Merge remote-tracking branch 'aosp/upstream-master' into mymerge
Bug: 72757373
Test: build and run aosp_taimen-userdebug
Change-Id: I1ea08e95205d0aba661b7251c790e153f128f4cf
diff --git a/.travis.yml b/.travis.yml
index 88f6297..63c7a54 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -96,9 +96,6 @@
- export PKG_CONFIG_PATH="/opt/python/$($PYTHON -c 'import sys;print("%d.%d.%d" % sys.version_info[:3])')/lib/pkgconfig"
# PyPy does not provide a config file for pkg-config nor a pypy-c.so
- if echo "$PYVER" | grep -q pypy ; then export PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include PYLIBS= ; fi
- # Python virtualenvs do not support "import site; print(site.getsitepackages()[0]"
- # cf. https://github.com/pypa/virtualenv/issues/355#issuecomment-10250452
- - export PYSITEDIR="$DESTDIR/usr/lib/$($PYTHON -c 'import sys;print("python%d.%d" % sys.version_info[:2])')/site-packages"
# Find the Ruby executable with version $RUBYLIBVER
- export RUBY="$(ls -d -1 "$HOME/.rvm/rubies/ruby-$RUBYLIBVER"*/bin/ruby | head -n 1)"
@@ -126,7 +123,7 @@
# Set up environment variables for the tests
- export LD_LIBRARY_PATH="$DESTDIR/usr/lib:$DESTDIR/lib"
- export PATH="$DESTDIR/usr/sbin:$DESTDIR/usr/bin:$DESTDIR/sbin:$DESTDIR/bin:$PATH"
- - export PYTHONPATH="$PYSITEDIR"
+ - export PYTHONPATH="$DESTDIR$($PYTHON -c "from distutils.sysconfig import *;print(get_python_lib(prefix='/usr'))")"
- export RUBYLIB="$DESTDIR/$($RUBY -e 'puts RbConfig::CONFIG["vendorlibdir"]'):$DESTDIR/$($RUBY -e 'puts RbConfig::CONFIG["vendorarchdir"]')"
# Show variables (to help debugging issues)
diff --git a/Makefile b/Makefile
index 6da7f7b..c238dbc 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,4 @@
+PREFIX ?= /usr
OPT_SUBDIRS ?= dbus gui mcstrans python restorecond sandbox semodule-utils
SUBDIRS=libsepol libselinux libsemanage checkpolicy secilc policycoreutils $(OPT_SUBDIRS)
PYSUBDIRS=libselinux libsemanage
@@ -19,10 +20,14 @@
endif
ifneq ($(DESTDIR),)
- CFLAGS += -I$(DESTDIR)/usr/include
- LDFLAGS += -L$(DESTDIR)/usr/lib
+ LIBDIR ?= $(DESTDIR)$(PREFIX)/lib
+ LIBSEPOLA ?= $(LIBDIR)/libsepol.a
+
+ CFLAGS += -I$(DESTDIR)$(PREFIX)/include
+ LDFLAGS += -L$(DESTDIR)$(PREFIX)/lib -L$(LIBDIR)
export CFLAGS
export LDFLAGS
+ export LIBSEPOLA
endif
all install relabel clean test indent:
diff --git a/README b/README
index 7fc7b17..174551a 100644
--- a/README
+++ b/README
@@ -19,6 +19,6 @@
distribution. If it breaks, you get to keep both pieces.
To install libsepol on macOS (mainly for policy analysis):
-cd libsepol; make DESTDIR=/usr/local PREFIX=/usr/local install
+cd libsepol; make PREFIX=/usr/local install
This requires GNU coreutils (brew install coreutils).
diff --git a/checkpolicy/Makefile b/checkpolicy/Makefile
index 68e11f2..4c817cd 100644
--- a/checkpolicy/Makefile
+++ b/checkpolicy/Makefile
@@ -1,12 +1,9 @@
#
# Makefile for building the checkpolicy program
#
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
TARGETS = checkpolicy checkmodule
LEX = flex
@@ -14,7 +11,12 @@
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
-override CFLAGS += -I.
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
policy_define.o
@@ -27,8 +29,10 @@
$(MAKE) -C test
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
+ $(CC) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
%.o: %.c
$(CC) $(CFLAGS) -o $@ -c $<
@@ -46,15 +50,15 @@
$(LEX) policy_scan.l
install: all
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(TARGETS) $(BINDIR)
- install -m 644 checkpolicy.8 $(MANDIR)/man8
- install -m 644 checkmodule.8 $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
+ install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
relabel: install
- /sbin/restorecon $(BINDIR)/checkpolicy
- /sbin/restorecon $(BINDIR)/checkmodule
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
clean:
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 923b47c..fbda455 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -69,6 +69,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <fcntl.h>
#include <stdio.h>
@@ -944,6 +947,8 @@
protocol = IPPROTO_UDP;
else if (!strcmp(ans, "dccp") || !strcmp(ans, "DCCP"))
protocol = IPPROTO_DCCP;
+ else if (!strcmp(ans, "sctp") || !strcmp(ans, "SCTP"))
+ protocol = IPPROTO_SCTP;
else {
printf("unknown protocol\n");
break;
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 2c5db55..d8788a6 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -40,6 +40,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <arpa/inet.h>
#include <stdlib.h>
#include <limits.h>
@@ -1182,10 +1185,6 @@
goto exit;
}
- if (attr->flags & TYPE_FLAGS_EXPAND_ATTR) {
- yyerror2("%s already has the expandattribute option specified", id);
- goto exit;
- }
if (ebitmap_set_bit(&attrs, attr->s.value - 1, TRUE)) {
yyerror("Out of memory!");
goto exit;
@@ -1213,6 +1212,12 @@
attr = hashtab_search(policydbp->p_types.table,
policydbp->sym_val_to_name[SYM_TYPES][i]);
attr->flags |= flags;
+ if ((attr->flags & TYPE_FLAGS_EXPAND_ATTR_TRUE) &&
+ (attr->flags & TYPE_FLAGS_EXPAND_ATTR_FALSE)) {
+ yywarn("Expandattribute option was set to both true and false. "
+ "Resolving to false.");
+ attr->flags &= ~TYPE_FLAGS_EXPAND_ATTR_TRUE;
+ }
}
rc = 0;
@@ -5004,6 +5009,8 @@
protocol = IPPROTO_UDP;
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
protocol = IPPROTO_DCCP;
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
+ protocol = IPPROTO_SCTP;
} else {
yyerror2("unrecognized protocol %s", id);
goto bad;
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 59fa446..89e7557 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -1,19 +1,22 @@
#
# Makefile for building the dispol program
#
-PREFIX ?= $(DESTDIR)/usr
-BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
-
CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: dispol dismod
dispol: dispol.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
dismod: dismod.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
clean:
-rm -f dispol dismod *.o
diff --git a/dbus/Makefile b/dbus/Makefile
index 9a6cc90..53143af 100644
--- a/dbus/Makefile
+++ b/dbus/Makefile
@@ -1,3 +1,5 @@
+PREFIX ?= /usr
+
all:
clean:
@@ -5,12 +7,12 @@
install:
-mkdir -p $(DESTDIR)/etc/dbus-1/system.d/
install -m 644 org.selinux.conf $(DESTDIR)/etc/dbus-1/system.d/
- -mkdir -p $(DESTDIR)/usr/share/dbus-1/system-services
- install -m 644 org.selinux.service $(DESTDIR)/usr/share/dbus-1/system-services
- -mkdir -p $(DESTDIR)/usr/share/polkit-1/actions/
- install -m 644 org.selinux.policy $(DESTDIR)/usr/share/polkit-1/actions/
- -mkdir -p $(DESTDIR)/usr/share/system-config-selinux
- install -m 755 selinux_server.py $(DESTDIR)/usr/share/system-config-selinux
+ -mkdir -p $(DESTDIR)$(PREFIX)/share/dbus-1/system-services
+ install -m 644 org.selinux.service $(DESTDIR)$(PREFIX)/share/dbus-1/system-services
+ -mkdir -p $(DESTDIR)$(PREFIX)/share/polkit-1/actions/
+ install -m 644 org.selinux.policy $(DESTDIR)$(PREFIX)/share/polkit-1/actions/
+ -mkdir -p $(DESTDIR)$(PREFIX)/share/system-config-selinux
+ install -m 755 selinux_server.py $(DESTDIR)$(PREFIX)/share/system-config-selinux
relabel:
diff --git a/gui/Makefile b/gui/Makefile
index cfe4740..a72e58c 100644
--- a/gui/Makefile
+++ b/gui/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= ${DESTDIR}/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
SHAREDIR ?= $(PREFIX)/share/system-config-selinux
DATADIR ?= $(PREFIX)/share
@@ -12,7 +12,7 @@
html_util.py \
loginsPage.py \
modulesPage.py \
-polgen.glade \
+polgen.ui \
portsPage.py \
semanagePage.py \
statusPage.py \
@@ -23,29 +23,29 @@
all: $(TARGETS) system-config-selinux.py polgengui.py
install: all
- -mkdir -p $(MANDIR)/man8
- -mkdir -p $(SHAREDIR)
- -mkdir -p $(BINDIR)
- -mkdir -p $(DATADIR)/pixmaps
- -mkdir -p $(DATADIR)/icons/hicolor/24x24/apps
- -mkdir -p $(DATADIR)/polkit-1/actions/
- install -m 755 system-config-selinux.py $(SHAREDIR)
- install -m 755 system-config-selinux $(BINDIR)
- install -m 755 polgengui.py $(SHAREDIR)
- install -m 644 $(TARGETS) $(SHAREDIR)
- install -m 644 system-config-selinux.8 $(MANDIR)/man8
- install -m 644 selinux-polgengui.8 $(MANDIR)/man8
- install -m 644 system-config-selinux.png $(DATADIR)/pixmaps
- install -m 644 system-config-selinux.png $(DATADIR)/icons/hicolor/24x24/apps
- install -m 644 system-config-selinux.png $(DATADIR)/system-config-selinux
- install -m 644 *.desktop $(DATADIR)/system-config-selinux
- -mkdir -p $(DESTDIR) $(DATADIR)/pixmaps
- install -m 644 sepolicy_256.png $(DATADIR)/pixmaps/sepolicy.png
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
+ install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
for i in 16 22 32 48 256; do \
- mkdir -p $(DESTDIR) $(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
- install -m 644 sepolicy_$${i}.png $(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps; \
+ install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
done
- install -m 644 org.selinux.config.policy $(DATADIR)/polkit-1/actions/
+ install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
clean:
indent:
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
index a6577ef..370bbee 100644
--- a/gui/fcontextPage.py
+++ b/gui/fcontextPage.py
@@ -164,6 +164,7 @@
self.fcontextEntry.set_text("")
self.fcontextEntry.set_sensitive(True)
self.fcontextFileTypeCombo.set_sensitive(True)
+ self.fcontextFileTypeCombo.set_active(0)
self.fcontextTypeEntry.set_text("")
self.fcontextMLSEntry.set_text("s0")
diff --git a/gui/polgen.glade b/gui/polgen.ui
similarity index 80%
rename from gui/polgen.glade
rename to gui/polgen.ui
index 37c1472..aa4c70a 100644
--- a/gui/polgen.glade
+++ b/gui/polgen.ui
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<glade-interface>
+<?xml version="1.0"?>
+<interface>
<!-- interface-requires gtk+ 2.6 -->
<!-- interface-naming-policy toplevel-contextual -->
- <widget class="GtkAboutDialog" id="about_dialog">
+ <object class="GtkAboutDialog" id="about_dialog">
<property name="can_focus">False</property>
<property name="border_width">5</property>
<property name="type_hint">normal</property>
@@ -10,14 +10,14 @@
<property name="website">www.redhat.com</property>
<property name="license" translatable="yes">GPL</property>
<property name="authors">Daniel Walsh <dwalsh@redhat.com></property>
- <property name="translator_credits" translatable="yes" comments="TRANSLATORS: Replace this string with your names, one name per line.">translator-credits</property>
+ <property comments="TRANSLATORS: Replace this string with your names, one name per line." name="translator_credits" translatable="yes">translator-credits</property>
<child internal-child="vbox">
- <widget class="GtkVBox" id="dialog-vbox3">
+ <object class="GtkVBox" id="dialog-vbox3">
<property name="can_focus">False</property>
<child internal-child="action_area">
- <widget class="GtkHButtonBox" id="dialog-action_area3">
+ <object class="GtkHButtonBox" id="dialog-action_area3">
<property name="can_focus">False</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
@@ -25,10 +25,10 @@
<property name="position">0</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
- <widget class="GtkDialog" id="boolean_dialog">
+ </object>
+ <object class="GtkDialog" id="boolean_dialog">
<property name="can_focus">False</property>
<property name="border_width">12</property>
<property name="title" translatable="yes">Add Booleans Dialog</property>
@@ -36,25 +36,24 @@
<property name="default_width">400</property>
<property name="type_hint">dialog</property>
<child internal-child="vbox">
- <widget class="GtkVBox" id="dialog-vbox2">
+ <object class="GtkVBox" id="dialog-vbox2">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child internal-child="action_area">
- <widget class="GtkHButtonBox" id="dialog-action_area2">
+ <object class="GtkHButtonBox" id="dialog-action_area2">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="layout_style">end</property>
<child>
- <widget class="GtkButton" id="cancelbutton1">
+ <object class="GtkButton" id="cancelbutton1">
<property name="label">gtk-cancel</property>
- <property name="response_id">-6</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -62,22 +61,21 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="okbutton1">
+ <object class="GtkButton" id="okbutton1">
<property name="label">gtk-add</property>
- <property name="response_id">-5</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
@@ -86,7 +84,7 @@
</packing>
</child>
<child>
- <widget class="GtkTable" id="table6">
+ <object class="GtkTable" id="table6">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="n_rows">2</property>
@@ -94,24 +92,24 @@
<property name="column_spacing">12</property>
<property name="row_spacing">6</property>
<child>
- <widget class="GtkLabel" id="label48">
+ <object class="GtkLabel" id="label48">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Boolean Name</property>
- </widget>
+ </object>
<packing>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label49">
+ <object class="GtkLabel" id="label49">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Description</property>
- </widget>
+ </object>
<packing>
<property name="top_attach">1</property>
<property name="bottom_attach">2</property>
@@ -120,15 +118,15 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="boolean_name_entry">
+ <object class="GtkEntry" id="boolean_name_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="invisible_char">•</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
@@ -136,15 +134,15 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="boolean_description_entry">
+ <object class="GtkEntry" id="boolean_description_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="invisible_char">•</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
@@ -153,17 +151,21 @@
<property name="y_options"/>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
- <widget class="GtkFileChooserDialog" id="filechooserdialog">
+ <action-widgets>
+ <action-widget response="-6">cancelbutton1</action-widget>
+ <action-widget response="-5">okbutton1</action-widget>
+ </action-widgets>
+ </object>
+ <object class="GtkFileChooserDialog" id="filechooserdialog">
<property name="can_focus">False</property>
<property name="border_width">5</property>
<property name="window_position">mouse</property>
@@ -171,25 +173,24 @@
<property name="select_multiple">True</property>
<property name="show_hidden">True</property>
<child internal-child="vbox">
- <widget class="GtkVBox" id="dialog-vbox1">
+ <object class="GtkVBox" id="dialog-vbox1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">24</property>
<child internal-child="action_area">
- <widget class="GtkHButtonBox" id="dialog-action_area1">
+ <object class="GtkHButtonBox" id="dialog-action_area1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="layout_style">end</property>
<child>
- <widget class="GtkButton" id="button5">
+ <object class="GtkButton" id="button5">
<property name="label">gtk-cancel</property>
- <property name="response_id">-6</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -197,23 +198,22 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="button6">
+ <object class="GtkButton" id="button6">
<property name="label">gtk-add</property>
- <property name="response_id">-5</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="has_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
@@ -221,36 +221,40 @@
<property name="position">0</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
- <widget class="GtkWindow" id="main_window">
+ <action-widgets>
+ <action-widget response="-6">button5</action-widget>
+ <action-widget response="-5">button6</action-widget>
+ </action-widgets>
+ </object>
+ <object class="GtkWindow" id="main_window">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="title" translatable="yes">SELinux Policy Generation Tool</property>
<child>
- <widget class="GtkVBox" id="vbox11">
+ <object class="GtkVBox" id="vbox11">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">18</property>
<child>
- <widget class="GtkNotebook" id="notebook">
+ <object class="GtkNotebook" id="notebook">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="tab_pos">left</property>
<property name="show_tabs">False</property>
<child>
- <widget class="GtkVBox" id="vbox59">
+ <object class="GtkVBox" id="vbox59">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_type_label">
+ <object class="GtkLabel" id="select_type_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select the policy type for the application or user role you want to confine:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -259,31 +263,31 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox58">
+ <object class="GtkVBox" id="vbox58">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkVBox" id="vbox14">
+ <object class="GtkVBox" id="vbox14">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkHBox" id="hbox16">
+ <object class="GtkHBox" id="hbox16">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkVBox" id="vbox18">
+ <object class="GtkVBox" id="vbox18">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label41">
+ <object class="GtkLabel" id="label41">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Applications</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -291,15 +295,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox17">
+ <object class="GtkHBox" id="hbox17">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label52">
+ <object class="GtkLabel" id="label52">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -307,20 +311,20 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox6">
+ <object class="GtkVBox" id="vbox6">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkRadioButton" id="init_radiobutton">
+ <object class="GtkRadioButton" id="init_radiobutton">
<property name="label" translatable="yes">Standard Init Daemon</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d</property>
+ <property name="tooltip-text" translatable="yes">Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -328,16 +332,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="dbus_radiobutton">
+ <object class="GtkRadioButton" id="dbus_radiobutton">
<property name="label" translatable="yes">DBUS System Daemon</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d</property>
+ <property name="tooltip-text" translatable="yes">Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/rc.d/init.d</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -345,16 +349,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="inetd_radiobutton">
+ <object class="GtkRadioButton" id="inetd_radiobutton">
<property name="label" translatable="yes">Internet Services Daemon (inetd)</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Internet Services Daemon are daemons started by xinetd</property>
+ <property name="tooltip-text" translatable="yes">Internet Services Daemon are daemons started by xinetd</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -362,16 +366,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="cgi_radiobutton">
+ <object class="GtkRadioButton" id="cgi_radiobutton">
<property name="label" translatable="yes">Web Application/Script (CGI)</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Web Applications/Script (CGI) CGI scripts started by the web server (apache)</property>
+ <property name="tooltip-text" translatable="yes">Web Applications/Script (CGI) CGI scripts started by the web server (apache)</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -379,16 +383,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="user_radiobutton">
+ <object class="GtkRadioButton" id="user_radiobutton">
<property name="label" translatable="yes">User Application</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">User Application are any application that you would like to confine that is started by a user</property>
+ <property name="tooltip-text" translatable="yes">User Application are any application that you would like to confine that is started by a user</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -396,37 +400,37 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="sandbox_radiobutton">
+ <object class="GtkRadioButton" id="sandbox_radiobutton">
<property name="label" translatable="yes">Sandbox</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">User Application are any application that you would like to confine that is started by a user</property>
+ <property name="tooltip-text" translatable="yes">User Application are any application that you would like to confine that is started by a user</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">5</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
@@ -434,18 +438,18 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox19">
+ <object class="GtkVBox" id="vbox19">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label42">
+ <object class="GtkLabel" id="label42">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Login Users</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -453,15 +457,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox18">
+ <object class="GtkHBox" id="hbox18">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label53">
+ <object class="GtkLabel" id="label53">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -469,21 +473,21 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox15">
+ <object class="GtkVBox" id="vbox15">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkRadioButton" id="existing_user_radiobutton">
+ <object class="GtkRadioButton" id="existing_user_radiobutton">
<property name="label" translatable="yes">Existing User Roles</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Modify an existing login user record.</property>
+ <property name="tooltip-text" translatable="yes">Modify an existing login user record.</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -491,16 +495,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="terminal_user_radiobutton">
+ <object class="GtkRadioButton" id="terminal_user_radiobutton">
<property name="label" translatable="yes">Minimal Terminal User Role</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo.</property>
+ <property name="tooltip-text" translatable="yes">This user will login to a machine only via a terminal or remote login. By default this user will have no setuid, no networking, no su, no sudo.</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -508,16 +512,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="xwindows_user_radiobutton">
+ <object class="GtkRadioButton" id="xwindows_user_radiobutton">
<property name="label" translatable="yes">Minimal X Windows User Role</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su</property>
+ <property name="tooltip-text" translatable="yes">This user can login to a machine via X or terminal. By default this user will have no setuid, no networking, no sudo, no su</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -525,16 +529,16 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="login_user_radiobutton">
+ <object class="GtkRadioButton" id="login_user_radiobutton">
<property name="label" translatable="yes">User Role</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">User with full networking, no setuid applications without transition, no sudo, no su.</property>
+ <property name="tooltip-text" translatable="yes">User with full networking, no setuid applications without transition, no sudo, no su.</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -542,37 +546,37 @@
</packing>
</child>
<child>
- <widget class="GtkRadioButton" id="admin_user_radiobutton">
+ <object class="GtkRadioButton" id="admin_user_radiobutton">
<property name="label" translatable="yes">Admin User Role</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles</property>
+ <property name="tooltip-text" translatable="yes">User with full networking, no setuid applications without transition, no su, can sudo to Root Administration Roles</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">4</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
@@ -580,18 +584,18 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox20">
+ <object class="GtkVBox" id="vbox20">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label50">
+ <object class="GtkLabel" id="label50">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Root Users</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -599,15 +603,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox19">
+ <object class="GtkHBox" id="hbox19">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label54">
+ <object class="GtkLabel" id="label54">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -615,96 +619,92 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox21">
+ <object class="GtkVBox" id="vbox21">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkRadioButton" id="root_user_radiobutton">
+ <object class="GtkRadioButton" id="root_user_radiobutton">
<property name="label" translatable="yes">Root Admin User Role</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.</property>
+ <property name="tooltip-text" translatable="yes">Select Root Administrator User Role, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
<property name="group">init_radiobutton</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">0</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">0</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">0</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="tab_expand">True</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label104">
+ <child type="tab">
+ <object class="GtkLabel" id="label104">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Main Tab</property>
- </widget>
+ </object>
<packing>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox60">
+ <object class="GtkVBox" id="vbox60">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_name_label">
+ <object class="GtkLabel" id="select_name_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Enter name of application or user role:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -713,7 +713,7 @@
</packing>
</child>
<child>
- <widget class="GtkTable" id="table5">
+ <object class="GtkTable" id="table5">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="n_rows">3</property>
@@ -721,28 +721,28 @@
<property name="column_spacing">12</property>
<property name="row_spacing">6</property>
<child>
- <widget class="GtkLabel" id="label1">
+ <object class="GtkLabel" id="label1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Name</property>
- </widget>
+ </object>
<packing>
<property name="x_options">GTK_FILL</property>
<property name="y_options"/>
</packing>
</child>
<child>
- <widget class="GtkEntry" id="exec_entry">
+ <object class="GtkEntry" id="exec_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Enter complete path for executable to be confined.</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Enter complete path for executable to be confined.</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
@@ -752,14 +752,14 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="exec_button">
+ <object class="GtkButton" id="exec_button">
<property name="label" translatable="yes">...</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
- <signal name="clicked" handler="on_exec_select_clicked" swapped="no"/>
- </widget>
+ <signal handler="on_exec_select_clicked" name="clicked" swapped="no"/>
+ </object>
<packing>
<property name="left_attach">2</property>
<property name="right_attach">3</property>
@@ -770,16 +770,16 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="name_entry">
+ <object class="GtkEntry" id="name_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Enter unique name for the confined application or user role.</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Enter unique name for the confined application or user role.</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="left_attach">1</property>
<property name="right_attach">3</property>
@@ -787,12 +787,12 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label2">
+ <object class="GtkLabel" id="label2">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Executable</property>
- </widget>
+ </object>
<packing>
<property name="top_attach">1</property>
<property name="bottom_attach">2</property>
@@ -801,12 +801,12 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label40">
+ <object class="GtkLabel" id="label40">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Init script</property>
- </widget>
+ </object>
<packing>
<property name="top_attach">2</property>
<property name="bottom_attach">3</property>
@@ -815,16 +815,16 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="init_script_entry">
+ <object class="GtkEntry" id="init_script_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Enter complete path to init script used to start the confined application.</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Enter complete path to init script used to start the confined application.</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="left_attach">1</property>
<property name="right_attach">2</property>
@@ -834,14 +834,14 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="init_script_button">
+ <object class="GtkButton" id="init_script_button">
<property name="label" translatable="yes">...</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
- <signal name="clicked" handler="on_init_script_select_clicked" swapped="no"/>
- </widget>
+ <signal handler="on_init_script_select_clicked" name="clicked" swapped="no"/>
+ </object>
<packing>
<property name="left_attach">2</property>
<property name="right_attach">3</property>
@@ -851,42 +851,38 @@
<property name="y_options"/>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">1</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="select_name_label1">
+ <child type="tab">
+ <object class="GtkLabel" id="select_name_label1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Name Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">1</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox61">
+ <object class="GtkVBox" id="vbox61">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_existing_role_label">
+ <object class="GtkLabel" id="select_existing_role_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select existing role to modify:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -895,56 +891,52 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow5">
+ <object class="GtkScrolledWindow" id="scrolledwindow5">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="hscrollbar_policy">automatic</property>
<property name="vscrollbar_policy">automatic</property>
<property name="shadow_type">in</property>
<child>
- <widget class="GtkTreeView" id="existing_user_treeview">
+ <object class="GtkTreeView" id="existing_user_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Select the user roles that will transiton to the %s domain.</property>
+ <property name="tooltip-text" translatable="yes">Select the user roles that will transiton to the %s domain.</property>
<property name="headers_visible">False</property>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">2</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label106">
+ <child type="tab">
+ <object class="GtkLabel" id="label106">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">role tab</property>
- </widget>
+ </object>
<packing>
<property name="position">2</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox62">
+ <object class="GtkVBox" id="vbox62">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_label">
+ <object class="GtkLabel" id="select_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select roles that %s will transition to:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -953,54 +945,50 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow12">
+ <object class="GtkScrolledWindow" id="scrolledwindow12">
<property name="visible">True</property>
<property name="can_focus">True</property>
<child>
- <widget class="GtkTreeView" id="transition_treeview">
+ <object class="GtkTreeView" id="transition_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Select applications domains that %s will transition to.</property>
+ <property name="tooltip-text" translatable="yes">Select applications domains that %s will transition to.</property>
<property name="headers_visible">False</property>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">3</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label107">
+ <child type="tab">
+ <object class="GtkLabel" id="label107">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">transition
role tab</property>
- </widget>
+ </object>
<packing>
<property name="position">3</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox63">
+ <object class="GtkVBox" id="vbox63">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_user_roles_label">
+ <object class="GtkLabel" id="select_user_roles_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select the user_roles that will transition to %s:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1009,53 +997,49 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow13">
+ <object class="GtkScrolledWindow" id="scrolledwindow13">
<property name="visible">True</property>
<property name="can_focus">True</property>
<child>
- <widget class="GtkTreeView" id="user_transition_treeview">
+ <object class="GtkTreeView" id="user_transition_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Select the user roles that will transiton to this applications domains.</property>
+ <property name="tooltip-text" translatable="yes">Select the user roles that will transiton to this applications domains.</property>
<property name="headers_visible">False</property>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">4</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label108">
+ <child type="tab">
+ <object class="GtkLabel" id="label108">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">User Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">4</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox64">
+ <object class="GtkVBox" id="vbox64">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_domain_admin_label">
+ <object class="GtkLabel" id="select_domain_admin_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select domains that %s will administer:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1064,53 +1048,49 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow14">
+ <object class="GtkScrolledWindow" id="scrolledwindow14">
<property name="visible">True</property>
<property name="can_focus">True</property>
<child>
- <widget class="GtkTreeView" id="admin_treeview">
+ <object class="GtkTreeView" id="admin_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Select the domains that you would like this user administer.</property>
+ <property name="tooltip-text" translatable="yes">Select the domains that you would like this user administer.</property>
<property name="headers_visible">False</property>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">5</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label109">
+ <child type="tab">
+ <object class="GtkLabel" id="label109">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Admin Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">5</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox65">
+ <object class="GtkVBox" id="vbox65">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_role_label">
+ <object class="GtkLabel" id="select_role_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select additional roles for %s:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1119,53 +1099,49 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow15">
+ <object class="GtkScrolledWindow" id="scrolledwindow15">
<property name="visible">True</property>
<property name="can_focus">True</property>
<child>
- <widget class="GtkTreeView" id="role_treeview">
+ <object class="GtkTreeView" id="role_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Select the domains that you would like this user administer.</property>
+ <property name="tooltip-text" translatable="yes">Select the domains that you would like this user administer.</property>
<property name="headers_visible">False</property>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">6</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="in_net_page">
+ <child type="tab">
+ <object class="GtkLabel" id="in_net_page">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Roles Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">6</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="in_net_page1">
+ <object class="GtkVBox" id="in_net_page1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_in_label">
+ <object class="GtkLabel" id="select_in_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Enter network ports that %s binds on:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1174,18 +1150,18 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox22">
+ <object class="GtkVBox" id="vbox22">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label55">
+ <object class="GtkLabel" id="label55">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>TCP Ports</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1193,15 +1169,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox20">
+ <object class="GtkHBox" id="hbox20">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label56">
+ <object class="GtkLabel" id="label56">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1209,25 +1185,25 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox23">
+ <object class="GtkVBox" id="vbox23">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkHBox" id="hbox21">
+ <object class="GtkHBox" id="hbox21">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkCheckButton" id="in_tcp_all_checkbutton">
+ <object class="GtkCheckButton" id="in_tcp_all_checkbutton">
<property name="label" translatable="yes">All</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Allows %s to bind to any udp port</property>
+ <property name="tooltip-text" translatable="yes">Allows %s to bind to any udp port</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1236,15 +1212,15 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="in_tcp_reserved_checkbutton">
+ <object class="GtkCheckButton" id="in_tcp_reserved_checkbutton">
<property name="label" translatable="yes">600-1024</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Allow %s to call bindresvport with 0. Binding to port 600-1024</property>
+ <property name="tooltip-text" translatable="yes">Allow %s to call bindresvport with 0. Binding to port 600-1024</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1253,15 +1229,15 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="in_tcp_unreserved_checkbutton">
+ <object class="GtkCheckButton" id="in_tcp_unreserved_checkbutton">
<property name="label" translatable="yes">Unreserved Ports (>1024)</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660</property>
+ <property name="tooltip-text" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1269,7 +1245,7 @@
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
@@ -1277,17 +1253,17 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox22">
+ <object class="GtkHBox" id="hbox22">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkLabel" id="label57">
+ <object class="GtkLabel" id="label57">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Select Ports</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1296,44 +1272,44 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="in_tcp_entry">
+ <object class="GtkEntry" id="in_tcp_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Allows %s to bind to any udp ports > 1024</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Allows %s to bind to any udp ports > 1024</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
@@ -1341,18 +1317,18 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox24">
+ <object class="GtkVBox" id="vbox24">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label58">
+ <object class="GtkLabel" id="label58">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>UDP Ports</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1360,15 +1336,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox23">
+ <object class="GtkHBox" id="hbox23">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label59">
+ <object class="GtkLabel" id="label59">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1376,25 +1352,25 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox25">
+ <object class="GtkVBox" id="vbox25">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkHBox" id="hbox24">
+ <object class="GtkHBox" id="hbox24">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkCheckButton" id="in_udp_all_checkbutton">
+ <object class="GtkCheckButton" id="in_udp_all_checkbutton">
<property name="label" translatable="yes">All</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Allows %s to bind to any udp port</property>
+ <property name="tooltip-text" translatable="yes">Allows %s to bind to any udp port</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1403,15 +1379,15 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="in_udp_reserved_checkbutton">
+ <object class="GtkCheckButton" id="in_udp_reserved_checkbutton">
<property name="label" translatable="yes">600-1024</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Allow %s to call bindresvport with 0. Binding to port 600-1024</property>
+ <property name="tooltip-text" translatable="yes">Allow %s to call bindresvport with 0. Binding to port 600-1024</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1420,15 +1396,15 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="in_udp_unreserved_checkbutton">
+ <object class="GtkCheckButton" id="in_udp_unreserved_checkbutton">
<property name="label" translatable="yes">Unreserved Ports (>1024)</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660</property>
+ <property name="tooltip-text" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that %s binds to. Example: 612, 650-660</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1436,7 +1412,7 @@
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
@@ -1444,17 +1420,17 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox25">
+ <object class="GtkHBox" id="hbox25">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkLabel" id="label60">
+ <object class="GtkLabel" id="label60">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Select Ports</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1463,80 +1439,76 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="in_udp_entry">
+ <object class="GtkEntry" id="in_udp_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Allows %s to bind to any udp ports > 1024</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Allows %s to bind to any udp ports > 1024</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">7</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label113">
+ <child type="tab">
+ <object class="GtkLabel" id="label113">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">Network
Bind tab</property>
- </widget>
+ </object>
<packing>
<property name="position">7</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox75">
+ <object class="GtkVBox" id="vbox75">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_out_label">
+ <object class="GtkLabel" id="select_out_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select network ports that %s connects to:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1545,18 +1517,18 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox26">
+ <object class="GtkVBox" id="vbox26">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label37">
+ <object class="GtkLabel" id="label37">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>TCP Ports</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1564,15 +1536,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox26">
+ <object class="GtkHBox" id="hbox26">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label61">
+ <object class="GtkLabel" id="label61">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1580,20 +1552,20 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox15">
+ <object class="GtkHBox" id="hbox15">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkCheckButton" id="out_tcp_all_checkbutton">
+ <object class="GtkCheckButton" id="out_tcp_all_checkbutton">
<property name="label" translatable="yes">All</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Allows %s to connect to any tcp port</property>
+ <property name="tooltip-text" translatable="yes">Allows %s to connect to any tcp port</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1602,12 +1574,12 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label38">
+ <object class="GtkLabel" id="label38">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Select Ports</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1616,37 +1588,37 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="out_tcp_entry">
+ <object class="GtkEntry" id="out_tcp_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that %s connects to. Example: 612, 650-660</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
@@ -1654,18 +1626,18 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox27">
+ <object class="GtkVBox" id="vbox27">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkLabel" id="label23">
+ <object class="GtkLabel" id="label23">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>UDP Ports</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1673,15 +1645,15 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox27">
+ <object class="GtkHBox" id="hbox27">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="label62">
+ <object class="GtkLabel" id="label62">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label"> </property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1689,20 +1661,20 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox12">
+ <object class="GtkHBox" id="hbox12">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkCheckButton" id="out_udp_all_checkbutton">
+ <object class="GtkCheckButton" id="out_udp_all_checkbutton">
<property name="label" translatable="yes">All</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <property name="tooltip" translatable="yes">Allows %s to connect to any udp port</property>
+ <property name="tooltip-text" translatable="yes">Allows %s to connect to any udp port</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1711,12 +1683,12 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label22">
+ <object class="GtkLabel" id="label22">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes">Select Ports</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1725,73 +1697,69 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="out_udp_entry">
+ <object class="GtkEntry" id="out_udp_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660</property>
- <property name="invisible_char">•</property>
+ <property name="tooltip-text" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that %s connects to. Example: 612, 650-660</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">8</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label114">
+ <child type="tab">
+ <object class="GtkLabel" id="label114">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Network
Connect Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">8</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox68">
+ <object class="GtkVBox" id="vbox68">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_common_label">
+ <object class="GtkLabel" id="select_common_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Select common application traits for %s:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1800,19 +1768,19 @@
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox4">
+ <object class="GtkVBox" id="vbox4">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkCheckButton" id="syslog_checkbutton">
+ <object class="GtkCheckButton" id="syslog_checkbutton">
<property name="label" translatable="yes">Writes syslog messages </property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1820,14 +1788,14 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="tmp_checkbutton">
+ <object class="GtkCheckButton" id="tmp_checkbutton">
<property name="label" translatable="yes">Create/Manipulate temporary files in /tmp</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1835,14 +1803,14 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="pam_checkbutton">
+ <object class="GtkCheckButton" id="pam_checkbutton">
<property name="label" translatable="yes">Uses Pam for authentication</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1850,14 +1818,14 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="uid_checkbutton">
+ <object class="GtkCheckButton" id="uid_checkbutton">
<property name="label" translatable="yes">Uses nsswitch or getpw* calls</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1865,14 +1833,14 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="dbus_checkbutton">
+ <object class="GtkCheckButton" id="dbus_checkbutton">
<property name="label" translatable="yes">Uses dbus</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1880,14 +1848,14 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="audit_checkbutton">
+ <object class="GtkCheckButton" id="audit_checkbutton">
<property name="label" translatable="yes">Sends audit messages</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1895,14 +1863,14 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="terminal_checkbutton">
+ <object class="GtkCheckButton" id="terminal_checkbutton">
<property name="label" translatable="yes">Interacts with the terminal</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1910,57 +1878,53 @@
</packing>
</child>
<child>
- <widget class="GtkCheckButton" id="mail_checkbutton">
+ <object class="GtkCheckButton" id="mail_checkbutton">
<property name="label" translatable="yes">Sends email</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
<property name="draw_indicator">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">7</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">9</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label115">
+ <child type="tab">
+ <object class="GtkLabel" id="label115">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Common
Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">9</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox69">
+ <object class="GtkVBox" id="vbox69">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_manages_label">
+ <object class="GtkLabel" id="select_manages_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Add files/directories that %s manages</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -1969,38 +1933,38 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox1">
+ <object class="GtkHBox" id="hbox1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkVBox" id="vbox3">
+ <object class="GtkVBox" id="vbox3">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkButton" id="button2">
+ <object class="GtkButton" id="button2">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <signal name="clicked" handler="on_add_clicked" swapped="no"/>
+ <signal handler="on_add_clicked" name="clicked" swapped="no"/>
<child>
- <widget class="GtkAlignment" id="alignment6">
+ <object class="GtkAlignment" id="alignment6">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xscale">0</property>
<property name="yscale">0</property>
<child>
- <widget class="GtkHBox" id="hbox4">
+ <object class="GtkHBox" id="hbox4">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">2</property>
<child>
- <widget class="GtkImage" id="image3">
+ <object class="GtkImage" id="image3">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="stock">gtk-add</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2008,23 +1972,23 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label17">
+ <object class="GtkLabel" id="label17">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label">Add File</property>
<property name="use_underline">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2032,28 +1996,28 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="button9">
+ <object class="GtkButton" id="button9">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <signal name="clicked" handler="on_add_dir_clicked" swapped="no"/>
+ <signal handler="on_add_dir_clicked" name="clicked" swapped="no"/>
<child>
- <widget class="GtkAlignment" id="alignment5">
+ <object class="GtkAlignment" id="alignment5">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xscale">0</property>
<property name="yscale">0</property>
<child>
- <widget class="GtkHBox" id="hbox3">
+ <object class="GtkHBox" id="hbox3">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">2</property>
<child>
- <widget class="GtkImage" id="image2">
+ <object class="GtkImage" id="image2">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="stock">gtk-add</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2061,23 +2025,23 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label16">
+ <object class="GtkLabel" id="label16">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label">Add Directory</property>
<property name="use_underline">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2085,22 +2049,22 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="button4">
+ <object class="GtkButton" id="button4">
<property name="label">gtk-delete</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- <signal name="clicked" handler="on_delete_clicked" swapped="no"/>
+ <signal handler="on_delete_clicked" name="clicked" swapped="no"/>
<accelerator key="Delete" signal="clicked"/>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2109,63 +2073,59 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow2">
+ <object class="GtkScrolledWindow" id="scrolledwindow2">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="hscrollbar_policy">automatic</property>
<property name="vscrollbar_policy">automatic</property>
<property name="shadow_type">in</property>
<child>
- <widget class="GtkTreeView" id="write_treeview">
+ <object class="GtkTreeView" id="write_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ...</property>
+ <property name="tooltip-text" translatable="yes">Files/Directories which the %s "manages". Pid Files, Log Files, /var/lib Files ...</property>
<property name="headers_visible">False</property>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">10</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="label116">
+ <child type="tab">
+ <object class="GtkLabel" id="label116">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="no">Add Tab</property>
- </widget>
+ </object>
<packing>
<property name="position">10</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox70">
+ <object class="GtkVBox" id="vbox70">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_booleans_label">
+ <object class="GtkLabel" id="select_booleans_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Add booleans from the %s policy:</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2174,38 +2134,38 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox2">
+ <object class="GtkHBox" id="hbox2">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkVBox" id="vbox1">
+ <object class="GtkVBox" id="vbox1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">6</property>
<child>
- <widget class="GtkButton" id="button1">
+ <object class="GtkButton" id="button1">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
- <signal name="clicked" handler="on_add_boolean_clicked" swapped="no"/>
+ <signal handler="on_add_boolean_clicked" name="clicked" swapped="no"/>
<child>
- <widget class="GtkAlignment" id="alignment1">
+ <object class="GtkAlignment" id="alignment1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xscale">0</property>
<property name="yscale">0</property>
<child>
- <widget class="GtkHBox" id="hbox5">
+ <object class="GtkHBox" id="hbox5">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">2</property>
<child>
- <widget class="GtkImage" id="image1">
+ <object class="GtkImage" id="image1">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="stock">gtk-add</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2213,23 +2173,23 @@
</packing>
</child>
<child>
- <widget class="GtkLabel" id="label3">
+ <object class="GtkLabel" id="label3">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label">Add Boolean</property>
<property name="use_underline">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2237,22 +2197,22 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="button3">
+ <object class="GtkButton" id="button3">
<property name="label">gtk-delete</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- <signal name="clicked" handler="on_delete_boolean_clicked" swapped="no"/>
+ <signal handler="on_delete_boolean_clicked" name="clicked" swapped="no"/>
<accelerator key="Delete" signal="clicked"/>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">True</property>
@@ -2261,61 +2221,57 @@
</packing>
</child>
<child>
- <widget class="GtkScrolledWindow" id="scrolledwindow1">
+ <object class="GtkScrolledWindow" id="scrolledwindow1">
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="hscrollbar_policy">automatic</property>
<property name="vscrollbar_policy">automatic</property>
<property name="shadow_type">in</property>
<child>
- <widget class="GtkTreeView" id="boolean_treeview">
+ <object class="GtkTreeView" id="boolean_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip" translatable="yes">Add/Remove booleans used by the %s domain</property>
- </widget>
+ <property name="tooltip-text" translatable="yes">Add/Remove booleans used by the %s domain</property>
+ </object>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">11</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="GtkLabel">
+ <child type="tab">
+ <object class="GtkLabel" id="GtkLabel">
<property name="visible">True</property>
<property name="can_focus">False</property>
- </widget>
+ </object>
<packing>
<property name="position">11</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
<child>
- <widget class="GtkVBox" id="vbox71">
+ <object class="GtkVBox" id="vbox71">
<property name="visible">True</property>
<property name="can_focus">False</property>
<child>
- <widget class="GtkLabel" id="select_dir_label">
+ <object class="GtkLabel" id="select_dir_label">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="xalign">0</property>
<property name="label" translatable="yes"><b>Which directory you will generate the %s policy?</b></property>
<property name="use_markup">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2323,16 +2279,16 @@
</packing>
</child>
<child>
- <widget class="GtkHBox" id="hbox6">
+ <object class="GtkHBox" id="hbox6">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="spacing">12</property>
<child>
- <widget class="GtkLabel" id="label18">
+ <object class="GtkLabel" id="label18">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="label" translatable="yes">Policy Directory</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2341,15 +2297,15 @@
</packing>
</child>
<child>
- <widget class="GtkEntry" id="output_entry">
+ <object class="GtkEntry" id="output_entry">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="invisible_char">•</property>
+ <property name="invisible_char">•</property>
<property name="primary_icon_activatable">False</property>
<property name="secondary_icon_activatable">False</property>
<property name="primary_icon_sensitive">True</property>
<property name="secondary_icon_sensitive">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
@@ -2357,20 +2313,20 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="output_button">
+ <object class="GtkButton" id="output_button">
<property name="label" translatable="yes">...</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="receives_default">False</property>
<property name="use_underline">True</property>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2378,23 +2334,19 @@
<property name="position">1</property>
</packing>
</child>
- </widget>
- <packing>
- <property name="position">12</property>
- </packing>
+ </object>
</child>
- <child>
- <widget class="GtkLabel" id="GtkLabel1">
+ <child type="tab">
+ <object class="GtkLabel" id="GtkLabel1">
<property name="visible">True</property>
<property name="can_focus">False</property>
- </widget>
+ </object>
<packing>
<property name="position">12</property>
<property name="tab_fill">False</property>
- <property name="type">tab</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">True</property>
<property name="fill">True</property>
@@ -2402,20 +2354,19 @@
</packing>
</child>
<child>
- <widget class="GtkHButtonBox" id="hbuttonbox2">
+ <object class="GtkHButtonBox" id="hbuttonbox2">
<property name="visible">True</property>
<property name="can_focus">False</property>
<property name="layout_style">end</property>
<child>
- <widget class="GtkButton" id="cancel_button">
+ <object class="GtkButton" id="cancel_button">
<property name="label">gtk-cancel</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- <signal name="activate" handler="on_cancel_activate" swapped="no"/>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2423,15 +2374,14 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="back_button">
+ <object class="GtkButton" id="back_button">
<property name="label">gtk-go-back</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- <signal name="activate" handler="on_back_activate" swapped="no"/>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2439,22 +2389,21 @@
</packing>
</child>
<child>
- <widget class="GtkButton" id="forward_button">
+ <object class="GtkButton" id="forward_button">
<property name="label">gtk-go-forward</property>
<property name="visible">True</property>
<property name="can_focus">True</property>
<property name="can_default">True</property>
<property name="receives_default">False</property>
<property name="use_stock">True</property>
- <signal name="activate" handler="on_forward_activate" swapped="no"/>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
<property name="position">2</property>
</packing>
</child>
- </widget>
+ </object>
<packing>
<property name="expand">False</property>
<property name="fill">False</property>
@@ -2462,7 +2411,7 @@
<property name="position">1</property>
</packing>
</child>
- </widget>
+ </object>
</child>
- </widget>
-</glade-interface>
+ </object>
+</interface>
diff --git a/gui/polgengui.py b/gui/polgengui.py
index af6b822..1601dbe 100644
--- a/gui/polgengui.py
+++ b/gui/polgengui.py
@@ -34,7 +34,9 @@
sys.stderr.write("%s: %s\n" % (e.__class__.__name__, str(e)))
sys.exit(1)
+import sepolicy.generate
import sepolicy.interface
+
try:
from subprocess import getstatusoutput
except ImportError:
@@ -95,10 +97,10 @@
##
xml = Gtk.Builder()
xml.set_translation_domain(PROGNAME)
-if os.access("polgen.glade", os.F_OK):
- xml.add_from_file("polgen.glade")
+if os.access("polgen.ui", os.F_OK):
+ xml.add_from_file("polgen.ui")
else:
- xml.add_from_file("/usr/share/system-config-selinux/polgen.glade")
+ xml.add_from_file("/usr/share/system-config-selinux/polgen.ui")
FILE = 1
DIR = 2
@@ -123,82 +125,82 @@
def __init__(self):
self.xml = xml
- self.notebook = xml.get_widget("notebook")
+ self.notebook = xml.get_object("notebook")
self.label_dict = {}
self.tooltip_dict = {}
- label = xml.get_widget("select_label")
+ label = xml.get_object("select_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_user_roles_label")
+ label = xml.get_object("select_user_roles_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_dir_label")
+ label = xml.get_object("select_dir_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_domain_admin_label")
+ label = xml.get_object("select_domain_admin_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_in_label")
+ label = xml.get_object("select_in_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_out_label")
+ label = xml.get_object("select_out_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_common_label")
+ label = xml.get_object("select_common_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_manages_label")
+ label = xml.get_object("select_manages_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("select_booleans_label")
+ label = xml.get_object("select_booleans_label")
self.label_dict[label] = label.get_text()
- label = xml.get_widget("existing_user_treeview")
+ label = xml.get_object("existing_user_treeview")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("transition_treeview")
+ label = xml.get_object("transition_treeview")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_tcp_all_checkbutton")
+ label = xml.get_object("in_tcp_all_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_tcp_reserved_checkbutton")
+ label = xml.get_object("in_tcp_reserved_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_tcp_unreserved_checkbutton")
+ label = xml.get_object("in_tcp_unreserved_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_tcp_entry")
+ label = xml.get_object("in_tcp_entry")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_udp_all_checkbutton")
+ label = xml.get_object("in_udp_all_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_udp_reserved_checkbutton")
+ label = xml.get_object("in_udp_reserved_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_udp_unreserved_checkbutton")
+ label = xml.get_object("in_udp_unreserved_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("in_udp_entry")
+ label = xml.get_object("in_udp_entry")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("out_tcp_entry")
+ label = xml.get_object("out_tcp_entry")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("out_udp_entry")
+ label = xml.get_object("out_udp_entry")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("out_tcp_all_checkbutton")
+ label = xml.get_object("out_tcp_all_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("out_udp_all_checkbutton")
+ label = xml.get_object("out_udp_all_checkbutton")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("boolean_treeview")
+ label = xml.get_object("boolean_treeview")
self.tooltip_dict[label] = label.get_tooltip_text()
- label = xml.get_widget("write_treeview")
+ label = xml.get_object("write_treeview")
self.tooltip_dict[label] = label.get_tooltip_text()
try:
@@ -214,23 +216,26 @@
self.error(str(e))
self.name = ""
- xml.signal_connect("on_delete_clicked", self.delete)
- xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
- xml.signal_connect("on_exec_select_clicked", self.exec_select)
- xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
- xml.signal_connect("on_add_clicked", self.add)
- xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
- xml.signal_connect("on_add_dir_clicked", self.add_dir)
- xml.signal_connect("on_about_clicked", self.on_about_clicked)
- xml.get_widget("cancel_button").connect("clicked", self.quit)
- self.forward_button = xml.get_widget("forward_button")
+ handlers = {
+ "on_delete_clicked": self.delete,
+ "on_delete_boolean_clicked": self.delete_boolean,
+ "on_exec_select_clicked": self.exec_select,
+ "on_init_script_select_clicked": self.init_script_select,
+ "on_add_clicked": self.add,
+ "on_add_boolean_clicked": self.add_boolean,
+ "on_add_dir_clicked": self.add_dir,
+ "on_about_clicked": self.on_about_clicked
+ }
+ xml.connect_signals(handlers)
+ xml.get_object("cancel_button").connect("clicked", self.quit)
+ self.forward_button = xml.get_object("forward_button")
self.forward_button.connect("clicked", self.forward)
- self.back_button = xml.get_widget("back_button")
+ self.back_button = xml.get_object("back_button")
self.back_button.connect("clicked", self.back)
- self.boolean_dialog = xml.get_widget("boolean_dialog")
- self.boolean_name_entry = xml.get_widget("boolean_name_entry")
- self.boolean_description_entry = xml.get_widget("boolean_description_entry")
+ self.boolean_dialog = xml.get_object("boolean_dialog")
+ self.boolean_name_entry = xml.get_object("boolean_name_entry")
+ self.boolean_description_entry = xml.get_object("boolean_description_entry")
self.pages = {}
for i in sepolicy.generate.USERS:
@@ -249,34 +254,34 @@
self.network_buttons = {}
- self.in_tcp_all_checkbutton = xml.get_widget("in_tcp_all_checkbutton")
- self.in_tcp_reserved_checkbutton = xml.get_widget("in_tcp_reserved_checkbutton")
- self.in_tcp_unreserved_checkbutton = xml.get_widget("in_tcp_unreserved_checkbutton")
- self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
+ self.in_tcp_all_checkbutton = xml.get_object("in_tcp_all_checkbutton")
+ self.in_tcp_reserved_checkbutton = xml.get_object("in_tcp_reserved_checkbutton")
+ self.in_tcp_unreserved_checkbutton = xml.get_object("in_tcp_unreserved_checkbutton")
+ self.in_tcp_entry = self.xml.get_object("in_tcp_entry")
self.network_buttons[self.in_tcp_all_checkbutton] = [self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry]
- self.out_tcp_all_checkbutton = xml.get_widget("out_tcp_all_checkbutton")
- self.out_tcp_reserved_checkbutton = xml.get_widget("out_tcp_reserved_checkbutton")
- self.out_tcp_unreserved_checkbutton = xml.get_widget("out_tcp_unreserved_checkbutton")
- self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
+ self.out_tcp_all_checkbutton = xml.get_object("out_tcp_all_checkbutton")
+ self.out_tcp_reserved_checkbutton = xml.get_object("out_tcp_reserved_checkbutton")
+ self.out_tcp_unreserved_checkbutton = xml.get_object("out_tcp_unreserved_checkbutton")
+ self.out_tcp_entry = self.xml.get_object("out_tcp_entry")
self.network_buttons[self.out_tcp_all_checkbutton] = [self.out_tcp_entry]
- self.in_udp_all_checkbutton = xml.get_widget("in_udp_all_checkbutton")
- self.in_udp_reserved_checkbutton = xml.get_widget("in_udp_reserved_checkbutton")
- self.in_udp_unreserved_checkbutton = xml.get_widget("in_udp_unreserved_checkbutton")
- self.in_udp_entry = self.xml.get_widget("in_udp_entry")
+ self.in_udp_all_checkbutton = xml.get_object("in_udp_all_checkbutton")
+ self.in_udp_reserved_checkbutton = xml.get_object("in_udp_reserved_checkbutton")
+ self.in_udp_unreserved_checkbutton = xml.get_object("in_udp_unreserved_checkbutton")
+ self.in_udp_entry = self.xml.get_object("in_udp_entry")
self.network_buttons[self.in_udp_all_checkbutton] = [self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry]
- self.out_udp_all_checkbutton = xml.get_widget("out_udp_all_checkbutton")
- self.out_udp_entry = self.xml.get_widget("out_udp_entry")
+ self.out_udp_all_checkbutton = xml.get_object("out_udp_all_checkbutton")
+ self.out_udp_entry = self.xml.get_object("out_udp_entry")
self.network_buttons[self.out_udp_all_checkbutton] = [self.out_udp_entry]
for b in self.network_buttons.keys():
b.connect("clicked", self.network_all_clicked)
- self.boolean_treeview = self.xml.get_widget("boolean_treeview")
+ self.boolean_treeview = self.xml.get_object("boolean_treeview")
self.boolean_store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_STRING)
self.boolean_treeview.set_model(self.boolean_store)
self.boolean_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
@@ -285,7 +290,7 @@
col = Gtk.TreeViewColumn(_("Description"), Gtk.CellRendererText(), text=1)
self.boolean_treeview.append_column(col)
- self.role_treeview = self.xml.get_widget("role_treeview")
+ self.role_treeview = self.xml.get_object("role_treeview")
self.role_store = Gtk.ListStore(GObject.TYPE_STRING)
self.role_treeview.set_model(self.role_store)
self.role_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
@@ -293,7 +298,7 @@
col = Gtk.TreeViewColumn(_("Role"), Gtk.CellRendererText(), text=0)
self.role_treeview.append_column(col)
- self.existing_user_treeview = self.xml.get_widget("existing_user_treeview")
+ self.existing_user_treeview = self.xml.get_object("existing_user_treeview")
self.existing_user_store = Gtk.ListStore(GObject.TYPE_STRING)
self.existing_user_treeview.set_model(self.existing_user_store)
self.existing_user_store.set_sort_column_id(0, Gtk.SortType.ASCENDING)
@@ -304,9 +309,9 @@
iter = self.role_store.append()
self.role_store.set_value(iter, 0, i[:-2])
- self.in_tcp_reserved_checkbutton = xml.get_widget("in_tcp_reserved_checkbutton")
+ self.in_tcp_reserved_checkbutton = xml.get_object("in_tcp_reserved_checkbutton")
- self.transition_treeview = self.xml.get_widget("transition_treeview")
+ self.transition_treeview = self.xml.get_object("transition_treeview")
self.transition_store = Gtk.ListStore(GObject.TYPE_STRING)
self.transition_treeview.set_model(self.transition_store)
self.transition_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
@@ -314,7 +319,7 @@
col = Gtk.TreeViewColumn(_("Application"), Gtk.CellRendererText(), text=0)
self.transition_treeview.append_column(col)
- self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
+ self.user_transition_treeview = self.xml.get_object("user_transition_treeview")
self.user_transition_store = Gtk.ListStore(GObject.TYPE_STRING)
self.user_transition_treeview.set_model(self.user_transition_store)
self.user_transition_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
@@ -328,7 +333,7 @@
iter = self.existing_user_store.append()
self.existing_user_store.set_value(iter, 0, i[:-2])
- self.admin_treeview = self.xml.get_widget("admin_treeview")
+ self.admin_treeview = self.xml.get_object("admin_treeview")
self.admin_store = Gtk.ListStore(GObject.TYPE_STRING)
self.admin_treeview.set_model(self.admin_store)
self.admin_treeview.get_selection().set_mode(Gtk.SelectionMode.MULTIPLE)
@@ -383,7 +388,7 @@
if self.pages[type][self.current_page] == self.FINISH_PAGE:
self.generate_policy()
- self.xml.get_widget("cancel_button").set_label(Gtk.STOCK_CLOSE)
+ self.xml.get_object("cancel_button").set_label(Gtk.STOCK_CLOSE)
else:
self.current_page = self.current_page + 1
self.notebook.set_current_page(self.pages[type][self.current_page])
@@ -603,7 +608,7 @@
self.__add(DIR)
def on_about_clicked(self, args):
- dlg = xml.get_widget("about_dialog")
+ dlg = xml.get_object("about_dialog")
dlg.run()
dlg.hide()
@@ -612,43 +617,43 @@
def setupScreen(self):
# Bring in widgets from glade file.
- self.mainWindow = self.xml.get_widget("main_window")
- self.druid = self.xml.get_widget("druid")
+ self.mainWindow = self.xml.get_object("main_window")
+ self.druid = self.xml.get_object("druid")
self.type = 0
- self.name_entry = self.xml.get_widget("name_entry")
+ self.name_entry = self.xml.get_object("name_entry")
self.name_entry.connect("insert_text", self.on_name_entry_changed)
self.name_entry.connect("focus_out_event", self.on_focus_out_event)
- self.exec_entry = self.xml.get_widget("exec_entry")
- self.exec_button = self.xml.get_widget("exec_button")
- self.init_script_entry = self.xml.get_widget("init_script_entry")
- self.init_script_button = self.xml.get_widget("init_script_button")
- self.output_entry = self.xml.get_widget("output_entry")
+ self.exec_entry = self.xml.get_object("exec_entry")
+ self.exec_button = self.xml.get_object("exec_button")
+ self.init_script_entry = self.xml.get_object("init_script_entry")
+ self.init_script_button = self.xml.get_object("init_script_button")
+ self.output_entry = self.xml.get_object("output_entry")
self.output_entry.set_text(os.getcwd())
- self.xml.get_widget("output_button").connect("clicked", self.output_button_clicked)
+ self.xml.get_object("output_button").connect("clicked", self.output_button_clicked)
- self.xwindows_user_radiobutton = self.xml.get_widget("xwindows_user_radiobutton")
- self.terminal_user_radiobutton = self.xml.get_widget("terminal_user_radiobutton")
- self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
- self.login_user_radiobutton = self.xml.get_widget("login_user_radiobutton")
- self.admin_user_radiobutton = self.xml.get_widget("admin_user_radiobutton")
- self.existing_user_radiobutton = self.xml.get_widget("existing_user_radiobutton")
+ self.xwindows_user_radiobutton = self.xml.get_object("xwindows_user_radiobutton")
+ self.terminal_user_radiobutton = self.xml.get_object("terminal_user_radiobutton")
+ self.root_user_radiobutton = self.xml.get_object("root_user_radiobutton")
+ self.login_user_radiobutton = self.xml.get_object("login_user_radiobutton")
+ self.admin_user_radiobutton = self.xml.get_object("admin_user_radiobutton")
+ self.existing_user_radiobutton = self.xml.get_object("existing_user_radiobutton")
- self.user_radiobutton = self.xml.get_widget("user_radiobutton")
- self.init_radiobutton = self.xml.get_widget("init_radiobutton")
- self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
- self.dbus_radiobutton = self.xml.get_widget("dbus_radiobutton")
- self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
- self.sandbox_radiobutton = self.xml.get_widget("sandbox_radiobutton")
- self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
- self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
- self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
- self.dbus_checkbutton = self.xml.get_widget("dbus_checkbutton")
- self.audit_checkbutton = self.xml.get_widget("audit_checkbutton")
- self.terminal_checkbutton = self.xml.get_widget("terminal_checkbutton")
- self.mail_checkbutton = self.xml.get_widget("mail_checkbutton")
- self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
- self.view = self.xml.get_widget("write_treeview")
- self.file_dialog = self.xml.get_widget("filechooserdialog")
+ self.user_radiobutton = self.xml.get_object("user_radiobutton")
+ self.init_radiobutton = self.xml.get_object("init_radiobutton")
+ self.inetd_radiobutton = self.xml.get_object("inetd_radiobutton")
+ self.dbus_radiobutton = self.xml.get_object("dbus_radiobutton")
+ self.cgi_radiobutton = self.xml.get_object("cgi_radiobutton")
+ self.sandbox_radiobutton = self.xml.get_object("sandbox_radiobutton")
+ self.tmp_checkbutton = self.xml.get_object("tmp_checkbutton")
+ self.uid_checkbutton = self.xml.get_object("uid_checkbutton")
+ self.pam_checkbutton = self.xml.get_object("pam_checkbutton")
+ self.dbus_checkbutton = self.xml.get_object("dbus_checkbutton")
+ self.audit_checkbutton = self.xml.get_object("audit_checkbutton")
+ self.terminal_checkbutton = self.xml.get_object("terminal_checkbutton")
+ self.mail_checkbutton = self.xml.get_object("mail_checkbutton")
+ self.syslog_checkbutton = self.xml.get_object("syslog_checkbutton")
+ self.view = self.xml.get_object("write_treeview")
+ self.file_dialog = self.xml.get_object("filechooserdialog")
self.store = Gtk.ListStore(GObject.TYPE_STRING, GObject.TYPE_INT)
self.view.set_model(self.store)
@@ -669,7 +674,7 @@
def on_name_entry_changed(self, entry, text, size, position):
if text.find(" ") >= 0:
- entry.emit_stop_by_name("insert_text")
+ entry.stop_emission_by_name("insert-text")
def on_focus_out_event(self, entry, third):
name = entry.get_text()
@@ -696,16 +701,16 @@
def on_in_net_page_next(self, *args):
try:
- generate.verify_ports(self.in_tcp_entry.get_text())
- generate.verify_ports(self.in_udp_entry.get_text())
+ sepolicy.generate.verify_ports(self.in_tcp_entry.get_text())
+ sepolicy.generate.verify_ports(self.in_udp_entry.get_text())
except ValueError as e:
self.error(e.message)
return True
def on_out_net_page_next(self, *args):
try:
- generate.verify_ports(self.out_tcp_entry.get_text())
- generate.verify_ports(self.out_udp_entry.get_text())
+ sepolicy.generate.verify_ports(self.out_tcp_entry.get_text())
+ sepolicy.generate.verify_ports(self.out_udp_entry.get_text())
except ValueError as e:
self.error(e.message)
return True
@@ -741,7 +746,7 @@
if exe == "":
self.error(_("You must enter a executable"))
return True
- policy = generate.policy(name, self.get_type())
+ policy = sepolicy.generate.policy(name, self.get_type())
policy.set_program(exe)
policy.gen_writeable()
policy.gen_symbols()
diff --git a/gui/semanagePage.py b/gui/semanagePage.py
index 560ec07..4127804 100644
--- a/gui/semanagePage.py
+++ b/gui/semanagePage.py
@@ -140,7 +140,7 @@
while self.dialog.run() == Gtk.ResponseType.OK:
try:
- if not self.add():
+ if self.add() is False:
continue
break
except ValueError as e:
@@ -153,7 +153,7 @@
self.dialog.set_position(Gtk.WindowPosition.MOUSE)
while self.dialog.run() == Gtk.ResponseType.OK:
try:
- if not self.modify():
+ if self.modify() is False:
continue
break
except ValueError as e:
diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile
index 757a6c9..8ab9ce9 100644
--- a/libselinux/include/Makefile
+++ b/libselinux/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCDIR ?= $(PREFIX)/include/selinux
+PREFIX ?= /usr
+INCDIR = $(PREFIX)/include/selinux
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(DESTDIR)$(INCDIR)
relabel:
diff --git a/libselinux/man/Makefile b/libselinux/man/Makefile
index 0643e6a..f634d1f 100644
--- a/libselinux/man/Makefile
+++ b/libselinux/man/Makefile
@@ -1,17 +1,18 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
-MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+PREFIX ?= /usr
+MAN8DIR ?= $(PREFIX)/share/man/man8
+MAN5DIR ?= $(PREFIX)/share/man/man5
+MAN3DIR ?= $(PREFIX)/share/man/man3
all:
install: all
- mkdir -p $(MAN3DIR)
- mkdir -p $(MAN5DIR)
- mkdir -p $(MAN8DIR)
- install -m 644 man3/*.3 $(MAN3DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN3DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
relabel:
diff --git a/libselinux/man/man5/removable_context.5 b/libselinux/man/man5/removable_context.5
index 60aaa93..f16e8bd 100644
--- a/libselinux/man/man5/removable_context.5
+++ b/libselinux/man/man5/removable_context.5
@@ -3,8 +3,7 @@
removable_context \- The SELinux removable devices context configuration file
.
.SH "DESCRIPTION"
-This file contains the default label that should be used for removable devices that are not defined in the \fImedia\fR file (that is described in
-.BR selabel_media "(5)). "
+This file contains the default label that should be used for removable devices.
.sp
.BR selinux_removable_context_path "(3) "
will return the active policy path to this file. The default removable context file is:
@@ -34,4 +33,4 @@
system_u:object_r:removable_t:s0
.
.SH "SEE ALSO"
-.BR selinux "(8), " selinux_removable_context_path "(3), " selabel_media "(5), " selinux_config "(5) "
+.BR selinux "(8), " selinux_removable_context_path "(3), " selinux_config "(5) "
diff --git a/libselinux/man/man5/selabel_media.5 b/libselinux/man/man5/selabel_media.5
index 395ed0e..b7c28e3 100644
--- a/libselinux/man/man5/selabel_media.5
+++ b/libselinux/man/man5/selabel_media.5
@@ -52,8 +52,6 @@
.RE
.sp
Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
-.sp
-Should there not be a valid entry in the \fImedia\fR file, then the default \fIremovable_context\fR file will be read (see \fBremovable_context\fR(5)).
.
.SH "FILE FORMAT"
Each line within the \fImedia\fR file is as follows:
@@ -90,4 +88,4 @@
.SH "SEE ALSO"
.ad l
.nh
-.BR selinux "(8), " selabel_open "(3), " selabel_lookup "(3), " selabel_stats "(3), " selabel_close "(3), " selinux_set_callback "(3), " selinux_media_context_path "(3), " freecon "(3), " selinux_config "(5), " removable_context "(5) "
+.BR selinux "(8), " selabel_open "(3), " selabel_lookup "(3), " selabel_stats "(3), " selabel_close "(3), " selinux_set_callback "(3), " selinux_media_context_path "(3), " freecon "(3), " selinux_config "(5) "
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 18df75c..8af04aa 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -8,19 +8,17 @@
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-LIBBASE ?= $(shell basename $(LIBDIR))
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
VERSION = $(shell cat ../VERSION)
LIBVERSION = 1
@@ -50,6 +48,13 @@
AUDIT2WHYLOBJ=$(PYPREFIX)audit2why.lo
AUDIT2WHYSO=$(PYPREFIX)audit2why.so
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
@@ -148,7 +153,7 @@
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@
selinuxswig_python_exception.i: ../include/selinux/selinux.h
bash -e exception.sh > $@ || (rm -f $@ ; false)
@@ -157,7 +162,7 @@
$(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(PYLIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS)
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -177,26 +182,26 @@
$(SWIG) $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
- test -d $(PYSITEDIR)/selinux || install -m 755 -d $(PYSITEDIR)/selinux
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO) $(PYSITEDIR)/selinux/audit2why$(PYCEXT)
- install -m 644 $(SWIGPYOUT) $(PYSITEDIR)/selinux/__init__.py
+ test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
+ install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
+ install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/selinux.so
relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
clean-pywrap:
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
diff --git a/libselinux/src/libselinux.pc.in b/libselinux/src/libselinux.pc.in
index 2e90a84..7c66b1f 100644
--- a/libselinux/src/libselinux.pc.in
+++ b/libselinux/src/libselinux.pc.in
@@ -1,6 +1,6 @@
prefix=@prefix@
exec_prefix=${prefix}
-libdir=${exec_prefix}/@libdir@
+libdir=@libdir@
includedir=@includedir@
Name: libselinux
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
index eb4851a..d06ffd6 100644
--- a/libselinux/utils/Makefile
+++ b/libselinux/utils/Makefile
@@ -1,8 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
-INCLUDEDIR ?= $(PREFIX)/include
OS ?= $(shell uname)
@@ -63,8 +61,8 @@
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
clean:
rm -f $(TARGETS) *.o *~
diff --git a/libsemanage/include/Makefile b/libsemanage/include/Makefile
index b660660..6e44a28 100644
--- a/libsemanage/include/Makefile
+++ b/libsemanage/include/Makefile
@@ -1,12 +1,12 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCDIR ?= $(PREFIX)/include/semanage
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- install -m 644 $(wildcard semanage/*.h) $(INCDIR)
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard semanage/*.h) $(DESTDIR)$(INCDIR)
indent:
../../scripts/Lindent $(wildcard semanage/*.h)
diff --git a/libsemanage/man/Makefile b/libsemanage/man/Makefile
index 852043d..8667c9b 100644
--- a/libsemanage/man/Makefile
+++ b/libsemanage/man/Makefile
@@ -1,12 +1,13 @@
# Installation directories.
-MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+PREFIX ?= /usr
+MAN3DIR ?= $(PREFIX)/share/man/man3
+MAN5DIR ?= $(PREFIX)/share/man/man5
all:
install: all
- mkdir -p $(MAN3DIR)
- mkdir -p $(MAN5DIR)
- install -m 644 man3/*.3 $(MAN3DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN3DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index fdb178f..dea751e 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -8,21 +8,18 @@
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
INCLUDEDIR ?= $(PREFIX)/include
PYINC ?= $(shell $(PKG_CONFIG) --cflags $(PYPREFIX))
PYLIBS ?= $(shell $(PKG_CONFIG) --libs $(PYPREFIX))
-PYSITEDIR ?= $(DESTDIR)$(shell $(PYTHON) -c 'import site; print(site.getsitepackages()[0])')
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(plat_specific=1, prefix='$(PREFIX)'))")
PYCEXT ?= $(shell $(PYTHON) -c 'import imp;print([s for s,m,t in imp.get_suffixes() if t == imp.C_EXTENSION][0])')
RUBYINC ?= $(shell $(RUBY) -e 'puts "-I" + RbConfig::CONFIG["rubyarchhdrdir"] + " -I" + RbConfig::CONFIG["rubyhdrdir"]')
RUBYLIBS ?= $(shell $(RUBY) -e 'puts "-L" + RbConfig::CONFIG["libdir"] + " -L" + RbConfig::CONFIG["archlibdir"] + " " + RbConfig::CONFIG["LIBRUBYARG_SHARED"]')
-RUBYINSTALL ?= $(DESTDIR)$(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
+RUBYINSTALL ?= $(shell $(RUBY) -e 'puts RbConfig::CONFIG["vendorarchdir"]')
-LIBBASE=$(shell basename $(LIBDIR))
-
-DEFAULT_SEMANAGE_CONF_LOCATION=$(DESTDIR)/etc/selinux/semanage.conf
+DEFAULT_SEMANAGE_CONF_LOCATION=/etc/selinux/semanage.conf
ifeq ($(DEBUG),1)
export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
@@ -95,7 +92,7 @@
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
semanageswig_python_exception.i: ../include/semanage/semanage.h
bash -e exception.sh > $@ || (rm -f $@ ; false)
@@ -136,26 +133,26 @@
$(SWIG) $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- install -m 755 $(LIBSO) $(LIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- test -f $(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DEFAULT_SEMANAGE_CONF_LOCATION)
- cd $(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ test -f $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION) || install -m 644 -D semanage.conf $(DESTDIR)$(DEFAULT_SEMANAGE_CONF_LOCATION)
+ cd $(DESTDIR)$(LIBDIR) && ln -sf $(LIBSO) $(TARGET)
install-pywrap: pywrap
- test -d $(PYSITEDIR) || install -m 755 -d $(PYSITEDIR)
- install -m 755 $(SWIGSO) $(PYSITEDIR)/_semanage$(PYCEXT)
- install -m 644 semanage.py $(PYSITEDIR)
+ test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)
+ install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_semanage$(PYCEXT)
+ install -m 644 semanage.py $(DESTDIR)$(PYTHONLIBDIR)
install-rubywrap: rubywrap
- test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
- install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/semanage.so
+ test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(DESTDIR)$(RUBYINSTALL)/semanage.so
relabel:
- /sbin/restorecon $(LIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(LIBDIR)/$(LIBSO)
clean:
-rm -f $(LIBPC) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(SWIGRUBYSO) $(TARGET) conf-parse.c conf-parse.h conf-scan.c *.o *.lo *~
diff --git a/libsemanage/src/database_file.c b/libsemanage/src/database_file.c
index a21b3ee..a51269e 100644
--- a/libsemanage/src/database_file.c
+++ b/libsemanage/src/database_file.c
@@ -119,13 +119,16 @@
cache_entry_t *ptr;
const char *fname = NULL;
FILE *str = NULL;
+ mode_t mask;
if (!dbase_llist_is_modified(&dbase->llist))
return STATUS_SUCCESS;
fname = dbase->path[handle->is_in_transaction];
+ mask = umask(0077);
str = fopen(fname, "w");
+ umask(mask);
if (!str) {
ERR(handle, "could not open %s for writing: %s",
fname, strerror(errno));
diff --git a/libsemanage/src/database_llist.c b/libsemanage/src/database_llist.c
index 8ce2e2c..c8f4ff0 100644
--- a/libsemanage/src/database_llist.c
+++ b/libsemanage/src/database_llist.c
@@ -263,7 +263,7 @@
if (rc < 0)
goto err;
- else if (rc > 1)
+ else if (rc > 0)
break;
}
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 00ad820..e7ec952 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -60,6 +60,7 @@
#define PIPE_READ 0
#define PIPE_WRITE 1
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
static void semanage_direct_destroy(semanage_handle_t * sh);
static int semanage_direct_disconnect(semanage_handle_t * sh);
@@ -140,6 +141,7 @@
int semanage_direct_connect(semanage_handle_t * sh)
{
const char *path;
+ struct stat sb;
if (semanage_check_init(sh, sh->conf->store_root_path))
goto err;
@@ -148,9 +150,6 @@
if (semanage_create_store(sh, 1))
goto err;
- if (semanage_access_check(sh) < SEMANAGE_CAN_READ)
- goto err;
-
sh->u.direct.translock_file_fd = -1;
sh->u.direct.activelock_file_fd = -1;
@@ -305,10 +304,16 @@
/* set the disable dontaudit value */
path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT);
- if (access(path, F_OK) == 0)
+
+ if (stat(path, &sb) == 0)
sepol_set_disable_dontaudit(sh->sepolh, 1);
- else
+ else if (errno == ENOENT) {
+ /* The file does not exist */
sepol_set_disable_dontaudit(sh->sepolh, 0);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ goto err;
+ }
return STATUS_SUCCESS;
@@ -323,25 +328,43 @@
/* do nothing */
}
-static int semanage_direct_disconnect(semanage_handle_t * sh)
+static int semanage_remove_tmps(semanage_handle_t *sh)
{
- /* destroy transaction */
- if (sh->is_in_transaction) {
- /* destroy sandbox */
- if (semanage_remove_directory
- (semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)) < 0) {
+ if (sh->commit_err)
+ return 0;
+
+ /* destroy sandbox if it exists */
+ if (semanage_remove_directory
+ (semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL)) < 0) {
+ if (errno != ENOENT) {
ERR(sh, "Could not cleanly remove sandbox %s.",
semanage_path(SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
return -1;
}
- if (semanage_remove_directory
- (semanage_final_path(SEMANAGE_FINAL_TMP,
- SEMANAGE_FINAL_TOPLEVEL)) < 0) {
+ }
+
+ /* destroy tmp policy if it exists */
+ if (semanage_remove_directory
+ (semanage_final_path(SEMANAGE_FINAL_TMP,
+ SEMANAGE_FINAL_TOPLEVEL)) < 0) {
+ if (errno != ENOENT) {
ERR(sh, "Could not cleanly remove tmp %s.",
semanage_final_path(SEMANAGE_FINAL_TMP,
SEMANAGE_FINAL_TOPLEVEL));
return -1;
}
+ }
+
+ return 0;
+}
+
+static int semanage_direct_disconnect(semanage_handle_t *sh)
+{
+ int retval = 0;
+
+ /* destroy transaction and remove tmp files if no commit error */
+ if (sh->is_in_transaction) {
+ retval = semanage_remove_tmps(sh);
semanage_release_trans_lock(sh);
}
@@ -375,15 +398,11 @@
/* Release object databases: active kernel policy */
bool_activedb_dbase_release(semanage_bool_dbase_active(sh));
- return 0;
+ return retval;
}
static int semanage_direct_begintrans(semanage_handle_t * sh)
{
-
- if (semanage_access_check(sh) != SEMANAGE_CAN_WRITE) {
- return -1;
- }
if (semanage_get_trans_lock(sh) < 0) {
return -1;
}
@@ -1128,6 +1147,7 @@
int status = 0;
int i;
char cil_path[PATH_MAX];
+ struct stat sb;
assert(sh);
assert(modinfos);
@@ -1144,9 +1164,13 @@
}
if (semanage_get_ignore_module_cache(sh) == 0 &&
- access(cil_path, F_OK) == 0) {
+ (status = stat(cil_path, &sb)) == 0) {
continue;
}
+ if (status != 0 && errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", cil_path, strerror(errno));
+ goto cleanup; //an error in the "stat" call
+ }
status = semanage_compile_module(sh, &modinfos[i]);
if (status < 0) {
@@ -1160,6 +1184,14 @@
return status;
}
+/* Copies a file from src to dst. If dst already exists then
+ * overwrite it. If source doesn't exist then return success.
+ * Returns 0 on success, -1 on error. */
+static int copy_file_if_exists(const char *src, const char *dst, mode_t mode){
+ int rc = semanage_copy_file(src, dst, mode);
+ return (rc < 0 && errno != ENOENT) ? rc : 0;
+}
+
/********************* direct API functions ********************/
/* Commits all changes in sandbox to the actual kernel policy.
@@ -1176,6 +1208,8 @@
sepol_policydb_t *out = NULL;
struct cil_db *cildb = NULL;
semanage_module_info_t *modinfos = NULL;
+ mode_t mask = umask(0077);
+ struct stat sb;
int do_rebuild, do_write_kernel, do_install;
int fcontexts_modified, ports_modified, seusers_modified,
@@ -1214,10 +1248,16 @@
/* Create or remove the disable_dontaudit flag file. */
path = semanage_path(SEMANAGE_TMP, SEMANAGE_DISABLE_DONTAUDIT);
- if (access(path, F_OK) == 0)
+ if (stat(path, &sb) == 0)
do_rebuild |= !(sepol_get_disable_dontaudit(sh->sepolh) == 1);
- else
+ else if (errno == ENOENT) {
+ /* The file does not exist */
do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
+ }
if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
FILE *touch;
touch = fopen(path, "w");
@@ -1239,10 +1279,17 @@
/* Create or remove the preserve_tunables flag file. */
path = semanage_path(SEMANAGE_TMP, SEMANAGE_PRESERVE_TUNABLES);
- if (access(path, F_OK) == 0)
+ if (stat(path, &sb) == 0)
do_rebuild |= !(sepol_get_preserve_tunables(sh->sepolh) == 1);
- else
+ else if (errno == ENOENT) {
+ /* The file does not exist */
do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
+ }
+
if (sepol_get_preserve_tunables(sh->sepolh) == 1) {
FILE *touch;
touch = fopen(path, "w");
@@ -1279,40 +1326,25 @@
* a rebuild.
*/
if (!do_rebuild) {
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
+ int files[] = {SEMANAGE_STORE_KERNEL,
+ SEMANAGE_STORE_FC,
+ SEMANAGE_STORE_SEUSERS,
+ SEMANAGE_LINKED,
+ SEMANAGE_SEUSERS_LINKED,
+ SEMANAGE_USERS_EXTRA_LINKED};
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
+ for (i = 0; i < (int) ARRAY_SIZE(files); i++) {
+ path = semanage_path(SEMANAGE_TMP, files[i]);
+ if (stat(path, &sb) != 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
+ }
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
- }
-
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED);
- if (access(path, F_OK) != 0) {
- do_rebuild = 1;
- goto rebuild;
+ do_rebuild = 1;
+ goto rebuild;
+ }
}
}
@@ -1445,7 +1477,7 @@
goto cleanup;
path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED);
- if (access(path, F_OK) == 0) {
+ if (stat(path, &sb) == 0) {
retval = semanage_copy_file(path,
semanage_path(SEMANAGE_TMP,
SEMANAGE_STORE_SEUSERS),
@@ -1453,12 +1485,17 @@
if (retval < 0)
goto cleanup;
pseusers->dtable->drop_cache(pseusers->dbase);
- } else {
+ } else if (errno == ENOENT) {
+ /* The file does not exist */
pseusers->dtable->clear(sh, pseusers->dbase);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
}
path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED);
- if (access(path, F_OK) == 0) {
+ if (stat(path, &sb) == 0) {
retval = semanage_copy_file(path,
semanage_path(SEMANAGE_TMP,
SEMANAGE_USERS_EXTRA),
@@ -1466,8 +1503,13 @@
if (retval < 0)
goto cleanup;
pusers_extra->dtable->drop_cache(pusers_extra->dbase);
- } else {
+ } else if (errno == ENOENT) {
+ /* The file does not exist */
pusers_extra->dtable->clear(sh, pusers_extra->dbase);
+ } else {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ retval = -1;
+ goto cleanup;
}
}
@@ -1551,34 +1593,25 @@
goto cleanup;
}
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
- if (access(path, F_OK) == 0) {
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
- sh->conf->file_mode);
- if (retval < 0) {
- goto cleanup;
- }
+ retval = copy_file_if_exists(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_LOCAL),
+ sh->conf->file_mode);
+ if (retval < 0) {
+ goto cleanup;
}
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC);
- if (access(path, F_OK) == 0) {
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
- sh->conf->file_mode);
- if (retval < 0) {
- goto cleanup;
- }
+ retval = copy_file_if_exists(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC),
+ sh->conf->file_mode);
+ if (retval < 0) {
+ goto cleanup;
}
- path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS);
- if (access(path, F_OK) == 0) {
- retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
- semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
- sh->conf->file_mode);
- if (retval < 0) {
- goto cleanup;
- }
+ retval = copy_file_if_exists(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_SEUSERS),
+ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_SEUSERS),
+ sh->conf->file_mode);
+ if (retval < 0) {
+ goto cleanup;
}
/* run genhomedircon if its enabled, this should be the last operation
@@ -1634,17 +1667,21 @@
free(mod_filenames);
sepol_policydb_free(out);
cil_db_destroy(&cildb);
- semanage_release_trans_lock(sh);
free(fc_buffer);
- /* regardless if the commit was successful or not, remove the
- sandbox if it is still there */
- semanage_remove_directory(semanage_path
- (SEMANAGE_TMP, SEMANAGE_TOPLEVEL));
- semanage_remove_directory(semanage_final_path
- (SEMANAGE_FINAL_TMP,
- SEMANAGE_FINAL_TOPLEVEL));
+ /* Set commit_err so other functions can detect any errors. Note that
+ * retval > 0 will be the commit number.
+ */
+ if (retval < 0)
+ sh->commit_err = retval;
+
+ if (semanage_remove_tmps(sh) != 0)
+ retval = -1;
+
+ semanage_release_trans_lock(sh);
+ umask(mask);
+
return retval;
}
@@ -1802,6 +1839,7 @@
ssize_t _data_len;
char *_data;
int compressed;
+ struct stat sb;
/* get path of module */
rc = semanage_module_get_path(
@@ -1814,8 +1852,8 @@
goto cleanup;
}
- if (access(module_path, F_OK) != 0) {
- ERR(sh, "Module does not exist: %s", module_path);
+ if (stat(module_path, &sb) != 0) {
+ ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno));
rc = -1;
goto cleanup;
}
@@ -1844,7 +1882,13 @@
goto cleanup;
}
- if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && access(input_file, F_OK) != 0) {
+ if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno));
+ rc = -1;
+ goto cleanup;
+ }
+
rc = semanage_compile_module(sh, _modinfo);
if (rc < 0) {
goto cleanup;
@@ -1989,6 +2033,12 @@
}
if (stat(path, &sb) < 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ status = -1;
+ goto cleanup;
+ }
+
*enabled = 1;
}
else {
@@ -2016,6 +2066,7 @@
const char *path = NULL;
FILE *fp = NULL;
semanage_module_info_t *modinfo = NULL;
+ mode_t mask;
/* check transaction */
if (!sh->is_in_transaction) {
@@ -2076,7 +2127,9 @@
switch (enabled) {
case 0: /* disable the module */
+ mask = umask(0077);
fp = fopen(fn, "w");
+ umask(mask);
if (fp == NULL) {
ERR(sh,
@@ -2312,6 +2365,12 @@
/* set enabled/disabled status */
if (stat(fn, &sb) < 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno));
+ status = -1;
+ goto cleanup;
+ }
+
ret = semanage_module_info_set_enabled(sh, *modinfo, 1);
if (ret != 0) {
status = -1;
@@ -2720,8 +2779,10 @@
int status = 0;
int ret = 0;
int type;
+ struct stat sb;
char path[PATH_MAX];
+ mode_t mask = umask(0077);
semanage_module_info_t *higher_info = NULL;
semanage_module_key_t higher_key;
@@ -2770,7 +2831,7 @@
if (higher_info->enabled == 0 && modinfo->enabled == -1) {
errno = 0;
WARN(sh,
- "%s module will be disabled after install due to default enabled status.",
+ "%s module will be disabled after install as there is a disabled instance of this module present in the system.",
modinfo->name);
}
}
@@ -2819,7 +2880,7 @@
goto cleanup;
}
- if (access(path, F_OK) == 0) {
+ if (stat(path, &sb) == 0) {
ret = unlink(path);
if (ret != 0) {
ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno));
@@ -2833,6 +2894,7 @@
semanage_module_key_destroy(sh, &higher_key);
semanage_module_info_destroy(sh, higher_info);
free(higher_info);
+ umask(mask);
return status;
}
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
index 4ce1df0..a6567bd 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -86,6 +86,8 @@
* If any changes are made, this flag is ignored */
sh->do_rebuild = 0;
+ sh->commit_err = 0;
+
/* By default always reload policy after commit if SELinux is enabled. */
sh->do_reload = (is_selinux_enabled() > 0);
diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h
index 1780ac8..a91907b 100644
--- a/libsemanage/src/handle.h
+++ b/libsemanage/src/handle.h
@@ -62,6 +62,10 @@
int is_in_transaction;
int do_reload; /* whether to reload policy after commit */
int do_rebuild; /* whether to rebuild policy if there were no changes */
+ int commit_err; /* set by semanage_direct_commit() if there are
+ * any errors when building or committing the
+ * sandbox to kernel policy at /etc/selinux
+ */
int modules_modified;
int create_store; /* whether to create the store if it does not exist
* this will only have an effect on direct connections */
diff --git a/libsemanage/src/libsemanage.pc.in b/libsemanage/src/libsemanage.pc.in
index d3eaa06..43681dd 100644
--- a/libsemanage/src/libsemanage.pc.in
+++ b/libsemanage/src/libsemanage.pc.in
@@ -1,6 +1,6 @@
prefix=@prefix@
exec_prefix=${prefix}
-libdir=${exec_prefix}/@libdir@
+libdir=@libdir@
includedir=@includedir@
Name: libsemanage
diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
index 63c80b0..14ad99c 100644
--- a/libsemanage/src/semanage_store.c
+++ b/libsemanage/src/semanage_store.c
@@ -514,6 +514,7 @@
{
char *semanage_conf = NULL;
int len;
+ struct stat sb;
len = strlen(semanage_root()) + strlen(selinux_path()) + strlen(SEMANAGE_CONF_FILE);
semanage_conf = calloc(len + 1, sizeof(char));
@@ -522,7 +523,7 @@
snprintf(semanage_conf, len + 1, "%s%s%s", semanage_root(), selinux_path(),
SEMANAGE_CONF_FILE);
- if (access(semanage_conf, R_OK) != 0) {
+ if (stat(semanage_conf, &sb) != 0 && errno == ENOENT) {
snprintf(semanage_conf, len + 1, "%s%s", selinux_path(), SEMANAGE_CONF_FILE);
}
@@ -538,7 +539,6 @@
int semanage_create_store(semanage_handle_t * sh, int create)
{
struct stat sb;
- int mode_mask = R_OK | W_OK | X_OK;
const char *path = semanage_files[SEMANAGE_ROOT];
int fd;
@@ -557,9 +557,9 @@
return -1;
}
} else {
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ if (!S_ISDIR(sb.st_mode)) {
ERR(sh,
- "Could not access module store at %s, or it is not a directory.",
+ "Module store at %s is not a directory.",
path);
return -1;
}
@@ -580,9 +580,9 @@
return -1;
}
} else {
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ if (!S_ISDIR(sb.st_mode)) {
ERR(sh,
- "Could not access module store active subdirectory at %s, or it is not a directory.",
+ "Module store active subdirectory at %s is not a directory.",
path);
return -1;
}
@@ -603,9 +603,9 @@
return -1;
}
} else {
- if (!S_ISDIR(sb.st_mode) || access(path, mode_mask) == -1) {
+ if (!S_ISDIR(sb.st_mode)) {
ERR(sh,
- "Could not access module store active modules subdirectory at %s, or it is not a directory.",
+ "Module store active modules subdirectory at %s is not a directory.",
path);
return -1;
}
@@ -624,8 +624,8 @@
return -1;
}
} else {
- if (!S_ISREG(sb.st_mode) || access(path, R_OK | W_OK) == -1) {
- ERR(sh, "Could not access lock file at %s.", path);
+ if (!S_ISREG(sb.st_mode)) {
+ ERR(sh, "Object at %s is not a lock file.", path);
return -1;
}
}
@@ -1509,8 +1509,14 @@
static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
int r;
+ struct stat sb;
- if (access(path, F_OK) != 0) {
+ if (stat(path, &sb) < 0) {
+ if (errno != ENOENT) {
+ ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ return -1;
+ }
+
return 0;
}
@@ -1740,9 +1746,9 @@
if (!sh->conf->save_previous) {
int errsv = errno;
- retval = semanage_remove_directory(backup);
- if (retval < 0) {
+ if (semanage_remove_directory(backup) != 0) {
ERR(sh, "Could not delete previous directory %s.", backup);
+ retval = -1;
goto cleanup;
}
errno = errsv;
@@ -2099,6 +2105,7 @@
const char *kernel_filename = NULL;
struct sepol_policy_file *pf = NULL;
FILE *outfile = NULL;
+ mode_t mask = umask(0077);
if ((kernel_filename =
semanage_path(SEMANAGE_TMP, file)) == NULL) {
@@ -2127,6 +2134,7 @@
if (outfile != NULL) {
fclose(outfile);
}
+ umask(mask);
sepol_policy_file_free(pf);
return retval;
}
diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c
index 42c3a8b..413ebdd 100644
--- a/libsemanage/src/seusers_local.c
+++ b/libsemanage/src/seusers_local.c
@@ -35,12 +35,16 @@
for (i = 0; i<num_roles; i++) {
size += (strlen(roles_arr[i]) + 1);
}
- roles = malloc(size);
- if (roles) {
- strcpy(roles,roles_arr[0]);
- for (i = 1; i<num_roles; i++) {
- strcat(roles,",");
- strcat(roles,roles_arr[i]);
+ if (num_roles == 0) {
+ roles = strdup("");
+ } else {
+ roles = malloc(size);
+ if (roles) {
+ strcpy(roles,roles_arr[0]);
+ for (i = 1; i<num_roles; i++) {
+ strcat(roles,",");
+ strcat(roles,roles_arr[i]);
+ }
}
}
}
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 2ef8d30..324766a 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,6 +1,3 @@
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
-
# Add your test source files here:
SOURCES = $(sort $(wildcard *.c))
diff --git a/libsemanage/utils/Makefile b/libsemanage/utils/Makefile
index 725f0ee..5b8fbb6 100644
--- a/libsemanage/utils/Makefile
+++ b/libsemanage/utils/Makefile
@@ -1,13 +1,13 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
LIBEXECDIR ?= $(PREFIX)/libexec
SELINUXEXECDIR ?= $(LIBEXECDIR)/selinux/
all:
install: all
- -mkdir -p $(SELINUXEXECDIR)
- install -m 755 semanage_migrate_store $(SELINUXEXECDIR)
+ -mkdir -p $(DESTDIR)$(SELINUXEXECDIR)
+ install -m 755 semanage_migrate_store $(DESTDIR)$(SELINUXEXECDIR)
clean:
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
index 5a64c2b..2a7ec06 100644
--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
@@ -109,6 +109,7 @@
CIL_KEY_UDP = cil_strpool_add("udp");
CIL_KEY_TCP = cil_strpool_add("tcp");
CIL_KEY_DCCP = cil_strpool_add("dccp");
+ CIL_KEY_SCTP = cil_strpool_add("sctp");
CIL_KEY_AUDITALLOW = cil_strpool_add("auditallow");
CIL_KEY_TUNABLEIF = cil_strpool_add("tunableif");
CIL_KEY_ALLOW = cil_strpool_add("allow");
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 431cd9c..0cc6eeb 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -34,6 +34,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/policydb.h>
#include <sepol/policydb/polcaps.h>
@@ -3272,6 +3275,9 @@
case CIL_PROTOCOL_DCCP:
new_ocon->u.port.protocol = IPPROTO_DCCP;
break;
+ case CIL_PROTOCOL_SCTP:
+ new_ocon->u.port.protocol = IPPROTO_SCTP;
+ break;
default:
/* should not get here */
rc = SEPOL_ERR;
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index e84336b..b90b0f6 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -4405,6 +4405,8 @@
portcon->proto = CIL_PROTOCOL_TCP;
} else if (proto == CIL_KEY_DCCP) {
portcon->proto = CIL_PROTOCOL_DCCP;
+ } else if (proto == CIL_KEY_SCTP) {
+ portcon->proto = CIL_PROTOCOL_SCTP;
} else {
cil_log(CIL_ERR, "Invalid protocol\n");
rc = SEPOL_ERR;
diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h
index 8393e39..6ff3228 100644
--- a/libsepol/cil/src/cil_internal.h
+++ b/libsepol/cil/src/cil_internal.h
@@ -103,6 +103,7 @@
char *CIL_KEY_TCP;
char *CIL_KEY_UDP;
char *CIL_KEY_DCCP;
+char *CIL_KEY_SCTP;
char *CIL_KEY_AUDITALLOW;
char *CIL_KEY_TUNABLEIF;
char *CIL_KEY_ALLOW;
@@ -740,7 +741,8 @@
enum cil_protocol {
CIL_PROTOCOL_UDP = 1,
CIL_PROTOCOL_TCP,
- CIL_PROTOCOL_DCCP
+ CIL_PROTOCOL_DCCP,
+ CIL_PROTOCOL_SCTP
};
struct cil_ibpkeycon {
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index 99eb53c..5edab5e 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1757,6 +1757,8 @@
fprintf(out, "tcp ");
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
fprintf(out, "dccp ");
+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) {
+ fprintf(out, "sctp ");
}
if (portcon->port_low == portcon->port_high) {
fprintf(out, "%d ", portcon->port_low);
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index d1a5ed8..0225924 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -269,9 +269,8 @@
return rc;
}
-int cil_type_used(struct cil_symtab_datum *datum, int used)
+void cil_type_used(struct cil_symtab_datum *datum, int used)
{
- int rc = SEPOL_ERR;
struct cil_typeattribute *attr = NULL;
if (FLAVOR(datum) == CIL_TYPEATTRIBUTE) {
@@ -279,16 +278,12 @@
attr->used |= used;
if ((attr->used & CIL_ATTR_EXPAND_TRUE) &&
(attr->used & CIL_ATTR_EXPAND_FALSE)) {
- cil_log(CIL_ERR, "Conflicting use of expandtypeattribute. "
- "Expandtypeattribute may be set to true or false "
- "but not both. \n");
- goto exit;
+ cil_log(CIL_WARN, "Conflicting use of expandtypeattribute. "
+ "Expandtypeattribute was set to both true or false for %s. "
+ "Resolving to false. \n", attr->datum.name);
+ attr->used &= ~CIL_ATTR_EXPAND_TRUE;
}
}
-
- return SEPOL_OK;
-exit:
- return rc;
}
int cil_resolve_permissionx(struct cil_tree_node *current, struct cil_permissionx *permx, void *extra_args)
@@ -488,11 +483,7 @@
goto exit;
}
used = expandattr->expand ? CIL_ATTR_EXPAND_TRUE : CIL_ATTR_EXPAND_FALSE;
- rc = cil_type_used(attr_datum, used);
- if (rc != SEPOL_OK) {
- goto exit;
- }
-
+ cil_type_used(attr_datum, used);
cil_list_append(expandattr->attr_datums, CIL_TYPE, attr_datum);
}
diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c
index d36401b..2abbb96 100644
--- a/libsepol/cil/src/cil_tree.c
+++ b/libsepol/cil/src/cil_tree.c
@@ -503,15 +503,19 @@
void cil_tree_print_expr(struct cil_list *datum_expr, struct cil_list *str_expr)
{
char *expr_str;
+ int rc;
cil_log(CIL_INFO, "(");
if (datum_expr != NULL) {
- cil_expr_to_string(datum_expr, &expr_str);
+ rc = cil_expr_to_string(datum_expr, &expr_str);
} else {
- cil_expr_to_string(str_expr, &expr_str);
+ rc = cil_expr_to_string(str_expr, &expr_str);
}
-
+ if (rc < 0) {
+ cil_log(CIL_INFO, "ERROR)");
+ return;
+ }
cil_log(CIL_INFO, "%s)", expr_str);
free(expr_str);
}
@@ -1432,6 +1436,8 @@
cil_log(CIL_INFO, " tcp");
} else if (portcon->proto == CIL_PROTOCOL_DCCP) {
cil_log(CIL_INFO, " dccp");
+ } else if (portcon->proto == CIL_PROTOCOL_SCTP) {
+ cil_log(CIL_INFO, " sctp");
}
cil_log(CIL_INFO, " (%d %d)", portcon->port_low, portcon->port_high);
diff --git a/libsepol/include/Makefile b/libsepol/include/Makefile
index 56b7a11..1ad4eca 100644
--- a/libsepol/include/Makefile
+++ b/libsepol/include/Makefile
@@ -1,17 +1,17 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCDIR ?= $(PREFIX)/include/sepol
+PREFIX ?= /usr
+INCDIR = $(PREFIX)/include/sepol
CILDIR ?= ../cil
all:
install: all
- test -d $(INCDIR) || install -m 755 -d $(INCDIR)
- test -d $(INCDIR)/policydb || install -m 755 -d $(INCDIR)/policydb
- test -d $(INCDIR)/cil || install -m 755 -d $(INCDIR)/cil
- install -m 644 $(wildcard sepol/*.h) $(INCDIR)
- install -m 644 $(wildcard sepol/policydb/*.h) $(INCDIR)/policydb
- install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(INCDIR)/cil
+ test -d $(DESTDIR)$(INCDIR) || install -m 755 -d $(DESTDIR)$(INCDIR)
+ test -d $(DESTDIR)$(INCDIR)/policydb || install -m 755 -d $(DESTDIR)$(INCDIR)/policydb
+ test -d $(DESTDIR)$(INCDIR)/cil || install -m 755 -d $(DESTDIR)$(INCDIR)/cil
+ install -m 644 $(wildcard sepol/*.h) $(DESTDIR)$(INCDIR)
+ install -m 644 $(wildcard sepol/policydb/*.h) $(DESTDIR)$(INCDIR)/policydb
+ install -m 644 $(wildcard $(CILDIR)/include/cil/*.h) $(DESTDIR)$(INCDIR)/cil
indent:
../../scripts/Lindent $(wildcard sepol/*.h)
diff --git a/libsepol/include/sepol/port_record.h b/libsepol/include/sepol/port_record.h
index df04ea0..77149cf 100644
--- a/libsepol/include/sepol/port_record.h
+++ b/libsepol/include/sepol/port_record.h
@@ -16,6 +16,7 @@
#define SEPOL_PROTO_UDP 0
#define SEPOL_PROTO_TCP 1
#define SEPOL_PROTO_DCCP 2
+#define SEPOL_PROTO_SCTP 3
/* Key */
extern int sepol_port_compare(const sepol_port_t * port,
diff --git a/libsepol/man/Makefile b/libsepol/man/Makefile
index 1192433..9b75454 100644
--- a/libsepol/man/Makefile
+++ b/libsepol/man/Makefile
@@ -1,12 +1,13 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
-MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+PREFIX ?= /usr
+MAN8DIR ?= $(PREFIX)/share/man/man8
+MAN3DIR ?= $(PREFIX)/share/man/man3
all:
install: all
- mkdir -p $(MAN3DIR)
- mkdir -p $(MAN8DIR)
- install -m 644 man3/*.3 $(MAN3DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN3DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man3/*.3 $(DESTDIR)$(MAN3DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile
index 819d261..ccb7023 100644
--- a/libsepol/src/Makefile
+++ b/libsepol/src/Makefile
@@ -1,10 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
INCLUDEDIR ?= $(PREFIX)/include
LIBDIR ?= $(PREFIX)/lib
-SHLIBDIR ?= $(DESTDIR)/lib
+SHLIBDIR ?= /lib
RANLIB ?= ranlib
-LIBBASE ?= $(shell basename $(LIBDIR))
CILDIR ?= ../cil
VERSION = $(shell cat ../VERSION)
@@ -52,7 +51,7 @@
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
- sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBBASE):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
+ sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
$(LIBMAP): $(LIBMAP).in
ifneq ($(DISABLE_CIL),y)
@@ -80,16 +79,16 @@
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
install: all
- test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
- install -m 644 $(LIBA) $(LIBDIR)
- test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
- install -m 755 $(LIBSO) $(SHLIBDIR)
- test -d $(LIBDIR)/pkgconfig || install -m 755 -d $(LIBDIR)/pkgconfig
- install -m 644 $(LIBPC) $(LIBDIR)/pkgconfig
- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
+ install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
+ test -d $(DESTDIR)$(SHLIBDIR) || install -m 755 -d $(DESTDIR)$(SHLIBDIR)
+ install -m 755 $(LIBSO) $(DESTDIR)$(SHLIBDIR)
+ test -d $(DESTDIR)$(LIBDIR)/pkgconfig || install -m 755 -d $(DESTDIR)$(LIBDIR)/pkgconfig
+ install -m 644 $(LIBPC) $(DESTDIR)$(LIBDIR)/pkgconfig
+ $(LN) -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
relabel:
- /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+ /sbin/restorecon $(DESTDIR)$(SHLIBDIR)/$(LIBSO)
clean:
-rm -f $(LIBPC) $(LIBMAP) $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(TARGET) $(CIL_GENERATED)
diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c
index 912aeb5..bc56f09 100644
--- a/libsepol/src/ibendport_record.c
+++ b/libsepol/src/ibendport_record.c
@@ -32,14 +32,11 @@
int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle,
char **ibdev_name)
{
- char *tmp_ibdev_name = NULL;
+ *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX);
- tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX);
-
- if (!tmp_ibdev_name)
+ if (!*ibdev_name)
goto omem;
- *ibdev_name = tmp_ibdev_name;
return STATUS_SUCCESS;
omem:
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 0055c23..b1eb66d 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -12,6 +12,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/conditional.h>
@@ -2631,6 +2634,7 @@
case IPPROTO_TCP: protocol = "tcp"; break;
case IPPROTO_UDP: protocol = "udp"; break;
case IPPROTO_DCCP: protocol = "dccp"; break;
+ case IPPROTO_SCTP: protocol = "sctp"; break;
default:
sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
rc = -1;
diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
index 01ffc8f..342bc3c 100644
--- a/libsepol/src/kernel_to_common.c
+++ b/libsepol/src/kernel_to_common.c
@@ -10,6 +10,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/hashtab.h>
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 95aa92f..9540520 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -11,6 +11,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <sepol/policydb/avtab.h>
#include <sepol/policydb/conditional.h>
@@ -2491,6 +2494,7 @@
case IPPROTO_TCP: protocol = "tcp"; break;
case IPPROTO_UDP: protocol = "udp"; break;
case IPPROTO_DCCP: protocol = "dccp"; break;
+ case IPPROTO_SCTP: protocol = "sctp"; break;
default:
sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
rc = -1;
diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
index 2a9996f..d879016 100644
--- a/libsepol/src/libsepol.map.in
+++ b/libsepol/src/libsepol.map.in
@@ -56,4 +56,6 @@
sepol_module_policydb_to_cil;
sepol_kernel_policydb_to_cil;
sepol_kernel_policydb_to_conf;
+ sepol_polcap_getnum;
+ sepol_polcap_getname;
} LIBSEPOL_1.0;
diff --git a/libsepol/src/libsepol.pc.in b/libsepol/src/libsepol.pc.in
index e52f589..f807fec 100644
--- a/libsepol/src/libsepol.pc.in
+++ b/libsepol/src/libsepol.pc.in
@@ -1,6 +1,6 @@
prefix=@prefix@
exec_prefix=${prefix}
-libdir=${exec_prefix}/@libdir@
+libdir=@libdir@
includedir=@includedir@
Name: libsepol
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 15b58a7..5b8ed19 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -30,6 +30,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <signal.h>
#include <stdarg.h>
#include <stdio.h>
@@ -2656,6 +2659,7 @@
case IPPROTO_TCP: protocol = "tcp"; break;
case IPPROTO_UDP: protocol = "udp"; break;
case IPPROTO_DCCP: protocol = "dccp"; break;
+ case IPPROTO_SCTP: protocol = "sctp"; break;
default:
log_err("Unknown portcon protocol: %i", portcon->u.port.protocol);
rc = -1;
diff --git a/libsepol/src/port_record.c b/libsepol/src/port_record.c
index ed9093b..15fb198 100644
--- a/libsepol/src/port_record.c
+++ b/libsepol/src/port_record.c
@@ -186,6 +186,8 @@
return "tcp";
case SEPOL_PROTO_DCCP:
return "dccp";
+ case SEPOL_PROTO_SCTP:
+ return "sctp";
default:
return "???";
}
diff --git a/libsepol/src/ports.c b/libsepol/src/ports.c
index 62ec602..cc55863 100644
--- a/libsepol/src/ports.c
+++ b/libsepol/src/ports.c
@@ -2,6 +2,9 @@
#ifndef IPPROTO_DCCP
#define IPPROTO_DCCP 33
#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
#include <stdlib.h>
#include "debug.h"
@@ -21,6 +24,8 @@
return IPPROTO_UDP;
case SEPOL_PROTO_DCCP:
return IPPROTO_DCCP;
+ case SEPOL_PROTO_SCTP:
+ return IPPROTO_SCTP;
default:
ERR(handle, "unsupported protocol %u", proto);
return STATUS_ERR;
@@ -37,6 +42,8 @@
return SEPOL_PROTO_UDP;
case IPPROTO_DCCP:
return SEPOL_PROTO_DCCP;
+ case IPPROTO_SCTP:
+ return SEPOL_PROTO_SCTP;
default:
ERR(handle, "invalid protocol %u " "found in policy", proto);
return STATUS_ERR;
diff --git a/libsepol/utils/Makefile b/libsepol/utils/Makefile
index fba1d8a..31932c1 100644
--- a/libsepol/utils/Makefile
+++ b/libsepol/utils/Makefile
@@ -1,5 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
CFLAGS ?= -Wall -Werror
@@ -12,8 +12,8 @@
all: $(TARGETS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 $(TARGETS) $(BINDIR)
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
clean:
-rm -f $(TARGETS) *.o
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 8e97119..645f628 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -1,11 +1,12 @@
# Installation directories.
-MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+PREFIX ?= /usr
+MAN8DIR ?= $(PREFIX)/share/man/man8
all:
install: all
- mkdir -p $(MAN8DIR)
- install -m 644 man8/*.8 $(MAN8DIR)
+ mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
clean:
-rm -f *~ \#*
diff --git a/mcstrans/src/Makefile b/mcstrans/src/Makefile
index 3f4a89c..76ef055 100644
--- a/mcstrans/src/Makefile
+++ b/mcstrans/src/Makefile
@@ -1,33 +1,37 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
-SBINDIR ?= $(DESTDIR)/sbin
-INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
+PREFIX ?= /usr
+SBINDIR ?= /sbin
+INITDIR ?= /etc/rc.d/init.d
+SYSTEMDDIR ?= $(PREFIX)/lib/systemd
+
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
PROG_SRC=mcstrans.c mcscolor.c mcstransd.c mls_level.c
PROG_OBJS= $(patsubst %.c,%.o,$(PROG_SRC))
PROG=mcstransd
INITSCRIPT=mcstrans
CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
-override CFLAGS += -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
all: $(PROG)
-$(PROG): $(PROG_OBJS)
- $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LIBSEPOLA)
+$(PROG): $(PROG_OBJS) $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -pie -o $@ $^ -lselinux -lcap -lpcre $(LDLIBS_LIBSEPOLA)
%.o: %.c
- $(CC) $(CFLAGS) -fPIE -c -o $@ $<
+ $(CC) $(CFLAGS) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o $@ $<
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- install -m 755 $(PROG) $(SBINDIR)
- test -d $(INITDIR) || install -m 755 -d $(INITDIR)
- install -m 755 $(INITSCRIPT).init $(INITDIR)/$(INITSCRIPT)
- test -d $(SYSTEMDDIR)/system || install -m 755 -d $(SYSTEMDDIR)/system
- install -m 644 mcstrans.service $(SYSTEMDDIR)/system/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ install -m 755 $(PROG) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(INITDIR) || install -m 755 -d $(DESTDIR)$(INITDIR)
+ install -m 755 $(INITSCRIPT).init $(DESTDIR)$(INITDIR)/$(INITSCRIPT)
+ test -d $(DESTDIR)$(SYSTEMDDIR)/system || install -m 755 -d $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 mcstrans.service $(DESTDIR)$(SYSTEMDDIR)/system/
clean:
-rm -f $(OBJS) $(LOBJS) $(TARGET) $(PROG) $(PROG_OBJS) *~ \#*
diff --git a/mcstrans/utils/Makefile b/mcstrans/utils/Makefile
index 4d3cbfc..9dfe772 100644
--- a/mcstrans/utils/Makefile
+++ b/mcstrans/utils/Makefile
@@ -1,22 +1,30 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
-CFLAGS ?= -Wall
-override CFLAGS += -I../src -D_GNU_SOURCE
-override LDLIBS += -lselinux -lpcre
+TARGETS=transcon untranscon
-TARGETS=$(patsubst %.c,%,$(sort $(wildcard *.c)))
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
all: $(TARGETS)
-$(TARGETS): ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+transcon: transcon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA)
+
+untranscon: untranscon.o ../src/mcstrans.o ../src/mls_level.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ -lpcre -lselinux $(LDLIBS_LIBSEPOLA)
+
+%.o: %.c
+ $(CC) $(CFLAGS) -D_GNU_SOURCE -I../src -fPIE -c -o $@ $<
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
test:
./mlstrans-test-runner.py ../test/*.test
diff --git a/policycoreutils/hll/pp/Makefile b/policycoreutils/hll/pp/Makefile
index 3401dcc..fc8d3c4 100644
--- a/policycoreutils/hll/pp/Makefile
+++ b/policycoreutils/hll/pp/Makefile
@@ -1,8 +1,5 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
-MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
LIBEXECDIR ?= $(PREFIX)/libexec
HLLDIR ?= $(LIBEXECDIR)/selinux/hll
@@ -21,8 +18,8 @@
$(CC) $(CFLAGS) -c -o $@ $^
install: all
- -mkdir -p $(HLLDIR)
- install -m 755 pp $(HLLDIR)
+ -mkdir -p $(DESTDIR)$(HLLDIR)
+ install -m 755 pp $(DESTDIR)$(HLLDIR)
relabel:
diff --git a/policycoreutils/load_policy/Makefile b/policycoreutils/load_policy/Makefile
index b85833c..568d5d4 100644
--- a/policycoreutils/load_policy/Makefile
+++ b/policycoreutils/load_policy/Makefile
@@ -1,8 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
+LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale
CFLAGS ?= -Werror -Wall -W
override CFLAGS += $(LDFLAGS) -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
@@ -13,10 +13,10 @@
all: $(TARGETS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 $(TARGETS) $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 load_policy.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 load_policy.8 $(DESTDIR)$(MANDIR)/man8/
clean:
-rm -f $(TARGETS) *.o
@@ -25,4 +25,4 @@
../../scripts/Lindent $(wildcard *.[ch])
relabel:
- /sbin/restorecon $(SBINDIR)/load_policy
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/load_policy
diff --git a/policycoreutils/man/Makefile b/policycoreutils/man/Makefile
index 0d91cd4..8af1520 100644
--- a/policycoreutils/man/Makefile
+++ b/policycoreutils/man/Makefile
@@ -1,12 +1,13 @@
# Installation directories.
-MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+PREFIX ?= /usr
+MAN5DIR ?= $(PREFIX)/share/man/man5
all:
clean:
install: all
- mkdir -p $(MAN5DIR)
- install -m 644 man5/*.5 $(MAN5DIR)
+ mkdir -p $(DESTDIR)$(MAN5DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
relabel:
diff --git a/policycoreutils/newrole/Makefile b/policycoreutils/newrole/Makefile
index 196af92..a1bfe1a 100644
--- a/policycoreutils/newrole/Makefile
+++ b/policycoreutils/newrole/Makefile
@@ -1,9 +1,9 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR = /usr/share/locale
+ETCDIR ?= /etc
+LOCALEDIR = $(DESTDIR)$(PREFIX)/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
# Enable capabilities to permit newrole to generate audit records.
@@ -61,17 +61,17 @@
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
- test -d $(BINDIR) || install -m 755 -d $(BINDIR)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m $(MODE) newrole $(BINDIR)
- install -m 644 newrole.1 $(MANDIR)/man1/
+ test -d $(DESTDIR)$(BINDIR) || install -m 755 -d $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m $(MODE) newrole $(DESTDIR)$(BINDIR)
+ install -m 644 newrole.1 $(DESTDIR)$(MANDIR)/man1/
ifeq ($(PAMH), y)
- test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
+ test -d $(DESTDIR)$(ETCDIR)/pam.d || install -m 755 -d $(DESTDIR)$(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
- install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole-lspp.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
else
- install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
+ install -m 644 newrole.pamd $(DESTDIR)$(ETCDIR)/pam.d/newrole
endif
endif
@@ -82,4 +82,4 @@
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(BINDIR)/newrole
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/newrole
diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
index 5814861..575e143 100644
--- a/policycoreutils/po/Makefile
+++ b/policycoreutils/po/Makefile
@@ -2,6 +2,7 @@
# Makefile for the PO files (translation) catalog
#
+PREFIX ?= /usr
TOP = ../..
# What is this package?
@@ -12,7 +13,7 @@
INSTALL_DIR = /usr/bin/install -d
# destination directory
-INSTALL_NLS_DIR = $(DESTDIR)/usr/share/locale
+INSTALL_NLS_DIR = $(PREFIX)/share/locale
# PO catalog handling
MSGMERGE = msgmerge
@@ -128,8 +129,8 @@
install: $(MOFILES)
@for n in $(MOFILES); do \
l=`basename $$n .mo`; \
- $(INSTALL_DIR) $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
- $(INSTALL_DATA) --verbose $$n $(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \
+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/$(NLSPACKAGE).mo; \
done
%.mo: %.po
diff --git a/policycoreutils/run_init/Makefile b/policycoreutils/run_init/Makefile
index 921f0b0..1d5de57 100644
--- a/policycoreutils/run_init/Makefile
+++ b/policycoreutils/run_init/Makefile
@@ -1,10 +1,10 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
-LOCALEDIR ?= /usr/share/locale
+ETCDIR ?= /etc
+LOCALEDIR ?= $(DESTDIR)$(PREFIX)/share/locale
PAMH ?= $(shell test -f /usr/include/security/pam_appl.h && echo y)
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
@@ -32,14 +32,14 @@
install: all
- test -d $(SBINDIR) || install -m 755 -d $(SBINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 755 run_init $(SBINDIR)
- install -m 755 open_init_pty $(SBINDIR)
- install -m 644 run_init.8 $(MANDIR)/man8/
- install -m 644 open_init_pty.8 $(MANDIR)/man8/
+ test -d $(DESTDIR)$(SBINDIR) || install -m 755 -d $(DESTDIR)$(SBINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 755 run_init $(DESTDIR)$(SBINDIR)
+ install -m 755 open_init_pty $(DESTDIR)$(SBINDIR)
+ install -m 644 run_init.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 open_init_pty.8 $(DESTDIR)$(MANDIR)/man8/
ifeq ($(PAMH), y)
- install -m 644 run_init.pamd $(ETCDIR)/pam.d/run_init
+ install -m 644 run_init.pamd $(DESTDIR)$(ETCDIR)/pam.d/run_init
endif
clean:
@@ -49,4 +49,4 @@
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- /sbin/restorecon $(SBINDIR)/run_init $(SBINDIR)/open_init_pty
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/run_init $(DESTDIR)$(SBINDIR)/open_init_pty
diff --git a/policycoreutils/scripts/Makefile b/policycoreutils/scripts/Makefile
index d9e86ff..afe5dc4 100644
--- a/policycoreutils/scripts/Makefile
+++ b/policycoreutils/scripts/Makefile
@@ -1,17 +1,16 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= $(PREFIX)/share/locale
.PHONY: all
all: fixfiles
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 fixfiles $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 fixfiles.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 fixfiles $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 fixfiles.8 $(DESTDIR)$(MANDIR)/man8/
clean:
diff --git a/policycoreutils/secon/Makefile b/policycoreutils/secon/Makefile
index 8e491d7..db8ee42 100644
--- a/policycoreutils/secon/Makefile
+++ b/policycoreutils/secon/Makefile
@@ -1,9 +1,7 @@
# secon tool - command-line context
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
WARNS=-Werror -W -Wall -Wundef -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -Wno-format-zero-length -Wformat-nonliteral -Wformat-security -Wfloat-equal
VERSION = $(shell cat ../VERSION)
@@ -18,13 +16,13 @@
install-nogui: install
install: all
- install -m 755 secon $(BINDIR);
+ install -m 755 secon $(DESTDIR)$(BINDIR);
- test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
- install -m 644 secon.1 $(MANDIR)/man1
+ test -d $(DESTDIR)$(MANDIR)/man1 || install -m 755 -d $(DESTDIR)$(MANDIR)/man1
+ install -m 644 secon.1 $(DESTDIR)$(MANDIR)/man1
relabel:
- /sbin/restorecon $(BINDIR)/secon
+ /sbin/restorecon $(DESTDIR)$(BINDIR)/secon
clean:
rm -f *.o core* secon *~ *.bak
diff --git a/policycoreutils/semodule/Makefile b/policycoreutils/semodule/Makefile
index fffb43a..639d368 100644
--- a/policycoreutils/semodule/Makefile
+++ b/policycoreutils/semodule/Makefile
@@ -1,9 +1,7 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +15,12 @@
ln -sf semodule genhomedircon
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 semodule $(SBINDIR)
- (cd $(SBINDIR); ln -sf semodule genhomedircon)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule.8 $(MANDIR)/man8/
- install -m 644 genhomedircon.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semodule $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR); ln -sf semodule genhomedircon)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 genhomedircon.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
index 849a042..18d4f70 100644
--- a/policycoreutils/semodule/semodule.8
+++ b/policycoreutils/semodule/semodule.8
@@ -3,7 +3,7 @@
semodule \- Manage SELinux policy modules.
.SH SYNOPSIS
-.B semodule [options]... MODE [MODES]...
+.B semodule [option]... MODE...
.br
.SH DESCRIPTION
.PP
@@ -15,7 +15,7 @@
by semodule_package. Conventionally, these files have a .pp suffix
(policy package), although this is not mandated in any way.
-.SH "OPTIONS"
+.SH "MODES"
.TP
.B \-R, \-\-reload
force a reload of policy
@@ -36,16 +36,11 @@
deprecated, alias for --install
.TP
.B \-r,\-\-remove=MODULE_NAME
-remove existing module
+remove existing module at desired priority (defaults to -X 400)
.TP
.B \-l[KIND],\-\-list-modules[=KIND]
display list of installed modules (other than base)
.TP
-.B \-E,\-\-extract=MODULE_PKG
-Extract a module from the store as an HLL or CIL file to the current directory.
-A module is extracted as HLL by default. The name of the module written is
-<module-name>.<lang_ext>
-.TP
.B KIND:
.TP
standard
@@ -57,12 +52,18 @@
.B \-X,\-\-priority=PRIORITY
set priority for following operations (1-999)
.TP
-.B \-e,\-\-enabled=MODULE_NAME
+.B \-e,\-\-enable=MODULE_NAME
enable module
.TP
.B \-d,\-\-disable=MODULE_NAME
disable module
.TP
+.B \-E,\-\-extract=MODULE_PKG
+Extract a module from the store as an HLL or CIL file to the current directory.
+A module is extracted as HLL by default. The name of the module written is
+<module-name>.<lang_ext>
+.SH "OPTIONS"
+.TP
.B \-s,\-\-store
name of the store to operate on
.TP
@@ -101,17 +102,22 @@
$ semodule \-b base.pp
# Install or replace a non-base policy package.
$ semodule \-i httpd.pp
+# Install or replace all non-base modules in the current directory.
+# This syntax can be used with -i/u/r/E, but no other option can be entered after the module names
+$ semodule \-i *.pp
+# Install or replace all modules in the current directory.
+$ ls *.pp | grep \-Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule \-b base.pp \-i
# List non-base modules.
$ semodule \-l
+# List all modules including priorities
+$ semodule \-lfull
+# Remove a module at priority 100
+$ semodule \-X 100 \-r wireshark
# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
$ semodule \-DB
# Turn "dontaudit" rules back on.
$ semodule \-B
-# Install or replace all non-base modules in the current directory.
-$ semodule \-i *.pp
-# Install or replace all modules in the current directory.
-$ ls *.pp | grep \-Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule \-b base.pp \-i
-# Disable a module.
+# Disable a module (all instances of given module across priorities will be disabled).
$ semodule \-d alsa
# Install a module at a specific priority.
$ semodule \-X 100 \-i alsa.pp
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
index c63a864..a76797f 100644
--- a/policycoreutils/semodule/semodule.c
+++ b/policycoreutils/semodule/semodule.c
@@ -120,13 +120,14 @@
static void usage(char *progname)
{
- printf("usage: %s [options]... MODE [MODES]...\n", progname);
+ printf("usage: %s [option]... MODE...\n", progname);
printf("Manage SELinux policy modules.\n");
printf("MODES:\n");
printf(" -R, --reload reload policy\n");
printf(" -B, --build build and reload policy\n");
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
printf(" -i,--install=MODULE_PKG install a new module\n");
- printf(" -r,--remove=MODULE_NAME remove existing module\n");
+ printf(" -r,--remove=MODULE_NAME remove existing module at desired priority\n");
printf(" -l[KIND],--list-modules[=KIND] display list of installed modules\n");
printf(" KIND: standard list highest priority, enabled modules\n");
printf(" full list all modules\n");
@@ -134,12 +135,11 @@
printf(" -e,--enable=MODULE_NAME enable module\n");
printf(" -d,--disable=MODULE_NAME disable module\n");
printf(" -E,--extract=MODULE_NAME extract module\n");
- printf("Other options:\n");
+ printf("Options:\n");
printf(" -s,--store name of the store to operate on\n");
printf(" -N,-n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
printf(" -v,--verbose be verbose\n");
- printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
printf(" -P,--preserve_tunables Preserve tunables in policy\n");
printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n");
printf(" -p,--path use an alternate path for the policy root\n");
@@ -311,28 +311,29 @@
}
if (optind < argc) {
- int mode;
+ int mode = commands ? (int) commands[num_commands - 1].mode : -1;
/* if -i/u/r/E was the last command treat any remaining
* arguments as args. Will allow 'semodule -i *.pp' to
* work as expected.
*/
- if (commands && commands[num_commands - 1].mode == INSTALL_M) {
- mode = INSTALL_M;
- } else if (commands && commands[num_commands - 1].mode == REMOVE_M) {
- mode = REMOVE_M;
- } else if (commands && commands[num_commands - 1].mode == EXTRACT_M) {
- mode = EXTRACT_M;
- } else {
- fprintf(stderr, "unknown additional arguments:\n");
- while (optind < argc)
- fprintf(stderr, " %s", argv[optind++]);
- fprintf(stderr, "\n\n");
- usage(argv[0]);
- exit(1);
+ switch (mode) {
+ case INSTALL_M:
+ case REMOVE_M:
+ case EXTRACT_M:
+ case ENABLE_M:
+ case DISABLE_M:
+ while (optind < argc)
+ set_mode(mode, argv[optind++]);
+ break;
+ default:
+ fprintf(stderr, "unknown additional arguments:\n");
+ while (optind < argc)
+ fprintf(stderr, " %s", argv[optind++]);
+ fprintf(stderr, "\n\n");
+ usage(argv[0]);
+ exit(1);
}
- while (optind < argc)
- set_mode(mode, argv[optind++]);
}
}
diff --git a/policycoreutils/sestatus/Makefile b/policycoreutils/sestatus/Makefile
index 41ca683..274ef35 100644
--- a/policycoreutils/sestatus/Makefile
+++ b/policycoreutils/sestatus/Makefile
@@ -1,9 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-ETCDIR ?= $(DESTDIR)/etc
-LIBDIR ?= $(PREFIX)/lib
+ETCDIR ?= /etc
CFLAGS ?= -Werror -Wall -W
override CFLAGS += -D_FILE_OFFSET_BITS=64
@@ -14,14 +13,14 @@
sestatus: sestatus.o
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- [ -d $(MANDIR)/man5 ] || mkdir -p $(MANDIR)/man5
- -mkdir -p $(SBINDIR)
- install -m 755 sestatus $(SBINDIR)
- install -m 644 sestatus.8 $(MANDIR)/man8
- install -m 644 sestatus.conf.5 $(MANDIR)/man5
- -mkdir -p $(ETCDIR)
- install -m 644 sestatus.conf $(ETCDIR)
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man5 ] || mkdir -p $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 sestatus $(DESTDIR)$(SBINDIR)
+ install -m 644 sestatus.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sestatus.conf.5 $(DESTDIR)$(MANDIR)/man5
+ -mkdir -p $(DESTDIR)$(ETCDIR)
+ install -m 644 sestatus.conf $(DESTDIR)$(ETCDIR)
clean:
rm -f sestatus *.o
diff --git a/policycoreutils/setfiles/Makefile b/policycoreutils/setfiles/Makefile
index c08e2dd..e943276 100644
--- a/policycoreutils/setfiles/Makefile
+++ b/policycoreutils/setfiles/Makefile
@@ -1,8 +1,7 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SBINDIR ?= $(DESTDIR)/sbin
+PREFIX ?= /usr
+SBINDIR ?= /sbin
MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
AUDITH ?= $(shell test -f /usr/include/libaudit.h && echo y)
ABORT_ON_ERRORS=$(shell grep "^\#define ABORT_ON_ERRORS" setfiles.c | awk -S '{ print $$3 }')
@@ -29,14 +28,14 @@
@sed -i "s/ABORT_ON_ERRORS/$(ABORT_ON_ERRORS)/g" setfiles.8.man
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 setfiles $(SBINDIR)
- (cd $(SBINDIR) && ln -sf setfiles restorecon)
- install -m 755 restorecon_xattr $(SBINDIR)
- install -m 644 setfiles.8.man $(MANDIR)/man8/setfiles.8
- install -m 644 restorecon.8 $(MANDIR)/man8/restorecon.8
- install -m 644 restorecon_xattr.8 $(MANDIR)/man8/restorecon_xattr.8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setfiles $(DESTDIR)$(SBINDIR)
+ (cd $(DESTDIR)$(SBINDIR) && ln -sf setfiles restorecon)
+ install -m 755 restorecon_xattr $(DESTDIR)$(SBINDIR)
+ install -m 644 setfiles.8.man $(DESTDIR)$(MANDIR)/man8/setfiles.8
+ install -m 644 restorecon.8 $(DESTDIR)$(MANDIR)/man8/restorecon.8
+ install -m 644 restorecon_xattr.8 $(DESTDIR)$(MANDIR)/man8/restorecon_xattr.8
clean:
rm -f setfiles restorecon restorecon_xattr *.o setfiles.8.man
@@ -45,4 +44,4 @@
../../scripts/Lindent $(wildcard *.[ch])
relabel: install
- $(SBINDIR)/restorecon $(SBINDIR)/setfiles $(SBINDIR)/restorecon_xattr
+ $(DESTDIR)$(SBINDIR)/restorecon $(DESTDIR)$(SBINDIR)/setfiles $(DESTDIR)$(SBINDIR)/restorecon_xattr
diff --git a/policycoreutils/setsebool/Makefile b/policycoreutils/setsebool/Makefile
index bc254da..47bea60 100644
--- a/policycoreutils/setsebool/Makefile
+++ b/policycoreutils/setsebool/Makefile
@@ -1,10 +1,8 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol -lselinux -lsemanage
@@ -17,12 +15,12 @@
setsebool: $(SETSEBOOL_OBJS)
install: all
- -mkdir -p $(SBINDIR)
- install -m 755 setsebool $(SBINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 setsebool.8 $(MANDIR)/man8/
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/setsebool
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 setsebool $(DESTDIR)$(SBINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 setsebool.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/setsebool
relabel:
diff --git a/python/audit2allow/Makefile b/python/audit2allow/Makefile
index 8db8075..513bb2b 100644
--- a/python/audit2allow/Makefile
+++ b/python/audit2allow/Makefile
@@ -1,19 +1,23 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
-INCLUDEDIR ?= $(PREFIX)/include
-LIBSEPOLA ?= $(LIBDIR)/libsepol.a
CFLAGS ?= -Werror -Wall -W
+# If no specific libsepol.a is specified, fall back on LDFLAGS search path
+# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
+# is no need to define a value for LDLIBS_LIBSEPOLA
+ifeq ($(LIBSEPOLA),)
+ LDLIBS_LIBSEPOLA := -l:libsepol.a
+endif
+
all: audit2why sepolgen-ifgen-attr-helper
sepolgen-ifgen-attr-helper: sepolgen-ifgen-attr-helper.o $(LIBSEPOLA)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS_LIBSEPOLA)
audit2why:
ln -sf audit2allow audit2why
@@ -22,14 +26,14 @@
@$(PYTHON) test_audit2allow.py -v
install: all
- -mkdir -p $(BINDIR)
- install -m 755 audit2allow $(BINDIR)
- (cd $(BINDIR); ln -sf audit2allow audit2why)
- install -m 755 sepolgen-ifgen-attr-helper $(BINDIR)
- install -m 755 sepolgen-ifgen $(BINDIR)
- -mkdir -p $(MANDIR)/man1
- install -m 644 audit2allow.1 $(MANDIR)/man1/
- install -m 644 audit2why.1 $(MANDIR)/man1/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 audit2allow $(DESTDIR)$(BINDIR)
+ (cd $(DESTDIR)$(BINDIR); ln -sf audit2allow audit2why)
+ install -m 755 sepolgen-ifgen-attr-helper $(DESTDIR)$(BINDIR)
+ install -m 755 sepolgen-ifgen $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man1
+ install -m 644 audit2allow.1 $(DESTDIR)$(MANDIR)/man1/
+ install -m 644 audit2why.1 $(DESTDIR)$(MANDIR)/man1/
clean:
rm -f *~ *.o sepolgen-ifgen-attr-helper
diff --git a/python/chcat/Makefile b/python/chcat/Makefile
index 0fd12d6..290b9a6 100644
--- a/python/chcat/Makefile
+++ b/python/chcat/Makefile
@@ -1,17 +1,16 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= $(PREFIX)/share/locale
.PHONY: all
all: chcat
install: all
- -mkdir -p $(BINDIR)
- install -m 755 chcat $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 chcat.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 chcat $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 chcat.8 $(DESTDIR)$(MANDIR)/man8/
clean:
diff --git a/python/semanage/Makefile b/python/semanage/Makefile
index 132162b..5fc1998 100644
--- a/python/semanage/Makefile
+++ b/python/semanage/Makefile
@@ -1,13 +1,12 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
MANDIR = $(PREFIX)/share/man
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))")
+PACKAGEDIR ?= $(PYTHONLIBDIR)
+BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
TARGETS=semanage
@@ -16,14 +15,14 @@
all: $(TARGETS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 semanage $(SBINDIR)
- install -m 644 *.8 $(MANDIR)/man8
- test -d $(PACKAGEDIR) || install -m 755 -d $(PACKAGEDIR)
- install -m 755 seobject.py $(PACKAGEDIR)
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/semanage
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 semanage $(DESTDIR)$(SBINDIR)
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ test -d $(DESTDIR)/$(PACKAGEDIR) || install -m 755 -d $(DESTDIR)/$(PACKAGEDIR)
+ install -m 755 seobject.py $(DESTDIR)/$(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage
test:
@$(PYTHON) test-semanage.py -a
diff --git a/python/semanage/semanage-bash-completion.sh b/python/semanage/semanage-bash-completion.sh
index 6b53292..2d811c9 100644
--- a/python/semanage/semanage-bash-completion.sh
+++ b/python/semanage/semanage-bash-completion.sh
@@ -59,7 +59,7 @@
__get_boolean_opts () { echo '$ALL_OPTS --on -off -1 -0' ; }
__get_user_opts () { echo '$ALL_OPTS $MANAGED_OPTS -L --level -r --range -R --role '; }
__get_login_opts () { echo '$ALL_OPTS $MANAGED_OPTS -s --seuser -r --range'; }
-__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t -type -r --range -p --proto'; }
+__get_port_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -r --range -p --proto'; }
__get_interface_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type '; }
__get_node_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -M --mask -p --proto'; }
__get_fcontext_opts () { echo '$ALL_OPTS $MANAGED_OPTS -t --type -e --equal -f --ftype '; }
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 770745e..ac310ea 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -240,21 +240,29 @@
store = None
args = None
- def __init__(self, args):
+ def __init__(self, args = None):
global handle
- self.args = args
- try:
- self.noreload = args.noreload
- except:
- self.noreload = False
- self.sh = self.get_handle(args.store)
+ if args:
+ # legacy code - args was store originally
+ if type(args) == str:
+ self.store = args
+ else:
+ self.args = args
+ self.noreload = getattr(args, "noreload", False)
+ if not self.store:
+ self.store = getattr(args, "store", "")
+
+ self.sh = self.get_handle(self.store)
rc, localstore = selinux.selinux_getpolicytype()
- if args.store == "" or args.store == localstore:
+ if self.store == "" or self.store == localstore:
self.mylog = logger()
else:
self.mylog = nulllogger()
+ def set_reload(self, load):
+ self.noreload = not load
+
def get_handle(self, store):
global is_mls_enabled
@@ -331,7 +339,7 @@
class moduleRecords(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def get_all(self):
@@ -418,11 +426,6 @@
raise ValueError(_("Could not disable module %s") % m)
self.commit()
- def modify(self, file):
- rc = semanage_module_update_file(self.sh, file)
- if rc >= 0:
- self.commit()
-
def delete(self, module, priority):
rc = semanage_set_default_priority(self.sh, priority)
if rc < 0:
@@ -443,7 +446,7 @@
class dontauditClass(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def toggle(self, dontaudit):
@@ -456,7 +459,7 @@
class permissiveRecords(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def get_all(self):
@@ -525,7 +528,7 @@
class loginRecords(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
self.oldsename = None
self.oldserange = None
@@ -782,7 +785,7 @@
class seluserRecords(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def get(self, name):
@@ -1045,7 +1048,7 @@
except RuntimeError:
valid_types = []
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def __genkey(self, port, proto):
@@ -1320,7 +1323,7 @@
except:
valid_types = []
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def __genkey(self, pkey, subnet_prefix):
@@ -1573,7 +1576,7 @@
except:
valid_types = []
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def __genkey(self, ibendport, ibdev_name):
@@ -1809,7 +1812,7 @@
except RuntimeError:
valid_types = []
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
self.protocol = ["ipv4", "ipv6"]
@@ -2045,7 +2048,7 @@
class interfaceRecords(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
def __add(self, interface, serange, ctype):
@@ -2242,7 +2245,7 @@
except RuntimeError:
valid_types = []
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
self.equiv = {}
self.equiv_dist = {}
@@ -2631,7 +2634,7 @@
class booleanRecords(semanageRecords):
- def __init__(self, args):
+ def __init__(self, args = None):
semanageRecords.__init__(self, args)
self.dict = {}
self.dict["TRUE"] = 1
diff --git a/python/sepolgen/src/sepolgen/Makefile b/python/sepolgen/src/sepolgen/Makefile
index d3aa771..c75809a 100644
--- a/python/sepolgen/src/sepolgen/Makefile
+++ b/python/sepolgen/src/sepolgen/Makefile
@@ -1,12 +1,13 @@
+PREFIX ?= /usr
PYTHON ?= python
-PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(1))")
-PACKAGEDIR ?= $(DESTDIR)/$(PYTHONLIBDIR)/sepolgen
+PYTHONLIBDIR ?= $(shell $(PYTHON) -c "from distutils.sysconfig import *; print(get_python_lib(prefix='$(PREFIX)'))")
+PACKAGEDIR ?= /$(PYTHONLIBDIR)/sepolgen
all:
install: all
- -mkdir -p $(PACKAGEDIR)
- install -m 644 *.py $(PACKAGEDIR)
+ -mkdir -p $(DESTDIR)$(PACKAGEDIR)
+ install -m 644 *.py $(DESTDIR)$(PACKAGEDIR)
clean:
rm -f parser.out parsetab.py
diff --git a/python/sepolgen/src/sepolgen/policygen.py b/python/sepolgen/src/sepolgen/policygen.py
index 34c8401..ee664fb 100644
--- a/python/sepolgen/src/sepolgen/policygen.py
+++ b/python/sepolgen/src/sepolgen/policygen.py
@@ -77,7 +77,7 @@
self.explain = NO_EXPLANATION
self.gen_requires = False
if module:
- self.moduel = module
+ self.module = module
else:
self.module = refpolicy.Module()
diff --git a/python/sepolgen/src/share/Makefile b/python/sepolgen/src/share/Makefile
index abf5e45..1a7133c 100644
--- a/python/sepolgen/src/share/Makefile
+++ b/python/sepolgen/src/share/Makefile
@@ -1,10 +1,10 @@
-SHAREDIR ?= $(DESTDIR)/var/lib/sepolgen
+SHAREDIR ?= /var/lib/sepolgen
all:
install: all
- -mkdir -p $(SHAREDIR)
- install -m 644 perm_map $(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 644 perm_map $(DESTDIR)$(SHAREDIR)
clean:
- rm -f *~
\ No newline at end of file
+ rm -f *~
diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile
index 5a56e6c..fb8a132 100644
--- a/python/sepolicy/Makefile
+++ b/python/sepolicy/Makefile
@@ -1,14 +1,10 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-DATADIR ?= $(PREFIX)/share
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
-BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
-SHAREDIR ?= $(PREFIX)/share/sandbox
+BASHCOMPLETIONDIR ?= $(PREFIX)/share/bash-completion/completions
CFLAGS ?= -Wall -Werror -Wextra -W
override CFLAGS += -DPACKAGE="policycoreutils" -DSHARED -shared
@@ -30,13 +26,13 @@
@$(PYTHON) test_sepolicy.py -v
install:
- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
- [ -d $(BINDIR) ] || mkdir -p $(BINDIR)
- install -m 755 sepolicy.py $(BINDIR)/sepolicy
- (cd $(BINDIR); ln -sf sepolicy sepolgen)
- -mkdir -p $(MANDIR)/man8
- install -m 644 *.8 $(MANDIR)/man8
- -mkdir -p $(BASHCOMPLETIONDIR)
- install -m 644 $(BASHCOMPLETIONS) $(BASHCOMPLETIONDIR)/sepolicy
+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
+ [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy
+ (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 *.8 $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR)
+ install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/sepolicy
relabel:
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index d68f96e..f814e27 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -105,12 +105,12 @@
p['type'] == "port_t" or \
p['type'] == "hi_reserved_port_t":
continue
- dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p['range'])
+ dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
return dict
def get_all_users():
- users = map(lambda x: x['name'], sepolicy.info(sepolicy.USER))
+ users = [x['name'] for x in sepolicy.info(sepolicy.USER)]
users.remove("system_u")
users.remove("root")
users.sort()
@@ -191,14 +191,14 @@
temp.append(p)
return temp
except ValueError:
- raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d " % max_port))
+ raise ValueError(_("Ports must be numbers or ranges of numbers from 1 to %d ") % max_port)
class policy:
def __init__(self, name, type):
self.rpms = []
- self.ports = []
+ self.ports = {}
self.all_roles = get_all_roles()
self.types = []
@@ -459,25 +459,25 @@
self.out_udp = [all, False, False, verify_ports(ports)]
def set_use_resolve(self, val):
- if not isinstance(val, types.BooleanType):
+ if type(val) is not bool:
raise ValueError(_("use_resolve must be a boolean value "))
self.use_resolve = val
def set_use_syslog(self, val):
- if not isinstance(val, types.BooleanType):
+ if type(val) is not bool:
raise ValueError(_("use_syslog must be a boolean value "))
self.use_syslog = val
def set_use_kerberos(self, val):
- if not isinstance(val, types.BooleanType):
+ if type(val) is not bool:
raise ValueError(_("use_kerberos must be a boolean value "))
self.use_kerberos = val
def set_manage_krb5_rcache(self, val):
- if not isinstance(val, types.BooleanType):
+ if type(val) is not bool:
raise ValueError(_("manage_krb5_rcache must be a boolean value "))
self.manage_krb5_rcache = val
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 6562aa8..537d516 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -500,7 +500,7 @@
self.all_domains.sort(key=str.lower)
if app and app not in self.all_domains:
- self.error(_("%s is not a valid domain" % app))
+ self.error(_("%s is not a valid domain") % app)
self.quit()
loading_gui.show()
@@ -1056,21 +1056,21 @@
self.application_files_initialize(app)
self.transitions_files_initialize(app)
- self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain." % app))
- self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write." % app))
- self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect." % app))
- self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen." % app))
- self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'." % app))
- self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'." % app))
- self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'." % app))
- self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to." % app))
- self.transitions_into_tab.set_label(_("Application Transitions Into '%s'" % app))
- self.transitions_from_tab.set_label(_("Application Transitions From '%s'" % app))
- self.transitions_file_tab.set_label(_("File Transitions From '%s'" % app))
+ self.executable_files_tab.set_tooltip_text(_("File path used to enter the '%s' domain.") % app)
+ self.writable_files_tab.set_tooltip_text(_("Files to which the '%s' domain can write.") % app)
+ self.network_out_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to connect.") % app)
+ self.network_in_tab.set_tooltip_text(_("Network Ports to which the '%s' is allowed to listen.") % app)
+ self.application_files_tab.set_tooltip_text(_("File Types defined for the '%s'.") % app)
+ self.boolean_radio_button.set_tooltip_text(_("Display boolean information that can be used to modify the policy for the '%s'.") % app)
+ self.files_radio_button.set_tooltip_text(_("Display file type information that can be used by the '%s'.") % app)
+ self.network_radio_button.set_tooltip_text(_("Display network ports to which the '%s' can connect or listen to.") % app)
+ self.transitions_into_tab.set_label(_("Application Transitions Into '%s'") % app)
+ self.transitions_from_tab.set_label(_("Application Transitions From '%s'") % app)
+ self.transitions_file_tab.set_label(_("File Transitions From '%s'") % app)
self.transitions_into_tab.set_tooltip_text(_("Executables which will transition to '%s', when executing selected domains entrypoint.") % app)
self.transitions_from_tab.set_tooltip_text(_("Executables which will transition to a different domain, when '%s' executes them.") % app)
- self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label." % app))
- self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'." % app))
+ self.transitions_file_tab.set_tooltip_text(_("Files by '%s' with transitions to a different label.") % app)
+ self.transitions_radio_button.set_tooltip_text(_("Display applications that can transition into or out of the '%s'.") % app)
self.application = app
self.applications_selection_button.set_label(self.application)
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
index c64122e..18374dc 100644
--- a/python/sepolicy/sepolicy/interface.py
+++ b/python/sepolicy/sepolicy/interface.py
@@ -220,7 +220,7 @@
idict = get_interface_dict(path)
if not (interface.split("_")[0] in exclude_interfaces or idict[interface][2] in exclude_interface_type):
- print(_("Compiling %s interface" % interface))
+ print(_("Compiling %s interface") % interface)
try:
fd = open(policy_files['te'], "w")
fd.write(generate_compile_te(interface, idict))
@@ -237,4 +237,4 @@
os.remove(v)
else:
- sys.stderr.write(_("\nCompiling of %s interface is not supported." % interface))
+ sys.stderr.write(_("\nCompiling of %s interface is not supported.") % interface)
diff --git a/restorecond/Makefile b/restorecond/Makefile
index ada94ae..25be18d 100644
--- a/restorecond/Makefile
+++ b/restorecond/Makefile
@@ -1,13 +1,12 @@
PKG_CONFIG ?= pkg-config
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
SBINDIR ?= $(PREFIX)/sbin
-LIBDIR ?= $(PREFIX)/lib
MANDIR = $(PREFIX)/share/man
-AUTOSTARTDIR = $(DESTDIR)/etc/xdg/autostart
-DBUSSERVICEDIR = $(DESTDIR)/usr/share/dbus-1/services
-SYSTEMDDIR ?= $(DESTDIR)/usr/lib/systemd
+AUTOSTARTDIR = /etc/xdg/autostart
+DBUSSERVICEDIR = $(PREFIX)/share/dbus-1/services
+SYSTEMDDIR ?= $(PREFIX)/lib/systemd
autostart_DATA = sealertauto.desktop
INITDIR ?= $(DESTDIR)/etc/rc.d/init.d
@@ -39,23 +38,23 @@
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
install: all
- [ -d $(MANDIR)/man8 ] || mkdir -p $(MANDIR)/man8
- -mkdir -p $(SBINDIR)
- install -m 755 restorecond $(SBINDIR)
- install -m 644 restorecond.8 $(MANDIR)/man8
+ [ -d $(DESTDIR)$(MANDIR)/man8 ] || mkdir -p $(DESTDIR)$(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 755 restorecond $(DESTDIR)$(SBINDIR)
+ install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8
-mkdir -p $(INITDIR)
install -m 755 restorecond.init $(INITDIR)/restorecond
-mkdir -p $(SELINUXDIR)
install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf
install -m 644 restorecond_user.conf $(SELINUXDIR)/restorecond_user.conf
- -mkdir -p $(AUTOSTARTDIR)
- install -m 644 restorecond.desktop $(AUTOSTARTDIR)/restorecond.desktop
- -mkdir -p $(DBUSSERVICEDIR)
- install -m 600 org.selinux.Restorecond.service $(DBUSSERVICEDIR)/org.selinux.Restorecond.service
- -mkdir -p $(SYSTEMDDIR)/system
- install -m 644 restorecond.service $(SYSTEMDDIR)/system/
+ -mkdir -p $(DESTDIR)$(AUTOSTARTDIR)
+ install -m 644 restorecond.desktop $(DESTDIR)$(AUTOSTARTDIR)/restorecond.desktop
+ -mkdir -p $(DESTDIR)$(DBUSSERVICEDIR)
+ install -m 600 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
+ -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
+ install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
relabel: install
- /sbin/restorecon $(SBINDIR)/restorecond
+ /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
clean:
-rm -f restorecond *.o *~
diff --git a/sandbox/Makefile b/sandbox/Makefile
index 05c3d65..49c1d3f 100644
--- a/sandbox/Makefile
+++ b/sandbox/Makefile
@@ -1,13 +1,11 @@
PYTHON ?= python
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-SYSCONFDIR ?= $(DESTDIR)/etc/sysconfig
-LIBDIR ?= $(PREFIX)/lib
+PREFIX ?= /usr
+SYSCONFDIR ?= /etc/sysconfig
BINDIR ?= $(PREFIX)/bin
SBINDIR ?= $(PREFIX)/sbin
MANDIR ?= $(PREFIX)/share/man
-LOCALEDIR ?= /usr/share/locale
SHAREDIR ?= $(PREFIX)/share/sandbox
override CFLAGS += -DPACKAGE="\"policycoreutils\"" -Wall -Werror -Wextra -W
override LDLIBS += -lselinux -lcap-ng
@@ -18,20 +16,20 @@
seunshare: $(SEUNSHARE_OBJS)
install: all
- -mkdir -p $(BINDIR)
- install -m 755 sandbox $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 644 sandbox.8 $(MANDIR)/man8/
- install -m 644 seunshare.8 $(MANDIR)/man8/
- -mkdir -p $(MANDIR)/man5
- install -m 644 sandbox.5 $(MANDIR)/man5/
- -mkdir -p $(SBINDIR)
- install -m 4755 seunshare $(SBINDIR)/
- -mkdir -p $(SHAREDIR)
- install -m 755 sandboxX.sh $(SHAREDIR)
- install -m 755 start $(SHAREDIR)
- -mkdir -p $(SYSCONFDIR)
- install -m 644 sandbox.conf $(SYSCONFDIR)/sandbox
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 sandbox $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 644 sandbox.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 seunshare.8 $(DESTDIR)$(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(MANDIR)/man5
+ install -m 644 sandbox.5 $(DESTDIR)$(MANDIR)/man5/
+ -mkdir -p $(DESTDIR)$(SBINDIR)
+ install -m 4755 seunshare $(DESTDIR)$(SBINDIR)/
+ -mkdir -p $(DESTDIR)$(SHAREDIR)
+ install -m 755 sandboxX.sh $(DESTDIR)$(SHAREDIR)
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
test:
@$(PYTHON) test_sandbox.py -v
diff --git a/secilc/Makefile b/secilc/Makefile
index 1cac53e..dfd79ce 100644
--- a/secilc/Makefile
+++ b/secilc/Makefile
@@ -1,8 +1,6 @@
-PREFIX ?= $(DESTDIR)/usr
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
-INCLUDEDIR ?= $(PREFIX)/include
SECILC = secilc
SECILC_SRCS := secilc.c
@@ -41,12 +39,12 @@
$(XMLTO) man $(SECIL2CONF_MANPAGE).xml
install: all man
- -mkdir -p $(BINDIR)
- -mkdir -p $(MANDIR)/man8
- install -m 755 $(SECILC) $(BINDIR)
- install -m 755 $(SECIL2CONF) $(BINDIR)
- install -m 644 $(SECILC_MANPAGE) $(MANDIR)/man8
- install -m 644 $(SECIL2CONF_MANPAGE) $(MANDIR)/man8
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+ install -m 755 $(SECILC) $(DESTDIR)$(BINDIR)
+ install -m 755 $(SECIL2CONF) $(DESTDIR)$(BINDIR)
+ install -m 644 $(SECILC_MANPAGE) $(DESTDIR)$(MANDIR)/man8
+ install -m 644 $(SECIL2CONF_MANPAGE) $(DESTDIR)$(MANDIR)/man8
doc:
$(MAKE) -C docs
diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile
index c0fa6b7..6b07ce7 100644
--- a/secilc/docs/Makefile
+++ b/secilc/docs/Makefile
@@ -31,6 +31,12 @@
PDF_OUT=CIL_Reference_Guide.pdf
HTML_OUT=CIL_Reference_Guide.html
PANDOC = pandoc
+SED ?= sed
+
+OS := $(shell uname)
+ifeq ($(OS), Darwin)
+ SED := gsed
+endif
all: html pdf
@@ -40,12 +46,12 @@
$(TMPDIR)/%.md: %.md | $(TMPDIR)
cp -f $< $(TMPDIR)/
@# Substitute markdown links for conversion into PDF links
- sed -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
+ $(SED) -i -re 's:(\[`[^`]*`\])\([^#]*([^\)]):\1\(\2:g' $@
$(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil
cp -f $< $@
@# add a title for the TOC to policy.cil. This is needed to play nicely with the PDF conversion.
- sed -i '1i Example Policy\n=========\n```' $@
+ $(SED) -i '1i Example Policy\n=========\n```' $@
echo '```' >> $@
html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil
diff --git a/secilc/docs/cil_network_labeling_statements.md b/secilc/docs/cil_network_labeling_statements.md
index b06dbcc..49a836c 100644
--- a/secilc/docs/cil_network_labeling_statements.md
+++ b/secilc/docs/cil_network_labeling_statements.md
@@ -155,7 +155,7 @@
portcon
-------
-Label a udp, tcp or dccp port.
+Label a udp, tcp, dccp or sctp port.
**Statement definition:**
@@ -175,7 +175,7 @@
</tr>
<tr class="even">
<td align="left"><p><code>protocol</code></p></td>
-<td align="left"><p>The protocol keyword <code>tcp</code>, <code>udp</code> or <code>dccp</code>.</p></td>
+<td align="left"><p>The protocol keyword <code>tcp</code>, <code>udp</code>, <code>dccp</code> or <code>sctp</code>.</p></td>
</tr>
<tr class="odd">
<td align="left"><p><code>port |</code></p>
@@ -200,3 +200,4 @@
(portcon udp 4444 (unconfined.user object_r unconfined.object ((s0) level_2)))
(portcon tcp (2000 20000) (unconfined.user object_r unconfined.object (systemlow level_3)))
(portcon dccp (6840 6880) (unconfined.user object_r unconfined.object ((s0) level_2)))
+ (portcon sctp (1024 1035) (unconfined.user object_r unconfined.object ((s0) level_2)))
diff --git a/secilc/secilc.8.xml b/secilc/secilc.8.xml
index 4c779b6..e08a962 100644
--- a/secilc/secilc.8.xml
+++ b/secilc/secilc.8.xml
@@ -76,6 +76,11 @@
</varlistentry>
<varlistentry>
+ <term><option>-m, --multiple-decls</option></term>
+ <listitem><para>Allow some statements to be re-declared.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>-N, --disable-neverallow</option></term>
<listitem><para>Do not check <emphasis role="bold">neverallow</emphasis> rules.</para></listitem>
</varlistentry>
diff --git a/secilc/test/policy.cil b/secilc/test/policy.cil
index 4c37ecc..02f4f88 100644
--- a/secilc/test/policy.cil
+++ b/secilc/test/policy.cil
@@ -271,6 +271,7 @@
(portcon udp 25 system_u_bin_t_l2h)
(portcon tcp 22 system_u_bin_t_l2h)
(portcon dccp (2048 2096) system_u_bin_t_l2h)
+ (portcon sctp (1024 1035) system_u_bin_t_l2h)
(genfscon - "/usr/bin" system_u_bin_t_l2h)
(netifcon eth0 system_u_bin_t_l2h system_u_bin_t_l2h) ;different contexts?
(fsuse xattr ext3 system_u_bin_t_l2h)
diff --git a/semodule-utils/semodule_expand/Makefile b/semodule-utils/semodule_expand/Makefile
index 072f213..f1a1c8f 100644
--- a/semodule-utils/semodule_expand/Makefile
+++ b/semodule-utils/semodule_expand/Makefile
@@ -1,8 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
@@ -13,10 +11,10 @@
semodule_expand: semodule_expand.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_expand $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_expand.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_expand $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_expand.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/semodule-utils/semodule_link/Makefile b/semodule-utils/semodule_link/Makefile
index cc4687b..692cb02 100644
--- a/semodule-utils/semodule_link/Makefile
+++ b/semodule-utils/semodule_link/Makefile
@@ -1,9 +1,7 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
-LIBDIR ?= $(PREFIX)/lib
CFLAGS ?= -Werror -Wall -W
override LDLIBS += -lsepol
@@ -13,10 +11,10 @@
semodule_link: semodule_link.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_link $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_link.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_link $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_link.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/semodule-utils/semodule_package/Makefile b/semodule-utils/semodule_package/Makefile
index 96dd7c4..da17026 100644
--- a/semodule-utils/semodule_package/Makefile
+++ b/semodule-utils/semodule_package/Makefile
@@ -1,8 +1,6 @@
# Installation directories.
-PREFIX ?= $(DESTDIR)/usr
-INCLUDEDIR ?= $(PREFIX)/include
+PREFIX ?= /usr
BINDIR ?= $(PREFIX)/bin
-LIBDIR ?= $(PREFIX)/lib
MANDIR ?= $(PREFIX)/share/man
CFLAGS ?= -Werror -Wall -W
@@ -13,12 +11,12 @@
semodule_package: semodule_package.o
install: all
- -mkdir -p $(BINDIR)
- install -m 755 semodule_package $(BINDIR)
- install -m 755 semodule_unpackage $(BINDIR)
- test -d $(MANDIR)/man8 || install -m 755 -d $(MANDIR)/man8
- install -m 644 semodule_package.8 $(MANDIR)/man8/
- install -m 644 semodule_unpackage.8 $(MANDIR)/man8/
+ -mkdir -p $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_package $(DESTDIR)$(BINDIR)
+ install -m 755 semodule_unpackage $(DESTDIR)$(BINDIR)
+ test -d $(DESTDIR)$(MANDIR)/man8 || install -m 755 -d $(DESTDIR)$(MANDIR)/man8
+ install -m 644 semodule_package.8 $(DESTDIR)$(MANDIR)/man8/
+ install -m 644 semodule_unpackage.8 $(DESTDIR)$(MANDIR)/man8/
relabel:
diff --git a/semodule-utils/semodule_package/semodule_unpackage.8 b/semodule-utils/semodule_package/semodule_unpackage.8
index d6e1be0..5c92bf5 100644
--- a/semodule-utils/semodule_package/semodule_unpackage.8
+++ b/semodule-utils/semodule_package/semodule_unpackage.8
@@ -1,14 +1,14 @@
.TH SEMODULE_PACKAGE "8" "Nov 2005" "Security Enhanced Linux" NSA
.SH NAME
-semodule_unpackage \- Extract policy module and file context file from an SELinux policy module unpackage.
+semodule_unpackage \- Extract policy module and file context file from an SELinux policy module package.
.SH SYNOPSIS
-.B semodule_unpackage <module> [<file contexts>]
+.B semodule_unpackage ppfile modfile [fcfile]
.br
.SH DESCRIPTION
.PP
-semodule_unpackage is the tool used to extract the SELinux policy module
- and file context file from an SELinux Policy Package.
+semodule_unpackage is a tool used to extract SELinux policy module
+file and file context file from an SELinux Policy Package.
.SH EXAMPLE
.nf
