactly the @@ -301,7 +302,7 @@ self.type == other.type and \ self.level == other.level - def to_string(self, default_level="s0"): + def to_string(self, default_level=None): """Return a string representing this security context. By default, the string will contiain a MCS / MLS level @@ -317,8 +318,11 @@ 'user:role:type:level'. """ fields = [self.user, self.role, self.type] - if self.level == "": - if default_level != "": + if self.level is None: + if default_level is None: + if selinux.is_selinux_mls_enabled() == 1: + fields.append("s0") + else: fields.append(default_level) else: fields.append(self.level) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/sepolgen-1.0.12/tests/test_refpolicy.py new/sepolgen-1.0.13/tests/test_refpolicy.py --- old/sepolgen-1.0.12/tests/test_refpolicy.py 2008-06-30 17:13:21.000000000 +0200 +++ new/sepolgen-1.0.13/tests/test_refpolicy.py 2008-07-29 15:26:03.000000000 +0200 @@ -19,6 +19,7 @@ import unittest import sepolgen.refpolicy as refpolicy +import selinux class TestIdSet(unittest.TestCase): def test_set_to_str(self): @@ -40,8 +41,11 @@ self.assertEquals(sc.user, "user_u") self.assertEquals(sc.role, "object_r") self.assertEquals(sc.type, "foo_t") - self.assertEquals(sc.level, "") - self.assertEquals(str(sc), context + ":s0") + self.assertEquals(sc.level, None) + if selinux.is_selinux_mls_enabled(): + self.assertEquals(str(sc), context + ":s0") + else: + self.assertEquals(str(sc), context) self.assertEquals(sc.to_string(default_level="s1"), context + ":s1") context = "user_u:object_r:foo_t:s0-s0:c0-c255" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/sepolgen-1.0.12/VERSION new/sepolgen-1.0.13/VERSION --- old/sepolgen-1.0.12/VERSION 2008-06-30 17:13:21.000000000 +0200 +++ new/sepolgen-1.0.13/VERSION 2008-07-29 15:26:03.000000000 +0200 @@ -1 +1 @@ -1.0.12 +1.0.13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org