diff --git a/.gitignore b/.gitignore
index cf49f0f..57456b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,14 +1,13 @@
SOURCES/gui-po.tgz
-SOURCES/policycoreutils-2.8.tar.gz
+SOURCES/policycoreutils-2.9.tar.gz
SOURCES/policycoreutils-po.tgz
-SOURCES/policycoreutils_man_ru2.tar.bz2
SOURCES/python-po.tgz
-SOURCES/restorecond-2.8.tar.gz
+SOURCES/restorecond-2.9.tar.gz
SOURCES/sandbox-po.tgz
-SOURCES/selinux-dbus-2.8.tar.gz
-SOURCES/selinux-gui-2.8.tar.gz
-SOURCES/selinux-python-2.8.tar.gz
-SOURCES/selinux-sandbox-2.8.tar.gz
-SOURCES/semodule-utils-2.8.tar.gz
+SOURCES/selinux-dbus-2.9.tar.gz
+SOURCES/selinux-gui-2.9.tar.gz
+SOURCES/selinux-python-2.9.tar.gz
+SOURCES/selinux-sandbox-2.9.tar.gz
+SOURCES/semodule-utils-2.9.tar.gz
SOURCES/sepolicy-icons.tgz
SOURCES/system-config-selinux.png
diff --git a/.policycoreutils.metadata b/.policycoreutils.metadata
index 81ecb45..e3c572c 100644
--- a/.policycoreutils.metadata
+++ b/.policycoreutils.metadata
@@ -1,14 +1,13 @@
-b65686d84acd60d522c8721d38f938a75e25a4cc SOURCES/gui-po.tgz
-fed6a10a3205f8dbc12fd1ae40821e7f7b1d92b0 SOURCES/policycoreutils-2.8.tar.gz
-7288a10d135a7b1d72e4fdb1a7d757b56ec33975 SOURCES/policycoreutils-po.tgz
-be6e4cb77bb89b98ecb246f03780389b30646198 SOURCES/policycoreutils_man_ru2.tar.bz2
-ea880063f39c78e6d1c8262392a16493b3f20a04 SOURCES/python-po.tgz
-3b73350c485a5a9d2a1a133c8b6b180f6a792b37 SOURCES/restorecond-2.8.tar.gz
-14c9fff2633cf4a73e37909a8c3be08e323b61a8 SOURCES/sandbox-po.tgz
-20b0df570e1a83946068652eb6ebda07e9d58795 SOURCES/selinux-dbus-2.8.tar.gz
-4ea6ec0827feafe752d8af30db256fe25eff757e SOURCES/selinux-gui-2.8.tar.gz
-977e0f569970cb243851381b6fbe9efad60eeee4 SOURCES/selinux-python-2.8.tar.gz
-f782ccff747552ea0baec1cd4e8f4a2ae12a7488 SOURCES/selinux-sandbox-2.8.tar.gz
-62cc0f1d4a6f61260d5ec5015d31d12b44aa522b SOURCES/semodule-utils-2.8.tar.gz
+1774f04937a737c415273ee118b0d295e01864f3 SOURCES/gui-po.tgz
+6e64d9a38fb516738023eb429eef29af5383f443 SOURCES/policycoreutils-2.9.tar.gz
+136d495d4ad657aab34727edad0de2fc6a3c6553 SOURCES/policycoreutils-po.tgz
+2218891a934c10bea73fd017a8aa5ce9417a78c4 SOURCES/python-po.tgz
+0a34ef54394972870203832c8ce52d4405bd5330 SOURCES/restorecond-2.9.tar.gz
+36c396e7151f3f6d55cbf4983d3d73a79be41899 SOURCES/sandbox-po.tgz
+8645509cdfc433278c2e4d29ee8f511625c7edcc SOURCES/selinux-dbus-2.9.tar.gz
+5c155ae47692389d9fabaa154195e7f978f2a3f0 SOURCES/selinux-gui-2.9.tar.gz
+660e1ab824ef80f7a69f0b70f61e231957fd398e SOURCES/selinux-python-2.9.tar.gz
+0e208cad193021ad17a445b76b72af3fef8db999 SOURCES/selinux-sandbox-2.9.tar.gz
+a4414223e60bb664ada4824e54f8d36ab208d599 SOURCES/semodule-utils-2.9.tar.gz
d849fa76cc3ef4a26047d8a69fef3a55d2f3097f SOURCES/sepolicy-icons.tgz
611a5d497efaddd45ec0dcc3e9b2e5b0f81ebc41 SOURCES/system-config-selinux.png
diff --git a/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
new file mode 100644
index 0000000..61dfcc7
--- /dev/null
+++ b/SOURCES/0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
@@ -0,0 +1,43 @@
+From c778509dd0ed3b184d720032f31971f975e42973 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 5 Mar 2019 17:38:55 +0100
+Subject: [PATCH 01/20] gui: Install polgengui.py to /usr/bin/selinux-polgengui
+
+polgengui.py is a standalone gui tool which should be in /usr/bin with other
+tools.
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ gui/Makefile | 2 +-
+ gui/modulesPage.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gui/Makefile b/gui/Makefile
+index c2f982de..b2375fbf 100644
+--- a/gui/Makefile
++++ b/gui/Makefile
+@@ -31,7 +31,7 @@ install: all
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
+ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+- install -m 755 polgengui.py $(DESTDIR)$(SHAREDIR)
++ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
+ install -m 644 $(TARGETS) $(DESTDIR)$(SHAREDIR)
+ install -m 644 system-config-selinux.8 $(DESTDIR)$(MANDIR)/man8
+ install -m 644 selinux-polgengui.8 $(DESTDIR)$(MANDIR)/man8
+diff --git a/gui/modulesPage.py b/gui/modulesPage.py
+index 34c5d9e3..cb856b2d 100644
+--- a/gui/modulesPage.py
++++ b/gui/modulesPage.py
+@@ -118,7 +118,7 @@ class modulesPage(semanagePage):
+
+ def new_module(self, args):
+ try:
+- Popen(["/usr/share/system-config-selinux/polgengui.py"])
++ Popen(["selinux-polgengui"])
+ except ValueError as e:
+ self.error(e.args[0])
+
+--
+2.21.0
+
diff --git a/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch
new file mode 100644
index 0000000..84eeb22
--- /dev/null
+++ b/SOURCES/0002-gui-Install-.desktop-files-to-usr-share-applications.patch
@@ -0,0 +1,49 @@
+From 04b632e6de14ec0336e14988bf4c2bd581f7308e Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 5 Mar 2019 17:25:00 +0100
+Subject: [PATCH 02/20] gui: Install .desktop files to /usr/share/applications
+ by default
+
+/usr/share/applications is a standard directory for .desktop files.
+Installation path can be changed using DESKTOPDIR variable in installation
+phase, e.g.
+
+make DESKTOPDIR=/usr/local/share/applications install
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ gui/Makefile | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/gui/Makefile b/gui/Makefile
+index b2375fbf..ca965c94 100644
+--- a/gui/Makefile
++++ b/gui/Makefile
+@@ -5,6 +5,7 @@ BINDIR ?= $(PREFIX)/bin
+ SHAREDIR ?= $(PREFIX)/share/system-config-selinux
+ DATADIR ?= $(PREFIX)/share
+ MANDIR ?= $(PREFIX)/share/man
++DESKTOPDIR ?= $(PREFIX)/share/applications
+
+ TARGETS= \
+ booleansPage.py \
+@@ -29,6 +30,7 @@ install: all
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ -mkdir -p $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ -mkdir -p $(DESTDIR)$(DATADIR)/polkit-1/actions/
++ -mkdir -p $(DESTDIR)$(DESKTOPDIR)
+ install -m 755 system-config-selinux.py $(DESTDIR)$(SHAREDIR)
+ install -m 755 system-config-selinux $(DESTDIR)$(BINDIR)
+ install -m 755 polgengui.py $(DESTDIR)$(BINDIR)/selinux-polgengui
+@@ -44,7 +46,7 @@ install: all
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/icons/hicolor/24x24/apps
+ install -m 644 system-config-selinux.png $(DESTDIR)$(DATADIR)/system-config-selinux
+- install -m 644 *.desktop $(DESTDIR)$(DATADIR)/system-config-selinux
++ install -m 644 *.desktop $(DESTDIR)$(DESKTOPDIR)
+ -mkdir -p $(DESTDIR)$(DATADIR)/pixmaps
+ install -m 644 sepolicy_256.png $(DESTDIR)$(DATADIR)/pixmaps/sepolicy.png
+ for i in 16 22 32 48 256; do \
+--
+2.21.0
+
diff --git a/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
new file mode 100644
index 0000000..deed0f4
--- /dev/null
+++ b/SOURCES/0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
@@ -0,0 +1,26 @@
+From 52e0583f6adfe70825b009b626e19c290b49763a Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 20 Aug 2015 12:58:41 +0200
+Subject: [PATCH 03/20] sandbox: add -reset to Xephyr as it works better with
+ it in recent Fedoras
+
+---
+ sandbox/sandboxX.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
+index eaa500d0..47745280 100644
+--- a/sandbox/sandboxX.sh
++++ b/sandbox/sandboxX.sh
+@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
+ </openbox_config>
+ EOF
+
+-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
++(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
+ cat > ~/seremote << __EOF
+ #!/bin/sh
+--
+2.21.0
+
diff --git a/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
new file mode 100644
index 0000000..72c1043
--- /dev/null
+++ b/SOURCES/0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
@@ -0,0 +1,46 @@
+From 7504614fdd7dcf11b3a7568ca9b4b921973531dd Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Mon, 21 Apr 2014 13:54:40 -0400
+Subject: [PATCH 04/20] Fix STANDARD_FILE_CONTEXT section in man pages
+
+Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
+---
+ python/sepolicy/sepolicy/manpage.py | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 1d367962..24e311a3 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -735,10 +735,13 @@ Default Defined Ports:""")
+
+ def _file_context(self):
+ flist = []
++ flist_non_exec = []
+ mpaths = []
+ for f in self.all_file_types:
+ if f.startswith(self.domainname):
+ flist.append(f)
++ if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
++ flist_non_exec.append(f)
+ if f in self.fcdict:
+ mpaths = mpaths + self.fcdict[f]["regex"]
+ if len(mpaths) == 0:
+@@ -797,12 +800,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ SELinux defines the file context types for the %(domainname)s, if you wanted to
+ store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
+
+-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
++.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
+ .br
+ .B restorecon -R -v /srv/my%(domainname)s_content
+
+ Note: SELinux often uses regular expressions to specify labels that match multiple files.
+-""" % {'domainname': self.domainname, "type": flist[0]})
++""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
+
+ self.fd.write(r"""
+ .I The following file types are defined for %(domainname)s:
+--
+2.21.0
+
diff --git a/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
new file mode 100644
index 0000000..da1c1a2
--- /dev/null
+++ b/SOURCES/0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
@@ -0,0 +1,27 @@
+From 9847a26b7f8358432ee4c7019efb3cbad0c162b0 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Mon, 12 May 2014 14:11:22 +0200
+Subject: [PATCH 05/20] If there is no executable we don't want to print a part
+ of STANDARD FILE CONTEXT
+
+---
+ python/sepolicy/sepolicy/manpage.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 24e311a3..46092be0 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -793,7 +793,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
+ .PP
+ """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
+
+- self.fd.write(r"""
++ if flist_non_exec:
++ self.fd.write(r"""
+ .PP
+ .B STANDARD FILE CONTEXT
+
+--
+2.21.0
+
diff --git a/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
new file mode 100644
index 0000000..a2a2dd9
--- /dev/null
+++ b/SOURCES/0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
@@ -0,0 +1,169 @@
+From b2993d464e05291020dbf60fc2948ac152eb0003 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Thu, 19 Feb 2015 17:45:15 +0100
+Subject: [PATCH 06/20] Simplication of sepolicy-manpage web functionality.
+ system_release is no longer hardcoded and it creates only index.html and html
+ man pages in the directory for the system release.
+
+---
+ python/sepolicy/sepolicy/__init__.py | 25 +++--------
+ python/sepolicy/sepolicy/manpage.py | 65 +++-------------------------
+ 2 files changed, 13 insertions(+), 77 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
+index 6aed31bd..88a2b8f6 100644
+--- a/python/sepolicy/sepolicy/__init__.py
++++ b/python/sepolicy/sepolicy/__init__.py
+@@ -1209,27 +1209,14 @@ def boolean_desc(boolean):
+
+
+ def get_os_version():
+- os_version = ""
+- pkg_name = "selinux-policy"
++ system_release = ""
+ try:
+- try:
+- from commands import getstatusoutput
+- except ImportError:
+- from subprocess import getstatusoutput
+- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
+- if rc == 0:
+- os_version = output.split(".")[-2]
+- except:
+- os_version = ""
+-
+- if os_version[0:2] == "fc":
+- os_version = "Fedora" + os_version[2:]
+- elif os_version[0:2] == "el":
+- os_version = "RHEL" + os_version[2:]
+- else:
+- os_version = ""
++ with open('/etc/system-release') as f:
++ system_release = f.readline()
++ except IOError:
++ system_release = "Misc"
+
+- return os_version
++ return system_release
+
+
+ def reinit():
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index 46092be0..d60acfaf 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -149,10 +149,6 @@ def prettyprint(f, trim):
+ manpage_domains = []
+ manpage_roles = []
+
+-fedora_releases = ["Fedora17", "Fedora18"]
+-rhel_releases = ["RHEL6", "RHEL7"]
+-
+-
+ def get_alphabet_manpages(manpage_list):
+ alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
+ for i in string.ascii_letters:
+@@ -182,7 +178,7 @@ def convert_manpage_to_html(html_manpage, manpage):
+ class HTMLManPages:
+
+ """
+- Generate a HHTML Manpages on an given SELinux domains
++ Generate a HTML Manpages on an given SELinux domains
+ """
+
+ def __init__(self, manpage_roles, manpage_domains, path, os_version):
+@@ -190,9 +186,9 @@ class HTMLManPages:
+ self.manpage_domains = get_alphabet_manpages(manpage_domains)
+ self.os_version = os_version
+ self.old_path = path + "/"
+- self.new_path = self.old_path + self.os_version + "/"
++ self.new_path = self.old_path
+
+- if self.os_version in fedora_releases or self.os_version in rhel_releases:
++ if self.os_version:
+ self.__gen_html_manpages()
+ else:
+ print("SELinux HTML man pages can not be generated for this %s" % os_version)
+@@ -201,7 +197,6 @@ class HTMLManPages:
+ def __gen_html_manpages(self):
+ self._write_html_manpage()
+ self._gen_index()
+- self._gen_body()
+ self._gen_css()
+
+ def _write_html_manpage(self):
+@@ -219,67 +214,21 @@ class HTMLManPages:
+ convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
+
+ def _gen_index(self):
+- index = self.old_path + "index.html"
+- fd = open(index, 'w')
+- fd.write("""
+-<html>
+-<head>
+- <link rel=stylesheet type="text/css" href="style.css" title="style">
+- <title>SELinux man pages online</title>
+-</head>
+-<body>
+-<h1>SELinux man pages</h1>
+-<br></br>
+-Fedora or Red Hat Enterprise Linux Man Pages.</h2>
+-<br></br>
+-<hr>
+-<h3>Fedora</h3>
+-<table><tr>
+-<td valign="middle">
+-</td>
+-</tr></table>
+-<pre>
+-""")
+- for f in fedora_releases:
+- fd.write("""
+-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
+-
+- fd.write("""
+-</pre>
+-<hr>
+-<h3>RHEL</h3>
+-<table><tr>
+-<td valign="middle">
+-</td>
+-</tr></table>
+-<pre>
+-""")
+- for r in rhel_releases:
+- fd.write("""
+-<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
+-
+- fd.write("""
+-</pre>
+- """)
+- fd.close()
+- print("%s has been created" % index)
+-
+- def _gen_body(self):
+ html = self.new_path + self.os_version + ".html"
+ fd = open(html, 'w')
+ fd.write("""
+ <html>
+ <head>
+- <link rel=stylesheet type="text/css" href="../style.css" title="style">
+- <title>Linux man-pages online for Fedora18</title>
++ <link rel=stylesheet type="text/css" href="style.css" title="style">
++ <title>SELinux man pages online</title>
+ </head>
+ <body>
+-<h1>SELinux man pages for Fedora18</h1>
++<h1>SELinux man pages for %s</h1>
+ <hr>
+ <table><tr>
+ <td valign="middle">
+ <h3>SELinux roles</h3>
+-""")
++""" % self.os_version)
+ for letter in self.manpage_roles:
+ if len(self.manpage_roles[letter]):
+ fd.write("""
+--
+2.21.0
+
diff --git a/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
new file mode 100644
index 0000000..9680bf2
--- /dev/null
+++ b/SOURCES/0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
@@ -0,0 +1,26 @@
+From bfcb599d9424ef6ffcd250931c89675b451edd00 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 20 Feb 2015 16:42:01 +0100
+Subject: [PATCH 07/20] We want to remove the trailing newline for
+ /etc/system_release.
+
+---
+ python/sepolicy/sepolicy/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
+index 88a2b8f6..0c66f4d5 100644
+--- a/python/sepolicy/sepolicy/__init__.py
++++ b/python/sepolicy/sepolicy/__init__.py
+@@ -1212,7 +1212,7 @@ def get_os_version():
+ system_release = ""
+ try:
+ with open('/etc/system-release') as f:
+- system_release = f.readline()
++ system_release = f.readline().rstrip()
+ except IOError:
+ system_release = "Misc"
+
+--
+2.21.0
+
diff --git a/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch
new file mode 100644
index 0000000..eb9315b
--- /dev/null
+++ b/SOURCES/0008-Fix-title-in-manpage.py-to-not-contain-online.patch
@@ -0,0 +1,25 @@
+From 4ea504acce6389c3e28134c4b8e6bf9072c295ce Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 20 Feb 2015 16:42:53 +0100
+Subject: [PATCH 08/20] Fix title in manpage.py to not contain 'online'.
+
+---
+ python/sepolicy/sepolicy/manpage.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index d60acfaf..de8184d8 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -220,7 +220,7 @@ class HTMLManPages:
+ <html>
+ <head>
+ <link rel=stylesheet type="text/css" href="style.css" title="style">
+- <title>SELinux man pages online</title>
++ <title>SELinux man pages</title>
+ </head>
+ <body>
+ <h1>SELinux man pages for %s</h1>
+--
+2.21.0
+
diff --git a/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch b/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
new file mode 100644
index 0000000..7e332bf
--- /dev/null
+++ b/SOURCES/0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
@@ -0,0 +1,24 @@
+From 8af697659bd662517571577bf47946a2113f34a1 Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Fri, 14 Feb 2014 12:32:12 -0500
+Subject: [PATCH 09/20] Don't be verbose if you are not on a tty
+
+---
+ policycoreutils/scripts/fixfiles | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index b2779581..53d28c7b 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
+ fullFlag=0
+ BOOTTIME=""
+ VERBOSE="-p"
++[ -t 1 ] || VERBOSE=""
+ FORCEFLAG=""
+ RPMFILES=""
+ PREFC=""
+--
+2.21.0
+
diff --git a/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
new file mode 100644
index 0000000..acf85da
--- /dev/null
+++ b/SOURCES/0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
@@ -0,0 +1,63 @@
+From ef0f54ffc6d691d10e66a0793204edd159cd45d0 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 27 Feb 2017 17:12:39 +0100
+Subject: [PATCH 10/20] sepolicy: Drop old interface file_type_is_executable(f)
+ and file_type_is_entrypoint(f)
+
+- use direct queries
+- load exec_types and entry_types only once
+---
+ python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
+ 1 file changed, 20 insertions(+), 2 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index de8184d8..f8a94fc0 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -125,8 +125,24 @@ def gen_domains():
+ domains.sort()
+ return domains
+
+-types = None
+
++exec_types = None
++
++def _gen_exec_types():
++ global exec_types
++ if exec_types is None:
++ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
++ return exec_types
++
++entry_types = None
++
++def _gen_entry_types():
++ global entry_types
++ if entry_types is None:
++ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
++ return entry_types
++
++types = None
+
+ def _gen_types():
+ global types
+@@ -372,6 +388,8 @@ class ManPage:
+ self.all_file_types = sepolicy.get_all_file_types()
+ self.role_allows = sepolicy.get_all_role_allows()
+ self.types = _gen_types()
++ self.exec_types = _gen_exec_types()
++ self.entry_types = _gen_entry_types()
+
+ if self.source_files:
+ self.fcpath = self.root + "file_contexts"
+@@ -689,7 +707,7 @@ Default Defined Ports:""")
+ for f in self.all_file_types:
+ if f.startswith(self.domainname):
+ flist.append(f)
+- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
++ if not f in self.exec_types or not f in self.entry_types:
+ flist_non_exec.append(f)
+ if f in self.fcdict:
+ mpaths = mpaths + self.fcdict[f]["regex"]
+--
+2.21.0
+
diff --git a/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch
new file mode 100644
index 0000000..98d30be
--- /dev/null
+++ b/SOURCES/0011-sepolicy-Another-small-optimization-for-mcs-types.patch
@@ -0,0 +1,53 @@
+From e54db76a3bff8e911ddd7c7ce834c024d634d9e1 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 28 Feb 2017 21:29:46 +0100
+Subject: [PATCH 11/20] sepolicy: Another small optimization for mcs types
+
+---
+ python/sepolicy/sepolicy/manpage.py | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
+index f8a94fc0..67d39301 100755
+--- a/python/sepolicy/sepolicy/manpage.py
++++ b/python/sepolicy/sepolicy/manpage.py
+@@ -142,6 +142,15 @@ def _gen_entry_types():
+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
+ return entry_types
+
++mcs_constrained_types = None
++
++def _gen_mcs_constrained_types():
++ global mcs_constrained_types
++ if mcs_constrained_types is None:
++ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
++ return mcs_constrained_types
++
++
+ types = None
+
+ def _gen_types():
+@@ -390,6 +399,7 @@ class ManPage:
+ self.types = _gen_types()
+ self.exec_types = _gen_exec_types()
+ self.entry_types = _gen_entry_types()
++ self.mcs_constrained_types = _gen_mcs_constrained_types()
+
+ if self.source_files:
+ self.fcpath = self.root + "file_contexts"
+@@ -944,11 +954,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
+ %s""" % ", ".join(paths))
+
+ def _mcs_types(self):
+- try:
+- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
+- except StopIteration:
+- return
+- if self.type not in mcs_constrained_type['types']:
++ if self.type not in self.mcs_constrained_types['types']:
+ return
+ self.fd.write ("""
+ .SH "MCS Constrained"
+--
+2.21.0
+
diff --git a/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch
new file mode 100644
index 0000000..38a569e
--- /dev/null
+++ b/SOURCES/0012-Move-po-translation-files-into-the-right-sub-directo.patch
@@ -0,0 +1,516 @@
+From 4015e9299bfda622e9d407cdbcc536000688aa8f Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 6 Aug 2018 13:23:00 +0200
+Subject: [PATCH 12/20] Move po/ translation files into the right
+ sub-directories
+
+When policycoreutils was split into policycoreutils/ python/ gui/ and sandbox/
+sub-directories, po/ translation files stayed in policycoreutils/.
+
+This commit split original policycoreutils/po directory into
+policycoreutils/po
+python/po
+gui/po
+sandbox/po
+
+See https://github.com/fedora-selinux/selinux/issues/43
+---
+ gui/Makefile | 3 ++
+ gui/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
+ gui/po/POTFILES | 17 ++++++++
+ policycoreutils/po/Makefile | 70 ++-----------------------------
+ policycoreutils/po/POTFILES | 9 ++++
+ python/Makefile | 2 +-
+ python/po/Makefile | 83 +++++++++++++++++++++++++++++++++++++
+ python/po/POTFILES | 10 +++++
+ sandbox/Makefile | 2 +
+ sandbox/po/Makefile | 82 ++++++++++++++++++++++++++++++++++++
+ sandbox/po/POTFILES | 1 +
+ 11 files changed, 293 insertions(+), 68 deletions(-)
+ create mode 100644 gui/po/Makefile
+ create mode 100644 gui/po/POTFILES
+ create mode 100644 policycoreutils/po/POTFILES
+ create mode 100644 python/po/Makefile
+ create mode 100644 python/po/POTFILES
+ create mode 100644 sandbox/po/Makefile
+ create mode 100644 sandbox/po/POTFILES
+
+diff --git a/gui/Makefile b/gui/Makefile
+index ca965c94..5a5bf6dc 100644
+--- a/gui/Makefile
++++ b/gui/Makefile
+@@ -22,6 +22,7 @@ system-config-selinux.ui \
+ usersPage.py
+
+ all: $(TARGETS) system-config-selinux.py polgengui.py
++ (cd po && $(MAKE) $@)
+
+ install: all
+ -mkdir -p $(DESTDIR)$(MANDIR)/man8
+@@ -54,6 +55,8 @@ install: all
+ install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
+ done
+ install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
++ (cd po && $(MAKE) $@)
++
+ clean:
+
+ indent:
+diff --git a/gui/po/Makefile b/gui/po/Makefile
+new file mode 100644
+index 00000000..a0f5439f
+--- /dev/null
++++ b/gui/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE = gui
++POTFILE = $(NLSPACKAGE).pot
++INSTALL = /usr/bin/install -c -p
++INSTALL_DATA = $(INSTALL) -m 644
++INSTALL_DIR = /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE = msgmerge
++MSGMERGE_FLAGS = -q
++XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
++MSGFMT = msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES = $(patsubst %.po,%.mo,$(POFILES))
++POTFILES = $(shell cat POTFILES)
++
++#default:: clean
++
++all:: $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++ rm -f $(NLSPACKAGE).po; \
++ else \
++ mv -f $(NLSPACKAGE).po $(POTFILE); \
++ fi; \
++
++
++refresh-po: Makefile
++ for cat in $(POFILES); do \
++ lang=`basename $$cat .po`; \
++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++ mv -f $$lang.pot $$lang.po ; \
++ echo "$(MSGMERGE) of $$lang succeeded" ; \
++ else \
++ echo "$(MSGMERGE) of $$lang failed" ; \
++ rm -f $$lang.pot ; \
++ fi \
++ done
++
++clean:
++ @rm -fv *mo *~ .depend
++ @rm -rf tmp
++
++install: $(MOFILES)
++ @for n in $(MOFILES); do \
++ l=`basename $$n .mo`; \
++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++ done
++
++%.mo: %.po
++ $(MSGFMT) -o $@ $<
++report:
++ @for cat in $(wildcard *.po); do \
++ echo -n "$$cat: "; \
++ msgfmt -v --statistics -o /dev/null $$cat; \
++ done
++
++.PHONY: missing depend
++
++relabel:
+diff --git a/gui/po/POTFILES b/gui/po/POTFILES
+new file mode 100644
+index 00000000..1795c5c1
+--- /dev/null
++++ b/gui/po/POTFILES
+@@ -0,0 +1,17 @@
++../booleansPage.py
++../domainsPage.py
++../fcontextPage.py
++../loginsPage.py
++../modulesPage.py
++../org.selinux.config.policy
++../polgengui.py
++../polgen.ui
++../portsPage.py
++../selinux-polgengui.desktop
++../semanagePage.py
++../sepolicy.desktop
++../statusPage.py
++../system-config-selinux.desktop
++../system-config-selinux.py
++../system-config-selinux.ui
++../usersPage.py
+diff --git a/policycoreutils/po/Makefile b/policycoreutils/po/Makefile
+index 575e1431..18bc1dff 100644
+--- a/policycoreutils/po/Makefile
++++ b/policycoreutils/po/Makefile
+@@ -3,7 +3,6 @@
+ #
+
+ PREFIX ?= /usr
+-TOP = ../..
+
+ # What is this package?
+ NLSPACKAGE = policycoreutils
+@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
+
+ POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
+ MOFILES = $(patsubst %.po,%.mo,$(POFILES))
+-POTFILES = \
+- ../run_init/open_init_pty.c \
+- ../run_init/run_init.c \
+- ../semodule_link/semodule_link.c \
+- ../audit2allow/audit2allow \
+- ../semanage/seobject.py \
+- ../setsebool/setsebool.c \
+- ../newrole/newrole.c \
+- ../load_policy/load_policy.c \
+- ../sestatus/sestatus.c \
+- ../semodule/semodule.c \
+- ../setfiles/setfiles.c \
+- ../semodule_package/semodule_package.c \
+- ../semodule_deps/semodule_deps.c \
+- ../semodule_expand/semodule_expand.c \
+- ../scripts/chcat \
+- ../scripts/fixfiles \
+- ../restorecond/stringslist.c \
+- ../restorecond/restorecond.h \
+- ../restorecond/utmpwatcher.h \
+- ../restorecond/stringslist.h \
+- ../restorecond/restorecond.c \
+- ../restorecond/utmpwatcher.c \
+- ../gui/booleansPage.py \
+- ../gui/fcontextPage.py \
+- ../gui/loginsPage.py \
+- ../gui/mappingsPage.py \
+- ../gui/modulesPage.py \
+- ../gui/polgen.glade \
+- ../gui/polgengui.py \
+- ../gui/portsPage.py \
+- ../gui/semanagePage.py \
+- ../gui/statusPage.py \
+- ../gui/system-config-selinux.glade \
+- ../gui/system-config-selinux.py \
+- ../gui/usersPage.py \
+- ../secon/secon.c \
+- booleans.py \
+- ../sepolicy/sepolicy.py \
+- ../sepolicy/sepolicy/communicate.py \
+- ../sepolicy/sepolicy/__init__.py \
+- ../sepolicy/sepolicy/network.py \
+- ../sepolicy/sepolicy/generate.py \
+- ../sepolicy/sepolicy/sepolicy.glade \
+- ../sepolicy/sepolicy/gui.py \
+- ../sepolicy/sepolicy/manpage.py \
+- ../sepolicy/sepolicy/transition.py \
+- ../sepolicy/sepolicy/templates/executable.py \
+- ../sepolicy/sepolicy/templates/__init__.py \
+- ../sepolicy/sepolicy/templates/network.py \
+- ../sepolicy/sepolicy/templates/rw.py \
+- ../sepolicy/sepolicy/templates/script.py \
+- ../sepolicy/sepolicy/templates/semodule.py \
+- ../sepolicy/sepolicy/templates/tmp.py \
+- ../sepolicy/sepolicy/templates/user.py \
+- ../sepolicy/sepolicy/templates/var_lib.py \
+- ../sepolicy/sepolicy/templates/var_log.py \
+- ../sepolicy/sepolicy/templates/var_run.py \
+- ../sepolicy/sepolicy/templates/var_spool.py
++POTFILES = $(shell cat POTFILES)
+
+ #default:: clean
+
+-all:: $(MOFILES)
++all:: $(POTFILE) $(MOFILES)
+
+-booleans.py:
+- sepolicy booleans -a > booleans.py
+-
+-$(POTFILE): $(POTFILES) booleans.py
++$(POTFILE): $(POTFILES)
+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
+ rm -f $(NLSPACKAGE).po; \
+@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
+ mv -f $(NLSPACKAGE).po $(POTFILE); \
+ fi; \
+
+-update-po: Makefile $(POTFILE) refresh-po
+- @rm -f booleans.py
+
+ refresh-po: Makefile
+ for cat in $(POFILES); do \
+diff --git a/policycoreutils/po/POTFILES b/policycoreutils/po/POTFILES
+new file mode 100644
+index 00000000..12237dc6
+--- /dev/null
++++ b/policycoreutils/po/POTFILES
+@@ -0,0 +1,9 @@
++../run_init/open_init_pty.c
++../run_init/run_init.c
++../setsebool/setsebool.c
++../newrole/newrole.c
++../load_policy/load_policy.c
++../sestatus/sestatus.c
++../semodule/semodule.c
++../setfiles/setfiles.c
++../secon/secon.c
+diff --git a/python/Makefile b/python/Makefile
+index 9b66d52f..00312dbd 100644
+--- a/python/Makefile
++++ b/python/Makefile
+@@ -1,4 +1,4 @@
+-SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
++SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
+
+ all install relabel clean indent test:
+ @for subdir in $(SUBDIRS); do \
+diff --git a/python/po/Makefile b/python/po/Makefile
+new file mode 100644
+index 00000000..4e052d5a
+--- /dev/null
++++ b/python/po/Makefile
+@@ -0,0 +1,83 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE = python
++POTFILE = $(NLSPACKAGE).pot
++INSTALL = /usr/bin/install -c -p
++INSTALL_DATA = $(INSTALL) -m 644
++INSTALL_DIR = /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE = msgmerge
++MSGMERGE_FLAGS = -q
++XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
++MSGFMT = msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES = $(patsubst %.po,%.mo,$(POFILES))
++POTFILES = $(shell cat POTFILES)
++
++#default:: clean
++
++all:: $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
++ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++ rm -f $(NLSPACKAGE).po; \
++ else \
++ mv -f $(NLSPACKAGE).po $(POTFILE); \
++ fi; \
++
++
++refresh-po: Makefile
++ for cat in $(POFILES); do \
++ lang=`basename $$cat .po`; \
++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++ mv -f $$lang.pot $$lang.po ; \
++ echo "$(MSGMERGE) of $$lang succeeded" ; \
++ else \
++ echo "$(MSGMERGE) of $$lang failed" ; \
++ rm -f $$lang.pot ; \
++ fi \
++ done
++
++clean:
++ @rm -fv *mo *~ .depend
++ @rm -rf tmp
++
++install: $(MOFILES)
++ @for n in $(MOFILES); do \
++ l=`basename $$n .mo`; \
++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++ done
++
++%.mo: %.po
++ $(MSGFMT) -o $@ $<
++report:
++ @for cat in $(wildcard *.po); do \
++ echo -n "$$cat: "; \
++ msgfmt -v --statistics -o /dev/null $$cat; \
++ done
++
++.PHONY: missing depend
++
++relabel:
+diff --git a/python/po/POTFILES b/python/po/POTFILES
+new file mode 100644
+index 00000000..128eb870
+--- /dev/null
++++ b/python/po/POTFILES
+@@ -0,0 +1,10 @@
++../audit2allow/audit2allow
++../chcat/chcat
++../semanage/semanage
++../semanage/seobject.py
++../sepolgen/src/sepolgen/interfaces.py
++../sepolicy/sepolicy/generate.py
++../sepolicy/sepolicy/gui.py
++../sepolicy/sepolicy/__init__.py
++../sepolicy/sepolicy/interface.py
++../sepolicy/sepolicy.py
+diff --git a/sandbox/Makefile b/sandbox/Makefile
+index 9da5e58d..b817824e 100644
+--- a/sandbox/Makefile
++++ b/sandbox/Makefile
+@@ -13,6 +13,7 @@ override LDLIBS += -lselinux -lcap-ng
+ SEUNSHARE_OBJS = seunshare.o
+
+ all: sandbox seunshare sandboxX.sh start
++ (cd po && $(MAKE) $@)
+
+ seunshare: $(SEUNSHARE_OBJS)
+
+@@ -39,6 +40,7 @@ install: all
+ install -m 755 start $(DESTDIR)$(SHAREDIR)
+ -mkdir -p $(DESTDIR)$(SYSCONFDIR)
+ install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
++ (cd po && $(MAKE) $@)
+
+ test:
+ @$(PYTHON) test_sandbox.py -v
+diff --git a/sandbox/po/Makefile b/sandbox/po/Makefile
+new file mode 100644
+index 00000000..0556bbe9
+--- /dev/null
++++ b/sandbox/po/Makefile
+@@ -0,0 +1,82 @@
++#
++# Makefile for the PO files (translation) catalog
++#
++
++PREFIX ?= /usr
++
++# What is this package?
++NLSPACKAGE = sandbox
++POTFILE = $(NLSPACKAGE).pot
++INSTALL = /usr/bin/install -c -p
++INSTALL_DATA = $(INSTALL) -m 644
++INSTALL_DIR = /usr/bin/install -d
++
++# destination directory
++INSTALL_NLS_DIR = $(PREFIX)/share/locale
++
++# PO catalog handling
++MSGMERGE = msgmerge
++MSGMERGE_FLAGS = -q
++XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
++MSGFMT = msgfmt
++
++# All possible linguas
++PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
++
++# Only the files matching what the user has set in LINGUAS
++USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
++
++# if no valid LINGUAS, build all languages
++USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
++
++POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
++MOFILES = $(patsubst %.po,%.mo,$(POFILES))
++POTFILES = $(shell cat POTFILES)
++
++#default:: clean
++
++all:: $(POTFILE) $(MOFILES)
++
++$(POTFILE): $(POTFILES)
++ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
++ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
++ rm -f $(NLSPACKAGE).po; \
++ else \
++ mv -f $(NLSPACKAGE).po $(POTFILE); \
++ fi; \
++
++
++refresh-po: Makefile
++ for cat in $(POFILES); do \
++ lang=`basename $$cat .po`; \
++ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
++ mv -f $$lang.pot $$lang.po ; \
++ echo "$(MSGMERGE) of $$lang succeeded" ; \
++ else \
++ echo "$(MSGMERGE) of $$lang failed" ; \
++ rm -f $$lang.pot ; \
++ fi \
++ done
++
++clean:
++ @rm -fv *mo *~ .depend
++ @rm -rf tmp
++
++install: $(MOFILES)
++ @for n in $(MOFILES); do \
++ l=`basename $$n .mo`; \
++ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
++ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
++ done
++
++%.mo: %.po
++ $(MSGFMT) -o $@ $<
++report:
++ @for cat in $(wildcard *.po); do \
++ echo -n "$$cat: "; \
++ msgfmt -v --statistics -o /dev/null $$cat; \
++ done
++
++.PHONY: missing depend
++
++relabel:
+diff --git a/sandbox/po/POTFILES b/sandbox/po/POTFILES
+new file mode 100644
+index 00000000..deff3f2f
+--- /dev/null
++++ b/sandbox/po/POTFILES
+@@ -0,0 +1 @@
++../sandbox
+--
+2.21.0
+
diff --git a/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
new file mode 100644
index 0000000..895077e
--- /dev/null
+++ b/SOURCES/0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
@@ -0,0 +1,306 @@
+From 57cd23e11e1a700802a5955e84a0a7e04c30ec73 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 6 Aug 2018 13:37:07 +0200
+Subject: [PATCH 13/20] Use correct gettext domains in python/ gui/ sandbox/
+
+https://github.com/fedora-selinux/selinux/issues/43
+---
+ gui/booleansPage.py | 2 +-
+ gui/domainsPage.py | 2 +-
+ gui/fcontextPage.py | 2 +-
+ gui/loginsPage.py | 2 +-
+ gui/modulesPage.py | 2 +-
+ gui/polgengui.py | 2 +-
+ gui/portsPage.py | 2 +-
+ gui/semanagePage.py | 2 +-
+ gui/statusPage.py | 2 +-
+ gui/system-config-selinux.py | 2 +-
+ gui/usersPage.py | 2 +-
+ python/chcat/chcat | 2 +-
+ python/semanage/semanage | 2 +-
+ python/semanage/seobject.py | 2 +-
+ python/sepolgen/src/sepolgen/sepolgeni18n.py | 2 +-
+ python/sepolicy/sepolicy.py | 2 +-
+ python/sepolicy/sepolicy/__init__.py | 2 +-
+ python/sepolicy/sepolicy/generate.py | 2 +-
+ python/sepolicy/sepolicy/gui.py | 2 +-
+ python/sepolicy/sepolicy/interface.py | 2 +-
+ sandbox/sandbox | 2 +-
+ 21 files changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/gui/booleansPage.py b/gui/booleansPage.py
+index 7849bea2..dd12b6d6 100644
+--- a/gui/booleansPage.py
++++ b/gui/booleansPage.py
+@@ -38,7 +38,7 @@ DISABLED = 2
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/domainsPage.py b/gui/domainsPage.py
+index bad5140d..6bbe4de5 100644
+--- a/gui/domainsPage.py
++++ b/gui/domainsPage.py
+@@ -30,7 +30,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
+index 370bbee4..e424366d 100644
+--- a/gui/fcontextPage.py
++++ b/gui/fcontextPage.py
+@@ -47,7 +47,7 @@ class context:
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/loginsPage.py b/gui/loginsPage.py
+index b67eb8bc..cbfb0cc2 100644
+--- a/gui/loginsPage.py
++++ b/gui/loginsPage.py
+@@ -29,7 +29,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/modulesPage.py b/gui/modulesPage.py
+index cb856b2d..26ac5404 100644
+--- a/gui/modulesPage.py
++++ b/gui/modulesPage.py
+@@ -30,7 +30,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/polgengui.py b/gui/polgengui.py
+index b1cc9937..46a1bd2c 100644
+--- a/gui/polgengui.py
++++ b/gui/polgengui.py
+@@ -63,7 +63,7 @@ def get_all_modules():
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/portsPage.py b/gui/portsPage.py
+index 30f58383..a537ecc8 100644
+--- a/gui/portsPage.py
++++ b/gui/portsPage.py
+@@ -35,7 +35,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/semanagePage.py b/gui/semanagePage.py
+index 4127804f..5361d69c 100644
+--- a/gui/semanagePage.py
++++ b/gui/semanagePage.py
+@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/statusPage.py b/gui/statusPage.py
+index 766854b1..a8f079b9 100644
+--- a/gui/statusPage.py
++++ b/gui/statusPage.py
+@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
+index c42301b6..1e0d5eb1 100644
+--- a/gui/system-config-selinux.py
++++ b/gui/system-config-selinux.py
+@@ -45,7 +45,7 @@ import selinux
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/gui/usersPage.py b/gui/usersPage.py
+index 26794ed5..d15d4c5a 100644
+--- a/gui/usersPage.py
++++ b/gui/usersPage.py
+@@ -29,7 +29,7 @@ from semanagePage import *
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-gui"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/chcat/chcat b/python/chcat/chcat
+index ba398684..df2509f2 100755
+--- a/python/chcat/chcat
++++ b/python/chcat/chcat
+@@ -30,7 +30,7 @@ import getopt
+ import selinux
+ import seobject
+
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/semanage/semanage b/python/semanage/semanage
+index 144cc000..56db3e0d 100644
+--- a/python/semanage/semanage
++++ b/python/semanage/semanage
+@@ -27,7 +27,7 @@ import traceback
+ import argparse
+ import seobject
+ import sys
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
+index 13fdf531..b90b1070 100644
+--- a/python/semanage/seobject.py
++++ b/python/semanage/seobject.py
+@@ -29,7 +29,7 @@ import sys
+ import stat
+ import socket
+ from semanage import *
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ import sepolicy
+ import setools
+ from IPy import IP
+diff --git a/python/sepolgen/src/sepolgen/sepolgeni18n.py b/python/sepolgen/src/sepolgen/sepolgeni18n.py
+index 998c4356..56ebd807 100644
+--- a/python/sepolgen/src/sepolgen/sepolgeni18n.py
++++ b/python/sepolgen/src/sepolgen/sepolgeni18n.py
+@@ -19,7 +19,7 @@
+
+ try:
+ import gettext
+- t = gettext.translation( 'yumex' )
++ t = gettext.translation( 'selinux-python' )
+ _ = t.gettext
+ except:
+ def _(str):
+diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
+index 1934cd86..8bd6a579 100755
+--- a/python/sepolicy/sepolicy.py
++++ b/python/sepolicy/sepolicy.py
+@@ -27,7 +27,7 @@ import selinux
+ import sepolicy
+ from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
+ import argparse
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
+index 0c66f4d5..b6ca57c3 100644
+--- a/python/sepolicy/sepolicy/__init__.py
++++ b/python/sepolicy/sepolicy/__init__.py
+@@ -13,7 +13,7 @@ import os
+ import re
+ import gzip
+
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
+index 019e7836..7175d36b 100644
+--- a/python/sepolicy/sepolicy/generate.py
++++ b/python/sepolicy/sepolicy/generate.py
+@@ -49,7 +49,7 @@ import sepolgen.defaults as defaults
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
+index 00fd7a11..805cee67 100644
+--- a/python/sepolicy/sepolicy/gui.py
++++ b/python/sepolicy/sepolicy/gui.py
+@@ -41,7 +41,7 @@ import os
+ import re
+ import unicodedata
+
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
+index 583091ae..e2b8d23b 100644
+--- a/python/sepolicy/sepolicy/interface.py
++++ b/python/sepolicy/sepolicy/interface.py
+@@ -30,7 +30,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
+ ##
+ ## I18N
+ ##
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-python"
+ try:
+ import gettext
+ kwargs = {}
+diff --git a/sandbox/sandbox b/sandbox/sandbox
+index 1dec07ac..a12403b3 100644
+--- a/sandbox/sandbox
++++ b/sandbox/sandbox
+@@ -37,7 +37,7 @@ import sepolicy
+
+ SEUNSHARE = "/usr/sbin/seunshare"
+ SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
+-PROGNAME = "policycoreutils"
++PROGNAME = "selinux-sandbox"
+ try:
+ import gettext
+ kwargs = {}
+--
+2.21.0
+
diff --git a/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch
new file mode 100644
index 0000000..c3d65d2
--- /dev/null
+++ b/SOURCES/0014-Initial-.pot-files-for-gui-python-sandbox.patch
@@ -0,0 +1,4532 @@
+From c8c59758d2fb7f6cbe368c9ff8f356ea7acebb4b Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 6 Aug 2018 14:23:19 +0200
+Subject: [PATCH 14/20] Initial .pot files for gui/ python/ sandbox/
+
+https://github.com/fedora-selinux/selinux/issues/43
+---
+ gui/po/gui.pot | 964 ++++++++++++
+ python/po/python.pot | 3375 ++++++++++++++++++++++++++++++++++++++++
+ sandbox/po/sandbox.pot | 157 ++
+ 3 files changed, 4496 insertions(+)
+ create mode 100644 gui/po/gui.pot
+ create mode 100644 python/po/python.pot
+ create mode 100644 sandbox/po/sandbox.pot
+
+diff --git a/gui/po/gui.pot b/gui/po/gui.pot
+new file mode 100644
+index 00000000..1663b4ca
+--- /dev/null
++++ b/gui/po/gui.pot
+@@ -0,0 +1,964 @@
++# SOME DESCRIPTIVE TITLE.
++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
++# This file is distributed under the same license as the PACKAGE package.
++# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
++#
++#, fuzzy
++msgid ""
++msgstr ""
++"Project-Id-Version: PACKAGE VERSION\n"
++"Report-Msgid-Bugs-To: \n"
++"POT-Creation-Date: 2018-08-06 14:22+0200\n"
++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
++"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
++"Language-Team: LANGUAGE <LL@li.org>\n"
++"Language: \n"
++"MIME-Version: 1.0\n"
++"Content-Type: text/plain; charset=CHARSET\n"
++"Content-Transfer-Encoding: 8bit\n"
++
++#: ../booleansPage.py:198 ../system-config-selinux.ui:1025
++msgid "Boolean"
++msgstr ""
++
++#: ../booleansPage.py:248 ../semanagePage.py:166
++msgid "all"
++msgstr ""
++
++#: ../booleansPage.py:250 ../semanagePage.py:168
++#: ../system-config-selinux.ui:961 ../system-config-selinux.ui:1097
++#: ../system-config-selinux.ui:1506
++msgid "Customized"
++msgstr ""
++
++#: ../domainsPage.py:55 ../system-config-selinux.ui:1834
++msgid "Process Domain"
++msgstr ""
++
++#: ../domainsPage.py:63
++msgid "Domain Name"
++msgstr ""
++
++#: ../domainsPage.py:68
++msgid "Mode"
++msgstr ""
++
++#: ../domainsPage.py:101 ../domainsPage.py:112 ../domainsPage.py:156
++#: ../statusPage.py:73 ../system-config-selinux.ui:622
++#: ../system-config-selinux.ui:1755
++msgid "Permissive"
++msgstr ""
++
++#: ../fcontextPage.py:72 ../system-config-selinux.ui:1160
++msgid "File Labeling"
++msgstr ""
++
++#: ../fcontextPage.py:82
++msgid ""
++"File\n"
++"Specification"
++msgstr ""
++
++#: ../fcontextPage.py:89
++msgid ""
++"Selinux\n"
++"File Type"
++msgstr ""
++
++#: ../fcontextPage.py:96
++msgid ""
++"File\n"
++"Type"
++msgstr ""
++
++#: ../loginsPage.py:55 ../system-config-selinux.ui:1281
++msgid "User Mapping"
++msgstr ""
++
++#: ../loginsPage.py:59
++msgid ""
++"Login\n"
++"Name"
++msgstr ""
++
++#: ../loginsPage.py:63 ../usersPage.py:60
++msgid ""
++"SELinux\n"
++"User"
++msgstr ""
++
++#: ../loginsPage.py:66 ../usersPage.py:65
++msgid ""
++"MLS/\n"
++"MCS Range"
++msgstr ""
++
++#: ../loginsPage.py:135
++#, python-format
++msgid "Login '%s' is required"
++msgstr ""
++
++#: ../modulesPage.py:55 ../system-config-selinux.ui:1722
++msgid "Policy Module"
++msgstr ""
++
++#: ../modulesPage.py:65
++msgid "Module Name"
++msgstr ""
++
++#: ../modulesPage.py:70
++msgid "Priority"
++msgstr ""
++
++#: ../modulesPage.py:79
++msgid "Kind"
++msgstr ""
++
++#: ../modulesPage.py:147
++msgid "Disable Audit"
++msgstr ""
++
++#: ../modulesPage.py:150 ../system-config-selinux.ui:1659
++msgid "Enable Audit"
++msgstr ""
++
++#: ../modulesPage.py:175
++msgid "Load Policy Module"
++msgstr ""
++
++#: ../org.selinux.config.policy:11
++msgid "Run System Config SELinux"
++msgstr ""
++
++#: ../org.selinux.config.policy:12
++msgid "Authentication is required to run system-config-selinux"
++msgstr ""
++
++#: ../polgengui.py:288 ../polgen.ui:728
++msgid "Name"
++msgstr ""
++
++#: ../polgengui.py:290 ../polgen.ui:111
++msgid "Description"
++msgstr ""
++
++#: ../polgengui.py:298
++msgid "Role"
++msgstr ""
++
++#: ../polgengui.py:305
++msgid "Existing_User"
++msgstr ""
++
++#: ../polgengui.py:319 ../polgengui.py:327 ../polgengui.py:341
++msgid "Application"
++msgstr ""
++
++#: ../polgengui.py:386
++#, python-format
++msgid "%s must be a directory"
++msgstr ""
++
++#: ../polgengui.py:446 ../polgengui.py:727
++msgid "You must select a user"
++msgstr ""
++
++#: ../polgengui.py:576
++msgid "Select executable file to be confined."
++msgstr ""
++
++#: ../polgengui.py:587
++msgid "Select init script file to be confined."
++msgstr ""
++
++#: ../polgengui.py:597
++msgid "Select file(s) that confined application creates or writes"
++msgstr ""
++
++#: ../polgengui.py:604
++msgid "Select directory(s) that the confined application owns and writes into"
++msgstr ""
++
++#: ../polgengui.py:666
++msgid "Select directory to generate policy files in"
++msgstr ""
++
++#: ../polgengui.py:683
++#, python-format
++msgid ""
++"Type %s_t already defined in current policy.\n"
++"Do you want to continue?"
++msgstr ""
++
++#: ../polgengui.py:683 ../polgengui.py:687
++msgid "Verify Name"
++msgstr ""
++
++#: ../polgengui.py:687
++#, python-format
++msgid ""
++"Module %s already loaded in current policy.\n"
++"Do you want to continue?"
++msgstr ""
++
++#: ../polgengui.py:733
++msgid ""
++"You must add a name made up of letters and numbers and containing no spaces."
++msgstr ""
++
++#: ../polgengui.py:747
++msgid "You must enter a executable"
++msgstr ""
++
++#: ../polgengui.py:772 ../system-config-selinux.py:184
++msgid "Configue SELinux"
++msgstr ""
++
++#: ../polgen.ui:9
++msgid "Red Hat 2007"
++msgstr ""
++
++#: ../polgen.ui:11
++msgid "GPL"
++msgstr ""
++
++#. TRANSLATORS: Replace this string with your names, one name per line.
++#: ../polgen.ui:13 ../system-config-selinux.ui:15
++msgid "translator-credits"
++msgstr ""
++
++#: ../polgen.ui:34
++msgid "Add Booleans Dialog"
++msgstr ""
++
++#: ../polgen.ui:99
++msgid "Boolean Name"
++msgstr ""
++
++#: ../polgen.ui:234 ../selinux-polgengui.desktop:3
++msgid "SELinux Policy Generation Tool"
++msgstr ""
++
++#: ../polgen.ui:255
++msgid ""
++"<b>Select the policy type for the application or user role you want to "
++"confine:</b>"
++msgstr ""
++
++#: ../polgen.ui:288
++msgid "<b>Applications</b>"
++msgstr ""
++
++#: ../polgen.ui:320
++msgid "Standard Init Daemon"
++msgstr ""
++
++#: ../polgen.ui:324 ../polgen.ui:340
++msgid ""
++"Standard Init Daemon are daemons started on boot via init scripts. Usually "
++"requires a script in /etc/rc.d/init.d"
++msgstr ""
++
++#: ../polgen.ui:336
++msgid "DBUS System Daemon"
++msgstr ""
++
++#: ../polgen.ui:353
++msgid "Internet Services Daemon (inetd)"
++msgstr ""
++
++#: ../polgen.ui:357
++msgid "Internet Services Daemon are daemons started by xinetd"
++msgstr ""
++
++#: ../polgen.ui:370
++msgid "Web Application/Script (CGI)"
++msgstr ""
++
++#: ../polgen.ui:374
++msgid ""
++"Web Applications/Script (CGI) CGI scripts started by the web server (apache)"
++msgstr ""
++
++#: ../polgen.ui:387
++msgid "User Application"
++msgstr ""
++
++#: ../polgen.ui:391 ../polgen.ui:408
++msgid ""
++"User Application are any application that you would like to confine that is "
++"started by a user"
++msgstr ""
++
++#: ../polgen.ui:404
++msgid "Sandbox"
++msgstr ""
++
++#: ../polgen.ui:450
++msgid "<b>Login Users</b>"
++msgstr ""
++
++#: ../polgen.ui:482
++msgid "Existing User Roles"
++msgstr ""
++
++#: ../polgen.ui:486
++msgid "Modify an existing login user record."
++msgstr ""
++
++#: ../polgen.ui:499
++msgid "Minimal Terminal User Role"
++msgstr ""
++
++#: ../polgen.ui:503
++msgid ""
++"This user will login to a machine only via a terminal or remote login. By "
++"default this user will have no setuid, no networking, no su, no sudo."
++msgstr ""
++
++#: ../polgen.ui:516
++msgid "Minimal X Windows User Role"
++msgstr ""
++
++#: ../polgen.ui:520
++msgid ""
++"This user can login to a machine via X or terminal. By default this user "
++"will have no setuid, no networking, no sudo, no su"
++msgstr ""
++
++#: ../polgen.ui:533
++msgid "User Role"
++msgstr ""
++
++#: ../polgen.ui:537
++msgid ""
++"User with full networking, no setuid applications without transition, no "
++"sudo, no su."
++msgstr ""
++
++#: ../polgen.ui:550
++msgid "Admin User Role"
++msgstr ""
++
++#: ../polgen.ui:554
++msgid ""
++"User with full networking, no setuid applications without transition, no su, "
++"can sudo to Root Administration Roles"
++msgstr ""
++
++#: ../polgen.ui:596
++msgid "<b>Root Users</b>"
++msgstr ""
++
++#: ../polgen.ui:627
++msgid "Root Admin User Role"
++msgstr ""
++
++#: ../polgen.ui:631
++msgid ""
++"Select Root Administrator User Role, if this user will be used to administer "
++"the machine while running as root. This user will not be able to login to "
++"the system directly."
++msgstr ""
++
++#: ../polgen.ui:705
++msgid "<b>Enter name of application or user role:</b>"
++msgstr ""
++
++#: ../polgen.ui:739
++msgid "Enter complete path for executable to be confined."
++msgstr ""
++
++#: ../polgen.ui:756 ../polgen.ui:838 ../polgen.ui:2317
++msgid "..."
++msgstr ""
++
++#: ../polgen.ui:776
++msgid "Enter unique name for the confined application or user role."
++msgstr ""
++
++#: ../polgen.ui:794
++msgid "Executable"
++msgstr ""
++
++#: ../polgen.ui:808
++msgid "Init script"
++msgstr ""
++
++#: ../polgen.ui:821
++msgid ""
++"Enter complete path to init script used to start the confined application."
++msgstr ""
++
++#: ../polgen.ui:883
++msgid "<b>Select existing role to modify:</b>"
++msgstr ""
++
++#: ../polgen.ui:904
++#, python-format
++msgid "Select the user roles that will transiton to the %s domain."
++msgstr ""
++
++#: ../polgen.ui:921
++msgid "role tab"
++msgstr ""
++
++#: ../polgen.ui:937
++#, python-format
++msgid "<b>Select roles that %s will transition to:</b>"
++msgstr ""
++
++#: ../polgen.ui:955
++#, python-format
++msgid "Select applications domains that %s will transition to."
++msgstr ""
++
++#: ../polgen.ui:972
++msgid ""
++"transition \n"
++"role tab"
++msgstr ""
++
++#: ../polgen.ui:989
++#, python-format
++msgid "<b>Select the user_roles that will transition to %s:</b>"
++msgstr ""
++
++#: ../polgen.ui:1007
++msgid "Select the user roles that will transiton to this applications domains."
++msgstr ""
++
++#: ../polgen.ui:1040
++#, python-format
++msgid "<b>Select domains that %s will administer:</b>"
++msgstr ""
++
++#: ../polgen.ui:1058 ../polgen.ui:1109
++msgid "Select the domains that you would like this user administer."
++msgstr ""
++
++#: ../polgen.ui:1091
++#, python-format
++msgid "<b>Select additional roles for %s:</b>"
++msgstr ""
++
++#: ../polgen.ui:1142
++#, python-format
++msgid "<b>Enter network ports that %s binds on:</b>"
++msgstr ""
++
++#: ../polgen.ui:1162 ../polgen.ui:1529
++msgid "<b>TCP Ports</b>"
++msgstr ""
++
++#: ../polgen.ui:1199 ../polgen.ui:1366 ../polgen.ui:1561 ../polgen.ui:1670
++msgid "All"
++msgstr ""
++
++#: ../polgen.ui:1203 ../polgen.ui:1370
++#, python-format
++msgid "Allows %s to bind to any udp port"
++msgstr ""
++
++#: ../polgen.ui:1216 ../polgen.ui:1383
++msgid "600-1024"
++msgstr ""
++
++#: ../polgen.ui:1220 ../polgen.ui:1387
++#, python-format
++msgid "Allow %s to call bindresvport with 0. Binding to port 600-1024"
++msgstr ""
++
++#: ../polgen.ui:1233 ../polgen.ui:1400
++msgid "Unreserved Ports (>1024)"
++msgstr ""
++
++#: ../polgen.ui:1237 ../polgen.ui:1404
++#, python-format
++msgid ""
++"Enter a comma separated list of udp ports or ranges of ports that %s binds "
++"to. Example: 612, 650-660"
++msgstr ""
++
++#: ../polgen.ui:1265 ../polgen.ui:1432 ../polgen.ui:1581 ../polgen.ui:1690
++msgid "Select Ports"
++msgstr ""
++
++#: ../polgen.ui:1278 ../polgen.ui:1445
++#, python-format
++msgid "Allows %s to bind to any udp ports > 1024"
++msgstr ""
++
++#: ../polgen.ui:1329 ../polgen.ui:1638
++msgid "<b>UDP Ports</b>"
++msgstr ""
++
++#: ../polgen.ui:1492
++msgid ""
++"Network\n"
++"Bind tab"
++msgstr ""
++
++#: ../polgen.ui:1509
++#, python-format
++msgid "<b>Select network ports that %s connects to:</b>"
++msgstr ""
++
++#: ../polgen.ui:1565
++#, python-format
++msgid "Allows %s to connect to any tcp port"
++msgstr ""
++
++#: ../polgen.ui:1594
++#, python-format
++msgid ""
++"Enter a comma separated list of tcp ports or ranges of ports that %s "
++"connects to. Example: 612, 650-660"
++msgstr ""
++
++#: ../polgen.ui:1674
++#, python-format
++msgid "Allows %s to connect to any udp port"
++msgstr ""
++
++#: ../polgen.ui:1703
++#, python-format
++msgid ""
++"Enter a comma separated list of udp ports or ranges of ports that %s "
++"connects to. Example: 612, 650-660"
++msgstr ""
++
++#: ../polgen.ui:1760
++#, python-format
++msgid "<b>Select common application traits for %s:</b>"
++msgstr ""
++
++#: ../polgen.ui:1777
++msgid "Writes syslog messages\t"
++msgstr ""
++
++#: ../polgen.ui:1792
++msgid "Create/Manipulate temporary files in /tmp"
++msgstr ""
++
++#: ../polgen.ui:1807
++msgid "Uses Pam for authentication"
++msgstr ""
++
++#: ../polgen.ui:1822
++msgid "Uses nsswitch or getpw* calls"
++msgstr ""
++
++#: ../polgen.ui:1837
++msgid "Uses dbus"
++msgstr ""
++
++#: ../polgen.ui:1852
++msgid "Sends audit messages"
++msgstr ""
++
++#: ../polgen.ui:1867
++msgid "Interacts with the terminal"
++msgstr ""
++
++#: ../polgen.ui:1882
++msgid "Sends email"
++msgstr ""
++
++#: ../polgen.ui:1925
++#, python-format
++msgid "<b>Add files/directories that %s manages</b>"
++msgstr ""
++
++#: ../polgen.ui:2086
++#, python-format
++msgid ""
++"Files/Directories which the %s \"manages\". Pid Files, Log Files, /var/lib "
++"Files ..."
++msgstr ""
++
++#: ../polgen.ui:2126
++#, python-format
++msgid "<b>Add booleans from the %s policy:</b>"
++msgstr ""
++
++#: ../polgen.ui:2234
++#, python-format
++msgid "Add/Remove booleans used by the %s domain"
++msgstr ""
++
++#: ../polgen.ui:2272
++#, python-format
++msgid "<b>Which directory you will generate the %s policy?</b>"
++msgstr ""
++
++#: ../polgen.ui:2290
++msgid "Policy Directory"
++msgstr ""
++
++#: ../portsPage.py:60 ../system-config-selinux.ui:1570
++msgid "Network Port"
++msgstr ""
++
++#: ../portsPage.py:95
++msgid ""
++"SELinux Port\n"
++"Type"
++msgstr ""
++
++#: ../portsPage.py:101 ../system-config-selinux.ui:294
++msgid "Protocol"
++msgstr ""
++
++#: ../portsPage.py:106 ../system-config-selinux.ui:355
++msgid ""
++"MLS/MCS\n"
++"Level"
++msgstr ""
++
++#: ../portsPage.py:111
++msgid "Port"
++msgstr ""
++
++#: ../portsPage.py:213
++#, python-format
++msgid "Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 "
++msgstr ""
++
++#: ../portsPage.py:258
++msgid "List View"
++msgstr ""
++
++#: ../portsPage.py:261 ../system-config-selinux.ui:1492
++msgid "Group View"
++msgstr ""
++
++#: ../selinux-polgengui.desktop:32 ../sepolicy.desktop:4
++msgid "Generate SELinux policy modules"
++msgstr ""
++
++#: ../selinux-polgengui.desktop:62 ../system-config-selinux.desktop:62
++msgid "system-config-selinux"
++msgstr ""
++
++#: ../semanagePage.py:130
++#, python-format
++msgid "Are you sure you want to delete %s '%s'?"
++msgstr ""
++
++#: ../semanagePage.py:130
++#, python-format
++msgid "Delete %s"
++msgstr ""
++
++#: ../semanagePage.py:138
++#, python-format
++msgid "Add %s"
++msgstr ""
++
++#: ../semanagePage.py:152
++#, python-format
++msgid "Modify %s"
++msgstr ""
++
++#: ../sepolicy.desktop:3
++msgid "SELinux Policy Management Tool"
++msgstr ""
++
++#: ../sepolicy.desktop:5
++msgid "sepolicy"
++msgstr ""
++
++#: ../sepolicy.desktop:11
++msgid "policy;security;selinux;avc;permission;mac;"
++msgstr ""
++
++#: ../statusPage.py:74 ../system-config-selinux.ui:625
++#: ../system-config-selinux.ui:1770
++msgid "Enforcing"
++msgstr ""
++
++#: ../statusPage.py:79 ../system-config-selinux.ui:619
++msgid "Disabled"
++msgstr ""
++
++#: ../statusPage.py:98
++msgid "Status"
++msgstr ""
++
++#: ../statusPage.py:137
++msgid ""
++"Changing the policy type will cause a relabel of the entire file system on "
++"the next boot. Relabeling takes a long time depending on the size of the "
++"file system. Do you wish to continue?"
++msgstr ""
++
++#: ../statusPage.py:151
++msgid ""
++"Changing to SELinux disabled requires a reboot. It is not recommended. If "
++"you later decide to turn SELinux back on, the system will be required to "
++"relabel. If you just want to see if SELinux is causing a problem on your "
++"system, you can go to permissive mode which will only log errors and not "
++"enforce SELinux policy. Permissive mode does not require a reboot Do you "
++"wish to continue?"
++msgstr ""
++
++#: ../statusPage.py:156
++msgid ""
++"Changing to SELinux enabled will cause a relabel of the entire file system "
++"on the next boot. Relabeling takes a long time depending on the size of the "
++"file system. Do you wish to continue?"
++msgstr ""
++
++#: ../system-config-selinux.desktop:3
++msgid "SELinux Management"
++msgstr ""
++
++#: ../system-config-selinux.desktop:32
++msgid "Configure SELinux in a graphical setting"
++msgstr ""
++
++#: ../system-config-selinux.ui:11
++msgid ""
++"Copyright (c)2006 Red Hat, Inc.\n"
++"Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com>"
++msgstr ""
++
++#: ../system-config-selinux.ui:53 ../system-config-selinux.ui:433
++msgid "Add SELinux Login Mapping"
++msgstr ""
++
++#: ../system-config-selinux.ui:117
++msgid "Login Name"
++msgstr ""
++
++#: ../system-config-selinux.ui:128 ../system-config-selinux.ui:1402
++#: ../system-config-selinux.ui:1937 ../usersPage.py:54
++msgid "SELinux User"
++msgstr ""
++
++#: ../system-config-selinux.ui:139 ../system-config-selinux.ui:1948
++msgid "MLS/MCS Range"
++msgstr ""
++
++#: ../system-config-selinux.ui:219
++msgid "Add SELinux Network Ports"
++msgstr ""
++
++#: ../system-config-selinux.ui:283
++msgid "Port Number"
++msgstr ""
++
++#: ../system-config-selinux.ui:305 ../system-config-selinux.ui:519
++msgid "SELinux Type"
++msgstr ""
++
++#: ../system-config-selinux.ui:406
++msgid "all files"
++msgstr ""
++
++#: ../system-config-selinux.ui:409
++msgid "regular file"
++msgstr ""
++
++#: ../system-config-selinux.ui:412
++msgid "directory"
++msgstr ""
++
++#: ../system-config-selinux.ui:415
++msgid "character device"
++msgstr ""
++
++#: ../system-config-selinux.ui:418
++msgid "block device"
++msgstr ""
++
++#: ../system-config-selinux.ui:421
++msgid "socket file"
++msgstr ""
++
++#: ../system-config-selinux.ui:424
++msgid "symbolic link"
++msgstr ""
++
++#: ../system-config-selinux.ui:427
++msgid "named pipe"
++msgstr ""
++
++#: ../system-config-selinux.ui:497
++msgid "File Specification"
++msgstr ""
++
++#: ../system-config-selinux.ui:508
++msgid "File Type"
++msgstr ""
++
++#: ../system-config-selinux.ui:569
++msgid "MLS"
++msgstr ""
++
++#: ../system-config-selinux.ui:631
++msgid "SELinux Administration"
++msgstr ""
++
++#: ../system-config-selinux.ui:648
++msgid "_File"
++msgstr ""
++
++#: ../system-config-selinux.ui:656
++msgid "_Add"
++msgstr ""
++
++#: ../system-config-selinux.ui:668
++msgid "_Properties"
++msgstr ""
++
++#: ../system-config-selinux.ui:680
++msgid "_Delete"
++msgstr ""
++
++#: ../system-config-selinux.ui:707
++msgid "_Help"
++msgstr ""
++
++#: ../system-config-selinux.ui:754
++msgid "Select Management Object"
++msgstr ""
++
++#: ../system-config-selinux.ui:767
++msgid "<b>Select:</b>"
++msgstr ""
++
++#: ../system-config-selinux.ui:797
++msgid "System Default Enforcing Mode"
++msgstr ""
++
++#: ../system-config-selinux.ui:826
++msgid "Current Enforcing Mode"
++msgstr ""
++
++#: ../system-config-selinux.ui:848
++msgid "System Default Policy Type: "
++msgstr ""
++
++#: ../system-config-selinux.ui:871
++msgid ""
++"Select if you wish to relabel then entire file system on next reboot. "
++"Relabeling can take a very long time, depending on the size of the system. "
++"If you are changing policy types or going from disabled to enforcing, a "
++"relabel is required."
++msgstr ""
++
++#: ../system-config-selinux.ui:903
++msgid "Relabel on next reboot."
++msgstr ""
++
++#: ../system-config-selinux.ui:947
++msgid "Revert boolean setting to system default"
++msgstr ""
++
++#: ../system-config-selinux.ui:960
++msgid "Toggle between Customized and All Booleans"
++msgstr ""
++
++#: ../system-config-selinux.ui:986 ../system-config-selinux.ui:1122
++#: ../system-config-selinux.ui:1242 ../system-config-selinux.ui:1363
++#: ../system-config-selinux.ui:1531 ../system-config-selinux.ui:1683
++#: ../system-config-selinux.ui:1795
++msgid "Filter"
++msgstr ""
++
++#: ../system-config-selinux.ui:1057
++msgid "Add File Context"
++msgstr ""
++
++#: ../system-config-selinux.ui:1070
++msgid "Modify File Context"
++msgstr ""
++
++#: ../system-config-selinux.ui:1083
++msgid "Delete File Context"
++msgstr ""
++
++#: ../system-config-selinux.ui:1096
++msgid "Toggle between all and customized file context"
++msgstr ""
++
++#: ../system-config-selinux.ui:1192
++msgid "Add SELinux User Mapping"
++msgstr ""
++
++#: ../system-config-selinux.ui:1205
++msgid "Modify SELinux User Mapping"
++msgstr ""
++
++#: ../system-config-selinux.ui:1218
++msgid "Delete SELinux User Mapping"
++msgstr ""
++
++#: ../system-config-selinux.ui:1313
++msgid "Add User"
++msgstr ""
++
++#: ../system-config-selinux.ui:1326
++msgid "Modify User"
++msgstr ""
++
++#: ../system-config-selinux.ui:1339
++msgid "Delete User"
++msgstr ""
++
++#: ../system-config-selinux.ui:1434
++msgid "Add Network Port"
++msgstr ""
++
++#: ../system-config-selinux.ui:1447
++msgid "Edit Network Port"
++msgstr ""
++
++#: ../system-config-selinux.ui:1460
++msgid "Delete Network Port"
++msgstr ""
++
++#: ../system-config-selinux.ui:1491 ../system-config-selinux.ui:1505
++msgid "Toggle between Customized and All Ports"
++msgstr ""
++
++#: ../system-config-selinux.ui:1602
++msgid "Generate new policy module"
++msgstr ""
++
++#: ../system-config-selinux.ui:1614
++msgid "Load policy module"
++msgstr ""
++
++#: ../system-config-selinux.ui:1627
++msgid "Remove loadable policy module"
++msgstr ""
++
++#: ../system-config-selinux.ui:1658
++msgid ""
++"Enable/Disable additional audit rules, that are normally not reported in the "
++"log files."
++msgstr ""
++
++#: ../system-config-selinux.ui:1754
++msgid "Change process mode to permissive."
++msgstr ""
++
++#: ../system-config-selinux.ui:1769
++msgid "Change process mode to enforcing"
++msgstr ""
++
++#: ../system-config-selinux.ui:1873
++msgid "Add SELinux User"
++msgstr ""
++
++#: ../system-config-selinux.ui:1970 ../usersPage.py:69
++msgid "SELinux Roles"
++msgstr ""
++
++#: ../usersPage.py:142
++#, python-format
++msgid "SELinux user '%s' is required"
++msgstr ""
+diff --git a/python/po/python.pot b/python/po/python.pot
+new file mode 100644
+index 00000000..a279b0e8
+--- /dev/null
++++ b/python/po/python.pot
+@@ -0,0 +1,3375 @@
++# SOME DESCRIPTIVE TITLE.
++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
++# This file is distributed under the same license as the PACKAGE package.
++# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
++#
++#, fuzzy
++msgid ""
++msgstr ""
++"Project-Id-Version: PACKAGE VERSION\n"
++"Report-Msgid-Bugs-To: \n"
++"POT-Creation-Date: 2018-08-06 14:22+0200\n"
++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
++"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
++"Language-Team: LANGUAGE <LL@li.org>\n"
++"Language: \n"
++"MIME-Version: 1.0\n"
++"Content-Type: text/plain; charset=CHARSET\n"
++"Content-Transfer-Encoding: 8bit\n"
++
++#: ../audit2allow/audit2allow:237
++msgid "******************** IMPORTANT ***********************\n"
++msgstr ""
++
++#: ../audit2allow/audit2allow:238
++#, python-format
++msgid ""
++"To make this policy package active, execute:\n"
++"\n"
++"semodule -i %s\n"
++"\n"
++msgstr ""
++
++#: ../chcat/chcat:115 ../chcat/chcat:194
++msgid "Requires at least one category"
++msgstr ""
++
++#: ../chcat/chcat:129 ../chcat/chcat:208
++#, python-format
++msgid "Can not modify sensitivity levels using '+' on %s"
++msgstr ""
++
++#: ../chcat/chcat:133
++#, python-format
++msgid "%s is already in %s"
++msgstr ""
++
++#: ../chcat/chcat:213 ../chcat/chcat:223
++#, python-format
++msgid "%s is not in %s"
++msgstr ""
++
++#: ../chcat/chcat:295 ../chcat/chcat:300
++msgid "Can not combine +/- with other types of categories"
++msgstr ""
++
++#: ../chcat/chcat:350
++msgid "Can not have multiple sensitivities"
++msgstr ""
++
++#: ../chcat/chcat:357
++#, python-format
++msgid "Usage %s CATEGORY File ..."
++msgstr ""
++
++#: ../chcat/chcat:358
++#, python-format
++msgid "Usage %s -l CATEGORY user ..."
++msgstr ""
++
++#: ../chcat/chcat:359
++#, python-format
++msgid "Usage %s [[+|-]CATEGORY],...] File ..."
++msgstr ""
++
++#: ../chcat/chcat:360
++#, python-format
++msgid "Usage %s -l [[+|-]CATEGORY],...] user ..."
++msgstr ""
++
++#: ../chcat/chcat:361
++#, python-format
++msgid "Usage %s -d File ..."
++msgstr ""
++
++#: ../chcat/chcat:362
++#, python-format
++msgid "Usage %s -l -d user ..."
++msgstr ""
++
++#: ../chcat/chcat:363
++#, python-format
++msgid "Usage %s -L"
++msgstr ""
++
++#: ../chcat/chcat:364
++#, python-format
++msgid "Usage %s -L -l user"
++msgstr ""
++
++#: ../chcat/chcat:365
++msgid "Use -- to end option list. For example"
++msgstr ""
++
++#: ../chcat/chcat:366
++msgid "chcat -- -CompanyConfidential /docs/businessplan.odt"
++msgstr ""
++
++#: ../chcat/chcat:367
++msgid "chcat -l +CompanyConfidential juser"
++msgstr ""
++
++#: ../chcat/chcat:436
++#, python-format
++msgid "Options Error %s "
++msgstr ""
++
++#: ../semanage/semanage:203
++msgid "Select an alternate SELinux Policy Store to manage"
++msgstr ""
++
++#: ../semanage/semanage:207
++msgid "Select a priority for module operations"
++msgstr ""
++
++#: ../semanage/semanage:211
++#, python-format
++msgid "Do not print heading when listing %s object types"
++msgstr ""
++
++#: ../semanage/semanage:215
++msgid "Do not reload policy after commit"
++msgstr ""
++
++#: ../semanage/semanage:219
++#, python-format
++msgid "List %s local customizations"
++msgstr ""
++
++#: ../semanage/semanage:223
++#, python-format
++msgid "Add a record of the %s object type"
++msgstr ""
++
++#: ../semanage/semanage:227
++msgid "SELinux Type for the object"
++msgstr ""
++
++#: ../semanage/semanage:231
++msgid ""
++"Default SELinux Level for SELinux user, s0 Default. (MLS/MCS Systems only)"
++msgstr ""
++
++#: ../semanage/semanage:236
++msgid ""
++"\n"
++"MLS/MCS Security Range (MLS/MCS Systems only)\n"
++"SELinux Range for SELinux login mapping\n"
++"defaults to the SELinux user record range.\n"
++"SELinux Range for SELinux user defaults to s0.\n"
++msgstr ""
++
++#: ../semanage/semanage:245
++msgid ""
++"\n"
++" Protocol for the specified port (tcp|udp) or internet protocol\n"
++" version for the specified node (ipv4|ipv6).\n"
++msgstr ""
++
++#: ../semanage/semanage:251
++msgid ""
++"\n"
++" Subnet prefix for the specified infiniband ibpkey.\n"
++msgstr ""
++
++#: ../semanage/semanage:256
++msgid ""
++"\n"
++" Name for the specified infiniband end port.\n"
++msgstr ""
++
++#: ../semanage/semanage:261
++#, python-format
++msgid "Modify a record of the %s object type"
++msgstr ""
++
++#: ../semanage/semanage:265
++#, python-format
++msgid "List records of the %s object type"
++msgstr ""
++
++#: ../semanage/semanage:269
++#, python-format
++msgid "Delete a record of the %s object type"
++msgstr ""
++
++#: ../semanage/semanage:273
++msgid "Extract customizable commands, for use within a transaction"
++msgstr ""
++
++#: ../semanage/semanage:277
++#, python-format
++msgid "Remove all %s objects local customizations"
++msgstr ""
++
++#: ../semanage/semanage:281
++msgid "SELinux user name"
++msgstr ""
++
++#: ../semanage/semanage:286
++msgid "Manage login mappings between linux users and SELinux confined users"
++msgstr ""
++
++#: ../semanage/semanage:303
++#, python-format
++msgid "login_name | %%groupname"
++msgstr ""
++
++#: ../semanage/semanage:355
++msgid "Manage file context mapping definitions"
++msgstr ""
++
++#: ../semanage/semanage:369
++msgid ""
++"Substitute target path with sourcepath when generating default\n"
++" label. "
++"This is used with fcontext. Requires source and target\n"
++" path "
++"arguments. The context labeling for the target subtree is\n"
++" made "
++"equivalent to that defined for the source."
++msgstr ""
++
++#: ../semanage/semanage:377
++msgid "file_spec"
++msgstr ""
++
++#: ../semanage/semanage:405
++msgid "Manage SELinux confined users (Roles and levels for an SELinux user)"
++msgstr ""
++
++#: ../semanage/semanage:423
++msgid ""
++"\n"
++"SELinux Roles. You must enclose multiple roles within "
++"quotes, separate by spaces. Or specify -R multiple times.\n"
++msgstr ""
++
++#: ../semanage/semanage:427
++msgid "selinux_name"
++msgstr ""
++
++#: ../semanage/semanage:455
++msgid "Manage network port type definitions"
++msgstr ""
++
++#: ../semanage/semanage:471
++msgid "port | port_range"
++msgstr ""
++
++#: ../semanage/semanage:500
++msgid "Manage infiniband ibpkey type definitions"
++msgstr ""
++
++#: ../semanage/semanage:516
++msgid "pkey | pkey_range"
++msgstr ""
++
++#: ../semanage/semanage:543
++msgid "Manage infiniband end port type definitions"
++msgstr ""
++
++#: ../semanage/semanage:559
++msgid "ibendport"
++msgstr ""
++
++#: ../semanage/semanage:586
++msgid "Manage network interface type definitions"
++msgstr ""
++
++#: ../semanage/semanage:601
++msgid "interface_spec"
++msgstr ""
++
++#: ../semanage/semanage:625
++msgid "Manage SELinux policy modules"
++msgstr ""
++
++#: ../semanage/semanage:637
++msgid "Remove a module"
++msgstr ""
++
++#: ../semanage/semanage:638
++msgid "Disable a module"
++msgstr ""
++
++#: ../semanage/semanage:639
++msgid "Enable a module"
++msgstr ""
++
++#: ../semanage/semanage:640
++msgid "Name of the module to act on"
++msgstr ""
++
++#: ../semanage/semanage:667
++msgid "Manage network node type definitions"
++msgstr ""
++
++#: ../semanage/semanage:681
++msgid "Network Mask"
++msgstr ""
++
++#: ../semanage/semanage:685
++msgid "node"
++msgstr ""
++
++#: ../semanage/semanage:710
++msgid "Manage booleans to selectively enable functionality"
++msgstr ""
++
++#: ../semanage/semanage:715
++msgid "boolean"
++msgstr ""
++
++#: ../semanage/semanage:725
++msgid "Enable the boolean"
++msgstr ""
++
++#: ../semanage/semanage:726
++msgid "Disable the boolean"
++msgstr ""
++
++#: ../semanage/semanage:743
++msgid "semanage permissive: error: the following argument is required: type\n"
++msgstr ""
++
++#: ../semanage/semanage:748
++msgid "Manage process type enforcement mode"
++msgstr ""
++
++#: ../semanage/semanage:760 ../semanage/seobject.py:2611
++msgid "type"
++msgstr ""
++
++#: ../semanage/semanage:771
++msgid "Disable/Enable dontaudit rules in policy"
++msgstr ""
++
++#: ../semanage/semanage:791
++msgid "Output local customizations"
++msgstr ""
++
++#: ../semanage/semanage:793
++msgid "Output file"
++msgstr ""
++
++#: ../semanage/semanage:871
++msgid "Import local customizations"
++msgstr ""
++
++#: ../semanage/semanage:874
++msgid "Input file"
++msgstr ""
++
++#: ../semanage/seobject.py:274
++msgid "Could not create semanage handle"
++msgstr ""
++
++#: ../semanage/seobject.py:282
++msgid "SELinux policy is not managed or store cannot be accessed."
++msgstr ""
++
++#: ../semanage/seobject.py:287
++msgid "Cannot read policy store."
++msgstr ""
++
++#: ../semanage/seobject.py:292
++msgid "Could not establish semanage connection"
++msgstr ""
++
++#: ../semanage/seobject.py:297
++msgid "Could not test MLS enabled status"
++msgstr ""
++
++#: ../semanage/seobject.py:303 ../semanage/seobject.py:319
++msgid "Not yet implemented"
++msgstr ""
++
++#: ../semanage/seobject.py:307
++msgid "Semanage transaction already in progress"
++msgstr ""
++
++#: ../semanage/seobject.py:316
++msgid "Could not start semanage transaction"
++msgstr ""
++
++#: ../semanage/seobject.py:330
++msgid "Could not commit semanage transaction"
++msgstr ""
++
++#: ../semanage/seobject.py:335
++msgid "Semanage transaction not in progress"
++msgstr ""
++
++#: ../semanage/seobject.py:349 ../semanage/seobject.py:469
++msgid "Could not list SELinux modules"
++msgstr ""
++
++#: ../semanage/seobject.py:356
++msgid "Could not get module name"
++msgstr ""
++
++#: ../semanage/seobject.py:360
++msgid "Could not get module enabled"
++msgstr ""
++
++#: ../semanage/seobject.py:364
++msgid "Could not get module priority"
++msgstr ""
++
++#: ../semanage/seobject.py:368
++msgid "Could not get module lang_ext"
++msgstr ""
++
++#: ../semanage/seobject.py:389
++msgid "Module Name"
++msgstr ""
++
++#: ../semanage/seobject.py:389
++msgid "Priority"
++msgstr ""
++
++#: ../semanage/seobject.py:389
++msgid "Language"
++msgstr ""
++
++#: ../semanage/seobject.py:392 ../sepolicy/sepolicy/sepolicy.glade:3431
++msgid "Disabled"
++msgstr ""
++
++#: ../semanage/seobject.py:401
++#, python-format
++msgid "Module does not exist: %s "
++msgstr ""
++
++#: ../semanage/seobject.py:405 ../semanage/seobject.py:432
++#, python-format
++msgid "Invalid priority %d (needs to be between 1 and 999)"
++msgstr ""
++
++#: ../semanage/seobject.py:415
++msgid "Could not create module key"
++msgstr ""
++
++#: ../semanage/seobject.py:419
++msgid "Could not set module key name"
++msgstr ""
++
++#: ../semanage/seobject.py:424
++#, python-format
++msgid "Could not enable module %s"
++msgstr ""
++
++#: ../semanage/seobject.py:426
++#, python-format
++msgid "Could not disable module %s"
++msgstr ""
++
++#: ../semanage/seobject.py:437
++#, python-format
++msgid "Could not remove module %s (remove failed)"
++msgstr ""
++
++#: ../semanage/seobject.py:454
++msgid "dontaudit requires either 'on' or 'off'"
++msgstr ""
++
++#: ../semanage/seobject.py:484
++msgid "Builtin Permissive Types"
++msgstr ""
++
++#: ../semanage/seobject.py:494
++msgid "Customized Permissive Types"
++msgstr ""
++
++#: ../semanage/seobject.py:502
++msgid ""
++"The sepolgen python module is required to setup permissive domains.\n"
++"In some distributions it is included in the policycoreutils-devel package.\n"
++"# yum install policycoreutils-devel\n"
++"Or similar for your distro."
++msgstr ""
++
++#: ../semanage/seobject.py:512
++#, python-format
++msgid "Could not set permissive domain %s (module installation failed)"
++msgstr ""
++
++#: ../semanage/seobject.py:518
++#, python-format
++msgid "Could not remove permissive domain %s (remove failed)"
++msgstr ""
++
++#: ../semanage/seobject.py:555 ../semanage/seobject.py:627
++#: ../semanage/seobject.py:674 ../semanage/seobject.py:794
++#: ../semanage/seobject.py:824 ../semanage/seobject.py:889
++#: ../semanage/seobject.py:945 ../semanage/seobject.py:1209
++#: ../semanage/seobject.py:1468 ../semanage/seobject.py:2442
++#: ../semanage/seobject.py:2512 ../semanage/seobject.py:2536
++#: ../semanage/seobject.py:2664 ../semanage/seobject.py:2715
++#, python-format
++msgid "Could not create a key for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:559 ../semanage/seobject.py:631
++#: ../semanage/seobject.py:678 ../semanage/seobject.py:684
++#, python-format
++msgid "Could not check if login mapping for %s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:561
++#, python-format
++msgid "Login mapping for %s is already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:566
++#, python-format
++msgid "Linux Group %s does not exist"
++msgstr ""
++
++#: ../semanage/seobject.py:571
++#, python-format
++msgid "Linux User %s does not exist"
++msgstr ""
++
++#: ../semanage/seobject.py:575
++#, python-format
++msgid "Could not create login mapping for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:579 ../semanage/seobject.py:838
++#, python-format
++msgid "Could not set name for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:584 ../semanage/seobject.py:848
++#, python-format
++msgid "Could not set MLS range for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:588
++#, python-format
++msgid "Could not set SELinux user for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:592
++#, python-format
++msgid "Could not add login mapping for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:610
++msgid "Requires seuser or serange"
++msgstr ""
++
++#: ../semanage/seobject.py:633 ../semanage/seobject.py:680
++#, python-format
++msgid "Login mapping for %s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:637
++#, python-format
++msgid "Could not query seuser for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:652
++#, python-format
++msgid "Could not modify login mapping for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:686
++#, python-format
++msgid "Login mapping for %s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:690
++#, python-format
++msgid "Could not delete login mapping for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:712 ../semanage/seobject.py:745
++#: ../semanage/seobject.py:988
++msgid "Could not list login mappings"
++msgstr ""
++
++#: ../semanage/seobject.py:769 ../semanage/seobject.py:781
++#: ../sepolicy/sepolicy/sepolicy.glade:1162
++#: ../sepolicy/sepolicy/sepolicy.glade:3156
++msgid "Login Name"
++msgstr ""
++
++#: ../semanage/seobject.py:769 ../semanage/seobject.py:781
++#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040
++#: ../sepolicy/sepolicy/sepolicy.glade:1188
++#: ../sepolicy/sepolicy/sepolicy.glade:3174
++#: ../sepolicy/sepolicy/sepolicy.glade:3260
++#: ../sepolicy/sepolicy/sepolicy.glade:4915
++msgid "SELinux User"
++msgstr ""
++
++#: ../semanage/seobject.py:769
++msgid "MLS/MCS Range"
++msgstr ""
++
++#: ../semanage/seobject.py:769
++msgid "Service"
++msgstr ""
++
++#: ../semanage/seobject.py:797 ../semanage/seobject.py:828
++#: ../semanage/seobject.py:893 ../semanage/seobject.py:949
++#: ../semanage/seobject.py:955
++#, python-format
++msgid "Could not check if SELinux user %s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:800 ../semanage/seobject.py:899
++#: ../semanage/seobject.py:961
++#, python-format
++msgid "Could not query user for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:820
++#, python-format
++msgid "You must add at least one role for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:830
++#, python-format
++msgid "SELinux user %s is already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:834
++#, python-format
++msgid "Could not create SELinux user for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:843
++#, python-format
++msgid "Could not add role %s for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:852
++#, python-format
++msgid "Could not set MLS level for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:855
++#, python-format
++msgid "Could not add prefix %s for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:858
++#, python-format
++msgid "Could not extract key for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:862
++#, python-format
++msgid "Could not add SELinux user %s"
++msgstr ""
++
++#: ../semanage/seobject.py:883
++msgid "Requires prefix, roles, level or range"
++msgstr ""
++
++#: ../semanage/seobject.py:885
++msgid "Requires prefix or roles"
++msgstr ""
++
++#: ../semanage/seobject.py:895 ../semanage/seobject.py:951
++#, python-format
++msgid "SELinux user %s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:924
++#, python-format
++msgid "Could not modify SELinux user %s"
++msgstr ""
++
++#: ../semanage/seobject.py:957
++#, python-format
++msgid "SELinux user %s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:968
++#, python-format
++msgid "Could not delete SELinux user %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1006
++msgid "Could not list SELinux users"
++msgstr ""
++
++#: ../semanage/seobject.py:1012
++#, python-format
++msgid "Could not list roles for user %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1034
++msgid "Labeling"
++msgstr ""
++
++#: ../semanage/seobject.py:1034
++msgid "MLS/"
++msgstr ""
++
++#: ../semanage/seobject.py:1035
++msgid "Prefix"
++msgstr ""
++
++#: ../semanage/seobject.py:1035
++msgid "MCS Level"
++msgstr ""
++
++#: ../semanage/seobject.py:1035
++msgid "MCS Range"
++msgstr ""
++
++#: ../semanage/seobject.py:1035 ../semanage/seobject.py:1040
++#: ../sepolicy/sepolicy/sepolicy.glade:3280
++#: ../sepolicy/sepolicy/sepolicy.glade:5251
++#: ../sepolicy/sepolicy/sepolicy.glade:5400
++msgid "SELinux Roles"
++msgstr ""
++
++#: ../semanage/seobject.py:1061
++msgid "Protocol udp or tcp is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1063
++msgid "Port is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1073
++msgid "Invalid Port"
++msgstr ""
++
++#: ../semanage/seobject.py:1077 ../semanage/seobject.py:1345
++#, python-format
++msgid "Could not create a key for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1088 ../semanage/seobject.py:1356
++#: ../semanage/seobject.py:1604
++msgid "Type is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1091 ../semanage/seobject.py:1155
++#, python-format
++msgid "Type %s is invalid, must be a port type"
++msgstr ""
++
++#: ../semanage/seobject.py:1097 ../semanage/seobject.py:1161
++#: ../semanage/seobject.py:1227 ../semanage/seobject.py:1233
++#, python-format
++msgid "Could not check if port %s/%s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1099
++#, python-format
++msgid "Port %s/%s already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1103
++#, python-format
++msgid "Could not create port for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1109 ../semanage/seobject.py:1377
++#: ../semanage/seobject.py:1624
++#, python-format
++msgid "Could not create context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1113
++#, python-format
++msgid "Could not set user in port context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1117
++#, python-format
++msgid "Could not set role in port context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1121
++#, python-format
++msgid "Could not set type in port context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1126
++#, python-format
++msgid "Could not set mls fields in port context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1130
++#, python-format
++msgid "Could not set port context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1134
++#, python-format
++msgid "Could not add port %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1150 ../semanage/seobject.py:1416
++#: ../semanage/seobject.py:1663 ../semanage/seobject.py:1923
++#: ../semanage/seobject.py:2125
++msgid "Requires setype or serange"
++msgstr ""
++
++#: ../semanage/seobject.py:1152 ../semanage/seobject.py:1418
++#: ../semanage/seobject.py:1665
++msgid "Requires setype"
++msgstr ""
++
++#: ../semanage/seobject.py:1163 ../semanage/seobject.py:1229
++#, python-format
++msgid "Port %s/%s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1167
++#, python-format
++msgid "Could not query port %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1181
++#, python-format
++msgid "Could not modify port %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1196
++msgid "Could not list the ports"
++msgstr ""
++
++#: ../semanage/seobject.py:1213
++#, python-format
++msgid "Could not delete the port %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1235
++#, python-format
++msgid "Port %s/%s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:1239
++#, python-format
++msgid "Could not delete port %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1257 ../semanage/seobject.py:1277
++msgid "Could not list ports"
++msgstr ""
++
++#: ../semanage/seobject.py:1311 ../sepolicy/sepolicy/sepolicy.glade:2676
++#: ../sepolicy/sepolicy/sepolicy.glade:2774
++#: ../sepolicy/sepolicy/sepolicy.glade:4648
++msgid "SELinux Port Type"
++msgstr ""
++
++#: ../semanage/seobject.py:1311
++msgid "Proto"
++msgstr ""
++
++#: ../semanage/seobject.py:1311 ../semanage/seobject.py:1801
++#: ../sepolicy/sepolicy/sepolicy.glade:1413
++msgid "Port Number"
++msgstr ""
++
++#: ../semanage/seobject.py:1331
++msgid "Subnet Prefix is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1341
++msgid "Invalid Pkey"
++msgstr ""
++
++#: ../semanage/seobject.py:1359 ../semanage/seobject.py:1421
++#, python-format
++msgid "Type %s is invalid, must be a ibpkey type"
++msgstr ""
++
++#: ../semanage/seobject.py:1365 ../semanage/seobject.py:1427
++#: ../semanage/seobject.py:1481 ../semanage/seobject.py:1487
++#, python-format
++msgid "Could not check if ibpkey %s/%s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1367
++#, python-format
++msgid "ibpkey %s/%s already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1371
++#, python-format
++msgid "Could not create ibpkey for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1381
++#, python-format
++msgid "Could not set user in ibpkey context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1385
++#, python-format
++msgid "Could not set role in ibpkey context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1389
++#, python-format
++msgid "Could not set type in ibpkey context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1394
++#, python-format
++msgid "Could not set mls fields in ibpkey context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1398
++#, python-format
++msgid "Could not set ibpkey context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1402
++#, python-format
++msgid "Could not add ibpkey %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1429 ../semanage/seobject.py:1483
++#, python-format
++msgid "ibpkey %s/%s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1433
++#, python-format
++msgid "Could not query ibpkey %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1444
++#, python-format
++msgid "Could not modify ibpkey %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1457
++msgid "Could not list the ibpkeys"
++msgstr ""
++
++#: ../semanage/seobject.py:1472
++#, python-format
++msgid "Could not delete the ibpkey %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1489
++#, python-format
++msgid "ibpkey %s/%s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:1493
++#, python-format
++msgid "Could not delete ibpkey %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1509 ../semanage/seobject.py:1530
++msgid "Could not list ibpkeys"
++msgstr ""
++
++#: ../semanage/seobject.py:1564
++msgid "SELinux IB Pkey Type"
++msgstr ""
++
++#: ../semanage/seobject.py:1564
++msgid "Subnet_Prefix"
++msgstr ""
++
++#: ../semanage/seobject.py:1564
++msgid "Pkey Number"
++msgstr ""
++
++#: ../semanage/seobject.py:1584
++msgid "IB device name is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1589
++msgid "Invalid Port Number"
++msgstr ""
++
++#: ../semanage/seobject.py:1593
++#, python-format
++msgid "Could not create a key for ibendport %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1607 ../semanage/seobject.py:1668
++#, python-format
++msgid "Type %s is invalid, must be an ibendport type"
++msgstr ""
++
++#: ../semanage/seobject.py:1612 ../semanage/seobject.py:1674
++#: ../semanage/seobject.py:1726 ../semanage/seobject.py:1732
++#, python-format
++msgid "Could not check if ibendport %s/%s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1614
++#, python-format
++msgid "ibendport %s/%s already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1618
++#, python-format
++msgid "Could not create ibendport for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1628
++#, python-format
++msgid "Could not set user in ibendport context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1632
++#, python-format
++msgid "Could not set role in ibendport context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1636
++#, python-format
++msgid "Could not set type in ibendport context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1641
++#, python-format
++msgid "Could not set mls fields in ibendport context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1645
++#, python-format
++msgid "Could not set ibendport context for %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1649
++#, python-format
++msgid "Could not add ibendport %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1676 ../semanage/seobject.py:1728
++#, python-format
++msgid "ibendport %s/%s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1680
++#, python-format
++msgid "Could not query ibendport %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1691
++#, python-format
++msgid "Could not modify ibendport %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1704
++msgid "Could not list the ibendports"
++msgstr ""
++
++#: ../semanage/seobject.py:1713
++#, python-format
++msgid "Could not create a key for %s/%d"
++msgstr ""
++
++#: ../semanage/seobject.py:1717
++#, python-format
++msgid "Could not delete the ibendport %s/%d"
++msgstr ""
++
++#: ../semanage/seobject.py:1734
++#, python-format
++msgid "ibendport %s/%s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:1738
++#, python-format
++msgid "Could not delete ibendport %s/%s"
++msgstr ""
++
++#: ../semanage/seobject.py:1754 ../semanage/seobject.py:1774
++msgid "Could not list ibendports"
++msgstr ""
++
++#: ../semanage/seobject.py:1801
++msgid "SELinux IB End Port Type"
++msgstr ""
++
++#: ../semanage/seobject.py:1801
++msgid "IB Device Name"
++msgstr ""
++
++#: ../semanage/seobject.py:1825
++msgid "Node Address is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1840
++msgid "Unknown or missing protocol"
++msgstr ""
++
++#: ../semanage/seobject.py:1854
++msgid "SELinux node type is required"
++msgstr ""
++
++#: ../semanage/seobject.py:1857 ../semanage/seobject.py:1926
++#, python-format
++msgid "Type %s is invalid, must be a node type"
++msgstr ""
++
++#: ../semanage/seobject.py:1861 ../semanage/seobject.py:1930
++#: ../semanage/seobject.py:1968 ../semanage/seobject.py:2066
++#: ../semanage/seobject.py:2129 ../semanage/seobject.py:2165
++#: ../semanage/seobject.py:2377
++#, python-format
++msgid "Could not create key for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1863 ../semanage/seobject.py:1934
++#: ../semanage/seobject.py:1972 ../semanage/seobject.py:1978
++#, python-format
++msgid "Could not check if addr %s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1867
++#, python-format
++msgid "Addr %s already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1871
++#, python-format
++msgid "Could not create addr for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1877 ../semanage/seobject.py:2081
++#: ../semanage/seobject.py:2333
++#, python-format
++msgid "Could not create context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1881
++#, python-format
++msgid "Could not set mask for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1885
++#, python-format
++msgid "Could not set user in addr context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1889
++#, python-format
++msgid "Could not set role in addr context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1893
++#, python-format
++msgid "Could not set type in addr context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1898
++#, python-format
++msgid "Could not set mls fields in addr context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1902
++#, python-format
++msgid "Could not set addr context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1906
++#, python-format
++msgid "Could not add addr %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1936 ../semanage/seobject.py:1974
++#, python-format
++msgid "Addr %s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:1940
++#, python-format
++msgid "Could not query addr %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1950
++#, python-format
++msgid "Could not modify addr %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1980
++#, python-format
++msgid "Addr %s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:1984
++#, python-format
++msgid "Could not delete addr %s"
++msgstr ""
++
++#: ../semanage/seobject.py:1998
++msgid "Could not deleteall node mappings"
++msgstr ""
++
++#: ../semanage/seobject.py:2012
++msgid "Could not list addrs"
++msgstr ""
++
++#: ../semanage/seobject.py:2062 ../semanage/seobject.py:2370
++msgid "SELinux Type is required"
++msgstr ""
++
++#: ../semanage/seobject.py:2070 ../semanage/seobject.py:2133
++#: ../semanage/seobject.py:2169 ../semanage/seobject.py:2175
++#, python-format
++msgid "Could not check if interface %s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2072
++#, python-format
++msgid "Interface %s already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2076
++#, python-format
++msgid "Could not create interface for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2085
++#, python-format
++msgid "Could not set user in interface context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2089
++#, python-format
++msgid "Could not set role in interface context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2093
++#, python-format
++msgid "Could not set type in interface context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2098
++#, python-format
++msgid "Could not set mls fields in interface context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2102
++#, python-format
++msgid "Could not set interface context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2106
++#, python-format
++msgid "Could not set message context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2110
++#, python-format
++msgid "Could not add interface %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2135 ../semanage/seobject.py:2171
++#, python-format
++msgid "Interface %s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2139
++#, python-format
++msgid "Could not query interface %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2150
++#, python-format
++msgid "Could not modify interface %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2177
++#, python-format
++msgid "Interface %s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:2181
++#, python-format
++msgid "Could not delete interface %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2195
++msgid "Could not delete all interface mappings"
++msgstr ""
++
++#: ../semanage/seobject.py:2209
++msgid "Could not list interfaces"
++msgstr ""
++
++#: ../semanage/seobject.py:2231
++msgid "SELinux Interface"
++msgstr ""
++
++#: ../semanage/seobject.py:2231 ../semanage/seobject.py:2611
++msgid "Context"
++msgstr ""
++
++#: ../semanage/seobject.py:2299
++#, python-format
++msgid "Target %s is not valid. Target is not allowed to end with '/'"
++msgstr ""
++
++#: ../semanage/seobject.py:2302
++#, python-format
++msgid "Substiture %s is not valid. Substitute is not allowed to end with '/'"
++msgstr ""
++
++#: ../semanage/seobject.py:2305
++#, python-format
++msgid "Equivalence class for %s already exists"
++msgstr ""
++
++#: ../semanage/seobject.py:2311
++#, python-format
++msgid "File spec %s conflicts with equivalency rule '%s %s'"
++msgstr ""
++
++#: ../semanage/seobject.py:2322
++#, python-format
++msgid "Equivalence class for %s does not exist"
++msgstr ""
++
++#: ../semanage/seobject.py:2339
++#, python-format
++msgid "Could not set user in file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2343
++#, python-format
++msgid "Could not set role in file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2348 ../semanage/seobject.py:2406
++#, python-format
++msgid "Could not set mls fields in file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2354
++msgid "Invalid file specification"
++msgstr ""
++
++#: ../semanage/seobject.py:2356
++msgid "File specification can not include spaces"
++msgstr ""
++
++#: ../semanage/seobject.py:2361
++#, python-format
++msgid ""
++"File spec %s conflicts with equivalency rule '%s %s'; Try adding '%s' instead"
++msgstr ""
++
++#: ../semanage/seobject.py:2373 ../semanage/seobject.py:2436
++#, python-format
++msgid "Type %s is invalid, must be a file or device type"
++msgstr ""
++
++#: ../semanage/seobject.py:2381 ../semanage/seobject.py:2386
++#: ../semanage/seobject.py:2446 ../semanage/seobject.py:2540
++#: ../semanage/seobject.py:2544
++#, python-format
++msgid "Could not check if file context for %s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2389
++#, python-format
++msgid "File context for %s already defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2393
++#, python-format
++msgid "Could not create file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2401
++#, python-format
++msgid "Could not set type in file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2409 ../semanage/seobject.py:2476
++#: ../semanage/seobject.py:2480
++#, python-format
++msgid "Could not set file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2415
++#, python-format
++msgid "Could not add file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2434
++msgid "Requires setype, serange or seuser"
++msgstr ""
++
++#: ../semanage/seobject.py:2450 ../semanage/seobject.py:2548
++#, python-format
++msgid "File context for %s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2458
++#, python-format
++msgid "Could not query file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2484
++#, python-format
++msgid "Could not modify file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2502
++msgid "Could not list the file contexts"
++msgstr ""
++
++#: ../semanage/seobject.py:2516
++#, python-format
++msgid "Could not delete the file context %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2546
++#, python-format
++msgid "File context for %s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:2552
++#, python-format
++msgid "Could not delete file context for %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2569
++msgid "Could not list file contexts"
++msgstr ""
++
++#: ../semanage/seobject.py:2573
++msgid "Could not list file contexts for home directories"
++msgstr ""
++
++#: ../semanage/seobject.py:2577
++msgid "Could not list local file contexts"
++msgstr ""
++
++#: ../semanage/seobject.py:2611
++msgid "SELinux fcontext"
++msgstr ""
++
++#: ../semanage/seobject.py:2624
++msgid ""
++"\n"
++"SELinux Distribution fcontext Equivalence \n"
++msgstr ""
++
++#: ../semanage/seobject.py:2629
++msgid ""
++"\n"
++"SELinux Local fcontext Equivalence \n"
++msgstr ""
++
++#: ../semanage/seobject.py:2667 ../semanage/seobject.py:2718
++#: ../semanage/seobject.py:2724
++#, python-format
++msgid "Could not check if boolean %s is defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2669 ../semanage/seobject.py:2720
++#, python-format
++msgid "Boolean %s is not defined"
++msgstr ""
++
++#: ../semanage/seobject.py:2673
++#, python-format
++msgid "Could not query file context %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2678
++#, python-format
++msgid "You must specify one of the following values: %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2683
++#, python-format
++msgid "Could not set active value of boolean %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2686
++#, python-format
++msgid "Could not modify boolean %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2702
++#, python-format
++msgid "Bad format %s: Record %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2726
++#, python-format
++msgid "Boolean %s is defined in policy, cannot be deleted"
++msgstr ""
++
++#: ../semanage/seobject.py:2730
++#, python-format
++msgid "Could not delete boolean %s"
++msgstr ""
++
++#: ../semanage/seobject.py:2742 ../semanage/seobject.py:2759
++msgid "Could not list booleans"
++msgstr ""
++
++#: ../semanage/seobject.py:2792
++msgid "off"
++msgstr ""
++
++#: ../semanage/seobject.py:2792
++msgid "on"
++msgstr ""
++
++#: ../semanage/seobject.py:2804
++msgid "SELinux boolean"
++msgstr ""
++
++#: ../semanage/seobject.py:2804
++msgid "State"
++msgstr ""
++
++#: ../semanage/seobject.py:2804
++msgid "Default"
++msgstr ""
++
++#: ../semanage/seobject.py:2804 ../sepolicy/sepolicy/sepolicy.glade:2148
++#: ../sepolicy/sepolicy/sepolicy.glade:2518
++#: ../sepolicy/sepolicy/sepolicy.glade:5117
++msgid "Description"
++msgstr ""
++
++#: ../sepolgen/src/sepolgen/interfaces.py:486
++msgid "Found circular interface class"
++msgstr ""
++
++#: ../sepolgen/src/sepolgen/interfaces.py:491
++#, python-format
++msgid "Missing interface definition for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:141
++msgid "Standard Init Daemon"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:142
++msgid "DBUS System Daemon"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:143
++msgid "Internet Services Daemon"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:144
++msgid "Web Application/Script (CGI)"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:145
++msgid "Sandbox"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:146
++msgid "User Application"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:147
++msgid "Existing Domain Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:148
++msgid "Minimal Terminal Login User Role"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:149
++msgid "Minimal X Windows Login User Role"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:150
++msgid "Desktop Login User Role"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:151
++msgid "Administrator Login User Role"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:152
++msgid "Confined Root Administrator Role"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:153
++msgid "Module information for a new type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:159
++msgid "Valid Types:\n"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:194
++#, python-format
++msgid "Ports must be numbers or ranges of numbers from 1 to %d "
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:206
++msgid "You must enter a valid policy type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:209
++#, python-format
++msgid "You must enter a name for your policy module for your '%s'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:347
++msgid ""
++"Name must be alpha numberic with no spaces. Consider using option \"-n "
++"MODULENAME\""
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:439
++msgid "User Role types can not be assigned executables."
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:445
++msgid "Only Daemon apps can use an init script.."
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:463
++msgid "use_resolve must be a boolean value "
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:469
++msgid "use_syslog must be a boolean value "
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:475
++msgid "use_kerberos must be a boolean value "
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:481
++msgid "manage_krb5_rcache must be a boolean value "
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:511
++msgid "USER Types automatically get a tmp type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:848
++#, python-format
++msgid "'%s' policy modules require existing domains"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:873
++msgid "Type field required"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:886
++#, python-format
++msgid ""
++"You need to define a new type which ends with: \n"
++" %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:1114
++msgid "You must enter the executable path for your confined process"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:1381
++msgid "Type Enforcement file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:1382
++msgid "Interface file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:1383
++msgid "File Contexts file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:1386
++msgid "Spec file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/generate.py:1387
++msgid "Setup Script"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3742
++#: ../sepolicy/sepolicy/sepolicy.glade:3844
++#: ../sepolicy/sepolicy/sepolicy.glade:3907
++#: ../sepolicy/sepolicy/sepolicy.glade:3970
++msgid "No"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:68 ../sepolicy/sepolicy/sepolicy.glade:3725
++#: ../sepolicy/sepolicy/sepolicy.glade:3826
++#: ../sepolicy/sepolicy/sepolicy.glade:3890
++#: ../sepolicy/sepolicy/sepolicy.glade:3953
++msgid "Yes"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:69
++msgid "Disable"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:69
++msgid "Enable"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:82 ../sepolicy/sepolicy/sepolicy.glade:726
++#: ../sepolicy/sepolicy/sepolicy.glade:1467
++#: ../sepolicy/sepolicy/sepolicy.glade:3511
++msgid "Advanced >>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:82
++msgid "Advanced <<"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:83 ../sepolicy/sepolicy/sepolicy.glade:80
++msgid "Advanced Search >>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:83
++msgid "Advanced Search <<"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:108
++msgid ""
++"<small>\n"
++"To change from Disabled to Enforcing mode\n"
++"- Change the system mode from Disabled to Permissive\n"
++"- Reboot, so that the system can relabel\n"
++"- Once the system is working as planned\n"
++" * Change the system mode to Enforcing</small>\n"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:503
++#, python-format
++msgid "%s is not a valid domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:652
++msgid "System Status: Disabled"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:750
++msgid "Help: Start Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:754
++msgid "Help: Booleans Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:760
++msgid "Help: Executable Files Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:763
++msgid "Help: Writable Files Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:766
++msgid "Help: Application Types Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:771
++msgid "Help: Outbound Network Connections Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:774
++msgid "Help: Inbound Network Connections Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:780
++msgid "Help: Transition from application Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:783
++msgid "Help: Transition into application Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:786
++msgid "Help: Transition application file Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:790
++msgid "Help: Systems Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:794
++msgid "Help: Lockdown Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:798
++msgid "Help: Login Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:802
++msgid "Help: SELinux User Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:806
++msgid "Help: File Equivalence Page"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:951 ../sepolicy/sepolicy/gui.py:1242
++#: ../sepolicy/sepolicy/gui.py:1682 ../sepolicy/sepolicy/gui.py:1929
++#: ../sepolicy/sepolicy/gui.py:2717
++msgid "More..."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1059
++#, python-format
++msgid "File path used to enter the '%s' domain."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1060
++#, python-format
++msgid "Files to which the '%s' domain can write."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1061
++#, python-format
++msgid "Network Ports to which the '%s' is allowed to connect."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1062
++#, python-format
++msgid "Network Ports to which the '%s' is allowed to listen."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1063
++#, python-format
++msgid "File Types defined for the '%s'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1064
++#, python-format
++msgid ""
++"Display boolean information that can be used to modify the policy for the "
++"'%s'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1065
++#, python-format
++msgid "Display file type information that can be used by the '%s'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1066
++#, python-format
++msgid "Display network ports to which the '%s' can connect or listen to."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1067
++#, python-format
++msgid "Application Transitions Into '%s'"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1068
++#, python-format
++msgid "Application Transitions From '%s'"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1069
++#, python-format
++msgid "File Transitions From '%s'"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1070
++#, python-format
++msgid ""
++"Executables which will transition to '%s', when executing selected domains "
++"entrypoint."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1071
++#, python-format
++msgid ""
++"Executables which will transition to a different domain, when '%s' executes "
++"them."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1072
++#, python-format
++msgid "Files by '%s' with transitions to a different label."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1073
++#, python-format
++msgid "Display applications that can transition into or out of the '%s'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1167 ../sepolicy/sepolicy/__init__.py:74
++msgid "all files"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1181
++msgid "MISSING FILE PATH"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1296
++#, python-format
++msgid "To disable this transition, go to the %sBoolean section%s."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1298
++#, python-format
++msgid "To enable this transition, go to the %sBoolean section%s."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1355
++msgid "executable"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1358
++msgid "writable"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1361
++msgid "application"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1362
++#, python-format
++msgid "Add new %(TYPE)s file path for '%(DOMAIN)s' domains."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1363
++#, python-format
++msgid "Delete %(TYPE)s file paths for '%(DOMAIN)s' domain."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1364
++#, python-format
++msgid ""
++"Modify %(TYPE)s file path for '%(DOMAIN)s' domain. Only bolded items in the "
++"list can be selected, this indicates they were modified previously."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1376
++msgid "connect"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1379
++msgid "listen for inbound connections"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1381
++#, python-format
++msgid ""
++"Add new port definition to which the '%(APP)s' domain is allowed to %(PERM)s."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1382
++#, python-format
++msgid ""
++"Delete modified port definitions to which the '%(APP)s' domain is allowed to "
++"%(PERM)s."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1383
++#, python-format
++msgid ""
++"Modify port definitions to which the '%(APP)s' domain is allowed to %(PERM)s."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1412
++msgid "Add new SELinux User/Role definition."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1413
++msgid "Delete modified SELinux User/Role definitions."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1414
++msgid "Modify selected modified SELinux User/Role definitions."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1421
++msgid "Add new Login Mapping definition."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1422
++msgid "Delete modified Login Mapping definitions."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1423
++msgid "Modify selected modified Login Mapping definitions."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1430
++msgid "Add new File Equivalence definition."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1431
++msgid "Delete modified File Equivalence definitions."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1432
++msgid ""
++"Modify selected modified File Equivalence definitions. Only bolded items in "
++"the list can be selected, this indicates they were modified previously."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1460
++#, python-format
++msgid "Boolean %s Allow Rules"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1473
++#, python-format
++msgid "Add Network Port for %s. Ports will be created when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1474
++#, python-format
++msgid "Add Network Port for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1479
++#, python-format
++msgid ""
++"Add File Labeling for %s. File labels will be created when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1480 ../sepolicy/sepolicy/gui.py:1533
++#, python-format
++msgid "Add File Labeling for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1490
++msgid "Add Login Mapping. User Mapping will be created when Update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1491
++msgid "Add Login Mapping"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1496
++msgid ""
++"Add SELinux User Role. SELinux user roles will be created when update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1497
++msgid "Add SELinux Users"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1504
++msgid ""
++"Add File Equivalency Mapping. Mapping will be created when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1505
++msgid "Add SELinux File Equivalency"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1532
++#, python-format
++msgid ""
++"Modify File Labeling for %s. File labels will be created when update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1588
++msgid ""
++"Modify SELinux User Role. SELinux user roles will be modified when update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1589
++msgid "Modify SELinux Users"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1597
++msgid ""
++"Modify Login Mapping. Login Mapping will be modified when Update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1598
++msgid "Modify Login Mapping"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1604
++msgid ""
++"Modify File Equivalency Mapping. Mapping will be created when update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1605
++msgid "Modify SELinux File Equivalency"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1690
++#, python-format
++msgid ""
++"Modify Network Port for %s. Ports will be created when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1691
++#, python-format
++msgid "Modify Network Port for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1910
++#, python-format
++msgid "The entry '%s' is not a valid path. Paths must begin with a '/'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:1923
++msgid "Port number must be between 1 and 65536"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2203
++#, python-format
++msgid "SELinux name: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2214
++#, python-format
++msgid "Add file labeling for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2216
++#, python-format
++msgid "Delete file labeling for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2218
++#, python-format
++msgid "Modify file labeling for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2222
++#, python-format
++msgid "File path: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2225
++#, python-format
++msgid "File class: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2228 ../sepolicy/sepolicy/gui.py:2252
++#, python-format
++msgid "SELinux file type: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2237
++#, python-format
++msgid "Add ports for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2239
++#, python-format
++msgid "Delete ports for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2241
++#, python-format
++msgid "Modify ports for %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2244
++#, python-format
++msgid "Network ports: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2247
++#, python-format
++msgid "Network protocol: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2261
++msgid "Add user"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2263
++msgid "Delete user"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2265
++msgid "Modify user"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2268
++#, python-format
++msgid "SELinux User : %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2273
++#, python-format
++msgid "Roles: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2277 ../sepolicy/sepolicy/gui.py:2302
++#, python-format
++msgid "MLS/MCS Range: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2286
++msgid "Add login mapping"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2288
++msgid "Delete login mapping"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2290
++msgid "Modify login mapping"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2294
++#, python-format
++msgid "Login Name : %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2298
++#, python-format
++msgid "SELinux User: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2311
++msgid "Add file equiv labeling."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2313
++msgid "Delete file equiv labeling."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2315
++msgid "Modify file equiv labeling."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2319
++#, python-format
++msgid "File path : %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2323
++#, python-format
++msgid "Equivalence: %s"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2354 ../sepolicy/sepolicy/sepolicy.glade:129
++#: ../sepolicy/sepolicy/sepolicy.glade:1898
++#: ../sepolicy/sepolicy/sepolicy.glade:3803
++msgid "System"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2363 ../sepolicy/sepolicy/sepolicy.glade:95
++msgid "File Equivalence"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2373 ../sepolicy/sepolicy/sepolicy.glade:112
++msgid "Users"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2426
++#, python-format
++msgid ""
++"Run restorecon on %(PATH)s to change its type from %(CUR_CONTEXT)s to the "
++"default %(DEF_CONTEXT)s?"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2436 ../sepolicy/sepolicy/sepolicy.glade:4226
++msgid "Update"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2438
++msgid "Update Changes"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2440
++msgid "Revert Changes"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2571
++msgid "System Status: Enforcing"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2574
++msgid "System Status: Permissive"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2638
++msgid ""
++"Changing the policy type will cause a relabel of the entire file system on "
++"the next boot. Relabeling takes a long time depending on the size of the "
++"file system. Do you wish to continue?"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2768
++msgid ""
++"Changing to SELinux disabled requires a reboot. It is not recommended. If "
++"you later decide to turn SELinux back on, the system will be required to "
++"relabel. If you just want to see if SELinux is causing a problem on your "
++"system, you can go to permissive mode which will only log errors and not "
++"enforce SELinux policy. Permissive mode does not require a reboot. Do you "
++"wish to continue?"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2772
++msgid ""
++"Changing to SELinux enabled will cause a relabel of the entire file system "
++"on the next boot. Relabeling takes a long time depending on the size of the "
++"file system. Do you wish to continue?"
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2802
++msgid ""
++"You are attempting to close the application without applying your changes.\n"
++" * To apply changes you have made during this session, click No and "
++"click Update.\n"
++" * To leave the application without applying your changes, click Yes. "
++"All changes that you have made during this session will be lost."
++msgstr ""
++
++#: ../sepolicy/sepolicy/gui.py:2802
++msgid "Loss of data Dialog"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:75
++msgid "regular file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:76
++msgid "directory"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:77
++msgid "character device"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:78
++msgid "block device"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:79
++msgid "socket file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:80
++msgid "symbolic link"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:81
++msgid "named pipe"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:130
++msgid "No SELinux Policy installed"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:157
++#, python-format
++msgid "Failed to read %s policy file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:418
++#, python-format
++msgid "-- Allowed %s [ %s ]"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:831
++msgid "You must regenerate interface info by running /usr/bin/sepolgen-ifgen"
++msgstr ""
++
++#: ../sepolicy/sepolicy/__init__.py:1150
++msgid "unknown"
++msgstr ""
++
++#: ../sepolicy/sepolicy/interface.py:223
++#, python-format
++msgid "Compiling %s interface"
++msgstr ""
++
++#: ../sepolicy/sepolicy/interface.py:231
++#, python-format
++msgid ""
++"\n"
++"Compile test for %s failed.\n"
++msgstr ""
++
++#: ../sepolicy/sepolicy/interface.py:234
++#, python-format
++msgid ""
++"\n"
++"Compile test for %s has not run. %s\n"
++msgstr ""
++
++#: ../sepolicy/sepolicy/interface.py:240
++#, python-format
++msgid ""
++"\n"
++"Compiling of %s interface is not supported."
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:227
++#, python-format
++msgid "Interface %s does not exist."
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:324
++msgid "You need to install policycoreutils-gui package to use the gui option"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:329
++msgid "Graphical User Interface for SELinux Policy"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:332 ../sepolicy/sepolicy.py:380
++msgid "Domain name(s) of man pages to be created"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:345
++msgid "Alternative root needs to be setup"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:362
++msgid "Generate SELinux man pages"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:365
++msgid "path in which the generated SELinux man pages will be stored"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:367
++msgid "name of the OS for man pages"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:369
++msgid "Generate HTML man pages structure for selected SELinux man page"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:371
++msgid "Alternate root directory, defaults to /"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:373
++msgid ""
++"With this flag, alternative root path needs to include file context files "
++"and policy.xml file"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:377
++msgid "All domains"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:386
++msgid "Query SELinux policy network information"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:391
++msgid "list all SELinux port types"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:394
++msgid "show SELinux type related to the port"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:397
++msgid "Show ports defined for this SELinux type"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:400
++msgid "show ports to which this domain can bind and/or connect"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:403
++msgid "show ports to which this application can bind and/or connect"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:420
++msgid "query SELinux policy to see if domains can communicate with each other"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:423
++msgid "Source Domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:426
++msgid "Target Domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:447
++msgid "query SELinux Policy to see description of booleans"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:451
++msgid "get all booleans descriptions"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:454
++msgid "boolean to get description"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:466
++msgid ""
++"query SELinux Policy to see how a source process domain can transition to "
++"the target process domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:469
++msgid "source process domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:472
++msgid "target process domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:517
++#, python-format
++msgid "sepolicy generate: error: one of the arguments %s is required"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:522
++msgid "Command required for this type of policy"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:533
++#, python-format
++msgid ""
++"-t option can not be used with '%s' domains. Read usage for more details."
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:538
++#, python-format
++msgid ""
++"-d option can not be used with '%s' domains. Read usage for more details."
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:542
++#, python-format
++msgid ""
++"-a option can not be used with '%s' domains. Read usage for more details."
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:546
++msgid "-w option can not be used with the --newtype option"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:567
++msgid "List SELinux Policy interfaces"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:587
++msgid "Enter interface names, you wish to query"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:597
++msgid "Generate SELinux Policy module template"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:600
++msgid "Enter domain type which you will be extending"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:603
++msgid "Enter SELinux user(s) which will transition to this domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:606
++msgid "Enter SELinux role(s) to which the administror domain will transition"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:609
++msgid "Enter domain(s) which this confined admin will administrate"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:612
++msgid "name of policy to generate"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:619
++msgid "path in which the generated policy files will be stored"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:621
++msgid "path to which the confined processes will need to write"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:622
++msgid "Policy types which require a command"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:626 ../sepolicy/sepolicy.py:629
++#: ../sepolicy/sepolicy.py:632 ../sepolicy/sepolicy.py:635
++#: ../sepolicy/sepolicy.py:638 ../sepolicy/sepolicy.py:644
++#: ../sepolicy/sepolicy.py:647 ../sepolicy/sepolicy.py:650
++#: ../sepolicy/sepolicy.py:656 ../sepolicy/sepolicy.py:659
++#: ../sepolicy/sepolicy.py:662 ../sepolicy/sepolicy.py:665
++#, python-format
++msgid "Generate '%s' policy"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:653
++#, python-format
++msgid "Generate '%s' policy "
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:667
++msgid "executable to confine"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:672
++msgid "commands"
++msgstr ""
++
++#: ../sepolicy/sepolicy.py:675
++msgid "Alternate SELinux policy, defaults to /sys/fs/selinux/policy"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:25
++#: ../sepolicy/sepolicy/sepolicy.glade:4330
++msgid "Applications"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:52
++msgid "Select domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:189
++#: ../sepolicy/sepolicy/sepolicy.glade:4367
++#: ../sepolicy/sepolicy/sepolicy.glade:4460
++#: ../sepolicy/sepolicy/sepolicy.glade:4606
++#: ../sepolicy/sepolicy/sepolicy.glade:4755
++#: ../sepolicy/sepolicy/sepolicy.glade:4889
++#: ../sepolicy/sepolicy/sepolicy.glade:5030
++#: ../sepolicy/sepolicy/sepolicy.glade:5103
++#: ../sepolicy/sepolicy/sepolicy.glade:5238
++msgid "Select"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:204
++#: ../sepolicy/sepolicy/sepolicy.glade:539
++#: ../sepolicy/sepolicy/sepolicy.glade:684
++#: ../sepolicy/sepolicy/sepolicy.glade:1239
++#: ../sepolicy/sepolicy/sepolicy.glade:1535
++#: ../sepolicy/sepolicy/sepolicy.glade:4540
++#: ../sepolicy/sepolicy/sepolicy.glade:4690
++#: ../sepolicy/sepolicy/sepolicy.glade:4821
++#: ../sepolicy/sepolicy/sepolicy.glade:4955
++#: ../sepolicy/sepolicy/sepolicy.glade:5173
++#: ../sepolicy/sepolicy/sepolicy.glade:5304
++#: ../sepolicy/sepolicy/sepolicy.glade:5464
++msgid "Cancel"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:332
++msgid ""
++"The entry that was entered is incorrect. Please try again in the "
++"ex:/.../... format."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:358
++msgid "Retry"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:442
++#: ../sepolicy/sepolicy/sepolicy.glade:1120
++#: ../sepolicy/sepolicy/sepolicy.glade:1368
++#: ../sepolicy/sepolicy/sepolicy.glade:5332
++msgid "Network Port Definitions"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:458
++msgid ""
++"Add file Equivalence Mapping. Mapping will be created when Update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:483
++#: ../sepolicy/sepolicy/sepolicy.glade:4046
++msgid "Path"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:493
++#: ../sepolicy/sepolicy/sepolicy.glade:5384
++msgid ""
++"Specify a new SELinux user name. By convention SELinux User names usually "
++"end in an _u."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:497
++msgid "Enter the path to which you want to setup an equivalence label."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:510
++#: ../sepolicy/sepolicy/sepolicy.glade:4063
++#: ../sepolicy/sepolicy/sepolicy.glade:4781
++msgid "Equivalence Path"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:524
++#: ../sepolicy/sepolicy/sepolicy.glade:669
++#: ../sepolicy/sepolicy/sepolicy.glade:1224
++#: ../sepolicy/sepolicy/sepolicy.glade:1520
++#: ../sepolicy/sepolicy/sepolicy.glade:5449
++msgid "Save to update"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:564
++msgid ""
++"Specify the mapping between the new path and the equivalence path. "
++"Everything under this new path will be labeled as if they were under the "
++"equivalence path."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:621
++msgid "Add a file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:638
++msgid ""
++"<operation> File Labeling for <selected domain>. File labels will be created "
++"when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:711
++#: ../sepolicy/sepolicy/sepolicy.glade:1485
++msgid "MLS"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:747
++#: ../sepolicy/sepolicy/sepolicy.glade:2306
++#: ../sepolicy/sepolicy/sepolicy.glade:2418
++#: ../sepolicy/sepolicy/sepolicy.glade:2540
++#: ../sepolicy/sepolicy/sepolicy.glade:4500
++msgid "Class"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:763
++msgid "Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:777
++msgid ""
++"Select the file class to which this label will be applied. Defaults to all "
++"classes."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:804
++msgid "Make Path Recursive"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:808
++msgid ""
++"Select Make Path Recursive if you want to apply this label to all children "
++"of the specified directory path. objects under the directory to have this "
++"label."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:821
++msgid "Browse"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:825
++msgid "Browse to select the file/directory for labeling."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:869
++msgid "Path "
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:880
++msgid ""
++"Specify the path using regular expressions that you would like to modify the "
++"labeling."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:902
++msgid "Select the SELinux file type to assign to this path."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:929
++msgid "Enter the MLS Label to assign to this file path."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:933
++msgid "SELinux MLS Label you wish to assign to this path."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1070
++msgid "Analyzing Policy..."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1137
++msgid ""
++"Add Login Mapping. Login Mapping will be created when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1172
++msgid ""
++"Enter the login user name of the user to which you wish to add SELinux User "
++"confinement."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1201
++msgid ""
++"Select the SELinux User to assign to this login user. Login users by "
++"default get assigned by the __default__ user."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1264
++msgid ""
++"Enter MLS/MCS Range for this login User. Defaults to the range for the "
++"Selected SELinux User."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1267
++#: ../sepolicy/sepolicy/sepolicy.glade:3192
++#: ../sepolicy/sepolicy/sepolicy.glade:3313
++#: ../sepolicy/sepolicy/sepolicy.glade:5414
++msgid "MLS Range"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1279
++msgid ""
++"Specify the MLS Range for this user to login in with. Defaults to the "
++"selected SELinux Users MLS Range."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1385
++msgid ""
++"<operation> Network Port for <selected domain>. Ports will be created when "
++"update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1423
++msgid "Enter the port number or range to which you want to add a port type."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1439
++#: ../sepolicy/sepolicy/sepolicy.glade:2658
++#: ../sepolicy/sepolicy/sepolicy.glade:2756
++#: ../sepolicy/sepolicy/sepolicy.glade:4633
++msgid "Protocol"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1453
++msgid "Port Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1498
++msgid "Select the port type you want to assign to the specified port number."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1562
++msgid "tcp"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1566
++msgid ""
++"Select <b>tcp</b> if the port type should be assigned to tcp port numbers."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1579
++msgid "udp"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1583
++msgid ""
++"Select <b>udp</b> if the port type should be assigned to udp port numbers."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1605
++msgid "Enter the MLS Label to assign to this port."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1707
++msgid "SELinux Configuration"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1743
++msgid "Select..."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1792
++#: ../sepolicy/sepolicy/sepolicy.glade:2212
++msgid "Booleans"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1796
++msgid ""
++"Display boolean information that can be used to modify the policy for the "
++"'selected domain'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1810
++#: ../sepolicy/sepolicy/sepolicy.glade:2597
++msgid "Files"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1814
++msgid ""
++"Display file type information that can be used by the 'selected domain'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1828
++#: ../sepolicy/sepolicy/sepolicy.glade:2830
++msgid "Network"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1832
++msgid ""
++"Display network ports to which the 'selected domain' can connect or listen "
++"to."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1846
++#: ../sepolicy/sepolicy/sepolicy.glade:3121
++msgid "Transitions"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1850
++msgid ""
++"Display applications that can transition into or out of the 'selected "
++"domain'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1864
++#: ../sepolicy/sepolicy/sepolicy.glade:3222
++msgid "Login Mapping"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1867
++#: ../sepolicy/sepolicy/sepolicy.glade:1884
++#: ../sepolicy/sepolicy/sepolicy.glade:1901
++msgid "Manage the SELinux configuration"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1881
++#: ../sepolicy/sepolicy/sepolicy.glade:3344
++msgid "SELinux Users"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1915
++#: ../sepolicy/sepolicy/sepolicy.glade:4016
++msgid "Lockdown"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1918
++msgid ""
++"Lockdown the SELinux System.\n"
++"This screen can be used to turn up the SELinux Protections."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1933
++msgid "radiobutton"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:1993
++msgid "Filter"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2021
++msgid "Show Modified Only"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2060
++msgid "Mislabeled files exist"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2080
++msgid "Show mislabeled files only"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2120
++#: ../sepolicy/sepolicy/sepolicy.glade:3244
++msgid ""
++"If-Then-Else rules written in policy that can\n"
++"allow alternative access control."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2132
++msgid "Enabled"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2183
++msgid "Name"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2252
++#: ../sepolicy/sepolicy/sepolicy.glade:2364
++#: ../sepolicy/sepolicy/sepolicy.glade:2482
++#: ../sepolicy/sepolicy/sepolicy.glade:4473
++#: ../sepolicy/sepolicy/sepolicy.glade:4768
++msgid "File Path"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2288
++#: ../sepolicy/sepolicy/sepolicy.glade:2399
++msgid "SELinux File Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2332
++msgid "File path used to enter the 'selected domain'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2333
++msgid "Executable Files"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2448
++msgid "Files to which the 'selected domain' can write."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2449
++msgid "Writable files"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2571
++msgid "File Types defined for the 'selected domain'."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2572
++msgid "Application File Types"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2639
++#: ../sepolicy/sepolicy/sepolicy.glade:2738
++#: ../sepolicy/sepolicy/sepolicy.glade:4619
++msgid "Port"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2704
++msgid "Network Ports to which the 'selected domain' is allowed to connect."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2705
++msgid "Outbound"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2804
++msgid "Network Ports to which the 'selected domain' is allowed to listen."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2805
++msgid "Inbound"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2866
++#: ../sepolicy/sepolicy/sepolicy.glade:2956
++msgid ""
++"Boolean\n"
++"Enabled"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2892
++msgid "Boolean name"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2909
++msgid "SELinux Application Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2930
++msgid ""
++"Executables which will transition to a different domain, when the 'selected "
++"domain' executes them."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2933
++msgid "Application Transitions From 'select domain'"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2972
++msgid "Calling Process Domain"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:2988
++msgid "Executable File"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3012
++msgid ""
++"Executables which will transition to the 'selected domain', when executing a "
++"selected domains entrypoint."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3013
++msgid "Application Transitions Into 'select domain'"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3028
++msgid ""
++"File Transitions define what happens when the current domain creates the "
++"content of a particular class in a directory of the destination type. "
++"Optionally a file name could be specified for the transition."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3036
++msgid "SELinux Directory Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3049
++msgid "Destination Class"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3063
++msgid "SELinux Destination Type"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3076
++msgid "File Name"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3098
++msgid "File Transitions From 'select domain'"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3297
++#: ../sepolicy/sepolicy/sepolicy.glade:5508
++msgid "Default Level"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3383
++msgid "Select the system mode when the system first boots up"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3395
++#: ../sepolicy/sepolicy/sepolicy.glade:3469
++msgid "Enforcing"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3414
++#: ../sepolicy/sepolicy/sepolicy.glade:3487
++msgid "Permissive"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3456
++msgid "Select the system mode for the current session"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3533
++msgid "System Policy Type:"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3594
++msgid "<b>System Mode</b>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3632
++msgid "Import system settings from another machine"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3640
++msgid "Import"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3659
++msgid "Export system settings to a file"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3669
++msgid "Export"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3688
++msgid "Relabel all files back to system defaults on reboot"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3783
++msgid "<b>System Configuration</b>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3830
++#: ../sepolicy/sepolicy/sepolicy.glade:3848
++msgid ""
++"An unconfined domain is a process label that allows the process to do what "
++"it wants, without SELinux interfering. Applications started at boot by the "
++"init system that SELinux do not have defined SELinux policy will run as "
++"unconfined if this module is enabled. Disabling it means all daemons will "
++"now be confined. To disable the unconfined_t user you must first remove "
++"unconfined_t from the users/login screens."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3866
++msgid "<b>Disable ability to run unconfined system processes?</b>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3894
++#: ../sepolicy/sepolicy/sepolicy.glade:3911
++#: ../sepolicy/sepolicy/sepolicy.glade:3957
++#: ../sepolicy/sepolicy/sepolicy.glade:3974
++msgid ""
++"A permissive domain is a process label that allows the process to do what it "
++"wants, with SELinux only logging the denials, but not enforcing them. "
++"Usually permissive domains indicate experimental policy, disabling the "
++"module could cause SELinux to deny access to a domain, that should be "
++"allowed."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3929
++msgid "<b>Disable all permissive processes?</b>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:3995
++msgid "<b>Deny all processes from ptracing or debugging other processes?</b>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4032
++msgid ""
++"File equivalence cause the system to label content under the new path as if "
++"it were under the equivalence path."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4088
++msgid "Files Equivalence"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4101
++msgid "<b>...SELECT TO VIEW DATA...</b>"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4132
++msgid "Delete"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4148
++msgid "Modify"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4163
++msgid "Add"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4209
++msgid "Revert"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4214
++msgid ""
++"Revert button will launch a dialog window which allows you to revert changes "
++"within the current transaction."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4231
++msgid "Commit all changes in your current transaction to the server."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4279
++msgid "Applications - Advanced Search"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4344
++msgid "Process Types"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4385
++msgid "More Details"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4421
++#: ../sepolicy/sepolicy/sepolicy.glade:4715
++msgid "Delete Modified File Labeling"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4439
++msgid ""
++"Select file labeling to delete. File labeling will be deleted when update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4486
++msgid "SELinux File Label"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4525
++#: ../sepolicy/sepolicy/sepolicy.glade:4675
++#: ../sepolicy/sepolicy/sepolicy.glade:4806
++#: ../sepolicy/sepolicy/sepolicy.glade:4940
++#: ../sepolicy/sepolicy/sepolicy.glade:5289
++msgid "Save to Update"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4565
++msgid "Delete Modified Ports"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4583
++msgid "Select ports to delete. Ports will be deleted when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4733
++msgid ""
++"Select file equivalence labeling to delete. File equivalence labeling will "
++"be deleted when update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4849
++#: ../sepolicy/sepolicy/sepolicy.glade:5198
++msgid "Delete Modified Users Mapping."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4867
++msgid ""
++"Select login user mapping to delete. Login user mapping will be deleted when "
++"update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4902
++msgid "Login name"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:4983
++msgid "More Types"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5010
++msgid "Types"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5069
++msgid ""
++"Review the updates you have made before committing them to the system. To "
++"reset an item, uncheck the checkbox. All items checked will be updated in "
++"the system when you select update."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5132
++msgid "Action"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5158
++msgid "Apply"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5216
++msgid ""
++"Select users mapping to delete.Users mapping will be deleted when update is "
++"applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5264
++msgid "SELinux Username"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5349
++msgid ""
++"Add User Roles. SELinux User Roles will be created when Update is applied."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5374
++msgid "SELinux User Name"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5489
++msgid ""
++"Enter MLS/MCS Range for this SELinux User.\n"
++"s0-s0:c1023"
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5520
++msgid ""
++"Specify the default level that you would like this SELinux user to login "
++"with. Defaults to s0."
++msgstr ""
++
++#: ../sepolicy/sepolicy/sepolicy.glade:5524
++msgid "Enter Default Level for SELinux User to login with. Default s0"
++msgstr ""
+diff --git a/sandbox/po/sandbox.pot b/sandbox/po/sandbox.pot
+new file mode 100644
+index 00000000..328b4f01
+--- /dev/null
++++ b/sandbox/po/sandbox.pot
+@@ -0,0 +1,157 @@
++# SOME DESCRIPTIVE TITLE.
++# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
++# This file is distributed under the same license as the PACKAGE package.
++# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
++#
++#, fuzzy
++msgid ""
++msgstr ""
++"Project-Id-Version: PACKAGE VERSION\n"
++"Report-Msgid-Bugs-To: \n"
++"POT-Creation-Date: 2018-08-06 14:22+0200\n"
++"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
++"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
++"Language-Team: LANGUAGE <LL@li.org>\n"
++"Language: \n"
++"MIME-Version: 1.0\n"
++"Content-Type: text/plain; charset=CHARSET\n"
++"Content-Transfer-Encoding: 8bit\n"
++
++#: ../sandbox:119
++#, python-format
++msgid "Do you want to save changes to '%s' (Y/N): "
++msgstr ""
++
++#: ../sandbox:120
++msgid "Sandbox Message"
++msgstr ""
++
++#: ../sandbox:132
++#, python-format
++msgid "Do you want to save changes to '%s' (y/N): "
++msgstr ""
++
++#: ../sandbox:133
++msgid "[yY]"
++msgstr ""
++
++#: ../sandbox:156
++msgid "User account must be setup with an MCS Range"
++msgstr ""
++
++#: ../sandbox:184
++msgid ""
++"Failed to find any unused category sets. Consider a larger MCS range for "
++"this user."
++msgstr ""
++
++#: ../sandbox:215
++msgid "Homedir and tempdir required for level mounts"
++msgstr ""
++
++#: ../sandbox:218 ../sandbox:229 ../sandbox:234
++#, python-format
++msgid ""
++"\n"
++"%s is required for the action you want to perform.\n"
++msgstr ""
++
++#: ../sandbox:305
++#, python-format
++msgid ""
++"\n"
++"Policy defines the following types for use with the -t:\n"
++"\t%s\n"
++msgstr ""
++
++#: ../sandbox:312
++#, python-format
++msgid ""
++"\n"
++"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I "
++"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t "
++"type ] command\n"
++"\n"
++"sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I "
++"includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t "
++"type ] -S\n"
++"%s\n"
++msgstr ""
++
++#: ../sandbox:324
++msgid "include file in sandbox"
++msgstr ""
++
++#: ../sandbox:327
++msgid "read list of files to include in sandbox from INCLUDEFILE"
++msgstr ""
++
++#: ../sandbox:329
++msgid "run sandbox with SELinux type"
++msgstr ""
++
++#: ../sandbox:332
++msgid "mount new home and/or tmp directory"
++msgstr ""
++
++#: ../sandbox:336
++msgid "dots per inch for X display"
++msgstr ""
++
++#: ../sandbox:339
++msgid "run complete desktop session within sandbox"
++msgstr ""
++
++#: ../sandbox:342
++msgid "Shred content before tempory directories are removed"
++msgstr ""
++
++#: ../sandbox:346
++msgid "run X application within a sandbox"
++msgstr ""
++
++#: ../sandbox:352
++msgid "alternate home directory to use for mounting"
++msgstr ""
++
++#: ../sandbox:357
++msgid "alternate /tmp directory to use for mounting"
++msgstr ""
++
++#: ../sandbox:366
++msgid "alternate window manager"
++msgstr ""
++
++#: ../sandbox:369
++msgid "MCS/MLS level for the sandbox"
++msgstr ""
++
++#: ../sandbox:385
++msgid ""
++"Sandbox Policy is not currently installed.\n"
++"You need to install the selinux-policy-sandbox package in order to run this "
++"command"
++msgstr ""
++
++#: ../sandbox:397
++msgid ""
++"You must specify a Homedir and tempdir when setting up a session sandbox"
++msgstr ""
++
++#: ../sandbox:399
++msgid "Commands are not allowed in a session sandbox"
++msgstr ""
++
++#: ../sandbox:409
++msgid "Command required"
++msgstr ""
++
++#: ../sandbox:412
++#, python-format
++msgid "%s is not an executable"
++msgstr ""
++
++#: ../sandbox:535
++#, python-format
++msgid "Invalid value %s"
++msgstr ""
+--
+2.21.0
+
diff --git a/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
new file mode 100644
index 0000000..1149a84
--- /dev/null
+++ b/SOURCES/0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
@@ -0,0 +1,31 @@
+From c8fbb8042852c18775c001999ce949e9b591e381 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 21 Mar 2018 08:51:31 +0100
+Subject: [PATCH 16/20] policycoreutils/setfiles: Improve description of -d
+ switch
+
+The "-q" switch is becoming obsolete (completely unused in fedora) and
+debug output ("-d" switch) makes sense in any scenario. Therefore both
+options can be specified at once.
+
+Resolves: rhbz#1271327
+---
+ policycoreutils/setfiles/setfiles.8 | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
+index ccaaf4de..a8a76c86 100644
+--- a/policycoreutils/setfiles/setfiles.8
++++ b/policycoreutils/setfiles/setfiles.8
+@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
+ .TP
+ .B \-d
+ show what specification matched each file (do not abort validation
+-after ABORT_ON_ERRORS errors).
++after ABORT_ON_ERRORS errors). Not affected by "\-q"
+ .TP
+ .BI \-e \ directory
+ directory to exclude (repeat option for more than one directory).
+--
+2.21.0
+
diff --git a/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch b/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch
new file mode 100644
index 0000000..382e4ea
--- /dev/null
+++ b/SOURCES/0017-sepolicy-generate-Handle-more-reserved-port-types.patch
@@ -0,0 +1,71 @@
+From 3073efc112929b535f3a832c6f99e0dbe3af29ca Mon Sep 17 00:00:00 2001
+From: Masatake YAMATO <yamato@redhat.com>
+Date: Thu, 14 Dec 2017 15:57:58 +0900
+Subject: [PATCH 17/20] sepolicy-generate: Handle more reserved port types
+
+Currently only reserved_port_t, port_t and hi_reserved_port_t are
+handled as special when making a ports-dictionary. However, as fas as
+corenetwork.te.in of serefpolicy, unreserved_port_t and
+ephemeral_port_t should be handled in the same way, too.
+
+(Details) I found the need of this change when I was using
+selinux-polgengui. Though tcp port 12345, which my application may
+use, was given to the gui, selinux-polgengui generates expected te
+file and sh file which didn't utilize the tcp port.
+
+selinux-polgengui checks whether a port given via gui is already typed
+or not.
+
+If it is already typed, selinux-polgengui generates a te file having
+rules to allow the application to use the port. (A)
+
+If not, it seems for me that selinux-polgengui is designed to generate
+a te file having rules to allow the application to own(?) the port;
+and a sh file having a command line to assign the application own type
+to the port. (B)
+
+As we can see the output of `semanage port -l' some of ports for
+specified purpose have types already. The important point is that the
+rest of ports also have types already:
+
+ hi_reserved_port_t tcp 512-1023
+ hi_reserved_port_t udp 512-1023
+ unreserved_port_t tcp 1024-32767, 61001-65535
+ unreserved_port_t udp 1024-32767, 61001-65535
+ ephemeral_port_t tcp 32768-61000
+ ephemeral_port_t udp 32768-61000
+
+As my patch shows, the original selinux-polgengui ignored
+hi_reserved_port_t; though hi_reserved_port_t is assigned,
+selinux-polgengui considered ports 512-1023 are not used. As the
+result selinux-polgengui generates file sets of (B).
+
+For the purpose of selinux-polgengui, I think unreserved_port_t and
+ephemeral_port_t are treated as the same as hi_reserved_port_t.
+
+Signed-off-by: Masatake YAMATO <yamato@redhat.com>
+
+Fedora only patch:
+https://lore.kernel.org/selinux/20150610.190635.1866127952891120915.yamato@redhat.com/
+---
+ python/sepolicy/sepolicy/generate.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
+index 7175d36b..93caedee 100644
+--- a/python/sepolicy/sepolicy/generate.py
++++ b/python/sepolicy/sepolicy/generate.py
+@@ -100,7 +100,9 @@ def get_all_ports():
+ for p in sepolicy.info(sepolicy.PORT):
+ if p['type'] == "reserved_port_t" or \
+ p['type'] == "port_t" or \
+- p['type'] == "hi_reserved_port_t":
++ p['type'] == "hi_reserved_port_t" or \
++ p['type'] == "ephemeral_port_t" or \
++ p['type'] == "unreserved_port_t":
+ continue
+ dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
+ return dict
+--
+2.21.0
+
diff --git a/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
new file mode 100644
index 0000000..a3771a0
--- /dev/null
+++ b/SOURCES/0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
@@ -0,0 +1,24 @@
+From f8602180d042e95947fe0bbd35d261771b347705 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 8 Nov 2018 09:20:58 +0100
+Subject: [PATCH 18/20] semodule-utils: Fix RESOURCE_LEAK coverity scan defects
+
+---
+ semodule-utils/semodule_package/semodule_package.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/semodule-utils/semodule_package/semodule_package.c b/semodule-utils/semodule_package/semodule_package.c
+index 3515234e..7b75b3fd 100644
+--- a/semodule-utils/semodule_package/semodule_package.c
++++ b/semodule-utils/semodule_package/semodule_package.c
+@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
+ }
+ if (!sb.st_size) {
+ *len = 0;
++ close(fd);
+ return 0;
+ }
+
+--
+2.21.0
+
diff --git a/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch b/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
new file mode 100644
index 0000000..84d6a67
--- /dev/null
+++ b/SOURCES/0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
@@ -0,0 +1,74 @@
+From 89895635ae012d1864a03700054ecc723973b5c0 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Wed, 18 Jul 2018 09:09:35 +0200
+Subject: [PATCH 19/20] sandbox: Use matchbox-window-manager instead of openbox
+
+---
+ sandbox/sandbox | 4 ++--
+ sandbox/sandbox.8 | 2 +-
+ sandbox/sandboxX.sh | 14 --------------
+ 3 files changed, 3 insertions(+), 17 deletions(-)
+
+diff --git a/sandbox/sandbox b/sandbox/sandbox
+index a12403b3..707959a6 100644
+--- a/sandbox/sandbox
++++ b/sandbox/sandbox
+@@ -268,7 +268,7 @@ class Sandbox:
+ copyfile(f, "/tmp", self.__tmpdir)
+ copyfile(f, "/var/tmp", self.__tmpdir)
+
+- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
++ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
+ execfile = self.__homedir + "/.sandboxrc"
+ fd = open(execfile, "w+")
+ if self.__options.session:
+@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
+
+ parser.add_option("-W", "--windowmanager", dest="wm",
+ type="string",
+- default="/usr/bin/openbox",
++ default="/usr/bin/matchbox-window-manager",
+ help=_("alternate window manager"))
+
+ parser.add_option("-l", "--level", dest="level",
+diff --git a/sandbox/sandbox.8 b/sandbox/sandbox.8
+index d83fee76..90ef4951 100644
+--- a/sandbox/sandbox.8
++++ b/sandbox/sandbox.8
+@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
+ \fB\-W\fR \fB\-\-windowmanager\fR
+ Select alternative window manager to run within
+ .B sandbox \-X.
+-Default to /usr/bin/openbox.
++Default to /usr/bin/matchbox-window-manager.
+ .TP
+ \fB\-X\fR
+ Create an X based Sandbox for gui apps, temporary files for
+diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
+index 47745280..c211ebc1 100644
+--- a/sandbox/sandboxX.sh
++++ b/sandbox/sandboxX.sh
+@@ -6,20 +6,6 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
+ [ -z $2 ] && export DPI="96" || export DPI="$2"
+ trap "exit 0" HUP
+
+-mkdir -p ~/.config/openbox
+-cat > ~/.config/openbox/rc.xml << EOF
+-<openbox_config xmlns="http://openbox.org/3.4/rc"
+- xmlns:xi="http://www.w3.org/2001/XInclude">
+-<applications>
+- <application class="*">
+- <decor>no</decor>
+- <desktop>all</desktop>
+- <maximized>yes</maximized>
+- </application>
+-</applications>
+-</openbox_config>
+-EOF
+-
+ (/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
+ cat > ~/seremote << __EOF
+--
+2.21.0
+
diff --git a/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch
new file mode 100644
index 0000000..6f2d075
--- /dev/null
+++ b/SOURCES/0020-python-Use-ipaddress-instead-of-IPy.patch
@@ -0,0 +1,45 @@
+From b2512e2a92a33360639a3459039cdf2e685655a8 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 3 Dec 2018 14:40:09 +0100
+Subject: [PATCH 20/20] python: Use ipaddress instead of IPy
+
+ipaddress module was added in python 3.3 and this allows us to drop python3-IPy
+---
+ python/semanage/seobject.py | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
+index b90b1070..58497e3b 100644
+--- a/python/semanage/seobject.py
++++ b/python/semanage/seobject.py
+@@ -32,7 +32,7 @@ from semanage import *
+ PROGNAME = "selinux-python"
+ import sepolicy
+ import setools
+-from IPy import IP
++import ipaddress
+
+ try:
+ import gettext
+@@ -1851,13 +1851,13 @@ class nodeRecords(semanageRecords):
+
+ # verify valid comination
+ if len(mask) == 0 or mask[0] == "/":
+- i = IP(addr + mask)
+- newaddr = i.strNormal(0)
+- newmask = str(i.netmask())
+- if newmask == "0.0.0.0" and i.version() == 6:
++ i = ipaddress.ip_network(addr + mask)
++ newaddr = str(i.network_address)
++ newmask = str(i.netmask)
++ if newmask == "0.0.0.0" and i.version == 6:
+ newmask = "::"
+
+- protocol = "ipv%d" % i.version()
++ protocol = "ipv%d" % i.version
+
+ try:
+ newprotocol = self.protocol.index(protocol)
+--
+2.21.0
+
diff --git a/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch
new file mode 100644
index 0000000..f4a0800
--- /dev/null
+++ b/SOURCES/0021-python-semanage-Do-not-traceback-when-the-default-po.patch
@@ -0,0 +1,93 @@
+From 6051f6a56d0ad63fc8aa7c806d43b0594652a0b9 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Thu, 4 Apr 2019 23:02:56 +0200
+Subject: [PATCH] python/semanage: Do not traceback when the default policy is
+ not available
+
+"import seobject" causes "import sepolicy" which crashes when the system policy
+is not available. It's better to provide an error message instead.
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ python/semanage/semanage | 37 +++++++++++++++++++++----------------
+ 1 file changed, 21 insertions(+), 16 deletions(-)
+
+diff --git a/python/semanage/semanage b/python/semanage/semanage
+index 56db3e0d..4c766ae3 100644
+--- a/python/semanage/semanage
++++ b/python/semanage/semanage
+@@ -25,7 +25,6 @@
+
+ import traceback
+ import argparse
+-import seobject
+ import sys
+ PROGNAME = "selinux-python"
+ try:
+@@ -129,21 +128,6 @@ class SetImportFile(argparse.Action):
+ sys.exit(1)
+ setattr(namespace, self.dest, values)
+
+-# define dictonary for seobject OBEJCTS
+-object_dict = {
+- 'login': seobject.loginRecords,
+- 'user': seobject.seluserRecords,
+- 'port': seobject.portRecords,
+- 'module': seobject.moduleRecords,
+- 'interface': seobject.interfaceRecords,
+- 'node': seobject.nodeRecords,
+- 'fcontext': seobject.fcontextRecords,
+- 'boolean': seobject.booleanRecords,
+- 'permissive': seobject.permissiveRecords,
+- 'dontaudit': seobject.dontauditClass,
+- 'ibpkey': seobject.ibpkeyRecords,
+- 'ibendport': seobject.ibendportRecords
+-}
+
+ def generate_custom_usage(usage_text, usage_dict):
+ # generate custom usage from given text and dictonary
+@@ -608,6 +592,7 @@ def setupInterfaceParser(subparsers):
+
+
+ def handleModule(args):
++ import seobject
+ OBJECT = seobject.moduleRecords(args)
+ if args.action_add:
+ OBJECT.add(args.action_add[0], args.priority)
+@@ -846,6 +831,7 @@ def mkargv(line):
+
+
+ def handleImport(args):
++ import seobject
+ trans = seobject.semanageRecords(args)
+ trans.start()
+
+@@ -887,6 +873,25 @@ def createCommandParser():
+ #To add a new subcommand define the parser for it in a function above and call it here.
+ subparsers = commandParser.add_subparsers(dest='subcommand')
+ subparsers.required = True
++
++ import seobject
++ # define dictonary for seobject OBEJCTS
++ global object_dict
++ object_dict = {
++ 'login': seobject.loginRecords,
++ 'user': seobject.seluserRecords,
++ 'port': seobject.portRecords,
++ 'module': seobject.moduleRecords,
++ 'interface': seobject.interfaceRecords,
++ 'node': seobject.nodeRecords,
++ 'fcontext': seobject.fcontextRecords,
++ 'boolean': seobject.booleanRecords,
++ 'permissive': seobject.permissiveRecords,
++ 'dontaudit': seobject.dontauditClass,
++ 'ibpkey': seobject.ibpkeyRecords,
++ 'ibendport': seobject.ibendportRecords
++ }
++
+ setupImportParser(subparsers)
+ setupExportParser(subparsers)
+ setupLoginParser(subparsers)
+--
+2.21.0
+
diff --git a/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
new file mode 100644
index 0000000..7fb0ec5
--- /dev/null
+++ b/SOURCES/0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
@@ -0,0 +1,108 @@
+From 99582e3bf63475b7af5793bb9230e88d847dc7c8 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 2 Jul 2019 17:11:32 +0200
+Subject: [PATCH 22/23] policycoreutils/fixfiles: Fix [-B] [-F] onboot
+
+Commit 6e289bb7bf3d ("policycoreutils: fixfiles: remove bad modes of "relabel"
+command") added "$RESTORE_MODE" != DEFAULT test when onboot is used. It makes
+`fixfiles -B onboot` to show usage instead of updating /.autorelabel
+
+The code is restructured to handle -B for different modes correctly.
+
+Fixes:
+ # fixfiles -B onboot
+ Usage: /usr/sbin/fixfiles [-v] [-F] [-f] relabel
+ ...
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ policycoreutils/scripts/fixfiles | 29 +++++++++++++++--------------
+ 1 file changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index 53d28c7b..9dd44213 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -112,7 +112,7 @@ VERBOSE="-p"
+ FORCEFLAG=""
+ RPMFILES=""
+ PREFC=""
+-RESTORE_MODE="DEFAULT"
++RESTORE_MODE=""
+ SETFILES=/sbin/setfiles
+ RESTORECON=/sbin/restorecon
+ FILESYSTEMSRW=`get_rw_labeled_mounts`
+@@ -214,16 +214,17 @@ restore () {
+ OPTION=$1
+ shift
+
+-case "$RESTORE_MODE" in
+- PREFC)
+- diff_filecontext $*
+- return
+- ;;
+- BOOTTIME)
++# [-B | -N time ]
++if [ -z "$BOOTTIME" ]; then
+ newer $BOOTTIME $*
+ return
+- ;;
+-esac
++fi
++
++# -C PREVIOUS_FILECONTEXT
++if [ "$RESTORE_MODE" == PREFC ]; then
++ diff_filecontext $*
++ return
++fi
+
+ [ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
+
+@@ -239,7 +240,7 @@ case "$RESTORE_MODE" in
+ FILEPATH)
+ ${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
+ ;;
+- DEFAULT)
++ *)
+ if [ -n "${FILESYSTEMSRW}" ]; then
+ LogReadOnly
+ echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
+@@ -272,7 +273,7 @@ fullrelabel() {
+
+
+ relabel() {
+- if [ "$RESTORE_MODE" != DEFAULT ]; then
++ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
+ usage
+ exit 1
+ fi
+@@ -306,7 +307,7 @@ case "$1" in
+ verify) restore Verify -n;;
+ relabel) relabel;;
+ onboot)
+- if [ "$RESTORE_MODE" != DEFAULT ]; then
++ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
+ usage
+ exit 1
+ fi
+@@ -344,7 +345,7 @@ if [ $# -eq 0 ]; then
+ fi
+
+ set_restore_mode() {
+- if [ "$RESTORE_MODE" != DEFAULT ]; then
++ if [ -n "$RESTORE_MODE" ]; then
+ # can't specify two different modes
+ usage
+ exit 1
+@@ -357,7 +358,7 @@ while getopts "N:BC:FfR:l:v" i; do
+ case "$i" in
+ B)
+ BOOTTIME=`/bin/who -b | awk '{print $3}'`
+- set_restore_mode BOOTTIME
++ set_restore_mode DEFAULT
+ ;;
+ N)
+ BOOTTIME=$OPTARG
+--
+2.22.0
+
diff --git a/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
new file mode 100644
index 0000000..e0b7e1b
--- /dev/null
+++ b/SOURCES/0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
@@ -0,0 +1,33 @@
+From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 2 Jul 2019 17:12:07 +0200
+Subject: [PATCH 23/23] policycoreutils/fixfiles: Force full relabel when
+ SELinux is disabled
+
+The previous check used getfilecon to check whether / slash contains a label,
+but getfilecon fails only when SELinux is disabled. Therefore it's better to
+check this using selinuxenabled.
+
+Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
+---
+ policycoreutils/scripts/fixfiles | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index 9dd44213..a9d27d13 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -314,8 +314,8 @@ case "$1" in
+ > /.autorelabel || exit $?
+ [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
+ [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
+- # Force full relabel if / does not have a label on it
+- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
++ # Force full relabel if SELinux is not enabled
++ selinuxenabled || echo -F > /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
+ *)
+--
+2.22.0
+
diff --git a/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
new file mode 100644
index 0000000..b05c325
--- /dev/null
+++ b/SOURCES/0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
@@ -0,0 +1,32 @@
+From 7383f8fbab82826de21d3013a43680867642e49e Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Wed, 21 Aug 2019 17:43:25 +0200
+Subject: [PATCH] policycoreutils/fixfiles: Fix unbound variable problem
+
+Fix a typo introduced in commit d3f8b2c3cd909 ("policycoreutils/fixfiles: Fix
+[-B] [-F] onboot"), which broke "fixfiles relabel":
+
+ #fixfiles relabel
+ /sbin/fixfiles: line 151: $1: unbound variable
+
+Resolves: rhbz#1743213
+---
+ policycoreutils/scripts/fixfiles | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
+index a9d27d13..df0042aa 100755
+--- a/policycoreutils/scripts/fixfiles
++++ b/policycoreutils/scripts/fixfiles
+@@ -215,7 +215,7 @@ OPTION=$1
+ shift
+
+ # [-B | -N time ]
+-if [ -z "$BOOTTIME" ]; then
++if [ -n "$BOOTTIME" ]; then
+ newer $BOOTTIME $*
+ return
+ fi
+--
+2.17.2
+
diff --git a/SOURCES/policycoreutils-fedora.patch b/SOURCES/policycoreutils-fedora.patch
deleted file mode 100644
index d7d40a5..0000000
--- a/SOURCES/policycoreutils-fedora.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-diff --git policycoreutils-2.8/newrole/newrole.1 policycoreutils-2.8/newrole/newrole.1
-index 0d9738a..893c42f 100644
---- policycoreutils-2.8/newrole/newrole.1
-+++ policycoreutils-2.8/newrole/newrole.1
-@@ -44,7 +44,7 @@ specified by that range. If the
- or
- .B --preserve-environment
- option is specified, the shell with the new SELinux context will preserve environment variables,
--otherwise a new minimal enviroment is created.
-+otherwise a new minimal environment is created.
- .PP
- Additional arguments
- .I ARGS
-diff --git policycoreutils-2.8/po/Makefile policycoreutils-2.8/po/Makefile
-index 575e143..18bc1df 100644
---- policycoreutils-2.8/po/Makefile
-+++ policycoreutils-2.8/po/Makefile
-@@ -3,7 +3,6 @@
- #
-
- PREFIX ?= /usr
--TOP = ../..
-
- # What is this package?
- NLSPACKAGE = policycoreutils
-@@ -32,74 +31,13 @@ USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-
- POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
- MOFILES = $(patsubst %.po,%.mo,$(POFILES))
--POTFILES = \
-- ../run_init/open_init_pty.c \
-- ../run_init/run_init.c \
-- ../semodule_link/semodule_link.c \
-- ../audit2allow/audit2allow \
-- ../semanage/seobject.py \
-- ../setsebool/setsebool.c \
-- ../newrole/newrole.c \
-- ../load_policy/load_policy.c \
-- ../sestatus/sestatus.c \
-- ../semodule/semodule.c \
-- ../setfiles/setfiles.c \
-- ../semodule_package/semodule_package.c \
-- ../semodule_deps/semodule_deps.c \
-- ../semodule_expand/semodule_expand.c \
-- ../scripts/chcat \
-- ../scripts/fixfiles \
-- ../restorecond/stringslist.c \
-- ../restorecond/restorecond.h \
-- ../restorecond/utmpwatcher.h \
-- ../restorecond/stringslist.h \
-- ../restorecond/restorecond.c \
-- ../restorecond/utmpwatcher.c \
-- ../gui/booleansPage.py \
-- ../gui/fcontextPage.py \
-- ../gui/loginsPage.py \
-- ../gui/mappingsPage.py \
-- ../gui/modulesPage.py \
-- ../gui/polgen.glade \
-- ../gui/polgengui.py \
-- ../gui/portsPage.py \
-- ../gui/semanagePage.py \
-- ../gui/statusPage.py \
-- ../gui/system-config-selinux.glade \
-- ../gui/system-config-selinux.py \
-- ../gui/usersPage.py \
-- ../secon/secon.c \
-- booleans.py \
-- ../sepolicy/sepolicy.py \
-- ../sepolicy/sepolicy/communicate.py \
-- ../sepolicy/sepolicy/__init__.py \
-- ../sepolicy/sepolicy/network.py \
-- ../sepolicy/sepolicy/generate.py \
-- ../sepolicy/sepolicy/sepolicy.glade \
-- ../sepolicy/sepolicy/gui.py \
-- ../sepolicy/sepolicy/manpage.py \
-- ../sepolicy/sepolicy/transition.py \
-- ../sepolicy/sepolicy/templates/executable.py \
-- ../sepolicy/sepolicy/templates/__init__.py \
-- ../sepolicy/sepolicy/templates/network.py \
-- ../sepolicy/sepolicy/templates/rw.py \
-- ../sepolicy/sepolicy/templates/script.py \
-- ../sepolicy/sepolicy/templates/semodule.py \
-- ../sepolicy/sepolicy/templates/tmp.py \
-- ../sepolicy/sepolicy/templates/user.py \
-- ../sepolicy/sepolicy/templates/var_lib.py \
-- ../sepolicy/sepolicy/templates/var_log.py \
-- ../sepolicy/sepolicy/templates/var_run.py \
-- ../sepolicy/sepolicy/templates/var_spool.py
-+POTFILES = $(shell cat POTFILES)
-
- #default:: clean
-
--all:: $(MOFILES)
-+all:: $(POTFILE) $(MOFILES)
-
--booleans.py:
-- sepolicy booleans -a > booleans.py
--
--$(POTFILE): $(POTFILES) booleans.py
-+$(POTFILE): $(POTFILES)
- $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
- @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
- rm -f $(NLSPACKAGE).po; \
-@@ -107,8 +45,6 @@ $(POTFILE): $(POTFILES) booleans.py
- mv -f $(NLSPACKAGE).po $(POTFILE); \
- fi; \
-
--update-po: Makefile $(POTFILE) refresh-po
-- @rm -f booleans.py
-
- refresh-po: Makefile
- for cat in $(POFILES); do \
-diff --git policycoreutils-2.8/po/POTFILES policycoreutils-2.8/po/POTFILES
-new file mode 100644
-index 0000000..12237dc
---- /dev/null
-+++ policycoreutils-2.8/po/POTFILES
-@@ -0,0 +1,9 @@
-+../run_init/open_init_pty.c
-+../run_init/run_init.c
-+../setsebool/setsebool.c
-+../newrole/newrole.c
-+../load_policy/load_policy.c
-+../sestatus/sestatus.c
-+../semodule/semodule.c
-+../setfiles/setfiles.c
-+../secon/secon.c
-diff --git policycoreutils-2.8/scripts/fixfiles policycoreutils-2.8/scripts/fixfiles
-index b277958..53d28c7 100755
---- policycoreutils-2.8/scripts/fixfiles
-+++ policycoreutils-2.8/scripts/fixfiles
-@@ -108,6 +108,7 @@ exclude_dirs_from_relabelling() {
- fullFlag=0
- BOOTTIME=""
- VERBOSE="-p"
-+[ -t 1 ] || VERBOSE=""
- FORCEFLAG=""
- RPMFILES=""
- PREFC=""
-diff --git policycoreutils-2.8/setfiles/setfiles.8 policycoreutils-2.8/setfiles/setfiles.8
-index ccaaf4d..a8a76c8 100644
---- policycoreutils-2.8/setfiles/setfiles.8
-+++ policycoreutils-2.8/setfiles/setfiles.8
-@@ -57,7 +57,7 @@ check the validity of the contexts against the specified binary policy.
- .TP
- .B \-d
- show what specification matched each file (do not abort validation
--after ABORT_ON_ERRORS errors).
-+after ABORT_ON_ERRORS errors). Not affected by "\-q"
- .TP
- .BI \-e \ directory
- directory to exclude (repeat option for more than one directory).
diff --git a/SOURCES/restorecond-fedora.patch b/SOURCES/restorecond-fedora.patch
deleted file mode 100644
index e386f21..0000000
--- a/SOURCES/restorecond-fedora.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git restorecond-2.8/restorecond.c restorecond-2.8/restorecond.c
-index 6fbbd35..e1d26cb 100644
---- restorecond-2.8/restorecond.c
-+++ restorecond-2.8/restorecond.c
-@@ -105,6 +105,7 @@ static int write_pid_file(void)
- }
- if (write(pidfd, val, (unsigned int)len) != len) {
- syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
-+ close(pidfd);
- return 1;
- }
- close(pidfd);
diff --git a/SOURCES/selinux-dbus-fedora.patch b/SOURCES/selinux-dbus-fedora.patch
deleted file mode 100644
index 28e4cc2..0000000
--- a/SOURCES/selinux-dbus-fedora.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff --git selinux-dbus-2.8/org.selinux.conf selinux-dbus-2.8/org.selinux.conf
-index a350978..1ae079d 100644
---- selinux-dbus-2.8/org.selinux.conf
-+++ selinux-dbus-2.8/org.selinux.conf
-@@ -12,12 +12,8 @@
-
- <!-- Allow anyone to invoke methods on the interfaces,
- authorization is performed by PolicyKit -->
-- <policy at_console="true">
-- <allow send_destination="org.selinux"/>
-- </policy>
- <policy context="default">
-- <allow send_destination="org.selinux"
-- send_interface="org.freedesktop.DBus.Introspectable"/>
-+ <allow send_destination="org.selinux"/>
- </policy>
-
- </busconfig>
-diff --git selinux-dbus-2.8/org.selinux.policy selinux-dbus-2.8/org.selinux.policy
-index 0126610..9772127 100644
---- selinux-dbus-2.8/org.selinux.policy
-+++ selinux-dbus-2.8/org.selinux.policy
-@@ -70,9 +70,9 @@
- <allow_active>auth_admin_keep</allow_active>
- </defaults>
- </action>
-- <action id="org.selinux.change_policy_type">
-- <description>SELinux write access</description>
-- <message>System policy prevents change_policy_type access to SELinux</message>
-+ <action id="org.selinux.change_default_mode">
-+ <description>Change SELinux default enforcing mode</description>
-+ <message>System policy prevents change_default_policy access to SELinux</message>
- <defaults>
- <allow_any>no</allow_any>
- <allow_inactive>no</allow_inactive>
diff --git a/SOURCES/selinux-gui-fedora.patch b/SOURCES/selinux-gui-fedora.patch
deleted file mode 100644
index 9b9982f..0000000
--- a/SOURCES/selinux-gui-fedora.patch
+++ /dev/null
@@ -1,306 +0,0 @@
-diff --git selinux-gui-2.8/Makefile selinux-gui-2.8/Makefile
-index a72e58c..ffe8b97 100644
---- selinux-gui-2.8/Makefile
-+++ selinux-gui-2.8/Makefile
-@@ -21,6 +21,7 @@ system-config-selinux.ui \
- usersPage.py
-
- all: $(TARGETS) system-config-selinux.py polgengui.py
-+ (cd po && $(MAKE) $@)
-
- install: all
- -mkdir -p $(DESTDIR)$(MANDIR)/man8
-@@ -46,6 +47,8 @@ install: all
- install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \
- done
- install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/
-+ (cd po && $(MAKE) $@)
-+
- clean:
-
- indent:
-diff --git selinux-gui-2.8/booleansPage.py selinux-gui-2.8/booleansPage.py
-index 7849bea..dd12b6d 100644
---- selinux-gui-2.8/booleansPage.py
-+++ selinux-gui-2.8/booleansPage.py
-@@ -38,7 +38,7 @@ DISABLED = 2
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/domainsPage.py selinux-gui-2.8/domainsPage.py
-index bad5140..6bbe4de 100644
---- selinux-gui-2.8/domainsPage.py
-+++ selinux-gui-2.8/domainsPage.py
-@@ -30,7 +30,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/fcontextPage.py selinux-gui-2.8/fcontextPage.py
-index 370bbee..e424366 100644
---- selinux-gui-2.8/fcontextPage.py
-+++ selinux-gui-2.8/fcontextPage.py
-@@ -47,7 +47,7 @@ class context:
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/loginsPage.py selinux-gui-2.8/loginsPage.py
-index b67eb8b..cbfb0cc 100644
---- selinux-gui-2.8/loginsPage.py
-+++ selinux-gui-2.8/loginsPage.py
-@@ -29,7 +29,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/modulesPage.py selinux-gui-2.8/modulesPage.py
-index 34c5d9e..627ad95 100644
---- selinux-gui-2.8/modulesPage.py
-+++ selinux-gui-2.8/modulesPage.py
-@@ -30,7 +30,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/po/Makefile selinux-gui-2.8/po/Makefile
-new file mode 100644
-index 0000000..a0f5439
---- /dev/null
-+++ selinux-gui-2.8/po/Makefile
-@@ -0,0 +1,82 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE = gui
-+POTFILE = $(NLSPACKAGE).pot
-+INSTALL = /usr/bin/install -c -p
-+INSTALL_DATA = $(INSTALL) -m 644
-+INSTALL_DIR = /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE = msgmerge
-+MSGMERGE_FLAGS = -q
-+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
-+MSGFMT = msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all:: $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+ rm -f $(NLSPACKAGE).po; \
-+ else \
-+ mv -f $(NLSPACKAGE).po $(POTFILE); \
-+ fi; \
-+
-+
-+refresh-po: Makefile
-+ for cat in $(POFILES); do \
-+ lang=`basename $$cat .po`; \
-+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+ mv -f $$lang.pot $$lang.po ; \
-+ echo "$(MSGMERGE) of $$lang succeeded" ; \
-+ else \
-+ echo "$(MSGMERGE) of $$lang failed" ; \
-+ rm -f $$lang.pot ; \
-+ fi \
-+ done
-+
-+clean:
-+ @rm -fv *mo *~ .depend
-+ @rm -rf tmp
-+
-+install: $(MOFILES)
-+ @for n in $(MOFILES); do \
-+ l=`basename $$n .mo`; \
-+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+ done
-+
-+%.mo: %.po
-+ $(MSGFMT) -o $@ $<
-+report:
-+ @for cat in $(wildcard *.po); do \
-+ echo -n "$$cat: "; \
-+ msgfmt -v --statistics -o /dev/null $$cat; \
-+ done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git selinux-gui-2.8/po/POTFILES selinux-gui-2.8/po/POTFILES
-new file mode 100644
-index 0000000..1795c5c
---- /dev/null
-+++ selinux-gui-2.8/po/POTFILES
-@@ -0,0 +1,17 @@
-+../booleansPage.py
-+../domainsPage.py
-+../fcontextPage.py
-+../loginsPage.py
-+../modulesPage.py
-+../org.selinux.config.policy
-+../polgengui.py
-+../polgen.ui
-+../portsPage.py
-+../selinux-polgengui.desktop
-+../semanagePage.py
-+../sepolicy.desktop
-+../statusPage.py
-+../system-config-selinux.desktop
-+../system-config-selinux.py
-+../system-config-selinux.ui
-+../usersPage.py
-diff --git selinux-gui-2.8/polgen.ui selinux-gui-2.8/polgen.ui
-index aa4c70a..6a8c067 100644
---- selinux-gui-2.8/polgen.ui
-+++ selinux-gui-2.8/polgen.ui
-@@ -1975,7 +1975,7 @@ Tab</property>
- <object class="GtkLabel" id="label17">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
-- <property name="label">Add File</property>
-+ <property name="label" translatable="yes">Add File</property>
- <property name="use_underline">True</property>
- </object>
- <packing>
-@@ -2028,7 +2028,7 @@ Tab</property>
- <object class="GtkLabel" id="label16">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
-- <property name="label">Add Directory</property>
-+ <property name="label" translatable="yes">Add Directory</property>
- <property name="use_underline">True</property>
- </object>
- <packing>
-@@ -2176,7 +2176,7 @@ Tab</property>
- <object class="GtkLabel" id="label3">
- <property name="visible">True</property>
- <property name="can_focus">False</property>
-- <property name="label">Add Boolean</property>
-+ <property name="label" translatable="yes">Add Boolean</property>
- <property name="use_underline">True</property>
- </object>
- <packing>
-diff --git selinux-gui-2.8/polgengui.py selinux-gui-2.8/polgengui.py
-index 1601dbe..7e0d9d0 100644
---- selinux-gui-2.8/polgengui.py
-+++ selinux-gui-2.8/polgengui.py
-@@ -63,7 +63,7 @@ def get_all_modules():
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/portsPage.py selinux-gui-2.8/portsPage.py
-index 30f5838..a537ecc 100644
---- selinux-gui-2.8/portsPage.py
-+++ selinux-gui-2.8/portsPage.py
-@@ -35,7 +35,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/semanagePage.py selinux-gui-2.8/semanagePage.py
-index 4127804..5361d69 100644
---- selinux-gui-2.8/semanagePage.py
-+++ selinux-gui-2.8/semanagePage.py
-@@ -22,7 +22,7 @@ from gi.repository import Gdk, Gtk
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/statusPage.py selinux-gui-2.8/statusPage.py
-index 766854b..a8f079b 100644
---- selinux-gui-2.8/statusPage.py
-+++ selinux-gui-2.8/statusPage.py
-@@ -35,7 +35,7 @@ RELABELFILE = "/.autorelabel"
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/system-config-selinux.py selinux-gui-2.8/system-config-selinux.py
-index ce7c74b..a81e9dd 100644
---- selinux-gui-2.8/system-config-selinux.py
-+++ selinux-gui-2.8/system-config-selinux.py
-@@ -45,7 +45,7 @@ import selinux
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-gui-2.8/usersPage.py selinux-gui-2.8/usersPage.py
-index 26794ed..d15d4c5 100644
---- selinux-gui-2.8/usersPage.py
-+++ selinux-gui-2.8/usersPage.py
-@@ -29,7 +29,7 @@ from semanagePage import *
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-gui"
- try:
- import gettext
- kwargs = {}
diff --git a/SOURCES/selinux-python-fedora.patch b/SOURCES/selinux-python-fedora.patch
deleted file mode 100644
index 9b00778..0000000
--- a/SOURCES/selinux-python-fedora.patch
+++ /dev/null
@@ -1,2515 +0,0 @@
-diff --git selinux-python-2.8/Makefile selinux-python-2.8/Makefile
-index 80bc124..891bdee 100644
---- selinux-python-2.8/Makefile
-+++ selinux-python-2.8/Makefile
-@@ -1,4 +1,4 @@
--SUBDIRS = sepolicy audit2allow semanage sepolgen chcat
-+SUBDIRS = sepolicy audit2allow semanage sepolgen chcat po
-
- all install relabel clean indent:
- @for subdir in $(SUBDIRS); do \
-diff --git selinux-python-2.8/audit2allow/audit2allow selinux-python-2.8/audit2allow/audit2allow
-index 37ab23a..195f151 100644
---- selinux-python-2.8/audit2allow/audit2allow
-+++ selinux-python-2.8/audit2allow/audit2allow
-@@ -86,6 +86,8 @@ class AuditToPolicy:
- dest="type")
- parser.add_option("--perm-map", dest="perm_map", help="file name of perm map")
- parser.add_option("--interface-info", dest="interface_info", help="file name of interface information")
-+ parser.add_option("-x", "--xperms", action="store_true", dest="xperms",
-+ default=False, help="generate extended permission rules")
- parser.add_option("--debug", dest="debug", action="store_true", default=False,
- help="leave generated modules for -M")
- parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0]) == "audit2why"),
-@@ -314,6 +316,10 @@ class AuditToPolicy:
- ifs, perm_maps = self.__load_interface_info()
- g.set_gen_refpol(ifs, perm_maps)
-
-+ # Extended permissions
-+ if self.__options.xperms:
-+ g.set_gen_xperms(True)
-+
- # Explanation
- if self.__options.verbose:
- g.set_gen_explain(policygen.SHORT_EXPLANATION)
-diff --git selinux-python-2.8/audit2allow/audit2allow.1 selinux-python-2.8/audit2allow/audit2allow.1
-index 21d286b..c61067b 100644
---- selinux-python-2.8/audit2allow/audit2allow.1
-+++ selinux-python-2.8/audit2allow/audit2allow.1
-@@ -85,6 +85,9 @@ This is the default behavior.
- Generate reference policy using installed macros.
- This attempts to match denials against interfaces and may be inaccurate.
- .TP
-+.B "\-x" | "\-\-xperms"
-+Generate extended permission access vector rules
-+.TP
- .B "\-w" | "\-\-why"
- Translates SELinux audit messages into a description of why the access was denied
-
-diff --git selinux-python-2.8/audit2allow/test.log selinux-python-2.8/audit2allow/test.log
-index 05249dc..718aca7 100644
---- selinux-python-2.8/audit2allow/test.log
-+++ selinux-python-2.8/audit2allow/test.log
-@@ -34,3 +34,4 @@ node=mary.example.com type=AVC msg=audit(1166023021.373:910): avc: denied { re
- node=lilly.example.com type=AVC_PATH msg=audit(1164783469.561:109): path="/linuxtest/LVT/lvt/log.current"
- node=lilly.example.com type=SYSCALL msg=audit(1164783469.561:109): arch=14 syscall=11 success=yes exit=0 a0=10120520 a1=10120a78 a2=10120970 a3=118 items=0 ppid=8310 pid=8311 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="smbd" exe="/usr/sbin/smbd" subj=root:system_r:smbd_t:s0 key=(null)
- node=lilly.example.com type=AVC msg=audit(1164783469.561:109): avc: denied { append } for pid=8311 comm="smbd" name="log.current" dev=dm-0 ino=130930 scontext=root:system_r:smbd_t:s0 tcontext=root:object_r:default_t:s0 tclass=dir
-+node=lilly.example.com type=AVC msg=audit(1164783469.561:109): avc: denied { ioctl } for pid=8311 comm="smbd" name="log.current" ioctlcmd=0x2a scontext=root:system_r:smbd_t:s0 tcontext=root:object_r:default_t:s0 tclass=tcp_socket
-diff --git selinux-python-2.8/audit2allow/test_audit2allow.py selinux-python-2.8/audit2allow/test_audit2allow.py
-index a826a9f..4427dea 100644
---- selinux-python-2.8/audit2allow/test_audit2allow.py
-+++ selinux-python-2.8/audit2allow/test_audit2allow.py
-@@ -47,5 +47,14 @@ class Audit2allowTests(unittest.TestCase):
- print(out, err)
- self.assertSuccess("audit2why", p.returncode, err)
-
-+ def test_xperms(self):
-+ "Verify that xperms generation works"
-+ p = Popen(['python', './audit2allow', "-x", "-i", "test.log"], stdout=PIPE)
-+ out, err = p.communicate()
-+ if err:
-+ print(out, err)
-+ self.assertTrue(b"allowxperm" in out)
-+ self.assertSuccess("xperms", p.returncode, err)
-+
- if __name__ == "__main__":
- unittest.main()
-diff --git selinux-python-2.8/chcat/chcat selinux-python-2.8/chcat/chcat
-index 4bd9fc6..27c537e 100755
---- selinux-python-2.8/chcat/chcat
-+++ selinux-python-2.8/chcat/chcat
-@@ -4,7 +4,7 @@
- #
- # chcat is a script that allows you modify the Security label on a file
- #
--#` Author: Daniel Walsh <dwalsh@redhat.com>
-+# Author: Daniel Walsh <dwalsh@redhat.com>
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License as
-@@ -22,19 +22,15 @@
- # 02111-1307 USA
- #
- #
--try:
-- from subprocess import getstatusoutput
--except ImportError:
-- from commands import getstatusoutput
-+import subprocess
- import sys
- import os
- import pwd
--import string
- import getopt
- import selinux
- import seobject
-
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-@@ -44,7 +40,7 @@ try:
- localedir="/usr/share/locale",
- codeset='utf-8',
- **kwargs)
--except:
-+except ImportError:
- try:
- import builtins
- builtins.__dict__['_'] = str
-@@ -86,8 +82,7 @@ def chcat_user_add(newcat, users):
- if len(serange) > 1:
- top = serange[1].split(":")
- if len(top) > 1:
-- cats.append(top[1])
-- cats = expandCats(cats)
-+ cats = expandCats(top[1].split(','))
-
- for i in newcat[1:]:
- if i not in cats:
-@@ -99,12 +94,12 @@ def chcat_user_add(newcat, users):
- new_serange = "%s-%s" % (serange[0], top[0])
-
- if add_ind:
-- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
-+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
- else:
-- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
-- rc = getstatusoutput(cmd)
-- if rc[0] != 0:
-- print(rc[1])
-+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
-+ try:
-+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
-+ except subprocess.CalledProcessError:
- errors += 1
-
- return errors
-@@ -140,10 +135,11 @@ def chcat_add(orig, newcat, objects, login_ind):
- cat_string = "%s,%s" % (cat_string, c)
- else:
- cat_string = cat
-- cmd = 'chcon -l %s:%s %s' % (sensitivity, cat_string, f)
-- rc = getstatusoutput(cmd)
-- if rc[0] != 0:
-- print(rc[1])
-+
-+ cmd = ["chcon", "-l", "%s:%s" % (sensitivity, cat_string), f]
-+ try:
-+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
-+ except subprocess.CalledProcessError:
- errors += 1
- return errors
-
-@@ -166,8 +162,7 @@ def chcat_user_remove(newcat, users):
- if len(serange) > 1:
- top = serange[1].split(":")
- if len(top) > 1:
-- cats.append(top[1])
-- cats = expandCats(cats)
-+ cats = expandCats(top[1].split(','))
-
- for i in newcat[1:]:
- if i in cats:
-@@ -179,13 +174,15 @@ def chcat_user_remove(newcat, users):
- new_serange = "%s-%s" % (serange[0], top[0])
-
- if add_ind:
-- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
-+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
- else:
-- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
-- rc = getstatusoutput(cmd)
-- if rc[0] != 0:
-- print(rc[1])
-+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
-+
-+ try:
-+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
-+ except subprocess.CalledProcessError:
- errors += 1
-+
- return errors
-
-
-@@ -224,12 +221,14 @@ def chcat_remove(orig, newcat, objects, login_ind):
- continue
-
- if len(cat) == 0:
-- cmd = 'chcon -l %s %s' % (sensitivity, f)
-+ new_serange = sensitivity
- else:
-- cmd = 'chcon -l %s:%s %s' % (sensitivity, cat, f)
-- rc = getstatusoutput(cmd)
-- if rc[0] != 0:
-- print(rc[1])
-+ new_serange = '%s:%s' % (sensitivity, cat)
-+
-+ cmd = ["chcon", "-l", new_serange, f]
-+ try:
-+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
-+ except subprocess.CalledProcessError:
- errors += 1
- return errors
-
-@@ -247,17 +246,17 @@ def chcat_user_replace(newcat, users):
- add_ind = 1
- user = seusers["__default__"]
- serange = user[1].split("-")
-- new_serange = "%s-%s:%s" % (serange[0], newcat[0], string.join(newcat[1:], ","))
-+ new_serange = "%s-%s:%s" % (serange[0], newcat[0], ",".join(newcat[1:]))
- if new_serange[-1:] == ":":
- new_serange = new_serange[:-1]
-
- if add_ind:
-- cmd = "semanage login -a -r %s -s %s %s" % (new_serange, user[0], u)
-+ cmd = ["semanage", "login", "-a", "-r", new_serange, "-s", user[0], u]
- else:
-- cmd = "semanage login -m -r %s -s %s %s" % (new_serange, user[0], u)
-- rc = getstatusoutput(cmd)
-- if rc[0] != 0:
-- print(rc[1])
-+ cmd = ["semanage", "login", "-m", "-r", new_serange, "-s", user[0], u]
-+ try:
-+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
-+ except subprocess.CalledProcessError:
- errors += 1
- return errors
-
-@@ -266,21 +265,18 @@ def chcat_replace(newcat, objects, login_ind):
- if login_ind == 1:
- return chcat_user_replace(newcat, objects)
- errors = 0
-+ # newcat[0] is the sensitivity level, newcat[1:] are the categories
- if len(newcat) == 1:
-- sensitivity = newcat[0]
-- cmd = 'chcon -l %s ' % newcat[0]
-+ new_serange = newcat[0]
- else:
-- sensitivity = newcat[0]
-- cmd = 'chcon -l %s:%s' % (sensitivity, newcat[1])
-+ new_serange = "%s:%s" % (newcat[0], newcat[1])
- for cat in newcat[2:]:
-- cmd = '%s,%s' % (cmd, cat)
--
-- for f in objects:
-- cmd = "%s %s" % (cmd, f)
-+ new_serange = '%s,%s' % (new_serange, cat)
-
-- rc = getstatusoutput(cmd)
-- if rc[0] != 0:
-- print(rc[1])
-+ cmd = ["chcon", "-l", new_serange] + objects
-+ try:
-+ subprocess.check_call(cmd, stderr=subprocess.STDOUT, shell=False)
-+ except subprocess.CalledProcessError:
- errors += 1
-
- return errors
-@@ -384,7 +380,7 @@ def listusercats(users):
- if len(users) == 0:
- try:
- users.append(os.getlogin())
-- except:
-+ except OSError:
- users.append(pwd.getpwuid(os.getuid()).pw_name)
-
- verify_users(users)
-@@ -401,6 +397,7 @@ def error(msg):
- print("%s: %s" % (sys.argv[0], msg))
- sys.exit(1)
-
-+
- if __name__ == '__main__':
- if selinux.is_selinux_mls_enabled() != 1:
- error("Requires a mls enabled system")
-@@ -435,7 +432,7 @@ if __name__ == '__main__':
- except getopt.error as error:
- errorExit(_("Options Error %s ") % error.msg)
-
-- except ValueError as e:
-+ except ValueError:
- usage()
-
- if delete_ind:
-diff --git selinux-python-2.8/po/Makefile selinux-python-2.8/po/Makefile
-new file mode 100644
-index 0000000..4e052d5
---- /dev/null
-+++ selinux-python-2.8/po/Makefile
-@@ -0,0 +1,83 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE = python
-+POTFILE = $(NLSPACKAGE).pot
-+INSTALL = /usr/bin/install -c -p
-+INSTALL_DATA = $(INSTALL) -m 644
-+INSTALL_DIR = /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE = msgmerge
-+MSGMERGE_FLAGS = -q
-+XGETTEXT = xgettext --default-domain=$(NLSPACKAGE)
-+MSGFMT = msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all:: $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+ $(XGETTEXT) -L Python --keyword=_ --keyword=N_ $(POTFILES)
-+ $(XGETTEXT) -j --keyword=_ --keyword=N_ ../sepolicy/sepolicy/sepolicy.glade
-+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+ rm -f $(NLSPACKAGE).po; \
-+ else \
-+ mv -f $(NLSPACKAGE).po $(POTFILE); \
-+ fi; \
-+
-+
-+refresh-po: Makefile
-+ for cat in $(POFILES); do \
-+ lang=`basename $$cat .po`; \
-+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+ mv -f $$lang.pot $$lang.po ; \
-+ echo "$(MSGMERGE) of $$lang succeeded" ; \
-+ else \
-+ echo "$(MSGMERGE) of $$lang failed" ; \
-+ rm -f $$lang.pot ; \
-+ fi \
-+ done
-+
-+clean:
-+ @rm -fv *mo *~ .depend
-+ @rm -rf tmp
-+
-+install: $(MOFILES)
-+ @for n in $(MOFILES); do \
-+ l=`basename $$n .mo`; \
-+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+ done
-+
-+%.mo: %.po
-+ $(MSGFMT) -o $@ $<
-+report:
-+ @for cat in $(wildcard *.po); do \
-+ echo -n "$$cat: "; \
-+ msgfmt -v --statistics -o /dev/null $$cat; \
-+ done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git selinux-python-2.8/po/POTFILES selinux-python-2.8/po/POTFILES
-new file mode 100644
-index 0000000..128eb87
---- /dev/null
-+++ selinux-python-2.8/po/POTFILES
-@@ -0,0 +1,10 @@
-+../audit2allow/audit2allow
-+../chcat/chcat
-+../semanage/semanage
-+../semanage/seobject.py
-+../sepolgen/src/sepolgen/interfaces.py
-+../sepolicy/sepolicy/generate.py
-+../sepolicy/sepolicy/gui.py
-+../sepolicy/sepolicy/__init__.py
-+../sepolicy/sepolicy/interface.py
-+../sepolicy/sepolicy.py
-diff --git selinux-python-2.8/semanage/semanage selinux-python-2.8/semanage/semanage
-index 8d8a086..301207e 100644
---- selinux-python-2.8/semanage/semanage
-+++ selinux-python-2.8/semanage/semanage
-@@ -27,7 +27,7 @@ import traceback
- import argparse
- import seobject
- import sys
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-@@ -53,7 +53,7 @@ usage_fcontext = "semanage fcontext [-h] [-n] [-N] [-S STORE] ["
- usage_fcontext_dict = {' --add': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --delete': ('(', '-t TYPE', '-f FTYPE', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --modify': ('(', '-t TYPE', '-f FTYPE', '-r RANGE', '-s SEUSER', '|', '-e EQUAL', ')', 'FILE_SPEC',), ' --list': ('[-C]',), ' --extract': ('',), ' --deleteall': ('',)}
-
- usage_user = "semanage user [-h] [-n] [-N] [-S STORE] ["
--usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name'')'), ' --delete': ('selinux_name',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'selinux_name', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-+usage_user_dict = {' --add': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', 'SEUSER', ')'), ' --delete': ('SEUSER',), ' --modify': ('(', '-L LEVEL', '-R ROLES', '-r RANGE', '-s SEUSER', 'SEUSER', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-
- usage_port = "semanage port [-h] [-n] [-N] [-S STORE] ["
- usage_port_dict = {' --add': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --modify': ('-t TYPE', '-p PROTOCOL', '-r RANGE', '(', 'port_name', '|', 'port_range', ')'), ' --delete': ('-p PROTOCOL', '(', 'port_name', '|', 'port_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-@@ -62,7 +62,7 @@ usage_ibpkey = "semanage ibpkey [-h] [-n] [-N] [-s STORE] ["
- usage_ibpkey_dict = {' --add': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --modify': ('-t TYPE', '-x SUBNET_PREFIX', '-r RANGE', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --delete': ('-x SUBNET_PREFIX', '(', 'ibpkey_name', '|', 'pkey_range', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-
- usage_ibendport = "semanage ibendport [-h] [-n] [-N] [-s STORE] ["
--usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE''(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-+usage_ibendport_dict = {' --add': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --modify': ('-t TYPE', '-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --delete': ('-z IBDEV_NAME', '-r RANGE', '(', 'port', ')'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-
- usage_node = "semanage node [-h] [-n] [-N] [-S STORE] ["
- usage_node_dict = {' --add': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --modify': ('-M NETMASK', '-p PROTOCOL', '-t TYPE', '-r RANGE', 'node'), ' --delete': ('-M NETMASK', '-p PROTOCOL', 'node'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-@@ -73,7 +73,7 @@ usage_interface_dict = {' --add': ('-t TYPE', '-r RANGE', 'interface'), ' --modi
- usage_boolean = "semanage boolean [-h] [-n] [-N] [-S STORE] ["
- usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-
--import sepolicy
-+
-
-
- class CheckRole(argparse.Action):
-@@ -82,7 +82,11 @@ class CheckRole(argparse.Action):
- newval = getattr(namespace, self.dest)
- if not newval:
- newval = []
-- roles = sepolicy.get_all_roles()
-+ try:
-+ import sepolicy
-+ roles = sepolicy.get_all_roles()
-+ except ValueError:
-+ roles = []
- for v in value.split():
- if v not in roles:
- raise ValueError("%s must be an SELinux role:\nValid roles: %s" % (v, ", ".join(roles)))
-@@ -421,7 +425,7 @@ def setupUserParser(subparsers):
- userParser.add_argument('-R', '--roles', default=[],
- action=CheckRole,
- help=_('''
--SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
-+SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
- '''))
- userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
- userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
-@@ -604,19 +608,19 @@ def setupInterfaceParser(subparsers):
-
- def handleModule(args):
- OBJECT = seobject.moduleRecords(args)
-- if args.action == "add":
-- OBJECT.add(args.module_name, args.priority)
-- if args.action == "enable":
-- OBJECT.set_enabled(args.module_name, True)
-- if args.action == "disable":
-- OBJECT.set_enabled(args.module_name, False)
-- if args.action == "remove":
-- OBJECT.delete(args.module_name, args.priority)
-- if args.action is "deleteall":
-+ if args.action_add:
-+ OBJECT.add(args.action_add, args.priority)
-+ if args.action_enable:
-+ OBJECT.set_enabled(args.action_enable, True)
-+ if args.action_disable:
-+ OBJECT.set_enabled(args.action_disable, False)
-+ if args.action_remove:
-+ OBJECT.delete(args.action_remove, args.priority)
-+ if args.action == "deleteall":
- OBJECT.deleteall()
- if args.action == "list":
- OBJECT.list(args.noheading, args.locallist)
-- if args.action is "extract":
-+ if args.action == "extract":
- for i in OBJECT.customized():
- print("module %s" % str(i))
-
-@@ -630,14 +634,13 @@ def setupModuleParser(subparsers):
- parser_add_priority(moduleParser, "module")
-
- mgroup = moduleParser.add_mutually_exclusive_group(required=True)
-- parser_add_add(mgroup, "module")
- parser_add_list(mgroup, "module")
- parser_add_extract(mgroup, "module")
- parser_add_deleteall(mgroup, "module")
-- mgroup.add_argument('-r', '--remove', dest='action', action='store_const', const='remove', help=_("Remove a module"))
-- mgroup.add_argument('-d', '--disable', dest='action', action='store_const', const='disable', help=_("Disable a module"))
-- mgroup.add_argument('-e', '--enable', dest='action', action='store_const', const='enable', help=_("Enable a module"))
-- moduleParser.add_argument('module_name', nargs='?', default=None, help=_('Name of the module to act on'))
-+ mgroup.add_argument('-a', '--add', dest='action_add', action='store', nargs=1, metavar='module_name', help=_("Add a module"))
-+ mgroup.add_argument('-r', '--remove', dest='action_remove', action='store', nargs='+', metavar='module_name', help=_("Remove a module"))
-+ mgroup.add_argument('-d', '--disable', dest='action_disable', action='store', nargs='+', metavar='module_name', help=_("Disable a module"))
-+ mgroup.add_argument('-e', '--enable', dest='action_enable', action='store', nargs='+', metavar='module_name', help=_("Enable a module"))
- moduleParser.set_defaults(func=handleModule)
-
-
-@@ -739,9 +742,7 @@ def handlePermissive(args):
- if args.action is "delete":
- OBJECT.delete(args.type)
- else:
-- args.parser.print_usage(sys.stderr)
-- sys.stderr.write(_('semanage permissive: error: the following argument is required: type\n'))
-- sys.exit(1)
-+ args.parser.error(message=_('semanage permissive: error: the following argument is required: type\n'))
-
-
- def setupPermissiveParser(subparsers):
-@@ -776,7 +777,7 @@ def setupDontauditParser(subparsers):
-
-
- def handleExport(args):
-- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module"]
-+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"]
- for i in manageditems:
- print("%s -D" % i)
- for i in manageditems:
-diff --git selinux-python-2.8/semanage/semanage-user.8 selinux-python-2.8/semanage/semanage-user.8
-index 30bc670..23fec69 100644
---- selinux-python-2.8/semanage/semanage-user.8
-+++ selinux-python-2.8/semanage/semanage-user.8
-@@ -2,7 +2,7 @@
- .SH "NAME"
- .B semanage\-user \- SELinux Policy Management SELinux User mapping tool
- .SH "SYNOPSIS"
--.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name) | \-\-delete selinux_name | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE \-s SEUSER selinux_name ) ]
-+.B semanage user [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add ( \-L LEVEL \-R ROLES \-r RANGE SEUSER) | \-\-delete SEUSER | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify ( \-L LEVEL \-R ROLES \-r RANGE SEUSER ) ]
-
- .SH "DESCRIPTION"
- semanage is used to configure certain elements of
-diff --git selinux-python-2.8/semanage/semanage.8 selinux-python-2.8/semanage/semanage.8
-index 0bdb90f..0cdcfcc 100644
---- selinux-python-2.8/semanage/semanage.8
-+++ selinux-python-2.8/semanage/semanage.8
-@@ -57,9 +57,8 @@ to SELinux user identities (which controls the initial security context
- assigned to Linux users when they login and bounds their authorized role set)
- as well as security context mappings for various kinds of objects, such
- as network ports, interfaces, infiniband pkeys and endports, and nodes (hosts)
--as well as the file context mapping. See the EXAMPLES section below for some
--examples of common usage. Note that the semanage login command deals with the
--mapping from Linux usernames (logins) to SELinux user identities,
-+as well as the file context mapping. Note that the semanage login command deals
-+with the mapping from Linux usernames (logins) to SELinux user identities,
- while the semanage user command deals with the mapping from SELinux
- user identities to authorized role sets. In most cases, only the
- former mapping needs to be adjusted by the administrator; the latter
-diff --git selinux-python-2.8/semanage/seobject.py selinux-python-2.8/semanage/seobject.py
-index c76dce8..59df249 100644
---- selinux-python-2.8/semanage/seobject.py
-+++ selinux-python-2.8/semanage/seobject.py
-@@ -30,10 +30,10 @@ import sys
- import stat
- import socket
- from semanage import *
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- import sepolicy
- import setools
--from IPy import IP
-+import ipaddress
-
- try:
- import gettext
-@@ -101,6 +101,8 @@ ftype_to_audit = {"": "any",
-
- try:
- import audit
-+ #test if audit module is enabled
-+ audit.audit_close(audit.audit_open())
-
- class logger:
-
-@@ -138,7 +140,7 @@ try:
-
- self.log_list = []
- self.log_change_list = []
--except:
-+except (OSError, ImportError):
- class logger:
-
- def __init__(self):
-@@ -258,6 +260,7 @@ class semanageRecords:
- if self.store == "" or self.store == localstore:
- self.mylog = logger()
- else:
-+ sepolicy.load_store_policy(self.store)
- self.mylog = nulllogger()
-
- def set_reload(self, load):
-@@ -397,6 +400,8 @@ class moduleRecords(semanageRecords):
- print("%-25s %-9s %-5s %s" % (t[0], t[2], t[3], disabled))
-
- def add(self, file, priority):
-+ if type(file) == list:
-+ file = file[0]
- if not os.path.exists(file):
- raise ValueError(_("Module does not exist: %s ") % file)
-
-@@ -409,7 +414,9 @@ class moduleRecords(semanageRecords):
- self.commit()
-
- def set_enabled(self, module, enable):
-- for m in module.split():
-+ if type(module) == str:
-+ module = module.split()
-+ for m in module:
- rc, key = semanage_module_key_create(self.sh)
- if rc < 0:
- raise ValueError(_("Could not create module key"))
-@@ -431,7 +438,9 @@ class moduleRecords(semanageRecords):
- if rc < 0:
- raise ValueError(_("Invalid priority %d (needs to be between 1 and 999)") % priority)
-
-- for m in module.split():
-+ if type(module) == str:
-+ module = module.split()
-+ for m in module:
- rc = semanage_module_remove(self.sh, m)
- if rc < 0 and rc != -2:
- raise ValueError(_("Could not remove module %s (remove failed)") % m)
-@@ -593,7 +602,6 @@ class loginRecords(semanageRecords):
-
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-- self.mylog.log("login", name, sename=sename, serange=serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
-
- def add(self, name, sename, serange):
- try:
-@@ -601,7 +609,6 @@ class loginRecords(semanageRecords):
- self.__add(name, sename, serange)
- self.commit()
- except ValueError as error:
-- self.mylog.commit(0)
- raise error
-
- def __modify(self, name, sename="", serange=""):
-@@ -653,7 +660,6 @@ class loginRecords(semanageRecords):
-
- semanage_seuser_key_free(k)
- semanage_seuser_free(u)
-- self.mylog.log("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
-
- def modify(self, name, sename="", serange=""):
- try:
-@@ -661,7 +667,6 @@ class loginRecords(semanageRecords):
- self.__modify(name, sename, serange)
- self.commit()
- except ValueError as error:
-- self.mylog.commit(0)
- raise error
-
- def __delete(self, name):
-@@ -694,8 +699,6 @@ class loginRecords(semanageRecords):
- rec, self.sename, self.serange = selinux.getseuserbyname("__default__")
- range, (rc, serole) = userrec.get(self.sename)
-
-- self.mylog.log_remove("login", name, sename=self.sename, serange=self.serange, serole=",".join(serole), oldserole=",".join(oldserole), oldsename=self.oldsename, oldserange=self.oldserange)
--
- def delete(self, name):
- try:
- self.begin()
-@@ -703,7 +706,6 @@ class loginRecords(semanageRecords):
- self.commit()
-
- except ValueError as error:
-- self.mylog.commit(0)
- raise error
-
- def deleteall(self):
-@@ -717,7 +719,6 @@ class loginRecords(semanageRecords):
- self.__delete(semanage_seuser_get_name(u))
- self.commit()
- except ValueError as error:
-- self.mylog.commit(0)
- raise error
-
- def get_all_logins(self):
-@@ -753,7 +754,10 @@ class loginRecords(semanageRecords):
- l = []
- ddict = self.get_all(True)
- for k in sorted(ddict.keys()):
-- l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
-+ if ddict[k][1]:
-+ l.append("-a -s %s -r '%s' %s" % (ddict[k][0], ddict[k][1], k))
-+ else:
-+ l.append("-a -s %s %s" % (ddict[k][0], k))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -1020,7 +1024,10 @@ class seluserRecords(semanageRecords):
- l = []
- ddict = self.get_all(True)
- for k in sorted(ddict.keys()):
-- l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
-+ if ddict[k][1] or ddict[k][2]:
-+ l.append("-a -L %s -r %s -R '%s' %s" % (ddict[k][1], ddict[k][2], ddict[k][3], k))
-+ else:
-+ l.append("-a -R '%s' %s" % (ddict[k][3], k))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -1043,13 +1050,15 @@ class seluserRecords(semanageRecords):
-
-
- class portRecords(semanageRecords):
-- try:
-- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
-- except RuntimeError:
-- valid_types = []
-+
-+ valid_types = []
-
- def __init__(self, args = None):
- semanageRecords.__init__(self, args)
-+ try:
-+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
-+ except RuntimeError:
-+ pass
-
- def __genkey(self, port, proto):
- if proto == "tcp":
-@@ -1087,6 +1096,8 @@ class portRecords(semanageRecords):
- if type == "":
- raise ValueError(_("Type is required"))
-
-+ type = sepolicy.get_real_type_name(type)
-+
- if type not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be a port type") % type)
-
-@@ -1151,6 +1162,7 @@ class portRecords(semanageRecords):
- else:
- raise ValueError(_("Requires setype"))
-
-+ setype = sepolicy.get_real_type_name(setype)
- if setype and setype not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be a port type") % setype)
-
-@@ -1295,10 +1307,11 @@ class portRecords(semanageRecords):
- l = []
- ddict = self.get_all(True)
- for k in sorted(ddict.keys()):
-- if k[0] == k[1]:
-- l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], k[0]))
-+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1])
-+ if ddict[k][1]:
-+ l.append("-a -t %s -r '%s' -p %s %s" % (ddict[k][0], ddict[k][1], k[2], port))
- else:
-- l.append("-a -t %s -p %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
-+ l.append("-a -t %s -p %s %s" % (ddict[k][0], k[2], port))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -1355,6 +1368,8 @@ class ibpkeyRecords(semanageRecords):
- if type == "":
- raise ValueError(_("Type is required"))
-
-+ type = sepolicy.get_real_type_name(type)
-+
- if type not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be a ibpkey type") % type)
-
-@@ -1417,6 +1432,8 @@ class ibpkeyRecords(semanageRecords):
- else:
- raise ValueError(_("Requires setype"))
-
-+ setype = sepolicy.get_real_type_name(setype)
-+
- if setype and setype not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be a ibpkey type") % setype)
-
-@@ -1548,10 +1565,11 @@ class ibpkeyRecords(semanageRecords):
- ddict = self.get_all(True)
-
- for k in sorted(ddict.keys()):
-- if k[0] == k[1]:
-- l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], k[0]))
-+ port = k[0] if k[0] == k[1] else "%s-%s" % (k[0], k[1])
-+ if ddict[k][1]:
-+ l.append("-a -t %s -r '%s' -x %s %s" % (ddict[k][0], ddict[k][1], k[2], port))
- else:
-- l.append("-a -t %s -x %s %s-%s" % (ddict[k][0], k[2], k[0], k[1]))
-+ l.append("-a -t %s -x %s %s" % (ddict[k][0], k[2], port))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -1603,6 +1621,8 @@ class ibendportRecords(semanageRecords):
- if type == "":
- raise ValueError(_("Type is required"))
-
-+ type = sepolicy.get_real_type_name(type)
-+
- if type not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be an ibendport type") % type)
- (k, ibendport, port) = self.__genkey(ibendport, ibdev_name)
-@@ -1664,6 +1684,8 @@ class ibendportRecords(semanageRecords):
- else:
- raise ValueError(_("Requires setype"))
-
-+ setype = sepolicy.get_real_type_name(setype)
-+
- if setype and setype not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be an ibendport type") % setype)
-
-@@ -1788,7 +1810,10 @@ class ibendportRecords(semanageRecords):
- ddict = self.get_all(True)
-
- for k in sorted(ddict.keys()):
-- l.append("-a -t %s -r %s -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
-+ if ddict[k][1]:
-+ l.append("-a -t %s -r '%s' -z %s %s" % (ddict[k][0], ddict[k][1], k[1], k[0]))
-+ else:
-+ l.append("-a -t %s -z %s %s" % (ddict[k][0], k[1], k[0]))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -1807,14 +1832,16 @@ class ibendportRecords(semanageRecords):
- print(rec)
-
- class nodeRecords(semanageRecords):
-- try:
-- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"])
-- except RuntimeError:
-- valid_types = []
-+
-+ valid_types = []
-
- def __init__(self, args = None):
- semanageRecords.__init__(self, args)
- self.protocol = ["ipv4", "ipv6"]
-+ try:
-+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "node_type"))[0]["types"])
-+ except RuntimeError:
-+ pass
-
- def validate(self, addr, mask, protocol):
- newaddr = addr
-@@ -1826,13 +1853,13 @@ class nodeRecords(semanageRecords):
-
- # verify valid comination
- if len(mask) == 0 or mask[0] == "/":
-- i = IP(addr + mask)
-- newaddr = i.strNormal(0)
-- newmask = str(i.netmask())
-- if newmask == "0.0.0.0" and i.version() == 6:
-+ i = ipaddress.ip_network(addr + mask)
-+ newaddr = str(i.network_address)
-+ newmask = str(i.netmask)
-+ if newmask == "0.0.0.0" and i.version == 6:
- newmask = "::"
-
-- protocol = "ipv%d" % i.version()
-+ protocol = "ipv%d" % i.version
-
- try:
- newprotocol = self.protocol.index(protocol)
-@@ -1853,6 +1880,8 @@ class nodeRecords(semanageRecords):
- if ctype == "":
- raise ValueError(_("SELinux node type is required"))
-
-+ ctype = sepolicy.get_real_type_name(ctype)
-+
- if ctype not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be a node type") % ctype)
-
-@@ -1922,6 +1951,8 @@ class nodeRecords(semanageRecords):
- if serange == "" and setype == "":
- raise ValueError(_("Requires setype or serange"))
-
-+ setype = sepolicy.get_real_type_name(setype)
-+
- if setype and setype not in self.valid_types:
- raise ValueError(_("Type %s is invalid, must be a node type") % setype)
-
-@@ -2024,7 +2055,10 @@ class nodeRecords(semanageRecords):
- l = []
- ddict = self.get_all(True)
- for k in sorted(ddict.keys()):
-- l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0]))
-+ if ddict[k][3]:
-+ l.append("-a -M %s -p %s -t %s -r '%s' %s" % (k[1], k[2], ddict[k][2], ddict[k][3], k[0]))
-+ else:
-+ l.append("-a -M %s -p %s -t %s %s" % (k[1], k[2], ddict[k][2], k[0]))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -2218,7 +2252,10 @@ class interfaceRecords(semanageRecords):
- l = []
- ddict = self.get_all(True)
- for k in sorted(ddict.keys()):
-- l.append("-a -t %s %s" % (ddict[k][2], k))
-+ if ddict[k][3]:
-+ l.append("-a -t %s -r '%s' %s" % (ddict[k][2], ddict[k][3], k))
-+ else:
-+ l.append("-a -t %s %s" % (ddict[k][2], k))
- return l
-
- def list(self, heading=1, locallist=0):
-@@ -2238,15 +2275,17 @@ class interfaceRecords(semanageRecords):
-
-
- class fcontextRecords(semanageRecords):
-- try:
-- valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"])
-- valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"])
-- valid_types.append("<<none>>")
-- except RuntimeError:
-- valid_types = []
-+
-+ valid_types = []
-
- def __init__(self, args = None):
- semanageRecords.__init__(self, args)
-+ try:
-+ self.valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "file_type"))[0]["types"])
-+ self.valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE, "device_node"))[0]["types"])
-+ except RuntimeError:
-+ pass
-+
- self.equiv = {}
- self.equiv_dist = {}
- self.equal_ind = False
-@@ -2369,8 +2408,10 @@ class fcontextRecords(semanageRecords):
- if type == "":
- raise ValueError(_("SELinux Type is required"))
-
-- if type not in self.valid_types:
-- raise ValueError(_("Type %s is invalid, must be a file or device type") % type)
-+ if type != "<<none>>":
-+ type = sepolicy.get_real_type_name(type)
-+ if type not in self.valid_types:
-+ raise ValueError(_("Type %s is invalid, must be a file or device type") % type)
-
- (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
- if rc < 0:
-@@ -2432,8 +2473,10 @@ class fcontextRecords(semanageRecords):
- def __modify(self, target, setype, ftype, serange, seuser):
- if serange == "" and setype == "" and seuser == "":
- raise ValueError(_("Requires setype, serange or seuser"))
-- if setype and setype not in self.valid_types:
-- raise ValueError(_("Type %s is invalid, must be a file or device type") % setype)
-+ if setype not in ["", "<<none>>"]:
-+ setype = sepolicy.get_real_type_name(setype)
-+ if setype not in self.valid_types:
-+ raise ValueError(_("Type %s is invalid, must be a file or device type") % setype)
-
- self.validate(target)
-
-@@ -2597,7 +2640,10 @@ class fcontextRecords(semanageRecords):
- fcon_dict = self.get_all(True)
- for k in sorted(fcon_dict.keys()):
- if fcon_dict[k]:
-- l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
-+ if fcon_dict[k][3]:
-+ l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
-+ else:
-+ l.append("-a -f %s -t %s '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], k[0]))
-
- if len(self.equiv):
- for target in self.equiv.keys():
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/access.py selinux-python-2.8/sepolgen/src/sepolgen/access.py
-index a5d8698..ba80f93 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/access.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/access.py
-@@ -78,6 +78,7 @@ class AccessVector(util.Comparison):
- .obj_class - The object class to which access is allowed. [String or None]
- .perms - The permissions allowed to the object class. [IdSet]
- .audit_msgs - The audit messages that generated this access vector [List of strings]
-+ .xperms - Extended permissions attached to the AV. [Dictionary {operation: xperm set}]
- """
- def __init__(self, init_list=None):
- if init_list:
-@@ -87,9 +88,11 @@ class AccessVector(util.Comparison):
- self.tgt_type = None
- self.obj_class = None
- self.perms = refpolicy.IdSet()
-- self.audit_msgs = []
-- self.type = audit2why.TERULE
-- self.data = []
-+
-+ self.audit_msgs = []
-+ self.type = audit2why.TERULE
-+ self.data = []
-+ self.xperms = {}
- # when implementing __eq__ also __hash__ is needed on py2
- # if object is muttable __hash__ should be None
- self.__hash__ = None
-@@ -131,6 +134,15 @@ class AccessVector(util.Comparison):
- l.extend(sorted(self.perms))
- return l
-
-+ def merge(self, av):
-+ """Add permissions and extended permissions from AV"""
-+ self.perms.update(av.perms)
-+
-+ for op in av.xperms:
-+ if op not in self.xperms:
-+ self.xperms[op] = refpolicy.XpermSet()
-+ self.xperms[op].extend(av.xperms[op])
-+
- def __str__(self):
- return self.to_string()
-
-@@ -260,28 +272,28 @@ class AccessVectorSet:
- def add(self, src_type, tgt_type, obj_class, perms, audit_msg=None, avc_type=audit2why.TERULE, data=[]):
- """Add an access vector to the set.
- """
-- tgt = self.src.setdefault(src_type, { })
-- cls = tgt.setdefault(tgt_type, { })
--
-- if (obj_class, avc_type) in cls:
-- access = cls[obj_class, avc_type]
-- else:
-- access = AccessVector()
-- access.src_type = src_type
-- access.tgt_type = tgt_type
-- access.obj_class = obj_class
-- access.data = data
-- access.type = avc_type
-- cls[obj_class, avc_type] = access
--
-- access.perms.update(perms)
-- if audit_msg:
-- access.audit_msgs.append(audit_msg)
-+ av = AccessVector()
-+ av.src_type = src_type
-+ av.tgt_type = tgt_type
-+ av.obj_class = obj_class
-+ av.perms = perms
-+ av.data = data
-+ av.type = avc_type
-+
-+ self.add_av(av, audit_msg)
-
- def add_av(self, av, audit_msg=None):
- """Add an access vector to the set."""
-- self.add(av.src_type, av.tgt_type, av.obj_class, av.perms)
-+ tgt = self.src.setdefault(av.src_type, { })
-+ cls = tgt.setdefault(av.tgt_type, { })
-
-+ if (av.obj_class, av.type) in cls:
-+ cls[av.obj_class, av.type].merge(av)
-+ else:
-+ cls[av.obj_class, av.type] = av
-+
-+ if audit_msg:
-+ cls[av.obj_class, av.type].audit_msgs.append(audit_msg)
-
- def avs_extract_types(avs):
- types = refpolicy.IdSet()
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/audit.py selinux-python-2.8/sepolgen/src/sepolgen/audit.py
-index 26ce6c9..daed58c 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/audit.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/audit.py
-@@ -152,6 +152,7 @@ class AVCMessage(AuditMessage):
- access - list of accesses that were allowed or denied
- denial - boolean indicating whether this was a denial (True) or granted
- (False) message.
-+ ioctlcmd - ioctl 'request' parameter
-
- An example audit message generated from the audit daemon looks like (line breaks
- added):
-@@ -178,6 +179,7 @@ class AVCMessage(AuditMessage):
- self.name = ""
- self.accesses = []
- self.denial = True
-+ self.ioctlcmd = None
- self.type = audit2why.TERULE
-
- def __parse_access(self, recs, start):
-@@ -237,6 +239,11 @@ class AVCMessage(AuditMessage):
- self.exe = fields[1][1:-1]
- elif fields[0] == "name":
- self.name = fields[1][1:-1]
-+ elif fields[0] == "ioctlcmd":
-+ try:
-+ self.ioctlcmd = int(fields[1], 16)
-+ except ValueError:
-+ pass
-
- if not found_src or not found_tgt or not found_class or not found_access:
- raise ValueError("AVC message in invalid format [%s]\n" % self.message)
-@@ -522,13 +529,20 @@ class AuditParser:
- for avc in self.avc_msgs:
- if avc.denial != True and only_denials:
- continue
-- if avc_filter:
-- if avc_filter.filter(avc):
-- av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
-- avc.accesses, avc, avc_type=avc.type, data=avc.data)
-- else:
-- av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
-- avc.accesses, avc, avc_type=avc.type, data=avc.data)
-+
-+ if not avc_filter or avc_filter.filter(avc):
-+ av = access.AccessVector([avc.scontext.type, avc.tcontext.type,
-+ avc.tclass] + avc.accesses)
-+ av.data = avc.data
-+ av.type = avc.type
-+
-+ if avc.ioctlcmd:
-+ xperm_set = refpolicy.XpermSet()
-+ xperm_set.add(avc.ioctlcmd)
-+ av.xperms["ioctl"] = xperm_set
-+
-+ av_set.add_av(av, audit_msg=avc)
-+
- return av_set
-
- class AVCTypeFilter:
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/policygen.py selinux-python-2.8/sepolgen/src/sepolgen/policygen.py
-index ee664fb..319da15 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/policygen.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/policygen.py
-@@ -50,10 +50,11 @@ class PolicyGenerator:
- in the form of access vectors.
-
- It generates allow rules and optionally module require
-- statements and reference policy interfaces. By default
-- only allow rules are generated. The methods .set_gen_refpol
-- and .set_gen_requires turns on interface generation and
-- requires generation respectively.
-+ statements, reference policy interfaces, and extended
-+ permission access vector rules. By default only allow rules
-+ are generated. The methods .set_gen_refpol, .set_gen_requires
-+ and .set_gen_xperms turns on interface generation,
-+ requires generation, and xperms rules genration respectively.
-
- PolicyGenerator can also optionally add comments explaining
- why a particular access was allowed based on the audit
-@@ -82,6 +83,7 @@ class PolicyGenerator:
- self.module = refpolicy.Module()
-
- self.dontaudit = False
-+ self.xperms = False
-
- self.domains = None
- def set_gen_refpol(self, if_set=None, perm_maps=None):
-@@ -120,6 +122,12 @@ class PolicyGenerator:
- def set_gen_dontaudit(self, dontaudit):
- self.dontaudit = dontaudit
-
-+ def set_gen_xperms(self, xperms):
-+ """Set whether extended permission access vector rules
-+ are generated.
-+ """
-+ self.xperms = xperms
-+
- def __set_module_style(self):
- if self.ifgen:
- refpolicy = True
-@@ -153,51 +161,69 @@ class PolicyGenerator:
- """Return the generated module"""
- return self.module
-
-- def __add_allow_rules(self, avs):
-- for av in avs:
-- rule = refpolicy.AVRule(av)
-+ def __add_av_rule(self, av):
-+ """Add access vector rule.
-+ """
-+ rule = refpolicy.AVRule(av)
-+
-+ if self.dontaudit:
-+ rule.rule_type = rule.DONTAUDIT
-+ rule.comment = ""
-+ if self.explain:
-+ rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
-+
-+ if av.type == audit2why.ALLOW:
-+ rule.comment += "\n#!!!! This avc is allowed in the current policy"
-+
-+ if av.xperms:
-+ rule.comment += "\n#!!!! This av rule may have been overridden by an extended permission av rule"
-+
-+ if av.type == audit2why.DONTAUDIT:
-+ rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy"
-+
-+ if av.type == audit2why.BOOLEAN:
-+ if len(av.data) > 1:
-+ rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join([x[0] for x in av.data])
-+ else:
-+ rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0]
-+
-+ if av.type == audit2why.CONSTRAINT:
-+ rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
-+ rule.comment += "\n#Constraint rule: "
-+ rule.comment += "\n#\t" + av.data[0]
-+ for reason in av.data[1:]:
-+ rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
-+
-+ try:
-+ if ( av.type == audit2why.TERULE and
-+ "write" in av.perms and
-+ ( "dir" in av.obj_class or "open" in av.perms )):
-+ if not self.domains:
-+ self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
-+ types=[]
-+
-+ for i in [x[TCONTEXT] for x in sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})]:
-+ if i not in self.domains:
-+ types.append(i)
-+ if len(types) == 1:
-+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-+ elif len(types) >= 1:
-+ rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-+ except:
-+ pass
-+
-+ self.module.children.append(rule)
-+
-+ def __add_ext_av_rules(self, av):
-+ """Add extended permission access vector rules.
-+ """
-+ for op in av.xperms.keys():
-+ extrule = refpolicy.AVExtRule(av, op)
-+
- if self.dontaudit:
-- rule.rule_type = rule.DONTAUDIT
-- rule.comment = ""
-- if self.explain:
-- rule.comment = str(refpolicy.Comment(explain_access(av, verbosity=self.explain)))
-- if av.type == audit2why.ALLOW:
-- rule.comment += "\n#!!!! This avc is allowed in the current policy"
-- if av.type == audit2why.DONTAUDIT:
-- rule.comment += "\n#!!!! This avc has a dontaudit rule in the current policy"
--
-- if av.type == audit2why.BOOLEAN:
-- if len(av.data) > 1:
-- rule.comment += "\n#!!!! This avc can be allowed using one of the these booleans:\n# %s" % ", ".join([x[0] for x in av.data])
-- else:
-- rule.comment += "\n#!!!! This avc can be allowed using the boolean '%s'" % av.data[0][0]
--
-- if av.type == audit2why.CONSTRAINT:
-- rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
-- rule.comment += "\n#Constraint rule: "
-- rule.comment += "\n#\t" + av.data[0]
-- for reason in av.data[1:]:
-- rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
--
-- try:
-- if ( av.type == audit2why.TERULE and
-- "write" in av.perms and
-- ( "dir" in av.obj_class or "open" in av.perms )):
-- if not self.domains:
-- self.domains = seinfo(ATTRIBUTE, name="domain")[0]["types"]
-- types=[]
--
-- for i in [x[TCONTEXT] for x in sesearch([ALLOW], {SCONTEXT: av.src_type, CLASS: av.obj_class, PERMS: av.perms})]:
-- if i not in self.domains:
-- types.append(i)
-- if len(types) == 1:
-- rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following type:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-- elif len(types) >= 1:
-- rule.comment += "\n#!!!! The source type '%s' can write to a '%s' of the following types:\n# %s\n" % ( av.src_type, av.obj_class, ", ".join(types))
-- except:
-- pass
-- self.module.children.append(rule)
-+ extrule.rule_type = extrule.DONTAUDITXPERM
-
-+ self.module.children.append(extrule)
-
- def add_access(self, av_set):
- """Add the access from the access vector set to this
-@@ -215,7 +241,10 @@ class PolicyGenerator:
- raw_allow = av_set
-
- # Generate the raw allow rules from the filtered list
-- self.__add_allow_rules(raw_allow)
-+ for av in raw_allow:
-+ self.__add_av_rule(av)
-+ if self.xperms and av.xperms:
-+ self.__add_ext_av_rules(av)
-
- def add_role_types(self, role_type_set):
- for role_type in role_type_set:
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/refparser.py selinux-python-2.8/sepolgen/src/sepolgen/refparser.py
-index 2cef8e8..3415aff 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/refparser.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/refparser.py
-@@ -786,7 +786,7 @@ def p_role_allow(p):
-
- def p_permissive(p):
- 'permissive : PERMISSIVE names SEMI'
-- t.skip(1)
-+ pass
-
- def p_avrule_def(p):
- '''avrule_def : ALLOW names names COLON names names SEMI
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py
-index 352b187..c30a8c7 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/refpolicy.py
-@@ -109,6 +109,9 @@ class Node(PolicyBase):
- def avrules(self):
- return filter(lambda x: isinstance(x, AVRule), walktree(self))
-
-+ def avextrules(self):
-+ return filter(lambda x: isinstance(x, AVExtRule), walktree(self))
-+
- def typerules(self):
- return filter(lambda x: isinstance(x, TypeRule), walktree(self))
-
-@@ -352,6 +355,65 @@ class ObjectClass(Leaf):
- self.name = name
- self.perms = IdSet()
-
-+class XpermSet():
-+ """Extended permission set.
-+
-+ This class represents one or more extended permissions
-+ represented by numeric values or ranges of values. The
-+ .complement attribute is used to specify all permission
-+ except those specified.
-+
-+ Two xperm set can be merged using the .extend() method.
-+ """
-+ def __init__(self, complement=False):
-+ self.complement = complement
-+ self.ranges = []
-+
-+ def __normalize_ranges(self):
-+ """Ensure that ranges are not overlapping.
-+ """
-+ self.ranges.sort()
-+
-+ i = 0
-+ while i < len(self.ranges):
-+ while i + 1 < len(self.ranges):
-+ if self.ranges[i + 1][0] <= self.ranges[i][1] + 1:
-+ self.ranges[i] = (self.ranges[i][0], max(self.ranges[i][1],
-+ self.ranges[i + 1][1]))
-+ del self.ranges[i + 1]
-+ else:
-+ break
-+ i += 1
-+
-+ def extend(self, s):
-+ """Add ranges from an xperm set
-+ """
-+ self.ranges.extend(s.ranges)
-+ self.__normalize_ranges()
-+
-+ def add(self, minimum, maximum=None):
-+ """Add value of range of values to the xperm set.
-+ """
-+ if maximum is None:
-+ maximum = minimum
-+ self.ranges.append((minimum, maximum))
-+ self.__normalize_ranges()
-+
-+ def to_string(self):
-+ if not self.ranges:
-+ return ""
-+
-+ compl = "~ " if self.complement else ""
-+
-+ # print single value without braces
-+ if len(self.ranges) == 1 and self.ranges[0][0] == self.ranges[0][1]:
-+ return compl + str(self.ranges[0][0])
-+
-+ vals = map(lambda x: str(x[0]) if x[0] == x[1] else "%s-%s" % x,
-+ self.ranges)
-+
-+ return "%s{ %s }" % (compl, " ".join(vals))
-+
- # Basic statements
-
- class TypeAttribute(Leaf):
-@@ -472,8 +534,10 @@ class AVRule(Leaf):
- return "allow"
- elif self.rule_type == self.DONTAUDIT:
- return "dontaudit"
-- else:
-+ elif self.rule_type == self.AUDITALLOW:
- return "auditallow"
-+ elif self.rule_type == self.NEVERALLOW:
-+ return "neverallow"
-
- def from_av(self, av):
- """Add the access from an access vector to this allow
-@@ -497,6 +561,65 @@ class AVRule(Leaf):
- self.tgt_types.to_space_str(),
- self.obj_classes.to_space_str(),
- self.perms.to_space_str())
-+
-+class AVExtRule(Leaf):
-+ """Extended permission access vector rule.
-+
-+ The AVExtRule class represents allowxperm, dontauditxperm,
-+ auditallowxperm, and neverallowxperm rules.
-+
-+ The source and target types, and object classes are represented
-+ by sets containing strings. The operation is a single string,
-+ e.g. 'ioctl'. Extended permissions are represented by an XpermSet.
-+ """
-+ ALLOWXPERM = 0
-+ DONTAUDITXPERM = 1
-+ AUDITALLOWXPERM = 2
-+ NEVERALLOWXPERM = 3
-+
-+ def __init__(self, av=None, op=None, parent=None):
-+ Leaf.__init__(self, parent)
-+ self.src_types = IdSet()
-+ self.tgt_types = IdSet()
-+ self.obj_classes = IdSet()
-+ self.rule_type = self.ALLOWXPERM
-+ self.xperms = XpermSet()
-+ self.operation = op
-+ if av:
-+ self.from_av(av, op)
-+
-+ def __rule_type_str(self):
-+ if self.rule_type == self.ALLOWXPERM:
-+ return "allowxperm"
-+ elif self.rule_type == self.DONTAUDITXPERM:
-+ return "dontauditxperm"
-+ elif self.rule_type == self.AUDITALLOWXPERM:
-+ return "auditallowxperm"
-+ elif self.rule_type == self.NEVERALLOWXPERM:
-+ return "neverallowxperm"
-+
-+ def from_av(self, av, op):
-+ self.src_types.add(av.src_type)
-+ if av.src_type == av.tgt_type:
-+ self.tgt_types.add("self")
-+ else:
-+ self.tgt_types.add(av.tgt_type)
-+ self.obj_classes.add(av.obj_class)
-+ self.operation = op
-+ self.xperms = av.xperms[op]
-+
-+ def to_string(self):
-+ """Return a string representation of the rule that is
-+ a valid policy language representation (assuming that
-+ the types, object class, etc. are valid).
-+ """
-+ return "%s %s %s:%s %s %s;" % (self.__rule_type_str(),
-+ self.src_types.to_space_str(),
-+ self.tgt_types.to_space_str(),
-+ self.obj_classes.to_space_str(),
-+ self.operation,
-+ self.xperms.to_string())
-+
- class TypeRule(Leaf):
- """SELinux type rules.
-
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py
-index 998c435..56ebd80 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/sepolgeni18n.py
-@@ -19,7 +19,7 @@
-
- try:
- import gettext
-- t = gettext.translation( 'yumex' )
-+ t = gettext.translation( 'selinux-python' )
- _ = t.gettext
- except:
- def _(str):
-diff --git selinux-python-2.8/sepolgen/src/sepolgen/util.py selinux-python-2.8/sepolgen/src/sepolgen/util.py
-index 1fca971..b3d2616 100644
---- selinux-python-2.8/sepolgen/src/sepolgen/util.py
-+++ selinux-python-2.8/sepolgen/src/sepolgen/util.py
-@@ -125,7 +125,7 @@ class Comparison():
- _compare function within your class."""
-
- def _compare(self, other, method):
-- raise NotImplemented
-+ return NotImplemented
-
- def __eq__(self, other):
- return self._compare(other, lambda a, b: a == b)
-diff --git selinux-python-2.8/sepolgen/tests/test_access.py selinux-python-2.8/sepolgen/tests/test_access.py
-index d45a823..73a5407 100644
---- selinux-python-2.8/sepolgen/tests/test_access.py
-+++ selinux-python-2.8/sepolgen/tests/test_access.py
-@@ -32,6 +32,7 @@ class TestAccessVector(unittest.TestCase):
- self.assertEqual(a.obj_class, None)
- self.assertTrue(isinstance(a.perms, refpolicy.IdSet))
- self.assertTrue(isinstance(a.audit_msgs, type([])))
-+ self.assertTrue(isinstance(a.xperms, type({})))
- self.assertEqual(len(a.audit_msgs), 0)
-
- # Construction from a list
-@@ -61,6 +62,10 @@ class TestAccessVector(unittest.TestCase):
- self.assertEqual(a.obj_class, l.obj_class)
- self.assertEqual(a.perms, l.perms)
-
-+ l2 = access.AccessVector()
-+ with self.assertRaises(ValueError):
-+ l2.from_list(['foo', 'bar', 'file'])
-+
- def test_to_list(self):
- a = access.AccessVector()
- a.src_type = "foo"
-@@ -145,7 +150,80 @@ class TestAccessVector(unittest.TestCase):
-
- b.perms = refpolicy.IdSet(["read", "append"])
- self.assertNotEqual(a, b)
-+
-+ def test_merge_noxperm(self):
-+ """Test merging two AVs without xperms"""
-+ a = access.AccessVector(["foo", "bar", "file", "read", "write"])
-+ b = access.AccessVector(["foo", "bar", "file", "append"])
-+
-+ a.merge(b)
-+ self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
-+
-+ def text_merge_xperm1(self):
-+ """Test merging AV that contains xperms with AV that does not"""
-+ a = access.AccessVector(["foo", "bar", "file", "read"])
-+ b = access.AccessVector(["foo", "bar", "file", "read"])
-+ xp = refpolicy.XpermSet()
-+ xp.add(42)
-+ xp.add(12345)
-+ b.xperms = {"ioctl": xp}
-+
-+ a.merge(b)
-+ self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
-+ self.assertEqual(list(a.xperms.keys()), ["ioctl"])
-+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
-+
-+ def text_merge_xperm2(self):
-+ """Test merging AV that does not contain xperms with AV that does"""
-+ a = access.AccessVector(["foo", "bar", "file", "read"])
-+ xp = refpolicy.XpermSet()
-+ xp.add(42)
-+ xp.add(12345)
-+ a.xperms = {"ioctl": xp}
-+ b = access.AccessVector(["foo", "bar", "file", "read"])
-+
-+ a.merge(b)
-+ self.assertEqual(sorted(list(a.perms)), ["append", "read", "write"])
-+ self.assertEqual(list(a.xperms.keys()), ["ioctl"])
-+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
-+
-+ def test_merge_xperm_diff_op(self):
-+ """Test merging two AVs that contain xperms with different operation"""
-+ a = access.AccessVector(["foo", "bar", "file", "read"])
-+ xp1 = refpolicy.XpermSet()
-+ xp1.add(23)
-+ a.xperms = {"asdf": xp1}
-+
-+ b = access.AccessVector(["foo", "bar", "file", "read"])
-+ xp2 = refpolicy.XpermSet()
-+ xp2.add(42)
-+ xp2.add(12345)
-+ b.xperms = {"ioctl": xp2}
-+
-+ a.merge(b)
-+ self.assertEqual(list(a.perms), ["read"])
-+ self.assertEqual(sorted(list(a.xperms.keys())), ["asdf", "ioctl"])
-+ self.assertEqual(a.xperms["asdf"].to_string(), "23")
-+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 42 12345 }")
-
-+ def test_merge_xperm_same_op(self):
-+ """Test merging two AVs that contain xperms with same operation"""
-+ a = access.AccessVector(["foo", "bar", "file", "read"])
-+ xp1 = refpolicy.XpermSet()
-+ xp1.add(23)
-+ a.xperms = {"ioctl": xp1}
-+
-+ b = access.AccessVector(["foo", "bar", "file", "read"])
-+ xp2 = refpolicy.XpermSet()
-+ xp2.add(42)
-+ xp2.add(12345)
-+ b.xperms = {"ioctl": xp2}
-+
-+ a.merge(b)
-+ self.assertEqual(list(a.perms), ["read"])
-+ self.assertEqual(list(a.xperms.keys()), ["ioctl"])
-+ self.assertEqual(a.xperms["ioctl"].to_string(), "{ 23 42 12345 }")
-+
- class TestUtilFunctions(unittest.TestCase):
- def test_is_idparam(self):
- self.assertTrue(access.is_idparam("$1"))
-@@ -260,3 +338,53 @@ class TestAccessVectorSet(unittest.TestCase):
- b = access.AccessVectorSet()
- b.from_list(avl)
- self.assertEqual(len(b), 3)
-+
-+ def test_add_av_first(self):
-+ """Test adding first AV to the AV set"""
-+ avs = access.AccessVectorSet()
-+ av = access.AccessVector(['foo', 'bar', 'file', 'read'])
-+
-+ avs.add_av(av)
-+
-+ self.assertEqual(avs.to_list(), [['foo', 'bar', 'file', 'read']])
-+
-+ def test_add_av_second(self):
-+ """Test adding second AV to the AV set with same source and target
-+ context and class"""
-+ avs = access.AccessVectorSet()
-+ av1 = access.AccessVector(['foo', 'bar', 'file', 'read'])
-+ av2 = access.AccessVector(['foo', 'bar', 'file', 'write'])
-+
-+ avs.add_av(av1)
-+ avs.add_av(av2)
-+
-+ self.assertEqual(avs.to_list(), [['foo', 'bar', 'file', 'read',
-+ 'write']])
-+
-+ def test_add_av_with_msg(self):
-+ """Test adding audit message"""
-+ avs = access.AccessVectorSet()
-+ av = access.AccessVector(['foo', 'bar', 'file', 'read'])
-+
-+ avs.add_av(av, 'test message')
-+
-+ self.assertEqual(avs.src['foo']['bar']['file', av.type].audit_msgs,
-+ ['test message'])
-+
-+ def test_add(self):
-+ """Test adding AV to the set"""
-+ s = access.AccessVectorSet()
-+
-+ def test_add_av(av, audit_msg=None):
-+ self.assertEqual(av.src_type, 'foo')
-+ self.assertEqual(av.tgt_type, 'bar')
-+ self.assertEqual(av.obj_class, 'file')
-+ self.assertEqual(list(av.perms), ['read'])
-+ self.assertEqual(av.data, 'test data')
-+ self.assertEqual(av.type, 42)
-+ self.assertEqual(audit_msg, 'test message')
-+
-+ s.add_av = test_add_av
-+
-+ s.add("foo", "bar", "file", refpolicy.IdSet(["read"]),
-+ audit_msg='test message', avc_type=42, data='test data')
-diff --git selinux-python-2.8/sepolgen/tests/test_audit.py selinux-python-2.8/sepolgen/tests/test_audit.py
-index 6379954..dbe6be2 100644
---- selinux-python-2.8/sepolgen/tests/test_audit.py
-+++ selinux-python-2.8/sepolgen/tests/test_audit.py
-@@ -56,6 +56,18 @@ type=SYSCALL msg=audit(1162852201.019:1225): arch=40000003 syscall=11 success=ye
- type=AVC msg=audit(1162852201.019:1225): avc: denied { execute_no_trans } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
- type=AVC msg=audit(1162852201.019:1225): avc: denied { execute } for pid=6974 comm="sh" name="sa1" dev=dm-0 ino=13061698 scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file"""
-
-+xperms1 = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0x42 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0
-+"""
-+xperms2 = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0x42 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0
-+type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0x1234 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0
-+type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=0xdead scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0
-+type=AVC msg=audit(1516626657.910:4461): avc: denied { getattr } for pid=4310 comm="test" path="/root/test" ino=8619937 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=dir permissive=0
-+"""
-+xperms_invalid = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 ioctlcmd=asdf scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0
-+"""
-+xperms_without = """type=AVC msg=audit(1516626657.910:4461): avc: denied { ioctl } for pid=4310 comm="test" path="/root/test" ino=8619937 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:test_file_t:s0 tclass=file permissive=0
-+"""
-+
- class TestAVCMessage(unittest.TestCase):
- def test_defs(self):
- avc = sepolgen.audit.AVCMessage(audit1)
-@@ -64,6 +76,7 @@ class TestAVCMessage(unittest.TestCase):
- self.assertEqual(avc.tcontext, sc)
- self.assertEqual(avc.tclass, "")
- self.assertEqual(avc.accesses, [])
-+ self.assertEqual(avc.ioctlcmd, None)
-
- def test_granted(self):
- avc = sepolgen.audit.AVCMessage(granted1)
-@@ -84,6 +97,29 @@ class TestAVCMessage(unittest.TestCase):
-
- self.assertEqual(avc.denial, False)
-
-+ def test_xperms(self):
-+ """Test that the ioctlcmd field is parsed"""
-+ avc = sepolgen.audit.AVCMessage(xperms1)
-+ recs = xperms1.split()
-+ avc.from_split_string(recs)
-+
-+ self.assertEqual(avc.ioctlcmd, 66)
-+
-+ def test_xperms_invalid(self):
-+ """Test message with invalid value in the ioctlcmd field"""
-+ avc = sepolgen.audit.AVCMessage(xperms_invalid)
-+ recs = xperms_invalid.split()
-+ avc.from_split_string(recs)
-+
-+ self.assertIsNone(avc.ioctlcmd)
-+
-+ def test_xperms_without(self):
-+ """Test message without the ioctlcmd field"""
-+ avc = sepolgen.audit.AVCMessage(xperms_without)
-+ recs = xperms_without.split()
-+ avc.from_split_string(recs)
-+
-+ self.assertIsNone(avc.ioctlcmd)
-
- def test_from_split_string(self):
- # syslog message
-@@ -172,6 +208,20 @@ class TestAuditParser(unittest.TestCase):
- self.assertEqual(len(a.invalid_msgs), 0)
- self.assertEqual(len(a.policy_load_msgs), 0)
-
-+ def test_parse_xperms(self):
-+ """ Test that correct access vectors are generated from a set of AVC
-+ denial messages. """
-+ a = sepolgen.audit.AuditParser()
-+ a.parse_string(xperms2)
-+ av_set = a.to_access()
-+
-+ self.assertEqual(len(av_set), 2)
-+ av_list = list(sorted(av_set))
-+ self.assertEqual(av_list[0].xperms, {})
-+ self.assertEqual(list(av_list[1].xperms), ["ioctl"])
-+ self.assertEqual(av_list[1].xperms["ioctl"].ranges, [(66,66),
-+ (4660,4660), (57005,57005)])
-+
- class TestGeneration(unittest.TestCase):
- def test_generation(self):
- parser = sepolgen.audit.AuditParser()
-diff --git selinux-python-2.8/sepolgen/tests/test_policygen.py selinux-python-2.8/sepolgen/tests/test_policygen.py
-index 58d1adf..59496e8 100644
---- selinux-python-2.8/sepolgen/tests/test_policygen.py
-+++ selinux-python-2.8/sepolgen/tests/test_policygen.py
-@@ -19,13 +19,117 @@
-
- import unittest
- import sepolgen.policygen as policygen
-+import sepolgen.access as access
-+import sepolgen.refpolicy as refpolicy
-
--class PolicyGenerator(unittest.TestCase):
-- def __init__(self):
-- g = policygen.PolicyGenerator()
--
-+class TestPolicyGenerator(unittest.TestCase):
-+ def setUp(self):
-+ self.g = policygen.PolicyGenerator()
-
-+ def test_init(self):
-+ """ Test that extended permission AV rules are not generated by
-+ default. """
-+ self.assertFalse(self.g.xperms)
-
-+ def test_set_gen_xperms(self):
-+ """ Test turning on and off generating of extended permission
-+ AV rules. """
-+ self.g.set_gen_xperms(True)
-+ self.assertTrue(self.g.xperms)
-+ self.g.set_gen_xperms(False)
-+ self.assertFalse(self.g.xperms)
-
-+ def test_av_rules(self):
-+ """ Test generating of AV rules from access vectors. """
-+ av1 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "ioctl"])
-+ av2 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "open"])
-+ av3 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "read"])
-
-+ avs = access.AccessVectorSet()
-+ avs.add_av(av1)
-+ avs.add_av(av2)
-+ avs.add_av(av3)
-+
-+ self.g.add_access(avs)
-+
-+ self.assertEqual(len(self.g.module.children), 1)
-+ r = self.g.module.children[0]
-+ self.assertIsInstance(r, refpolicy.AVRule)
-+ self.assertEqual(r.to_string(),
-+ "allow test_src_t test_tgt_t:file { ioctl open read };")
-+
-+ def test_ext_av_rules(self):
-+ """ Test generating of extended permission AV rules from access
-+ vectors. """
-+ self.g.set_gen_xperms(True)
-+
-+ av1 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "ioctl"])
-+ av1.xperms['ioctl'] = refpolicy.XpermSet()
-+ av1.xperms['ioctl'].add(42)
-+ av2 = access.AccessVector(["test_src_t", "test_tgt_t", "file", "ioctl"])
-+ av2.xperms['ioctl'] = refpolicy.XpermSet()
-+ av2.xperms['ioctl'].add(1234)
-+ av3 = access.AccessVector(["test_src_t", "test_tgt_t", "dir", "ioctl"])
-+ av3.xperms['ioctl'] = refpolicy.XpermSet()
-+ av3.xperms['ioctl'].add(2345)
-+
-+ avs = access.AccessVectorSet()
-+ avs.add_av(av1)
-+ avs.add_av(av2)
-+ avs.add_av(av3)
-+
-+ self.g.add_access(avs)
-+
-+ self.assertEqual(len(self.g.module.children), 4)
-+
-+ # we cannot sort the rules, so find all rules manually
-+ av_rule1 = av_rule2 = av_ext_rule1 = av_ext_rule2 = None
-+
-+ for r in self.g.module.children:
-+ if isinstance(r, refpolicy.AVRule):
-+ if 'file' in r.obj_classes:
-+ av_rule1 = r
-+ else:
-+ av_rule2 = r
-+ elif isinstance(r, refpolicy.AVExtRule):
-+ if 'file' in r.obj_classes:
-+ av_ext_rule1 = r
-+ else:
-+ av_ext_rule2 = r
-+ else:
-+ self.fail("Unexpected rule type '%s'" % type(r))
-+
-+ # check that all rules are present
-+ self.assertNotIn(None, (av_rule1, av_rule2, av_ext_rule1, av_ext_rule2))
-+
-+ self.assertEqual(av_rule1.rule_type, av_rule1.ALLOW)
-+ self.assertEqual(av_rule1.src_types, {"test_src_t"})
-+ self.assertEqual(av_rule1.tgt_types, {"test_tgt_t"})
-+ self.assertEqual(av_rule1.obj_classes, {"file"})
-+ self.assertEqual(av_rule1.perms, {"ioctl"})
-+
-+ self.assertEqual(av_ext_rule1.rule_type, av_ext_rule1.ALLOWXPERM)
-+ self.assertEqual(av_ext_rule1.src_types, {"test_src_t"})
-+ self.assertEqual(av_ext_rule1.tgt_types, {"test_tgt_t"})
-+ self.assertEqual(av_ext_rule1.obj_classes, {"file"})
-+ self.assertEqual(av_ext_rule1.operation, "ioctl")
-+ xp1 = refpolicy.XpermSet()
-+ xp1.add(42)
-+ xp1.add(1234)
-+ self.assertEqual(av_ext_rule1.xperms.ranges, xp1.ranges)
-+
-+ self.assertEqual(av_rule2.rule_type, av_rule2.ALLOW)
-+ self.assertEqual(av_rule2.src_types, {"test_src_t"})
-+ self.assertEqual(av_rule2.tgt_types, {"test_tgt_t"})
-+ self.assertEqual(av_rule2.obj_classes, {"dir"})
-+ self.assertEqual(av_rule2.perms, {"ioctl"})
-+
-+ self.assertEqual(av_ext_rule2.rule_type, av_ext_rule2.ALLOWXPERM)
-+ self.assertEqual(av_ext_rule2.src_types, {"test_src_t"})
-+ self.assertEqual(av_ext_rule2.tgt_types, {"test_tgt_t"})
-+ self.assertEqual(av_ext_rule2.obj_classes, {"dir"})
-+ self.assertEqual(av_ext_rule2.operation, "ioctl")
-+ xp2 = refpolicy.XpermSet()
-+ xp2.add(2345)
-+ self.assertEqual(av_ext_rule2.xperms.ranges, xp2.ranges)
-
-diff --git selinux-python-2.8/sepolgen/tests/test_refpolicy.py selinux-python-2.8/sepolgen/tests/test_refpolicy.py
-index 16e6680..64c48df 100644
---- selinux-python-2.8/sepolgen/tests/test_refpolicy.py
-+++ selinux-python-2.8/sepolgen/tests/test_refpolicy.py
-@@ -19,6 +19,7 @@
-
- import unittest
- import sepolgen.refpolicy as refpolicy
-+import sepolgen.access as access
- import selinux
-
- class TestIdSet(unittest.TestCase):
-@@ -33,6 +34,74 @@ class TestIdSet(unittest.TestCase):
- s.add("read")
- self.assertEqual(s.to_space_str(), "read")
-
-+class TestXpermSet(unittest.TestCase):
-+ def test_init(self):
-+ """ Test that all atttributes are correctly initialized. """
-+ s1 = refpolicy.XpermSet()
-+ self.assertEqual(s1.complement, False)
-+ self.assertEqual(s1.ranges, [])
-+
-+ s2 = refpolicy.XpermSet(True)
-+ self.assertEqual(s2.complement, True)
-+ self.assertEqual(s2.ranges, [])
-+
-+ def test_normalize_ranges(self):
-+ """ Test that ranges that are overlapping or neighboring are correctly
-+ merged into one range. """
-+ s = refpolicy.XpermSet()
-+ s.ranges = [(1, 7), (5, 10), (100, 110), (102, 107), (200, 205),
-+ (205, 210), (300, 305), (306, 310), (400, 405), (407, 410),
-+ (500, 502), (504, 508), (500, 510)]
-+ s._XpermSet__normalize_ranges()
-+
-+ i = 0
-+ r = list(sorted(s.ranges))
-+ while i < len(r) - 1:
-+ # check that range low bound is less than equal than the upper bound
-+ self.assertLessEqual(r[i][0], r[i][1])
-+ # check that two ranges are not overlapping or neighboring
-+ self.assertGreater(r[i + 1][0] - r[i][1], 1)
-+ i += 1
-+
-+ def test_add(self):
-+ """ Test adding new values or ranges to the set. """
-+ s = refpolicy.XpermSet()
-+ s.add(1, 7)
-+ s.add(5, 10)
-+ s.add(42)
-+ self.assertEqual(s.ranges, [(1,10), (42,42)])
-+
-+ def test_extend(self):
-+ """ Test adding ranges from another XpermSet object. """
-+ a = refpolicy.XpermSet()
-+ a.add(1, 7)
-+
-+ b = refpolicy.XpermSet()
-+ b.add(5, 10)
-+
-+ a.extend(b)
-+ self.assertEqual(a.ranges, [(1,10)])
-+
-+ def test_to_string(self):
-+ """ Test printing the values to a string. """
-+ a = refpolicy.XpermSet()
-+ a.complement = False
-+ self.assertEqual(a.to_string(), "")
-+ a.complement = True
-+ self.assertEqual(a.to_string(), "")
-+ a.add(1234)
-+ self.assertEqual(a.to_string(), "~ 1234")
-+ a.complement = False
-+ self.assertEqual(a.to_string(), "1234")
-+ a.add(2345)
-+ self.assertEqual(a.to_string(), "{ 1234 2345 }")
-+ a.complement = True
-+ self.assertEqual(a.to_string(), "~ { 1234 2345 }")
-+ a.add(42,64)
-+ self.assertEqual(a.to_string(), "~ { 42-64 1234 2345 }")
-+ a.complement = False
-+ self.assertEqual(a.to_string(), "{ 42-64 1234 2345 }")
-+
- class TestSecurityContext(unittest.TestCase):
- def test_init(self):
- sc = refpolicy.SecurityContext()
-@@ -110,6 +179,76 @@ class TestAVRule(unittest.TestCase):
- b.sort()
- self.assertEqual(a, b)
-
-+class TestAVExtRule(unittest.TestCase):
-+ def test_init(self):
-+ """ Test initialization of attributes """
-+ a = refpolicy.AVExtRule()
-+ self.assertEqual(a.rule_type, a.ALLOWXPERM)
-+ self.assertIsInstance(a.src_types, set)
-+ self.assertIsInstance(a.tgt_types, set)
-+ self.assertIsInstance(a.obj_classes, set)
-+ self.assertIsNone(a.operation)
-+ self.assertIsInstance(a.xperms, refpolicy.XpermSet)
-+
-+ def test_rule_type_str(self):
-+ """ Test strings returned by __rule_type_str() """
-+ a = refpolicy.AVExtRule()
-+ self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm")
-+ a.rule_type = a.ALLOWXPERM
-+ self.assertEqual(a._AVExtRule__rule_type_str(), "allowxperm")
-+ a.rule_type = a.DONTAUDITXPERM
-+ self.assertEqual(a._AVExtRule__rule_type_str(), "dontauditxperm")
-+ a.rule_type = a.NEVERALLOWXPERM
-+ self.assertEqual(a._AVExtRule__rule_type_str(), "neverallowxperm")
-+ a.rule_type = a.AUDITALLOWXPERM
-+ self.assertEqual(a._AVExtRule__rule_type_str(), "auditallowxperm")
-+ a.rule_type = 42
-+ self.assertIsNone(a._AVExtRule__rule_type_str())
-+
-+ def test_from_av(self):
-+ """ Test creating the rule from an access vector. """
-+ av = access.AccessVector(["foo", "bar", "file", "ioctl"])
-+ xp = refpolicy.XpermSet()
-+ av.xperms = { "ioctl": xp }
-+
-+ a = refpolicy.AVExtRule()
-+
-+ a.from_av(av, "ioctl")
-+ self.assertEqual(a.src_types, {"foo"})
-+ self.assertEqual(a.tgt_types, {"bar"})
-+ self.assertEqual(a.obj_classes, {"file"})
-+ self.assertEqual(a.operation, "ioctl")
-+ self.assertIs(a.xperms, xp)
-+
-+ def test_from_av_self(self):
-+ """ Test creating the rule from an access vector that has same
-+ source and target context. """
-+ av = access.AccessVector(["foo", "foo", "file", "ioctl"])
-+ xp = refpolicy.XpermSet()
-+ av.xperms = { "ioctl": xp }
-+
-+ a = refpolicy.AVExtRule()
-+
-+ a.from_av(av, "ioctl")
-+ self.assertEqual(a.src_types, {"foo"})
-+ self.assertEqual(a.tgt_types, {"self"})
-+ self.assertEqual(a.obj_classes, {"file"})
-+ self.assertEqual(a.operation, "ioctl")
-+ self.assertIs(a.xperms, xp)
-+
-+ def test_to_string(self):
-+ """ Test printing the rule to a string. """
-+ a = refpolicy.AVExtRule()
-+ a._AVExtRule__rule_type_str = lambda: "first"
-+ a.src_types.to_space_str = lambda: "second"
-+ a.tgt_types.to_space_str = lambda: "third"
-+ a.obj_classes.to_space_str = lambda: "fourth"
-+ a.operation = "fifth"
-+ a.xperms.to_string = lambda: "seventh"
-+
-+ self.assertEqual(a.to_string(),
-+ "first second third:fourth fifth seventh;")
-+
- class TestTypeRule(unittest.TestCase):
- def test_init(self):
- a = refpolicy.TypeRule()
-diff --git selinux-python-2.8/sepolicy/sepolicy.py selinux-python-2.8/sepolicy/sepolicy.py
-index 141f64e..5880176 100755
---- selinux-python-2.8/sepolicy/sepolicy.py
-+++ selinux-python-2.8/sepolicy/sepolicy.py
-@@ -27,7 +27,7 @@ import selinux
- import sepolicy
- from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
- import argparse
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-@@ -60,8 +60,6 @@ class CheckPath(argparse.Action):
- class CheckType(argparse.Action):
-
- def __call__(self, parser, namespace, values, option_string=None):
-- domains = sepolicy.get_all_domains()
--
- if isinstance(values, str):
- setattr(namespace, self.dest, values)
- else:
-@@ -103,6 +101,7 @@ class CheckDomain(argparse.Action):
- domains = sepolicy.get_all_domains()
-
- if isinstance(values, str):
-+ values = sepolicy.get_real_type_name(values)
- if values not in domains:
- raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (values, ", ".join(domains)))
- setattr(namespace, self.dest, values)
-@@ -112,6 +111,7 @@ class CheckDomain(argparse.Action):
- newval = []
-
- for v in values:
-+ v = sepolicy.get_real_type_name(v)
- if v not in domains:
- raise ValueError("%s must be an SELinux process domain:\nValid domains: %s" % (v, ", ".join(domains)))
- newval.append(v)
-@@ -167,10 +167,11 @@ class CheckPortType(argparse.Action):
- if not newval:
- newval = []
- for v in values:
-+ v = sepolicy.get_real_type_name(v)
- if v not in port_types:
- raise ValueError("%s must be an SELinux port type:\nValid port types: %s" % (v, ", ".join(port_types)))
- newval.append(v)
-- setattr(namespace, self.dest, values)
-+ setattr(namespace, self.dest, newval)
-
-
- class LoadPolicy(argparse.Action):
-diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
-index 89346ab..6039489 100644
---- selinux-python-2.8/sepolicy/sepolicy/__init__.py
-+++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
-@@ -15,7 +15,7 @@ import os
- import re
- import gzip
-
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-@@ -129,6 +129,13 @@ def get_installed_policy(root="/"):
- pass
- raise ValueError(_("No SELinux Policy installed"))
-
-+def get_store_policy(store, root="/"):
-+ try:
-+ policies = glob.glob("%s%s/policy/policy.*" % (selinux.selinux_path(), store))
-+ policies.sort()
-+ return policies[-1]
-+ except:
-+ return None
-
- def policy(policy_file):
- global all_domains
-@@ -156,6 +163,11 @@ def policy(policy_file):
- except:
- raise ValueError(_("Failed to read %s policy file") % policy_file)
-
-+def load_store_policy(store):
-+ policy_file = get_store_policy(store)
-+ if not policy_file:
-+ return None
-+ policy(policy_file)
-
- try:
- policy_file = get_installed_policy()
-@@ -168,15 +180,21 @@ except ValueError as e:
- def info(setype, name=None):
- if setype == TYPE:
- q = setools.TypeQuery(_pol)
-- if name:
-- q.name = name
-+ q.name = name
-+ results = list(q.results())
-+
-+ if name and len(results) < 1:
-+ # type not found, try alias
-+ q.name = None
-+ q.alias = name
-+ results = list(q.results())
-
- return ({
- 'aliases': list(map(str, x.aliases())),
- 'name': str(x),
- 'permissive': bool(x.ispermissive),
- 'attributes': list(map(str, x.attributes()))
-- } for x in q.results())
-+ } for x in results)
-
- elif setype == ROLE:
- q = setools.RoleQuery(_pol)
-@@ -272,34 +290,38 @@ def _setools_rule_to_dict(rule):
- 'class': str(rule.tclass),
- }
-
-+ # Evaluate boolean expression associated with given rule (if there is any)
- try:
-- enabled = bool(rule.qpol_symbol.is_enabled(rule.policy))
-+ # Get state of all booleans in the conditional expression
-+ boolstate = {}
-+ for boolean in rule.conditional.booleans:
-+ boolstate[str(boolean)] = boolean.state
-+ # evaluate if the rule is enabled
-+ enabled = rule.conditional.evaluate(**boolstate) == rule.conditional_block
- except AttributeError:
-+ # non-conditional rules are always enabled
- enabled = True
-
-- if isinstance(rule, setools.policyrep.terule.AVRule):
-- d['enabled'] = enabled
-+ d['enabled'] = enabled
-
- try:
- d['permlist'] = list(map(str, rule.perms))
-- except setools.policyrep.exception.RuleUseError:
-+ except AttributeError:
- pass
-
- try:
- d['transtype'] = str(rule.default)
-- except setools.policyrep.exception.RuleUseError:
-+ except AttributeError:
- pass
-
- try:
- d['boolean'] = [(str(rule.conditional), enabled)]
-- except (AttributeError, setools.policyrep.exception.RuleNotConditional):
-+ except AttributeError:
- pass
-
- try:
- d['filename'] = rule.filename
-- except (AttributeError,
-- setools.policyrep.exception.RuleNotConditional,
-- setools.policyrep.exception.TERuleNoFilename):
-+ except AttributeError:
- pass
-
- return d
-@@ -334,6 +356,8 @@ def search(types, seinfo=None):
- tertypes.append(NEVERALLOW)
- if AUDITALLOW in types:
- tertypes.append(AUDITALLOW)
-+ if DONTAUDIT in types:
-+ tertypes.append(DONTAUDIT)
-
- if len(tertypes) > 0:
- q = setools.TERuleQuery(_pol,
-@@ -437,6 +461,20 @@ def get_file_types(setype):
- return mpaths
-
-
-+def get_real_type_name(name):
-+ """Return the real name of a type
-+
-+ * If 'name' refers to a type alias, return the corresponding type name.
-+ * Otherwise return the original name (even if the type does not exist).
-+ """
-+ if not name:
-+ return name
-+
-+ try:
-+ return next(info(TYPE, name))["name"]
-+ except (RuntimeError, StopIteration):
-+ return name
-+
- def get_writable_files(setype):
- file_types = get_all_file_types()
- all_writes = []
-@@ -1048,6 +1086,8 @@ def _dict_has_perms(dict, perms):
- def gen_short_name(setype):
- all_domains = get_all_domains()
- if setype.endswith("_t"):
-+ # replace aliases with corresponding types
-+ setype = get_real_type_name(setype)
- domainname = setype[:-2]
- else:
- domainname = setype
-@@ -1160,27 +1200,14 @@ def boolean_desc(boolean):
-
-
- def get_os_version():
-- os_version = ""
-- pkg_name = "selinux-policy"
-+ system_release = ""
- try:
-- try:
-- from commands import getstatusoutput
-- except ImportError:
-- from subprocess import getstatusoutput
-- rc, output = getstatusoutput("rpm -q '%s'" % pkg_name)
-- if rc == 0:
-- os_version = output.split(".")[-2]
-- except:
-- os_version = ""
--
-- if os_version[0:2] == "fc":
-- os_version = "Fedora" + os_version[2:]
-- elif os_version[0:2] == "el":
-- os_version = "RHEL" + os_version[2:]
-- else:
-- os_version = ""
-+ with open('/etc/system-release') as f:
-+ system_release = f.readline().rstrip()
-+ except IOError:
-+ system_release = "Misc"
-
-- return os_version
-+ return system_release
-
-
- def reinit():
-diff --git selinux-python-2.8/sepolicy/sepolicy/generate.py selinux-python-2.8/sepolicy/sepolicy/generate.py
-index f814e27..8e53033 100644
---- selinux-python-2.8/sepolicy/sepolicy/generate.py
-+++ selinux-python-2.8/sepolicy/sepolicy/generate.py
-@@ -52,7 +52,7 @@ import sepolgen.defaults as defaults
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-@@ -103,7 +103,9 @@ def get_all_ports():
- for p in sepolicy.info(sepolicy.PORT):
- if p['type'] == "reserved_port_t" or \
- p['type'] == "port_t" or \
-- p['type'] == "hi_reserved_port_t":
-+ p['type'] == "hi_reserved_port_t" or \
-+ p['type'] == "ephemeral_port_t" or \
-+ p['type'] == "unreserved_port_t":
- continue
- dict[(p['low'], p['high'], p['protocol'])] = (p['type'], p.get('range'))
- return dict
-diff --git selinux-python-2.8/sepolicy/sepolicy/gui.py selinux-python-2.8/sepolicy/sepolicy/gui.py
-index 537d516..63aa02c 100644
---- selinux-python-2.8/sepolicy/sepolicy/gui.py
-+++ selinux-python-2.8/sepolicy/sepolicy/gui.py
-@@ -43,7 +43,7 @@ import os
- import re
- import unicodedata
-
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-python-2.8/sepolicy/sepolicy/interface.py selinux-python-2.8/sepolicy/sepolicy/interface.py
-index 18374dc..ca0122d 100644
---- selinux-python-2.8/sepolicy/sepolicy/interface.py
-+++ selinux-python-2.8/sepolicy/sepolicy/interface.py
-@@ -32,7 +32,7 @@ __all__ = ['get_all_interfaces', 'get_interfaces_from_xml', 'get_admin', 'get_us
- ##
- ## I18N
- ##
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-python"
- try:
- import gettext
- kwargs = {}
-diff --git selinux-python-2.8/sepolicy/sepolicy/manpage.py selinux-python-2.8/sepolicy/sepolicy/manpage.py
-index ed8cb71..8121e5c 100755
---- selinux-python-2.8/sepolicy/sepolicy/manpage.py
-+++ selinux-python-2.8/sepolicy/sepolicy/manpage.py
-@@ -126,8 +126,33 @@ def gen_domains():
- domains.sort()
- return domains
-
--types = None
-
-+exec_types = None
-+
-+def _gen_exec_types():
-+ global exec_types
-+ if exec_types is None:
-+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
-+ return exec_types
-+
-+entry_types = None
-+
-+def _gen_entry_types():
-+ global entry_types
-+ if entry_types is None:
-+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
-+ return entry_types
-+
-+mcs_constrained_types = None
-+
-+def _gen_mcs_constrained_types():
-+ global mcs_constrained_types
-+ if mcs_constrained_types is None:
-+ mcs_constrained_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
-+ return mcs_constrained_types
-+
-+
-+types = None
-
- def _gen_types():
- global types
-@@ -150,10 +175,6 @@ def prettyprint(f, trim):
- manpage_domains = []
- manpage_roles = []
-
--fedora_releases = ["Fedora17", "Fedora18"]
--rhel_releases = ["RHEL6", "RHEL7"]
--
--
- def get_alphabet_manpages(manpage_list):
- alphabet_manpages = dict.fromkeys(string.ascii_letters, [])
- for i in string.ascii_letters:
-@@ -183,7 +204,7 @@ def convert_manpage_to_html(html_manpage, manpage):
- class HTMLManPages:
-
- """
-- Generate a HHTML Manpages on an given SELinux domains
-+ Generate a HTML Manpages on an given SELinux domains
- """
-
- def __init__(self, manpage_roles, manpage_domains, path, os_version):
-@@ -191,9 +212,9 @@ class HTMLManPages:
- self.manpage_domains = get_alphabet_manpages(manpage_domains)
- self.os_version = os_version
- self.old_path = path + "/"
-- self.new_path = self.old_path + self.os_version + "/"
-+ self.new_path = self.old_path
-
-- if self.os_version in fedora_releases or self.os_version in rhel_releases:
-+ if self.os_version:
- self.__gen_html_manpages()
- else:
- print("SELinux HTML man pages can not be generated for this %s" % os_version)
-@@ -202,7 +223,6 @@ class HTMLManPages:
- def __gen_html_manpages(self):
- self._write_html_manpage()
- self._gen_index()
-- self._gen_body()
- self._gen_css()
-
- def _write_html_manpage(self):
-@@ -220,67 +240,21 @@ class HTMLManPages:
- convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r)
-
- def _gen_index(self):
-- index = self.old_path + "index.html"
-- fd = open(index, 'w')
-- fd.write("""
--<html>
--<head>
-- <link rel=stylesheet type="text/css" href="style.css" title="style">
-- <title>SELinux man pages online</title>
--</head>
--<body>
--<h1>SELinux man pages</h1>
--<br></br>
--Fedora or Red Hat Enterprise Linux Man Pages.</h2>
--<br></br>
--<hr>
--<h3>Fedora</h3>
--<table><tr>
--<td valign="middle">
--</td>
--</tr></table>
--<pre>
--""")
-- for f in fedora_releases:
-- fd.write("""
--<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (f, f, f, f))
--
-- fd.write("""
--</pre>
--<hr>
--<h3>RHEL</h3>
--<table><tr>
--<td valign="middle">
--</td>
--</tr></table>
--<pre>
--""")
-- for r in rhel_releases:
-- fd.write("""
--<a href=%s/%s.html>%s</a> - SELinux man pages for %s """ % (r, r, r, r))
--
-- fd.write("""
--</pre>
-- """)
-- fd.close()
-- print("%s has been created" % index)
--
-- def _gen_body(self):
- html = self.new_path + self.os_version + ".html"
- fd = open(html, 'w')
- fd.write("""
- <html>
- <head>
-- <link rel=stylesheet type="text/css" href="../style.css" title="style">
-- <title>Linux man-pages online for Fedora18</title>
-+ <link rel=stylesheet type="text/css" href="style.css" title="style">
-+ <title>SELinux man pages</title>
- </head>
- <body>
--<h1>SELinux man pages for Fedora18</h1>
-+<h1>SELinux man pages for %s</h1>
- <hr>
- <table><tr>
- <td valign="middle">
- <h3>SELinux roles</h3>
--""")
-+""" % self.os_version)
- for letter in self.manpage_roles:
- if len(self.manpage_roles[letter]):
- fd.write("""
-@@ -424,6 +398,9 @@ class ManPage:
- self.all_file_types = sepolicy.get_all_file_types()
- self.role_allows = sepolicy.get_all_role_allows()
- self.types = _gen_types()
-+ self.exec_types = _gen_exec_types()
-+ self.entry_types = _gen_entry_types()
-+ self.mcs_constrained_types = _gen_mcs_constrained_types()
-
- if self.source_files:
- self.fcpath = self.root + "file_contexts"
-@@ -736,10 +713,13 @@ Default Defined Ports:""")
-
- def _file_context(self):
- flist = []
-+ flist_non_exec = []
- mpaths = []
- for f in self.all_file_types:
- if f.startswith(self.domainname):
- flist.append(f)
-+ if not f in self.exec_types or not f in self.entry_types:
-+ flist_non_exec.append(f)
- if f in self.fcdict:
- mpaths = mpaths + self.fcdict[f]["regex"]
- if len(mpaths) == 0:
-@@ -791,19 +771,20 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
- .PP
- """ % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
-
-- self.fd.write(r"""
-+ if flist_non_exec:
-+ self.fd.write(r"""
- .PP
- .B STANDARD FILE CONTEXT
-
- SELinux defines the file context types for the %(domainname)s, if you wanted to
- store files with these types in a diffent paths, you need to execute the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.
-
--.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
-+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
- .br
- .B restorecon -R -v /srv/my%(domainname)s_content
-
- Note: SELinux often uses regular expressions to specify labels that match multiple files.
--""" % {'domainname': self.domainname, "type": flist[0]})
-+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
-
- self.fd.write(r"""
- .I The following file types are defined for %(domainname)s:
-@@ -974,11 +955,7 @@ All executeables with the default executable label, usually stored in /usr/bin a
- %s""" % ", ".join(paths))
-
- def _mcs_types(self):
-- try:
-- mcs_constrained_type = next(sepolicy.info(sepolicy.ATTRIBUTE, "mcs_constrained_type"))
-- except StopIteration:
-- return
-- if self.type not in mcs_constrained_type['types']:
-+ if self.type not in self.mcs_constrained_types['types']:
- return
- self.fd.write ("""
- .SH "MCS Constrained"
diff --git a/SOURCES/selinux-sandbox-fedora.patch b/SOURCES/selinux-sandbox-fedora.patch
deleted file mode 100644
index 4986b98..0000000
--- a/SOURCES/selinux-sandbox-fedora.patch
+++ /dev/null
@@ -1,186 +0,0 @@
-diff --git selinux-sandbox-2.8/Makefile selinux-sandbox-2.8/Makefile
-index 49c1d3f..9e45329 100644
---- selinux-sandbox-2.8/Makefile
-+++ selinux-sandbox-2.8/Makefile
-@@ -12,6 +12,7 @@ override LDLIBS += -lselinux -lcap-ng
- SEUNSHARE_OBJS = seunshare.o
-
- all: sandbox seunshare sandboxX.sh start
-+ (cd po && $(MAKE) $@)
-
- seunshare: $(SEUNSHARE_OBJS)
-
-@@ -30,6 +31,7 @@ install: all
- install -m 755 start $(DESTDIR)$(SHAREDIR)
- -mkdir -p $(DESTDIR)$(SYSCONFDIR)
- install -m 644 sandbox.conf $(DESTDIR)$(SYSCONFDIR)/sandbox
-+ (cd po && $(MAKE) $@)
-
- test:
- @$(PYTHON) test_sandbox.py -v
-diff --git selinux-sandbox-2.8/po/Makefile selinux-sandbox-2.8/po/Makefile
-new file mode 100644
-index 0000000..0556bbe
---- /dev/null
-+++ selinux-sandbox-2.8/po/Makefile
-@@ -0,0 +1,82 @@
-+#
-+# Makefile for the PO files (translation) catalog
-+#
-+
-+PREFIX ?= /usr
-+
-+# What is this package?
-+NLSPACKAGE = sandbox
-+POTFILE = $(NLSPACKAGE).pot
-+INSTALL = /usr/bin/install -c -p
-+INSTALL_DATA = $(INSTALL) -m 644
-+INSTALL_DIR = /usr/bin/install -d
-+
-+# destination directory
-+INSTALL_NLS_DIR = $(PREFIX)/share/locale
-+
-+# PO catalog handling
-+MSGMERGE = msgmerge
-+MSGMERGE_FLAGS = -q
-+XGETTEXT = xgettext -L Python --default-domain=$(NLSPACKAGE)
-+MSGFMT = msgfmt
-+
-+# All possible linguas
-+PO_LINGUAS := $(sort $(patsubst %.po,%,$(wildcard *.po)))
-+
-+# Only the files matching what the user has set in LINGUAS
-+USER_LINGUAS := $(filter $(patsubst %,%%,$(LINGUAS)),$(PO_LINGUAS))
-+
-+# if no valid LINGUAS, build all languages
-+USE_LINGUAS := $(if $(USER_LINGUAS),$(USER_LINGUAS),$(PO_LINGUAS))
-+
-+POFILES = $(patsubst %,%.po,$(USE_LINGUAS))
-+MOFILES = $(patsubst %.po,%.mo,$(POFILES))
-+POTFILES = $(shell cat POTFILES)
-+
-+#default:: clean
-+
-+all:: $(POTFILE) $(MOFILES)
-+
-+$(POTFILE): $(POTFILES)
-+ $(XGETTEXT) --keyword=_ --keyword=N_ $(POTFILES)
-+ @if cmp -s $(NLSPACKAGE).po $(POTFILE); then \
-+ rm -f $(NLSPACKAGE).po; \
-+ else \
-+ mv -f $(NLSPACKAGE).po $(POTFILE); \
-+ fi; \
-+
-+
-+refresh-po: Makefile
-+ for cat in $(POFILES); do \
-+ lang=`basename $$cat .po`; \
-+ if $(MSGMERGE) $(MSGMERGE_FLAGS) $$lang.po $(POTFILE) > $$lang.pot ; then \
-+ mv -f $$lang.pot $$lang.po ; \
-+ echo "$(MSGMERGE) of $$lang succeeded" ; \
-+ else \
-+ echo "$(MSGMERGE) of $$lang failed" ; \
-+ rm -f $$lang.pot ; \
-+ fi \
-+ done
-+
-+clean:
-+ @rm -fv *mo *~ .depend
-+ @rm -rf tmp
-+
-+install: $(MOFILES)
-+ @for n in $(MOFILES); do \
-+ l=`basename $$n .mo`; \
-+ $(INSTALL_DIR) $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES; \
-+ $(INSTALL_DATA) --verbose $$n $(DESTDIR)$(INSTALL_NLS_DIR)/$$l/LC_MESSAGES/selinux-$(NLSPACKAGE).mo; \
-+ done
-+
-+%.mo: %.po
-+ $(MSGFMT) -o $@ $<
-+report:
-+ @for cat in $(wildcard *.po); do \
-+ echo -n "$$cat: "; \
-+ msgfmt -v --statistics -o /dev/null $$cat; \
-+ done
-+
-+.PHONY: missing depend
-+
-+relabel:
-diff --git selinux-sandbox-2.8/po/POTFILES selinux-sandbox-2.8/po/POTFILES
-new file mode 100644
-index 0000000..deff3f2
---- /dev/null
-+++ selinux-sandbox-2.8/po/POTFILES
-@@ -0,0 +1 @@
-+../sandbox
-diff --git selinux-sandbox-2.8/sandbox selinux-sandbox-2.8/sandbox
-index c07a1d8..948496d 100644
---- selinux-sandbox-2.8/sandbox
-+++ selinux-sandbox-2.8/sandbox
-@@ -37,7 +37,7 @@ import sepolicy
-
- SEUNSHARE = "/usr/sbin/seunshare"
- SANDBOXSH = "/usr/share/sandbox/sandboxX.sh"
--PROGNAME = "policycoreutils"
-+PROGNAME = "selinux-sandbox"
- try:
- import gettext
- kwargs = {}
-@@ -268,7 +268,7 @@ class Sandbox:
- copyfile(f, "/tmp", self.__tmpdir)
- copyfile(f, "/var/tmp", self.__tmpdir)
-
-- def __setup_sandboxrc(self, wm="/usr/bin/openbox"):
-+ def __setup_sandboxrc(self, wm="/usr/bin/matchbox-window-manager"):
- execfile = self.__homedir + "/.sandboxrc"
- fd = open(execfile, "w+")
- if self.__options.session:
-@@ -362,7 +362,7 @@ sandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-
-
- parser.add_option("-W", "--windowmanager", dest="wm",
- type="string",
-- default="/usr/bin/openbox",
-+ default="/usr/bin/matchbox-window-manager",
- help=_("alternate window manager"))
-
- parser.add_option("-l", "--level", dest="level",
-diff --git selinux-sandbox-2.8/sandbox.8 selinux-sandbox-2.8/sandbox.8
-index d83fee7..90ef495 100644
---- selinux-sandbox-2.8/sandbox.8
-+++ selinux-sandbox-2.8/sandbox.8
-@@ -77,7 +77,7 @@ Specifies the windowsize when creating an X based Sandbox. The default windowsiz
- \fB\-W\fR \fB\-\-windowmanager\fR
- Select alternative window manager to run within
- .B sandbox \-X.
--Default to /usr/bin/openbox.
-+Default to /usr/bin/matchbox-window-manager.
- .TP
- \fB\-X\fR
- Create an X based Sandbox for gui apps, temporary files for
-diff --git selinux-sandbox-2.8/sandboxX.sh selinux-sandbox-2.8/sandboxX.sh
-index eaa500d..c211ebc 100644
---- selinux-sandbox-2.8/sandboxX.sh
-+++ selinux-sandbox-2.8/sandboxX.sh
-@@ -6,21 +6,7 @@ export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8
- [ -z $2 ] && export DPI="96" || export DPI="$2"
- trap "exit 0" HUP
-
--mkdir -p ~/.config/openbox
--cat > ~/.config/openbox/rc.xml << EOF
--<openbox_config xmlns="http://openbox.org/3.4/rc"
-- xmlns:xi="http://www.w3.org/2001/XInclude">
--<applications>
-- <application class="*">
-- <decor>no</decor>
-- <desktop>all</desktop>
-- <maximized>yes</maximized>
-- </application>
--</applications>
--</openbox_config>
--EOF
--
--(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
-+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
- export DISPLAY=:$D
- cat > ~/seremote << __EOF
- #!/bin/sh
diff --git a/SOURCES/semodule-utils-fedora.patch b/SOURCES/semodule-utils-fedora.patch
deleted file mode 100644
index cde0b2d..0000000
--- a/SOURCES/semodule-utils-fedora.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git semodule-utils-2.8/semodule_package/semodule_package.c semodule-utils-2.8/semodule_package/semodule_package.c
-index 3515234..7b75b3f 100644
---- semodule-utils-2.8/semodule_package/semodule_package.c
-+++ semodule-utils-2.8/semodule_package/semodule_package.c
-@@ -74,6 +74,7 @@ static int file_to_data(const char *path, char **data, size_t * len)
- }
- if (!sb.st_size) {
- *len = 0;
-+ close(fd);
- return 0;
- }
-
diff --git a/SPECS/policycoreutils.spec b/SPECS/policycoreutils.spec
index 75b6dc1..5e19e89 100644
--- a/SPECS/policycoreutils.spec
+++ b/SPECS/policycoreutils.spec
@@ -1,26 +1,28 @@
-%global libauditver 2.1.3-4
-%global libsepolver 2.8-2
-%global libsemanagever 2.8-4
-%global libselinuxver 2.8-6
-%global sepolgenver 2.8
+%global libauditver 3.0
+%global libsepolver 2.9-1
+%global libsemanagever 2.9-1
+%global libselinuxver 2.9-1
+%global sepolgenver 2.9
%global generatorsdir %{_prefix}/lib/systemd/system-generators
+# Disable automatic compilation of Python files in extra directories
+%global _python_bytecompile_extra 0
+
Summary: SELinux policy core utilities
Name: policycoreutils
-Version: 2.8
-Release: 16.1%{?dist}
+Version: 2.9
+Release: 3%{?dist}
License: GPLv2
# https://github.com/SELinuxProject/selinux/wiki/Releases
-Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
-Source1: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-python-2.8.tar.gz
-Source2: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-gui-2.8.tar.gz
-Source3: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-sandbox-2.8.tar.gz
-Source4: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/selinux-dbus-2.8.tar.gz
-Source5: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/semodule-utils-2.8.tar.gz
-Source6: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/restorecond-2.8.tar.gz
-URL: https://github.com/SELinuxProject
-Source12: policycoreutils_man_ru2.tar.bz2
+Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/policycoreutils-2.9.tar.gz
+Source1: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-python-2.9.tar.gz
+Source2: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-gui-2.9.tar.gz
+Source3: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-sandbox-2.9.tar.gz
+Source4: https://github.com/SELinuxProject/selinux/releases/download/20190315/selinux-dbus-2.9.tar.gz
+Source5: https://github.com/SELinuxProject/selinux/releases/download/20190315/semodule-utils-2.9.tar.gz
+Source6: https://github.com/SELinuxProject/selinux/releases/download/20190315/restorecond-2.9.tar.gz
+URL: https://github.com/SELinuxProject/selinux
Source13: system-config-selinux.png
Source14: sepolicy-icons.tgz
Source15: selinux-autorelabel
@@ -32,19 +34,35 @@ Source20: policycoreutils-po.tgz
Source21: python-po.tgz
Source22: gui-po.tgz
Source23: sandbox-po.tgz
-# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
-# run:
-# HEAD 15b521e6d24b1cb3a004d49f630f1d33f3e11466
-# $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
-# VERSION=2.8 ./make-fedora-selinux-patch.sh $i
-# done
-Patch: policycoreutils-fedora.patch
-Patch1: selinux-python-fedora.patch
-Patch2: selinux-gui-fedora.patch
-Patch3: selinux-sandbox-fedora.patch
-Patch4: selinux-dbus-fedora.patch
-Patch5: semodule-utils-fedora.patch
-Patch6: restorecond-fedora.patch
+# https://gitlab.cee.redhat.com/SELinux/selinux
+# $ git format-patch -N 20190315 -- policycoreutils python gui sandbox dbus semodule-utils restorecond
+# $ for j in [0-9]*.patch; do printf "Patch%s: %s\n" ${j/-*/} $j; done
+Patch0001: 0001-gui-Install-polgengui.py-to-usr-bin-selinux-polgengu.patch
+Patch0002: 0002-gui-Install-.desktop-files-to-usr-share-applications.patch
+Patch0003: 0003-sandbox-add-reset-to-Xephyr-as-it-works-better-with-.patch
+Patch0004: 0004-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages.patch
+Patch0005: 0005-If-there-is-no-executable-we-don-t-want-to-print-a-p.patch
+Patch0006: 0006-Simplication-of-sepolicy-manpage-web-functionality.-.patch
+Patch0007: 0007-We-want-to-remove-the-trailing-newline-for-etc-syste.patch
+Patch0008: 0008-Fix-title-in-manpage.py-to-not-contain-online.patch
+Patch0009: 0009-Don-t-be-verbose-if-you-are-not-on-a-tty.patch
+Patch0010: 0010-sepolicy-Drop-old-interface-file_type_is_executable-.patch
+Patch0011: 0011-sepolicy-Another-small-optimization-for-mcs-types.patch
+Patch0012: 0012-Move-po-translation-files-into-the-right-sub-directo.patch
+Patch0013: 0013-Use-correct-gettext-domains-in-python-gui-sandbox.patch
+Patch0014: 0014-Initial-.pot-files-for-gui-python-sandbox.patch
+# this is too big and it's covered by sources 20 - 23
+# Patch0015: 0015-Update-.po-files-from-fedora.zanata.org.patch
+Patch0016: 0016-policycoreutils-setfiles-Improve-description-of-d-sw.patch
+Patch0017: 0017-sepolicy-generate-Handle-more-reserved-port-types.patch
+Patch0018: 0018-semodule-utils-Fix-RESOURCE_LEAK-coverity-scan-defec.patch
+Patch0019: 0019-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
+Patch0020: 0020-python-Use-ipaddress-instead-of-IPy.patch
+Patch0021: 0021-python-semanage-Do-not-traceback-when-the-default-po.patch
+Patch0022: 0022-policycoreutils-fixfiles-Fix-B-F-onboot.patch
+Patch0023: 0023-policycoreutils-fixfiles-Force-full-relabel-when-SEL.patch
+Patch0024: 0024-policycoreutils-fixfiles-Fix-unbound-variable-proble.patch
+
Obsoletes: policycoreutils < 2.0.61-2
Conflicts: filesystem < 3, selinux-policy-base < 3.13.1-138
# initscripts < 9.66 shipped fedora-autorelabel services which are renamed to selinux-relabel
@@ -57,6 +75,7 @@ BuildRequires: pam-devel libsepol-static >= %{libsepolver} libsemanage-static >=
BuildRequires: desktop-file-utils dbus-devel dbus-glib-devel
BuildRequires: python3-devel
BuildRequires: systemd
+BuildRequires: git
Requires: util-linux grep gawk diffutils rpm sed
Requires: libsepol >= %{libsepolver} coreutils libselinux-utils >= %{libselinuxver}
@@ -76,44 +95,49 @@ for basic operation of a SELinux system. These utilities include
load_policy to load policies, setfiles to label filesystems, newrole
to switch roles.
-%prep
+%prep -p /usr/bin/bash
# create selinux/ directory and extract sources
-%setup -q -c -n selinux
-%setup -q -T -D -a 1 -n selinux
-%setup -q -T -D -a 2 -n selinux
-%setup -q -T -D -a 3 -n selinux
-%setup -q -T -D -a 4 -n selinux
-%setup -q -T -D -a 5 -n selinux
-%setup -q -T -D -a 6 -n selinux
-%patch -p0 -b .policycoreutils-fedora
-
-cp %{SOURCE13} selinux-gui-%{version}/
-tar -xvf %{SOURCE14} -C selinux-python-%{version}/sepolicy/
-%patch1 -p0 -b .selinux-python
-%patch2 -p0 -b .selinux-gui
-%patch3 -p0 -b .selinux-sandbox
-%patch4 -p0 -b .selinux-dbus
-%patch5 -p0 -b .semodule-utils
-%patch6 -p0 -b .restorecond
+%autosetup -S git -N -c -n selinux
+%autosetup -S git -N -T -D -a 1 -n selinux
+%autosetup -S git -N -T -D -a 2 -n selinux
+%autosetup -S git -N -T -D -a 3 -n selinux
+%autosetup -S git -N -T -D -a 4 -n selinux
+%autosetup -S git -N -T -D -a 5 -n selinux
+%autosetup -S git -N -T -D -a 6 -n selinux
+
+for i in *; do
+ git mv $i ${i/-%{version}/}
+ git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i/-%{version}/}"
+done
+
+for i in selinux-*; do
+ git mv $i ${i#selinux-}
+ git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m "$i -> ${i#selinux-}"
+done
+
+git am %{_sourcedir}/[0-9]*.patch
+
+cp %{SOURCE13} gui/
+tar -xvf %{SOURCE14} -C python/sepolicy/
# Since patches containing translation changes were too big, translations were moved to separate tarballs
# For more information see README.translations
-tar -x -f %{SOURCE20} -C policycoreutils-%{version} -z
-tar -x -f %{SOURCE21} -C selinux-python-%{version} -z
-tar -x -f %{SOURCE22} -C selinux-gui-%{version} -z
-tar -x -f %{SOURCE23} -C selinux-sandbox-%{version} -z
+tar -x -f %{SOURCE20} -C policycoreutils -z
+tar -x -f %{SOURCE21} -C python -z
+tar -x -f %{SOURCE22} -C gui -z
+tar -x -f %{SOURCE23} -C sandbox -z
%build
%set_build_flags
export PYTHON=%{__python3}
-make -C policycoreutils-%{version} LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-python-%{version} PYTHON=%{__python3} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-gui-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-sandbox-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C selinux-dbus-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C semodule-utils-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
-make -C restorecond-%{version} SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C policycoreutils LSPP_PRIV=y SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C python SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C gui SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C sandbox SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C dbus SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C semodule-utils SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
+make -C restorecond SBINDIR="%{_sbindir}" LSPP_PRIV=y LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" all
%install
mkdir -p %{buildroot}%{_bindir}
@@ -123,19 +147,19 @@ mkdir -p %{buildroot}%{_mandir}/man5
mkdir -p %{buildroot}%{_mandir}/man8
%{__mkdir} -p %{buildroot}/%{_usr}/share/doc/%{name}/
-make -C policycoreutils-%{version} LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C policycoreutils LSPP_PRIV=y DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" SEMODULE_PATH="/usr/sbin" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C selinux-python-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C python PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C selinux-gui-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C gui PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C selinux-sandbox-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C sandbox PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C selinux-dbus-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C dbus PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C semodule-utils-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C semodule-utils PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
-make -C restorecond-%{version} PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
+make -C restorecond PYTHON=%{__python3} DESTDIR="%{buildroot}" SBINDIR="%{_sbindir}" LIBDIR="%{_libdir}" LIBSEPOLA="%{_libdir}/libsepol.a" install
# Fix perms on newrole so that objcopy can process it
chmod 0755 %{buildroot}%{_bindir}/newrole
@@ -143,9 +167,8 @@ chmod 0755 %{buildroot}%{_bindir}/newrole
# Systemd
rm -rf %{buildroot}/%{_sysconfdir}/rc.d/init.d/restorecond
-tar -jxf %{SOURCE12} -C %{buildroot}/
rm -f %{buildroot}/usr/share/man/ru/man8/genhomedircon.8.gz
-rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8.gz
+rm -f %{buildroot}/usr/share/man/ru/man8/open_init_pty.8*
rm -f %{buildroot}/usr/share/man/ru/man8/semodule_deps.8.gz
rm -f %{buildroot}/usr/share/man/man8/open_init_pty.8
rm -f %{buildroot}/usr/sbin/open_init_pty
@@ -154,21 +177,6 @@ rm -f %{buildroot}/usr/share/man/ru/man8/run_init.8*
rm -f %{buildroot}/usr/share/man/man8/run_init.8*
rm -f %{buildroot}/etc/pam.d/run_init*
-ln -sf /usr/share/system-config-selinux/polgengui.py %{buildroot}%{_bindir}/selinux-polgengui
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
- %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications --add-category Settings \
- %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
-
-desktop-file-install --dir %{buildroot}%{_datadir}/applications \
- %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
-
-rm -f %{buildroot}%{_datadir}/system-config-selinux/selinux-polgengui.desktop
-rm -f %{buildroot}%{_datadir}/system-config-selinux/sepolicy.desktop
-rm -f %{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.desktop
-
mkdir -m 755 -p %{buildroot}/%{generatorsdir}
install -m 644 -p %{SOURCE16} %{buildroot}/%{_unitdir}/
install -m 644 -p %{SOURCE17} %{buildroot}/%{_unitdir}/
@@ -190,7 +198,6 @@ pathfix.py -i "%{__python3} -Es" -p \
%{buildroot}%{_bindir}/sepolgen-ifgen \
%{buildroot}%{_datadir}/system-config-selinux/system-config-selinux.py \
%{buildroot}%{_datadir}/system-config-selinux/selinux_server.py \
- %{buildroot}%{_datadir}/system-config-selinux/polgengui.py \
%nil
# clean up ~ files from pathfix - https://bugzilla.redhat.com/show_bug.cgi?id=1546990
@@ -198,6 +205,10 @@ find %{buildroot}%{python3_sitelib} %{buildroot}%{python3_sitearch} \
%{buildroot}%{_sbindir} %{buildroot}%{_bindir} %{buildroot}%{_datadir} \
-type f -name '*~' | xargs rm -f
+# Manually invoke the python byte compile macro for each path that needs byte
+# compilation.
+%py_byte_compile %{__python3} %{buildroot}%{_datadir}/system-config-selinux
+
%find_lang policycoreutils
%find_lang selinux-python
%find_lang selinux-gui
@@ -222,12 +233,14 @@ an SELinux environment.
%{_mandir}/man1/audit2allow.1*
%{_mandir}/ru/man1/audit2allow.1*
%{_mandir}/man1/audit2why.1*
+%{_mandir}/ru/man1/audit2why.1*
%{_sysconfdir}/dbus-1/system.d/org.selinux.conf
%{_mandir}/man8/chcat.8*
%{_mandir}/ru/man8/chcat.8*
%{_mandir}/man8/sandbox.8*
+%{_mandir}/ru/man8/sandbox.8*
%{_mandir}/man8/semanage*.8*
-%{_mandir}/ru/man8/semanage.8*
+%{_mandir}/ru/man8/semanage*.8*
%{_datadir}/bash-completion/completions/semanage
%package dbus
@@ -245,7 +258,9 @@ an SELinux environment.
%{_datadir}/dbus-1/system-services/org.selinux.service
%{_datadir}/polkit-1/actions/org.selinux.policy
%{_datadir}/polkit-1/actions/org.selinux.config.policy
-%{_datadir}/system-config-selinux/selinux_server.py*
+%{_datadir}/system-config-selinux/selinux_server.py
+%dir %{_datadir}/system-config-selinux/__pycache__
+%{_datadir}/system-config-selinux/__pycache__/selinux_server.*
%package -n python3-policycoreutils
%{?python_provide:%python_provide python3-policycoreutils}
@@ -303,6 +318,7 @@ The policycoreutils-devel package contains the management tools use to develop p
/var/lib/sepolgen/perm_map
%{_bindir}/sepolicy
%{_mandir}/man8/sepolgen.8*
+%{_mandir}/ru/man8/sepolgen.8*
%{_mandir}/man8/sepolicy-booleans.8*
%{_mandir}/man8/sepolicy-generate.8*
%{_mandir}/man8/sepolicy-interface.8*
@@ -311,6 +327,7 @@ The policycoreutils-devel package contains the management tools use to develop p
%{_mandir}/man8/sepolicy-communicate.8*
%{_mandir}/man8/sepolicy-manpage.8*
%{_mandir}/man8/sepolicy-transition.8*
+%{_mandir}/ru/man8/sepolicy*.8*
%{_usr}/share/bash-completion/completions/sepolicy
@@ -331,7 +348,9 @@ sandboxes
%{_datadir}/sandbox/start
%caps(cap_setpcap,cap_setuid,cap_fowner,cap_dac_override,cap_sys_admin,cap_sys_nice=pe) %{_sbindir}/seunshare
%{_mandir}/man8/seunshare.8*
+%{_mandir}/ru/man8/seunshare.8*
%{_mandir}/man5/sandbox.5*
+%{_mandir}/ru/man5/sandbox.5*
%package newrole
Summary: The newrole application for RBAC/MLS
@@ -344,6 +363,7 @@ or level of a logged in user.
%files newrole
%attr(0755,root,root) %caps(cap_dac_read_search,cap_setpcap,cap_audit_write,cap_sys_admin,cap_fowner,cap_chown,cap_dac_override=pe) %{_bindir}/newrole
%{_mandir}/man1/newrole.1.gz
+%{_mandir}/ru/man1/newrole.1.gz
%config(noreplace) %{_sysconfdir}/pam.d/newrole
%package gui
@@ -366,19 +386,23 @@ system-config-selinux is a utility for managing the SELinux environment
%{_datadir}/icons/hicolor/24x24/apps/system-config-selinux.png
%{_datadir}/pixmaps/system-config-selinux.png
%dir %{_datadir}/system-config-selinux
+%dir %{_datadir}/system-config-selinux/__pycache__
%{_datadir}/system-config-selinux/system-config-selinux.png
-%{_datadir}/system-config-selinux/*Page.py*
-%{_datadir}/system-config-selinux/html_util.py*
-%{_datadir}/system-config-selinux/polgengui.py*
-%{_datadir}/system-config-selinux/system-config-selinux.py*
+%{_datadir}/system-config-selinux/*Page.py
+%{_datadir}/system-config-selinux/__pycache__/*Page.*
+%{_datadir}/system-config-selinux/system-config-selinux.py
+%{_datadir}/system-config-selinux/__pycache__/system-config-selinux.*
%{_datadir}/system-config-selinux/*.ui
%{python3_sitelib}/sepolicy/gui.py*
%{python3_sitelib}/sepolicy/sepolicy.glade
%{_datadir}/icons/hicolor/*/apps/sepolicy.png
%{_datadir}/pixmaps/sepolicy.png
%{_mandir}/man8/system-config-selinux.8*
+%{_mandir}/ru/man8/system-config-selinux.8*
%{_mandir}/man8/selinux-polgengui.8*
+%{_mandir}/ru/man8/selinux-polgengui.8*
%{_mandir}/man8/sepolicy-gui.8*
+%{_mandir}/ru/man8/sepolicy-gui.8*
%files -f %{name}.lang
%{_sbindir}/restorecon
@@ -402,9 +426,10 @@ system-config-selinux is a utility for managing the SELinux environment
%{_unitdir}/selinux-autorelabel.target
%{generatorsdir}/selinux-autorelabel-generator.sh
%config(noreplace) %{_sysconfdir}/sestatus.conf
-# selinux-policy Requires: policycoreutils, so we own this set of directories and our files within them
%{_mandir}/man5/selinux_config.5.gz
+%{_mandir}/ru/man5/selinux_config.5.gz
%{_mandir}/man5/sestatus.conf.5.gz
+%{_mandir}/ru/man5/sestatus.conf.5.gz
%{_mandir}/man8/fixfiles.8*
%{_mandir}/ru/man8/fixfiles.8*
%{_mandir}/man8/load_policy.8*
@@ -412,6 +437,7 @@ system-config-selinux is a utility for managing the SELinux environment
%{_mandir}/man8/restorecon.8*
%{_mandir}/ru/man8/restorecon.8*
%{_mandir}/man8/restorecon_xattr.8*
+%{_mandir}/ru/man8/restorecon_xattr.8*
%{_mandir}/man8/semodule.8*
%{_mandir}/ru/man8/semodule.8*
%{_mandir}/man8/sestatus.8*
@@ -423,17 +449,19 @@ system-config-selinux is a utility for managing the SELinux environment
%{_mandir}/man1/secon.1*
%{_mandir}/ru/man1/secon.1*
%{_mandir}/man8/genhomedircon.8*
+%{_mandir}/ru/man8/genhomedircon.8*
%{_mandir}/man8/semodule_expand.8*
%{_mandir}/ru/man8/semodule_expand.8*
%{_mandir}/man8/semodule_link.8*
%{_mandir}/ru/man8/semodule_link.8*
%{_mandir}/man8/semodule_unpackage.8*
+%{_mandir}/ru/man8/semodule_unpackage.8*
%{_mandir}/man8/semodule_package.8*
%{_mandir}/ru/man8/semodule_package.8*
%dir %{_datadir}/bash-completion
%{_datadir}/bash-completion/completions/setsebool
%{!?_licensedir:%global license %%doc}
-%license policycoreutils-%{version}/COPYING
+%license policycoreutils/COPYING
%doc %{_usr}/share/doc/%{name}
%package restorecond
@@ -453,7 +481,7 @@ The policycoreutils-restorecond package contains the restorecond service.
%{_mandir}/man8/restorecond.8*
%{_mandir}/ru/man8/restorecond.8*
%{!?_licensedir:%global license %%doc}
-%license policycoreutils-%{version}/COPYING
+%license policycoreutils/COPYING
%post
%systemd_post selinux-autorelabel-mark.service
@@ -471,6 +499,16 @@ The policycoreutils-restorecond package contains the restorecond service.
%systemd_postun_with_restart restorecond.service
%changelog
+* Thu Aug 22 2019 Vit Mojzis <vmojzis@redhat.com> - 2.9-3
+- fixfiles: Fix unbound variable problem (#1743213)
+
+* Tue Jul 2 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-2
+- Update transition
+- fixfiles: Fix [-B] [-F] onboot
+
+* Mon Mar 18 2019 Petr Lautrbach <plautrba@redhat.com> - 2.9-1
+- SELinux userspace 2.9 release
+
* Fri Dec 14 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-16.1
- semanage: move valid_types initialisations to class constructors
- semanage: import sepolicy only when it's needed