diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/booleansPage.py policycoreutils-2.0.27/gui/booleansPage.py
--- nsapolicycoreutils/gui/booleansPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/booleansPage.py 2007-10-01 17:22:52.000000000 -0400
@@ -0,0 +1,254 @@
+#
+# booleansPage.py - GUI for Booleans page in system-config-securitylevel
+#
+# Dan Walsh <dwalsh@redhat.com>
+#
+# Copyright 2006, 2007 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import tempfile
+import seobject
+
+INSTALLPATH='/usr/share/system-config-selinux'
+sys.path.append(INSTALLPATH)
+
+import commands
+ENFORCING=0
+PERMISSIVE=1
+DISABLED=2
+
+##
+## I18N
+##
+PROGNAME="system-config-selinux"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+from glob import fnmatch
+
+class Translation:
+ def __init__(self):
+ self.translation={}
+ fd=open(INSTALLPATH + "/selinux.tbl","r")
+ lines=fd.readlines()
+ fd.close()
+ for i in lines:
+ try:
+ line=i.strip().split("_(\"")
+ key=line[0].strip()
+ category=line[1].split("\"")[0]
+ value=line[2].split("\"")[0]
+ self.translation[key]=(category,value)
+ except:
+ continue
+
+ def match(self,key, filter=""):
+ try:
+ f=filter.lower()
+ val=self.get_value(key).lower()
+ k=key.lower()
+ return val.find(f) >= 0 or k.find(f) >= 0
+ except:
+ return False
+
+ def get_category(self,key):
+ try:
+ return _(self.translation[key][0])
+ except:
+ #print key, "missing translation"
+ return _("Other")
+
+ def get_value(self,key):
+ try:
+ return _(self.translation[key][1])
+ except:
+ return key
+
+class Modifier:
+ def __init__(self,name, on, save):
+ self.on=on
+ self.name=name
+ self.save=save
+
+ def set(self,value):
+ self.on=value
+ self.save=True
+
+ def isOn(self):
+ return self.on
+
+class Boolean(Modifier):
+ def __init__(self,name, val, save=False):
+ Modifier.__init__(self,name, val, save)
+
+class Modifiers:
+ def __init__(self,store):
+ self.modifiers={}
+ self.translation=Translation()
+ self.store=store
+ self.store.clear()
+
+ def add(self,name,val):
+ if name == "targeted_policy":
+ return
+ category=self.translation.get_category(name)
+ if not self.modifiers.has_key(category):
+ self.modifiers[category]={}
+ iter=self.store.append(None)
+ self.modifiers[category]["iter"] = iter
+ self.store.set_value(iter, 1, category)
+ self.store.set_value(iter, 3, False)
+
+ self.modifiers[category][name]=val;
+ iter=self.store.append(self.modifiers[category]["iter"])
+ self.store.set_value(iter, 0, val.isOn())
+ self.store.set_value(iter, 1, self.translation.get_value(name))
+ self.store.set_value(iter, 2, name)
+ self.store.set_value(iter, 3, True)
+
+ def set(self,name,val):
+ category=self.translation.get_category(name)
+ self.modifiers[category][name].set(val)
+
+ def isBoolean(self,name):
+ c=self.translation.get_category(name)
+ return isinstance(self.modifiers[c][name], Boolean)
+
+ def get_booleans(self):
+ booleans={}
+ for c in self.modifiers.keys():
+ for n in self.modifiers[c].keys():
+ if isinstance(self.modifiers[c][n], Boolean):
+ booleans[n]=self.modifiers[c][n]
+ return booleans
+
+class booleansPage:
+ def __init__(self, xml, doDebug=None):
+ self.xml = xml
+ self.local = False
+ self.types=[]
+ self.selinuxsupport = True
+ self.translation = Translation()
+ self.typechanged = False
+ self.doDebug = doDebug
+
+ # Bring in widgets from glade file.
+ self.typeHBox = xml.get_widget("typeHBox")
+ self.booleanSW = xml.get_widget("booleanSW")
+ self.booleansFilter = xml.get_widget("booleansFilter")
+ self.booleansFilter.connect("focus_out_event", self.filter_changed)
+ self.booleansFilter.connect("activate", self.filter_changed)
+
+ self.booleansView = xml.get_widget("booleansView")
+ self.typeLabel = xml.get_widget("typeLabel")
+ self.modifySeparator = xml.get_widget("modifySeparator")
+
+ self.revertButton = xml.get_widget("booleanRevertButton")
+ self.revertButton.set_sensitive(self.local)
+ listStore = gtk.ListStore(gobject.TYPE_STRING)
+ cell = gtk.CellRendererText()
+
+ self.booleansStore = gtk.TreeStore(gobject.TYPE_BOOLEAN, gobject.TYPE_STRING, gobject.TYPE_PYOBJECT, gobject.TYPE_BOOLEAN)
+ self.booleansStore.set_sort_column_id(1, gtk.SORT_ASCENDING)
+ self.booleansView.set_model(self.booleansStore)
+
+ checkbox = gtk.CellRendererToggle()
+ checkbox.connect("toggled", self.boolean_toggled)
+ col = gtk.TreeViewColumn('', checkbox, active = 0,visible=3)
+ col.set_fixed_width(20)
+ col.set_clickable(True)
+ self.booleansView.append_column(col)
+
+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text=1)
+ self.booleansView.append_column(col)
+ self.filter=""
+ self.load(self.filter)
+
+ def deleteDialog(self):
+ store, iter = self.booleansView.get_selection().get_selected()
+ boolean = store.get_value(iter, 2)
+ if boolean == None:
+ return
+ try:
+ (rc, out) = commands.getstatusoutput("semanage boolean -d %s" % boolean)
+
+ if rc != 0:
+ return self.error(out)
+ self.load(self.filter)
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def filter_changed(self, *arg):
+ filter = arg[0].get_text()
+ if filter != self.filter:
+ self.load(filter)
+ self.filter=filter
+
+ def use_menus(self):
+ return False
+
+ def get_description(self):
+ return _("Boolean")
+
+ def load(self, filter=None):
+ self.modifiers=Modifiers(self.booleansStore)
+ booleans=seobject.booleanRecords()
+ booleansList=booleans.get_all(self.local)
+# booleansList=commands.getoutput("/usr/sbin/getsebool -a").split("\n")
+ for name in booleansList:
+ rec=booleansList[name]
+ if self.translation.match(name, filter):
+ self.modifiers.add(name,Boolean(name,rec[2] == 1))
+
+ def boolean_toggled(self, widget, row):
+ if len(row) == 1:
+ return
+ iter = self.booleansStore.get_iter(row)
+ val = self.booleansStore.get_value(iter, 0)
+ key = self.booleansStore.get_value(iter, 2)
+ self.booleansStore.set_value(iter, 0 , not val)
+ self.modifiers.set(key, not val)
+
+ setsebool="/usr/sbin/setsebool -P %s=%d" % (key, not val)
+ commands.getstatusoutput(setsebool)
+
+ def on_local_clicked(self, button):
+ self.local = not self.local
+ self.revertButton.set_sensitive(self.local)
+
+ if self.local:
+ button.set_label(_("all"))
+ else:
+ button.set_label(_("Customized"))
+
+ self.load(self.filter)
+ return True
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/fcontextPage.py policycoreutils-2.0.27/gui/fcontextPage.py
--- nsapolicycoreutils/gui/fcontextPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/fcontextPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,209 @@
+## fcontextPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import gtk
+import gtk.glade
+import os
+import gobject
+import seobject
+import commands
+from semanagePage import *;
+
+SPEC_COL = 0
+TYPE_COL = 1
+FTYPE_COL = 2
+
+class context:
+ def __init__(self, scontext):
+ self.scontext = scontext
+ con=scontext.split(":")
+ self.user = con[0]
+ self.role = con[1]
+ self.type = con[2]
+ if len(con) > 3:
+ self.mls = con[3]
+ else:
+ self.mls = "s0"
+
+ def __str__(self):
+ return self.scontext
+
+##
+## I18N
+##
+PROGNAME="system-config-selinux"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class fcontextPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "fcontext", _("File Labeling"))
+ self.fcontextFilter = xml.get_widget("fcontextFilterEntry")
+ self.fcontextFilter.connect("focus_out_event", self.filter_changed)
+ self.fcontextFilter.connect("activate", self.filter_changed)
+ self.view = xml.get_widget("fcontextView")
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+# self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+
+ col = gtk.TreeViewColumn(_("File\nSpecification"), gtk.CellRendererText(), text=SPEC_COL)
+ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED)
+ col.set_fixed_width(250)
+
+ col.set_sort_column_id(SPEC_COL)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("Selinux\nFile Context"), gtk.CellRendererText(), text=TYPE_COL)
+
+ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED)
+ col.set_fixed_width(250)
+ col.set_sort_column_id(TYPE_COL)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("File\nType"), gtk.CellRendererText(), text=2)
+ col.set_sort_column_id(FTYPE_COL)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.load()
+ self.fcontextEntry = xml.get_widget("fcontextEntry")
+ self.fcontextFileTypeCombo = xml.get_widget("fcontextFileTypeCombo")
+ liststore=self.fcontextFileTypeCombo.get_model()
+ for k in seobject.file_types:
+ if len(k) > 0 and k[0] != '-':
+ iter=liststore.append()
+ liststore.set_value(iter, 0, k)
+ iter = liststore.get_iter_first()
+ self.fcontextFileTypeCombo.set_active_iter(iter)
+ self.fcontextTypeEntry = xml.get_widget("fcontextTypeEntry")
+ self.fcontextMLSEntry = xml.get_widget("fcontextMLSEntry")
+
+ def match(self, fcon, filter):
+ try:
+ f=filter.lower()
+ for con in fcon:
+ k=con.lower()
+ if k.find(f) >= 0:
+ return True
+ except:
+ pass
+ return False
+
+ def load(self, filter=""):
+ self.filter=filter
+ self.fcontext=seobject.fcontextRecords()
+ fcon_list=self.fcontext.get_all(self.local)
+ self.store.clear()
+ for fcon in fcon_list:
+ if not self.match(fcon, filter):
+ continue
+ iter=self.store.append()
+ self.store.set_value(iter, SPEC_COL, fcon[0])
+ self.store.set_value(iter, FTYPE_COL, fcon[1])
+ if len(fcon) > 3:
+ rec="%s:%s:%s:%s " % (fcon[2], fcon[3],fcon[4], seobject.translate(fcon[5],False))
+ else:
+ rec="<<None>>"
+ self.store.set_value(iter, 1, rec)
+ self.view.get_selection().select_path ((0,))
+
+ def filter_changed(self, *arg):
+ filter = arg[0].get_text()
+ if filter != self.filter:
+ self.load(filter)
+
+ def dialogInit(self):
+ store, iter = self.view.get_selection().get_selected()
+ self.fcontextEntry.set_text(store.get_value(iter, SPEC_COL))
+ self.fcontextEntry.set_sensitive(False)
+ scontext = store.get_value(iter, TYPE_COL)
+ scon=context(scontext)
+ self.fcontextTypeEntry.set_text(scon.type)
+ self.fcontextMLSEntry.set_text(scon.mls)
+ type=store.get_value(iter, FTYPE_COL)
+ liststore=self.fcontextFileTypeCombo.get_model()
+ iter = liststore.get_iter_first()
+ while iter != None and liststore.get_value(iter,0) != type:
+ iter = liststore.iter_next(iter)
+ if iter != None:
+ self.fcontextFileTypeCombo.set_active_iter(iter)
+ self.fcontextFileTypeCombo.set_sensitive(False)
+
+ def dialogClear(self):
+ self.fcontextEntry.set_text("")
+ self.fcontextEntry.set_sensitive(True)
+ self.fcontextFileTypeCombo.set_sensitive(True)
+ self.fcontextTypeEntry.set_text("")
+ self.fcontextMLSEntry.set_text("s0")
+
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ try:
+ fspec=store.get_value(iter, SPEC_COL)
+ ftype=store.get_value(iter, FTYPE_COL)
+ (rc, out) = commands.getstatusoutput("semanage fcontext -d -f '%s' %s" % (ftype, fspec))
+
+ if rc != 0:
+ return self.error(out)
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def add(self):
+ fspec=self.fcontextEntry.get_text().strip()
+ type=self.fcontextTypeEntry.get_text().strip()
+ mls=self.fcontextMLSEntry.get_text().strip()
+ list_model=self.fcontextFileTypeCombo.get_model()
+ iter = self.fcontextFileTypeCombo.get_active_iter()
+ ftype=list_model.get_value(iter,0)
+ (rc, out) = commands.getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec))
+ if rc != 0:
+ self.error(out)
+ return False
+
+ iter=self.store.append()
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls))
+
+ def modify(self):
+ fspec=self.fcontextEntry.get_text().strip()
+ type=self.fcontextTypeEntry.get_text().strip()
+ mls=self.fcontextMLSEntry.get_text().strip()
+ list_model=self.fcontextFileTypeCombo.get_model()
+ iter = self.fcontextFileTypeCombo.get_active_iter()
+ ftype=list_model.get_value(iter,0)
+ (rc, out) = commands.getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' %s" % (type, mls, ftype, fspec))
+ if rc != 0:
+ self.error(out)
+ return False
+
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, SPEC_COL, fspec)
+ self.store.set_value(iter, FTYPE_COL, ftype)
+ self.store.set_value(iter, TYPE_COL, "system_u:object_r:%s:%s" % (type, mls))
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/loginsPage.py policycoreutils-2.0.27/gui/loginsPage.py
--- nsapolicycoreutils/gui/loginsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/loginsPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,179 @@
+## loginsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import commands
+import seobject
+from semanagePage import *;
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class loginsPage(semanagePage):
+ def __init__(self, xml):
+ self.firstTime = False
+ semanagePage.__init__(self, xml, "logins", _("User Mapping"))
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Login\nName"), gtk.CellRendererText(), text = 0)
+ col.set_sort_column_id(0)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 1)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 2)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.load()
+ self.loginsNameEntry = xml.get_widget("loginsNameEntry")
+ self.loginsSelinuxUserCombo = xml.get_widget("loginsSelinuxUserCombo")
+ self.loginsMLSEntry = xml.get_widget("loginsMLSEntry")
+
+ def load(self, filter = ""):
+ self.filter=filter
+ self.login = seobject.loginRecords()
+ dict = self.login.get_all(0)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
+ for k in keys:
+ range = seobject.translate(dict[k][1])
+ if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(range, filter)):
+ continue
+ iter = self.store.append()
+ self.store.set_value(iter, 0, k)
+ self.store.set_value(iter, 1, dict[k][0])
+ self.store.set_value(iter, 2, range)
+ self.view.get_selection().select_path ((0,))
+
+ def __dialogSetup(self):
+ if self.firstTime == True:
+ return
+ self.firstTime = True
+ liststore = gtk.ListStore(gobject.TYPE_STRING)
+ self.loginsSelinuxUserCombo.set_model(liststore)
+ cell = gtk.CellRendererText()
+ self.loginsSelinuxUserCombo.pack_start(cell, True)
+ self.loginsSelinuxUserCombo.add_attribute(cell, 'text', 0)
+
+ selusers = seobject.seluserRecords().get_all(0)
+ keys = selusers.keys()
+ keys.sort()
+ for k in keys:
+ if k != "system_u":
+ self.loginsSelinuxUserCombo.append_text(k)
+
+ iter = liststore.get_iter_first()
+ while liststore.get_value(iter,0) != "user_u":
+ iter = liststore.iter_next(iter)
+ self.loginsSelinuxUserCombo.set_active_iter(iter)
+
+ def dialogInit(self):
+ self.__dialogSetup()
+ store, iter = self.view.get_selection().get_selected()
+ self.loginsNameEntry.set_text(store.get_value(iter, 0))
+ self.loginsNameEntry.set_sensitive(False)
+
+ self.loginsMLSEntry.set_text(store.get_value(iter, 2))
+ seuser = store.get_value(iter, 1)
+ liststore = self.loginsSelinuxUserCombo.get_model()
+ iter = liststore.get_iter_first()
+ while iter != None and liststore.get_value(iter,0) != seuser:
+ iter = liststore.iter_next(iter)
+ if iter != None:
+ self.loginsSelinuxUserCombo.set_active_iter(iter)
+
+
+ def dialogClear(self):
+ self.__dialogSetup()
+ self.loginsNameEntry.set_text("")
+ self.loginsNameEntry.set_sensitive(True)
+ self.loginsMLSEntry.set_text("s0")
+
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ try:
+ login=store.get_value(iter, 0)
+ if login == "root" or login == "__default__":
+ raise ValueError(_("Login '%s' is required") % login)
+
+ (rc, out) = commands.getstatusoutput("semanage login -d %s" % login)
+ if rc != 0:
+ self.error(out)
+ return False
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def add(self):
+ target=self.loginsNameEntry.get_text().strip()
+ serange=self.loginsMLSEntry.get_text().strip()
+ if serange == "":
+ serange="s0"
+ list_model=self.loginsSelinuxUserCombo.get_model()
+ iter = self.loginsSelinuxUserCombo.get_active_iter()
+ seuser = list_model.get_value(iter,0)
+ (rc, out) = commands.getstatusoutput("semanage login -a -s %s -r %s %s" % (seuser, serange, target))
+ if rc != 0:
+ self.error(out)
+ return False
+
+ iter = self.store.append()
+ self.store.set_value(iter, 0, target)
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
+ def modify(self):
+ target=self.loginsNameEntry.get_text().strip()
+ serange=self.loginsMLSEntry.get_text().strip()
+ if serange == "":
+ serange = "s0"
+ list_model = self.loginsSelinuxUserCombo.get_model()
+ iter = self.loginsSelinuxUserCombo.get_active_iter()
+ seuser=list_model.get_value(iter,0)
+ (rc, out) = commands.getstatusoutput("semanage login -m -s %s -r %s %s" % (seuser, serange, target))
+ if rc != 0:
+ self.error(out)
+ return False
+
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, target)
+ self.store.set_value(iter, 1, seuser)
+ self.store.set_value(iter, 2, seobject.translate(serange))
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/Makefile policycoreutils-2.0.27/gui/Makefile
--- nsapolicycoreutils/gui/Makefile 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/Makefile 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,34 @@
+# Installation directories.
+PREFIX ?= ${DESTDIR}/usr
+SHAREDIR ?= $(PREFIX)/share/system-config-selinux
+
+TARGETS= \
+booleansPage.py \
+fcontextPage.py \
+loginsPage.py \
+mappingsPage.py \
+modulesPage.py \
+polgen.py \
+polgen.glade \
+portsPage.py \
+semanagePage.py \
+statusPage.py \
+system-config-selinux.glade \
+translationsPage.py \
+usersPage.py \
+selinux.tbl
+
+all: $(TARGETS) system-config-selinux.py polgengui.py templates
+
+install: all
+ -mkdir -p $(SHAREDIR)/templates
+ install -m 755 system-config-selinux.py $(SHAREDIR)
+ install -m 755 polgengui.py $(SHAREDIR)
+ install -m 644 $(TARGETS) $(SHAREDIR)
+ install -m 644 templates/*.py $(SHAREDIR)/templates/
+
+clean:
+
+indent:
+
+relabel:
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/mappingsPage.py policycoreutils-2.0.27/gui/mappingsPage.py
--- nsapolicycoreutils/gui/mappingsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/mappingsPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,56 @@
+## mappingsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import seobject
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class loginsPage:
+ def __init__(self, xml):
+ self.xml = xml
+ self.view = xml.get_widget("mappingsView")
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ self.view.set_model(self.store)
+ self.login = loginRecords()
+ dict = self.login.get_all(0)
+ keys = dict.keys()
+ keys.sort()
+ for k in keys:
+ print "%-25s %-25s %-25s" % (k, dict[k][0], translate(dict[k][1]))
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py policycoreutils-2.0.27/gui/modulesPage.py
--- nsapolicycoreutils/gui/modulesPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/modulesPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,181 @@
+## modulesPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import commands
+import gobject
+import sys
+import seobject
+import selinux
+from semanagePage import *;
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class modulesPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "modules", _("Policy Module"))
+ self.module_filter = xml.get_widget("modulesFilterEntry")
+ self.module_filter.connect("focus_out_event", self.filter_changed)
+ self.module_filter.connect("activate", self.filter_changed)
+
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Module Name"), gtk.CellRendererText(), text = 0)
+ col.set_sort_column_id(0)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Version"), gtk.CellRendererText(), text = 1)
+ self.enable_audit_button = xml.get_widget("enableAuditButton")
+ self.enable_audit_button.connect("clicked", self.enable_audit)
+ self.disable_audit_button = xml.get_widget("disableAuditButton")
+ self.disable_audit_button.connect("clicked", self.disable_audit)
+ self.new_button = xml.get_widget("newModuleButton")
+ self.new_button.connect("clicked", self.new_module)
+ col.set_sort_column_id(1)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.store.set_sort_func(1,self.sort_int, "")
+ status, self.policy_type = selinux.selinux_getpolicytype()
+
+ self.load()
+
+ def sort_int(self, treemodel, iter1, iter2, user_data):
+ try:
+ p1 = int(treemodel.get_value(iter1,1))
+ p2 = int(treemodel.get_value(iter1,1))
+ if p1 > p2:
+ return 1
+ if p1 == p2:
+ return 0
+ return -1
+ except:
+ return 0
+
+ def load(self, filter=""):
+ self.filter=filter
+ self.store.clear()
+ try:
+ fd=os.popen("semodule -l")
+ l = fd.readlines()
+ fd.close()
+ for i in l:
+ module, ver = i.split('\t')
+ if not (self.match(module, filter) or self.match(ver, filter)):
+ continue
+ iter = self.store.append()
+ self.store.set_value(iter, 0, module.strip())
+ self.store.set_value(iter, 1, ver.strip())
+ except:
+ pass
+ self.view.get_selection().select_path ((0,))
+
+
+ def new_module(self, args):
+ try:
+ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/polgengui.py")
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ module = store.get_value(iter, 0)
+ try:
+ status, output = commands.getstatusoutput("semodule -r %s" % module)
+ if status != 0:
+ self.error(output)
+ else:
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def enable_audit(self, button):
+ try:
+ status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/enableaudit.pp" % self.policy_type)
+ if status != 0:
+ self.error(output)
+
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def disable_audit(self, button):
+ try:
+ status, output =commands.getstatusoutput("semodule -b /usr/share/selinux/%s/base.pp" % self.policy_type)
+ if status != 0:
+ self.error(output)
+
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def propertiesDialog(self):
+ # Do nothing
+ return
+
+ def addDialog(self):
+ dialog = gtk.FileChooserDialog(_("Load Policy Module"),
+ None,
+ gtk.FILE_CHOOSER_ACTION_OPEN,
+ (gtk.STOCK_CANCEL, gtk.RESPONSE_CANCEL,
+ gtk.STOCK_OPEN, gtk.RESPONSE_OK))
+ dialog.set_default_response(gtk.RESPONSE_OK)
+
+ filter = gtk.FileFilter()
+ filter.set_name("Policy Files")
+ filter.add_pattern("*.pp")
+ dialog.add_filter(filter)
+
+ response = dialog.run()
+ if response == gtk.RESPONSE_OK:
+ self.add(dialog.get_filename())
+ dialog.destroy()
+
+ def add(self, file):
+ try:
+ status, output =commands.getstatusoutput("semodule -i %s" % file)
+ if status != 0:
+ self.error(output)
+ else:
+ self.load()
+
+ except ValueError, e:
+ self.error(e.args[0])
+
+
+
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.27/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/polgen.glade 2007-09-28 15:35:53.000000000 -0400
@@ -0,0 +1,2461 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
+<glade-interface>
+<requires lib="gnome"/>
+
+<widget class="GtkFileChooserDialog" id="filechooserdialog">
+ <property name="border_width">5</property>
+ <property name="action">GTK_FILE_CHOOSER_ACTION_OPEN</property>
+ <property name="local_only">True</property>
+ <property name="select_multiple">True</property>
+ <property name="show_hidden">True</property>
+ <property name="do_overwrite_confirmation">False</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_MOUSE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_DIALOG</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="dialog-vbox1">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">24</property>
+
+ <child internal-child="action_area">
+ <widget class="GtkHButtonBox" id="dialog-action_area1">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+
+ <child>
+ <widget class="GtkButton" id="button5">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-6</property>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button6">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="has_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-add</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-5</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">GTK_PACK_END</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+<widget class="GtkAboutDialog" id="about_dialog">
+ <property name="border_width">5</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="name" translatable="yes">Polgen</property>
+ <property name="copyright" translatable="yes">Red Hat 2007</property>
+ <property name="license" translatable="yes">GPL</property>
+ <property name="wrap_license">False</property>
+ <property name="website">www.redhat.com</property>
+ <property name="authors">Daniel Walsh <dwalsh@redhat.com></property>
+ <property name="translator_credits" translatable="yes" comments="TRANSLATORS: Replace this string with your names, one name per line.">translator-credits</property>
+</widget>
+
+<widget class="GtkWindow" id="main_window">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">SELinux Policy Generation Tool</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_NORMAL</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox11">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkNotebook" id="notebook1">
+ <property name="visible">True</property>
+ <property name="show_tabs">False</property>
+ <property name="show_border">True</property>
+ <property name="tab_pos">GTK_POS_TOP</property>
+ <property name="scrollable">False</property>
+ <property name="enable_popup">False</property>
+
+ <child>
+ <widget class="GnomeDruidPageEdge" id="start_page">
+ <property name="visible">True</property>
+ <property name="position">GNOME_EDGE_START</property>
+ <property name="title" translatable="yes">SELinux Policy Generation Druid</property>
+ <property name="text" translatable="yes">This tool can be used to generate a policy framework, to confine applications or users using SELinux.
+
+The tool generates:
+Type enforcement file (te)
+Interface file (if)
+File context file (fc)
+Shell script (sh) - used to compile and install the policy. </property>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label25">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label25</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="select_type_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select type of the application/user to be confined</property>
+ <signal name="next" handler="on_select_type_page_next" last_modification_time="Sat, 04 Aug 2007 11:39:15 GMT"/>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox17">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox14">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkFrame" id="frame9">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment15">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox6">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkRadioButton" id="init_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Standard Init Daemon are daemons started on boot via init scripts. Usually requires a script in /etc/init.d</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Standard Init Daemon</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="inetd_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Internet Services Daemon are daemons started by xinetd</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Internet Services Daemon (inetd)</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="cgi_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Web Applications/Script (CGI) CGI scripts started by the web server (apache)</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Web Application/Script (CGI)</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">User Application are any application that you would like to confine that is started by a user</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">User Application</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label41">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>Applications</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkFrame" id="frame10">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment16">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox15">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkRadioButton" id="xwindows_login_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select XWindows login user, if this is a user who will login to a machine via X</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">XWindows Login User</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="terminal_login_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select Terminal Login User, if this user will login to a machine only via a terminal or remote login</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Terminal Login User</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkRadioButton" id="root_user_radiobutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select Root User, if this user will be used to administer the machine while running as root. This user will not be able to login to the system directly.</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Root User</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ <property name="group">init_radiobutton</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label42">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>Users</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label26">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label26</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="app_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Enter name of application/user to be confined</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox5">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkTable" id="table5">
+ <property name="visible">True</property>
+ <property name="n_rows">3</property>
+ <property name="n_columns">3</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">0</property>
+ <property name="column_spacing">5</property>
+
+ <child>
+ <widget class="GtkLabel" id="label1">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Name</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="exec_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter complete path for executable to be confined.</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="exec_button">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">...</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="clicked" handler="on_exec_select_clicked" last_modification_time="Wed, 21 Feb 2007 18:45:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="right_attach">3</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="name_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter unique type name for the confined user or application.</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">3</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label2">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Executable</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label40">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Init script</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="init_script_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter complete path to init script used to start the confined application.</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="init_script_button">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">...</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="clicked" handler="on_init_script_select_clicked" last_modification_time="Thu, 30 Aug 2007 15:36:47 GMT"/>
+ </widget>
+ <packing>
+ <property name="left_attach">2</property>
+ <property name="right_attach">3</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label28">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label28</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="transition_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select additional domains to which this user will transition</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow4">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="transition_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select the applications domains that you would like this user to transition to.</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label39">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label28</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="user_transition_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select user types that will transition to this domain</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow4">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="user_transition_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select the user types that will transiton to this applications domains.</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label30">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label30</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="admin_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select additional domains that this user will administer</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow4">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="admin_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select the domains that you would like this user administer.</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label31">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label31</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="roles_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select additional roles for this user</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox13">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow4">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="role_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select the domains that you would like this user administer.</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label32">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label32</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="in_net_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Enter network ports that application/user listens to</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox6">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkFrame" id="frame4">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment8">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox7">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox7">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkCheckButton" id="in_tcp_all_checkbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Allows confined application/user to bind to any tcp port</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">All</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="in_tcp_reserved_checkbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Use this checkbutton if your app calls bindresvport with 0.</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">600-1024</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="in_tcp_unreserved_checkbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Allow application/user to bind to any tcp ports > 1024</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Unreserved Ports (> 1024)</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox8">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label7">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Select Ports</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="in_tcp_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user binds to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label19">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>TCP Ports</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkFrame" id="frame5">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment9">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox8">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox9">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkCheckButton" id="in_udp_all_checkbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Allows confined application/user to bind to any udp port</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">All</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="in_udp_reserved_checkbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Allow application/user to call bindresvport with 0. Binding to port 600-1024</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">600-1024</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="in_udp_unreserved_checkbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user binds to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Unreserved Ports (>1024)</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox10">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label20">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Select Ports</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="in_udp_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Allows application/user to bind to any udp ports > 1024</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label20">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>UDP Ports</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label33">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label33</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="out_net_page">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports that application/user connects to. </property>
+ <property name="title" translatable="yes"></property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox7">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkFrame" id="frame8">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment13">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox12">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment14">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox15">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkCheckButton" id="out_tcp_all_checkbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">All</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label38">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Select Ports</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="out_tcp_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of tcp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label37">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>TCP Ports</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkFrame" id="frame7">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment11">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox12">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkCheckButton" id="out_udp_all_checkbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">All</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label22">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Select Ports</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="out_udp_entry">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enter a comma separated list of udp ports or ranges of ports that application/user connects to. Example: 612, 650-660</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label23">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>UDP Ports</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label34">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label34</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="common_apps_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select common application traits</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox8">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox4">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkCheckButton" id="syslog_checkbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Application uses syslog to log messages </property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="tmp_checkbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Application uses /tmp to Create/Manipulate temporary files</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="pam_checkbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Application uses Pam for authentication</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="uid_checkbutton">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">Application uses nsswitch or translates UID's (daemons that run as non root)</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label35">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label35</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="files_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select files/directories that the application manages</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox9">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">6</property>
+
+ <child>
+ <widget class="GtkFrame" id="frame3">
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment3">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox1">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox3">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkButton" id="button2">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Wed, 21 Feb 2007 18:47:51 GMT"/>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment6">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">0</property>
+ <property name="yscale">0</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">0</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox4">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">2</property>
+
+ <child>
+ <widget class="GtkImage" id="image3">
+ <property name="visible">True</property>
+ <property name="stock">gtk-add</property>
+ <property name="icon_size">4</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label17">
+ <property name="visible">True</property>
+ <property name="label">Add File</property>
+ <property name="use_underline">True</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button9">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="clicked" handler="on_add_dir_clicked" last_modification_time="Wed, 21 Feb 2007 22:15:43 GMT"/>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment5">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">0</property>
+ <property name="yscale">0</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">0</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox3">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">2</property>
+
+ <child>
+ <widget class="GtkImage" id="image2">
+ <property name="visible">True</property>
+ <property name="stock">gtk-add</property>
+ <property name="icon_size">4</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label16">
+ <property name="visible">True</property>
+ <property name="label">Add Directory</property>
+ <property name="use_underline">True</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button4">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-delete</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Wed, 21 Feb 2007 18:48:10 GMT"/>
+ <accelerator key="Delete" modifiers="0" signal="clicked"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">4</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow1">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_NEVER</property>
+ <property name="vscrollbar_policy">GTK_POLICY_NEVER</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkViewport" id="viewport1">
+ <property name="visible">True</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox2">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow2">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="write_treeview">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add Files/Directories that application will need to "Write" to. Pid Files, Log Files, /var/lib Files ...</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label43">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageStandard" id="gen_policy_page">
+ <property name="visible">True</property>
+ <property name="title" translatable="yes">Select directory to generate policy in</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="druid-vbox10">
+ <property name="border_width">16</property>
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">5</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox6">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label18">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Policy Directory</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="output_entry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="output_button">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="label" translatable="yes">...</property>
+ <property name="use_underline">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label44">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GnomeDruidPageEdge" id="finish_page">
+ <property name="visible">True</property>
+ <property name="position">GNOME_EDGE_FINISH</property>
+ <property name="title" translatable="yes">Generated Policy Files</property>
+ <property name="text" translatable="yes">This tool will generate the following: Type Enforcement(te), File Context(fc), Interface(if), Shell Script(sh).
+Execute shell script to compile/install and relabel files/directories. Now you can put the machine in permissive mode (setenforce 0).
+Run/restart the application to generate avc messages.
+Use audit2allow -R to generate additional rules for the te file.
+</property>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label45">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment12">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">0</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHButtonBox" id="hbuttonbox1">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkButton" id="cancel_button">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="activate" handler="on_cancel_activate" last_modification_time="Wed, 22 Aug 2007 18:47:18 GMT"/>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="back_button">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-go-back</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="activate" handler="on_back_activate" last_modification_time="Wed, 22 Aug 2007 18:47:42 GMT"/>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="forward_button">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-go-forward</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <signal name="activate" handler="on_forward_activate" last_modification_time="Wed, 22 Aug 2007 18:48:00 GMT"/>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.27/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/polgengui.py 2007-09-28 15:36:01.000000000 -0400
@@ -0,0 +1,495 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
+#
+# Dan Walsh <dwalsh@redhat.com>
+#
+# Copyright 2007 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+import signal
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import gnome
+import sys
+import polgen
+import re
+import commands
+
+
+##
+## I18N
+##
+PROGNAME="system-config-selinux"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+gnome.program_init("SELinux Poligy Generation Tool", "5")
+
+version = "1.0"
+
+sys.path.append('/usr/share/system-config-selinux')
+sys.path.append('.')
+
+# From John Hunter http://www.daa.com.au/pipermail/pygtk/2003-February/004454.html
+def foreach(model, path, iter, selected):
+ selected.append(model.get_value(iter, 0))
+
+##
+## Pull in the Glade file
+##
+if os.access("polgen.glade", os.F_OK):
+ xml = gtk.glade.XML ("polgen.glade", domain=PROGNAME)
+else:
+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/polgen.glade", domain=PROGNAME)
+
+FILE = 1
+DIR = 2
+
+class childWindow:
+ START_PAGE = 0
+ SELECT_TYPE_PAGE = 1
+ APP_PAGE = 2
+ TRANSITION_PAGE = 3
+ USER_TRANSITION_PAGE = 4
+ ADMIN_PAGE = 5
+ ROLE_PAGE = 6
+ IN_NET_PAGE = 7
+ OUT_NET_PAGE = 8
+ COMMON_APPS_PAGE = 9
+ FILES_PAGE = 10
+ GEN_POLICY_PAGE = 11
+ FINISH_PAGE = 12
+
+ def __init__(self):
+ self.xml = xml
+ xml.signal_connect("on_delete_clicked", self.delete)
+ xml.signal_connect("on_exec_select_clicked", self.exec_select)
+ xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
+ xml.signal_connect("on_add_clicked", self.add)
+ xml.signal_connect("on_add_dir_clicked", self.add_dir)
+ xml.signal_connect("on_about_clicked", self.on_about_clicked)
+ xml.get_widget ("cancel_button").connect("clicked",self.quit)
+ self.forward_button = xml.get_widget ("forward_button")
+ self.forward_button.connect("clicked",self.forward)
+ self.back_button = xml.get_widget ("back_button")
+ self.back_button.connect("clicked",self.back)
+
+ self.notebook = xml.get_widget ("notebook1")
+ self.pages={}
+ for i in polgen.USERS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE]
+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE]
+ for i in polgen.APPLICATIONS:
+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+
+ self.current_page = 0
+ self.back_button.set_sensitive(0)
+
+ self.network_buttons = {}
+
+ self.in_tcp_all_checkbutton = xml.get_widget ("in_tcp_all_checkbutton")
+ self.in_tcp_reserved_checkbutton = xml.get_widget ("in_tcp_reserved_checkbutton")
+ self.in_tcp_unreserved_checkbutton = xml.get_widget ("in_tcp_unreserved_checkbutton")
+ self.in_tcp_entry = self.xml.get_widget("in_tcp_entry")
+ self.network_buttons[self.in_tcp_all_checkbutton] = [ self.in_tcp_reserved_checkbutton, self.in_tcp_unreserved_checkbutton, self.in_tcp_entry ]
+
+
+ self.out_tcp_all_checkbutton = xml.get_widget ("out_tcp_all_checkbutton")
+ self.out_tcp_reserved_checkbutton = xml.get_widget ("out_tcp_reserved_checkbutton")
+ self.out_tcp_unreserved_checkbutton = xml.get_widget ("out_tcp_unreserved_checkbutton")
+ self.out_tcp_entry = self.xml.get_widget("out_tcp_entry")
+
+ self.network_buttons[self.out_tcp_all_checkbutton] = [ self.out_tcp_entry ]
+
+ self.in_udp_all_checkbutton = xml.get_widget ("in_udp_all_checkbutton")
+ self.in_udp_reserved_checkbutton = xml.get_widget ("in_udp_reserved_checkbutton")
+ self.in_udp_unreserved_checkbutton = xml.get_widget ("in_udp_unreserved_checkbutton")
+ self.in_udp_entry = self.xml.get_widget("in_udp_entry")
+
+ self.network_buttons[self.in_udp_all_checkbutton] = [ self.in_udp_reserved_checkbutton, self.in_udp_unreserved_checkbutton, self.in_udp_entry ]
+
+ self.out_udp_all_checkbutton = xml.get_widget ("out_udp_all_checkbutton")
+ self.out_udp_entry = self.xml.get_widget("out_udp_entry")
+ self.network_buttons[self.out_udp_all_checkbutton] = [ self.out_udp_entry ]
+
+ for b in self.network_buttons.keys():
+ b.connect("clicked",self.network_all_clicked)
+
+ self.role_treeview = self.xml.get_widget("role_treeview")
+ self.role_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.role_treeview.set_model(self.role_store)
+ self.role_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
+ self.role_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Role"), gtk.CellRendererText(), text = 0)
+ self.role_treeview.append_column(col)
+
+ roles = commands.getoutput("/usr/bin/seinfo -r").split()[2:]
+ for i in roles:
+ iter = self.role_store.append()
+ self.role_store.set_value(iter, 0, i[:-2])
+
+ self.types = commands.getoutput("/usr/bin/seinfo -t").split()[2:]
+
+ self.transition_treeview = self.xml.get_widget("transition_treeview")
+ self.transition_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.transition_treeview.set_model(self.transition_store)
+ self.transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
+ self.transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
+ self.transition_treeview.append_column(col)
+
+ self.user_transition_treeview = self.xml.get_widget("user_transition_treeview")
+ self.user_transition_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.user_transition_treeview.set_model(self.user_transition_store)
+ self.user_transition_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
+ self.user_transition_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
+ self.user_transition_treeview.append_column(col)
+
+ for i in polgen.get_users():
+ iter = self.user_transition_store.append()
+ self.user_transition_store.set_value(iter, 0, i)
+
+ self.admin_treeview = self.xml.get_widget("admin_treeview")
+ self.admin_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.admin_treeview.set_model(self.admin_store)
+ self.admin_treeview.get_selection().set_mode(gtk.SELECTION_MULTIPLE)
+ self.admin_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Application"), gtk.CellRendererText(), text = 0)
+ self.admin_treeview.append_column(col)
+
+ for i in polgen.methods:
+ m = re.findall("(.*)%s" % polgen.USER_TRANSITION_INTERFACE, i)
+ if len(m) > 0:
+ if "%s_exec_t" % m[0] in self.types and "user_%s_t" % m[0] in self.types:
+ iter = self.transition_store.append()
+ self.transition_store.set_value(iter, 0, m[0])
+ continue
+
+ m = re.findall("(.*)%s" % polgen.ADMIN_TRANSITION_INTERFACE, i)
+ if len(m) > 0:
+ iter = self.admin_store.append()
+ self.admin_store.set_value(iter, 0, m[0])
+ continue
+
+ def confine_application(self):
+ return self.get_type() in polgen.APPLICATIONS
+
+ def forward(self, arg):
+ type = self.get_type()
+ if self.current_page == self.START_PAGE:
+ self.back_button.set_sensitive(1)
+
+ if self.pages[type][self.current_page] == self.SELECT_TYPE_PAGE:
+ if self.on_select_type_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.IN_NET_PAGE:
+ if self.on_in_net_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.OUT_NET_PAGE:
+ if self.on_out_net_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.APP_PAGE:
+ if self.on_name_page_next():
+ return
+
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
+ self.generate_policy()
+ else:
+ self.current_page = self.current_page + 1
+ self.notebook.set_current_page(self.pages[type][self.current_page])
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
+ self.forward_button.set_label(gtk.STOCK_APPLY)
+
+ def back(self,arg):
+ type = self.get_type()
+ if self.pages[type][self.current_page] == self.FINISH_PAGE:
+ self.forward_button.set_label(gtk.STOCK_GO_FORWARD)
+
+ self.current_page = self.current_page - 1
+ self.notebook.set_current_page(self.pages[type][self.current_page])
+ if self.current_page == 0:
+ self.back_button.set_sensitive(0)
+
+ def network_all_clicked(self, button):
+ active = button.get_active()
+ for b in self.network_buttons[button]:
+ b.set_sensitive(not active)
+
+ def verify(self, message, title="" ):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
+ gtk.BUTTONS_YES_NO,
+ message)
+ dlg.set_title(title)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ rc = dlg.run()
+ dlg.destroy()
+ return rc
+
+ def info(self, message):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
+ gtk.BUTTONS_OK,
+ message)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ dlg.run()
+ dlg.destroy()
+
+ def error(self, message):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
+ gtk.BUTTONS_CLOSE,
+ message)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ dlg.run()
+ dlg.destroy()
+
+ def get_name(self):
+ return self.name_entry.get_text()
+
+ def get_type(self):
+ if self.cgi_radiobutton.get_active():
+ return polgen.CGI
+ if self.user_radiobutton.get_active():
+ return polgen.USER
+ if self.init_radiobutton.get_active():
+ return polgen.DAEMON
+ if self.inetd_radiobutton.get_active():
+ return polgen.INETD
+ if self.xwindows_login_user_radiobutton.get_active():
+ return polgen.XUSER
+ if self.terminal_login_user_radiobutton.get_active():
+ return polgen.TUSER
+ if self.root_user_radiobutton.get_active():
+ return polgen.RUSER
+
+ def generate_policy(self, *args):
+ try:
+ my_policy=polgen.policy(self.get_name(), self.get_type())
+ my_policy.set_in_tcp(self.in_tcp_all_checkbutton.get_active(), self.in_tcp_reserved_checkbutton.get_active(), self.in_tcp_unreserved_checkbutton.get_active(), self.in_tcp_entry.get_text())
+ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
+ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
+ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
+ if self.get_type() in polgen.APPLICATIONS:
+ my_policy.set_program(self.exec_entry.get_text())
+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
+ my_policy.set_use_tmp(self.tmp_checkbutton.get_active() == 1)
+ my_policy.set_use_uid(self.uid_checkbutton.get_active() == 1)
+ my_policy.set_use_pam(self.pam_checkbutton.get_active() == 1)
+ if self.get_type() is polgen.DAEMON:
+ my_policy.set_init_script(self.init_script_entry.get_text())
+ if self.get_type() == polgen.USER:
+ selected = []
+ self.user_transition_treeview.get_selection().selected_foreach(foreach, selected)
+ my_policy.set_transition_users(selected)
+ else:
+ if self.get_type() == polgen.RUSER:
+ selected = []
+ self.admin_treeview.get_selection().selected_foreach(foreach, selected)
+ my_policy.set_admin_domains(selected)
+ else:
+ selected = []
+ self.transition_treeview.get_selection().selected_foreach(foreach, selected)
+ my_policy.set_transition_domains(selected)
+
+ selected = []
+ self.role_treeview.get_selection().selected_foreach(foreach, selected)
+ my_policy.set_admin_roles(selected)
+
+ iter= self.store.get_iter_first()
+ while(iter):
+ if self.store.get_value(iter, 1) == FILE:
+ my_policy.add_file(self.store.get_value(iter, 0))
+ else:
+ my_policy.add_dir(self.store.get_value(iter, 0))
+ iter= self.store.iter_next(iter)
+
+ self.info(my_policy.generate(self.output_entry.get_text()))
+ return False
+ except ValueError, e:
+ self.error(e.message)
+
+ def delete(self, args):
+ store, iter = self.view.get_selection().get_selected()
+ if iter != None:
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+
+ def __add(self,type):
+ rc = self.file_dialog.run()
+ self.file_dialog.hide()
+ if rc == gtk.RESPONSE_CANCEL:
+ return
+ for i in self.file_dialog.get_filenames():
+ iter = self.store.append()
+ self.store.set_value(iter, 0, i)
+ self.store.set_value(iter, 1, type)
+
+ def exec_select(self, args):
+ self.file_dialog.set_select_multiple(0)
+ self.file_dialog.set_title(_("Select executable file to be confined."))
+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE)
+ self.file_dialog.set_current_folder("/usr/sbin")
+ rc = self.file_dialog.run()
+ self.file_dialog.hide()
+ if rc == gtk.RESPONSE_CANCEL:
+ return
+ self.exec_entry.set_text(self.file_dialog.get_filename())
+
+ def init_script_select(self, args):
+ self.file_dialog.set_select_multiple(0)
+ self.file_dialog.set_title(_("Select init script file to be confined."))
+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SAVE)
+ self.file_dialog.set_current_folder("/etc/init.d")
+ rc = self.file_dialog.run()
+ self.file_dialog.hide()
+ if rc == gtk.RESPONSE_CANCEL:
+ return
+ self.init_script_entry.set_text(self.file_dialog.get_filename())
+
+ def add(self, args):
+ self.file_dialog.set_title(_("Select file(s) that confined application creates or writes"))
+ self.file_dialog.set_select_multiple(1)
+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_OPEN)
+ self.__add(FILE)
+
+ def add_dir(self, args):
+ self.file_dialog.set_title(_("Select directory(s) that the confined application owns and writes into"))
+ self.file_dialog.set_select_multiple(0)
+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_CREATE_FOLDER)
+ self.__add(DIR)
+
+ def on_about_clicked(self, args):
+ dlg = xml.get_widget ("about_dialog")
+ dlg.run ()
+ dlg.hide ()
+
+ def quit(self, args):
+ gtk.main_quit()
+
+ def setupScreen(self):
+ # Bring in widgets from glade file.
+ self.mainWindow = self.xml.get_widget("main_window")
+ self.druid = self.xml.get_widget("druid")
+ self.type = 0
+ self.name_entry = self.xml.get_widget("name_entry")
+ self.exec_entry = self.xml.get_widget("exec_entry")
+ self.exec_button = self.xml.get_widget("exec_button")
+ self.init_script_entry = self.xml.get_widget("init_script_entry")
+ self.init_script_button = self.xml.get_widget("init_script_button")
+ self.output_entry = self.xml.get_widget("output_entry")
+ self.output_entry.set_text(os.getcwd())
+ self.xml.get_widget("output_button").connect("clicked",self.output_button_clicked)
+
+ self.xwindows_login_user_radiobutton = self.xml.get_widget("xwindows_login_user_radiobutton")
+ self.terminal_login_user_radiobutton = self.xml.get_widget("terminal_login_user_radiobutton")
+ self.root_user_radiobutton = self.xml.get_widget("root_user_radiobutton")
+
+ self.user_radiobutton = self.xml.get_widget("user_radiobutton")
+ self.init_radiobutton = self.xml.get_widget("init_radiobutton")
+ self.inetd_radiobutton = self.xml.get_widget("inetd_radiobutton")
+ self.cgi_radiobutton = self.xml.get_widget("cgi_radiobutton")
+ self.tmp_checkbutton = self.xml.get_widget("tmp_checkbutton")
+ self.uid_checkbutton = self.xml.get_widget("uid_checkbutton")
+ self.pam_checkbutton = self.xml.get_widget("pam_checkbutton")
+ self.syslog_checkbutton = self.xml.get_widget("syslog_checkbutton")
+ self.view = self.xml.get_widget("write_treeview")
+ self.file_dialog = self.xml.get_widget("filechooserdialog")
+
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_INT)
+ self.view.set_model(self.store)
+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.view.get_selection().select_path ((0,))
+
+ def output_button_clicked(self, *args):
+ self.file_dialog.set_title(_("Select directory to generate policy files in"))
+ self.file_dialog.set_action(gtk.FILE_CHOOSER_ACTION_SELECT_FOLDER)
+ self.file_dialog.set_select_multiple(0)
+ rc = self.file_dialog.run()
+ self.file_dialog.hide()
+ if rc == gtk.RESPONSE_CANCEL:
+ return
+ self.output_entry.set_text(self.file_dialog.get_filename())
+
+ def on_in_net_page_next(self, *args):
+ try:
+ polgen.verify_ports(self.in_tcp_entry.get_text())
+ polgen.verify_ports(self.in_udp_entry.get_text())
+ except ValueError, e:
+ self.error(e.message)
+ return True
+
+ def on_out_net_page_next(self, *args):
+ try:
+ polgen.verify_ports(self.out_tcp_entry.get_text())
+ polgen.verify_ports(self.out_udp_entry.get_text())
+ except ValueError, e:
+ self.error(e.message)
+ return True
+
+ def on_select_type_page_next(self, *args):
+ self.exec_entry.set_sensitive(self.confine_application())
+ self.exec_button.set_sensitive(self.confine_application())
+ self.init_script_entry.set_sensitive(self.init_radiobutton.get_active())
+ self.init_script_button.set_sensitive(self.init_radiobutton.get_active())
+
+ def on_name_page_next(self, *args):
+ name=self.name_entry.get_text()
+ if name == "":
+ self.error(_("You must enter a name"))
+ return True
+
+ if self.confine_application():
+ exe = self.exec_entry.get_text()
+ if exe == "":
+ self.error(_("You must enter a executable"))
+ return True
+
+ def stand_alone(self):
+ desktopName = _("Configue SELinux")
+
+ self.setupScreen()
+ self.mainWindow.connect("destroy", self.quit)
+
+ self.mainWindow.show_all()
+ gtk.main()
+
+if __name__ == "__main__":
+ signal.signal (signal.SIGINT, signal.SIG_DFL)
+
+ app = childWindow()
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.27/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/polgen.py 2007-09-28 15:36:04.000000000 -0400
@@ -0,0 +1,759 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+import os, sys, stat
+import re
+from templates import executable
+from templates import var_spool
+from templates import var_lib
+from templates import var_log
+from templates import var_run
+from templates import tmp
+from templates import rw
+from templates import network
+from templates import script
+from templates import user
+import seobject
+import sepolgen.interfaces as interfaces
+import sepolgen.defaults as defaults
+
+##
+## I18N
+##
+PROGNAME="system-config-selinux"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+methods = []
+fn = defaults.interface_info()
+try:
+ fd = open(fn)
+ # List of per_role_template interfaces
+ ifs = interfaces.InterfaceSet()
+ ifs.from_file(fd)
+ methods = ifs.interfaces.keys()
+ fd.close()
+except:
+ sys.stderr.write("could not open interface info [%s]\n" % fn)
+ sys.exit(1)
+
+def get_users():
+ users = []
+ userdict = seobject.seluserRecords().get_all()
+ for i in userdict.keys():
+ if userdict[i][0] not in users:
+ users.append(userdict[i][0])
+ users.sort()
+ return users
+
+
+ALL = 0
+RESERVED = 1
+UNRESERVED = 2
+PORTS = 3
+ADMIN_TRANSITION_INTERFACE = "_admin$"
+USER_TRANSITION_INTERFACE = "_per_role_template$"
+
+DAEMON = 0
+INETD = 1
+USER = 2
+CGI = 3
+XUSER = 4
+TUSER = 5
+RUSER = 6
+APPLICATIONS = [ DAEMON, INETD, USER, CGI ]
+USERS = [ XUSER, TUSER, RUSER ]
+
+def verify_ports(ports):
+ if ports == "":
+ return []
+ max_port=2**16
+ try:
+ temp = []
+ for a in ports.split(","):
+ r = a.split("-")
+ if len(r) > 2:
+ raise ValueError
+ if len(r) == 1:
+ begin = int (r[0])
+ end = int (r[0])
+ else:
+ begin = int (r[0])
+ end = int (r[1])
+
+ if begin > end:
+ raise ValueError
+
+ for p in range(begin, end + 1):
+ if p < 1 or p > max_port:
+ raise ValueError
+ temp.append(p)
+ return temp
+ except ValueError:
+ raise ValueError(_("Ports must be be numbers or ranges of numbers from 1 to %d " % max_port ))
+
+class policy:
+
+ def __init__(self, name, type):
+ ports = seobject.portRecords()
+ self.ports = ports.get_all()
+
+ self.DEFAULT_DIRS = {}
+ self.DEFAULT_DIRS["rw"] = ["rw", [], rw];
+ self.DEFAULT_DIRS["tmp"] = ["tmp", [], tmp];
+ self.DEFAULT_DIRS["/var/spool"] = ["var_spool", [], var_spool];
+ self.DEFAULT_DIRS["/var/lib"] = ["var_lib", [], var_lib];
+ self.DEFAULT_DIRS["/var/log"] = ["var_log", [], var_log];
+ self.DEFAULT_DIRS["/var/run"] = ["var_run", [], var_run];
+
+ self.DEFAULT_TYPES = (( self.generate_daemon_types, self.generate_daemon_rules), ( self.generate_inetd_types, self.generate_inetd_rules), ( self.generate_userapp_types, self.generate_userapp_rules), ( self.generate_cgi_types, self.generate_cgi_rules), ( self.generate_x_login_user_types, self.generate_x_login_user_rules), ( self.generate_login_user_types, self.generate_login_user_rules), ( self.generate_root_user_types, self.generate_root_user_rules))
+ if name == "":
+ raise ValueError(_("You must enter a name for your confined process"))
+ if type == CGI:
+ self.name = "httpd_%s_script" % name
+ else:
+ self.name = name
+ self.file_name = name
+
+ self.type = type
+ self.initscript = ""
+ self.program = ""
+ self.in_tcp = [False, False, False, []]
+ self.in_udp = [False, False, False, []]
+ self.out_tcp = [False, False, False, []]
+ self.out_udp = [False, False, False, []]
+ self.use_tmp = False
+ self.use_uid = False
+ self.use_pam = False
+ self.use_syslog = False
+ self.files = {}
+ self.dirs = {}
+ self.found_tcp_ports=[]
+ self.found_udp_ports=[]
+ self.need_tcp_type=False
+ self.need_udp_type=False
+ self.admin_domains = []
+ self.transition_domains = []
+ self.roles = []
+
+ def __isnetset(self, l):
+ return l[ALL] or l[RESERVED] or l[UNRESERVED] or len(l[PORTS]) > 0
+
+ def set_admin_domains(self, admin_domains):
+ self.admin_domains = admin_domains
+
+ def set_admin_roles(self, roles):
+ self.roles = roles
+
+ def set_transition_domains(self, transition_domains):
+ self.transition_domains = transition_domains
+
+ def set_transition_users(self, transition_users):
+ self.transition_users = transition_users
+
+ def use_in_udp(self):
+ return self.__isnetset(self.in_udp)
+
+ def use_out_udp(self):
+ return self.__isnetset(self.out_udp)
+
+ def use_udp(self):
+ return self.use_in_udp() or self.use_out_udp()
+
+ def use_in_tcp(self):
+ return self.__isnetset(self.in_tcp)
+
+ def use_out_tcp(self):
+ return self.__isnetset(self.out_tcp)
+
+ def use_tcp(self):
+ return self.use_in_tcp() or self.use_out_tcp()
+
+ def use_network(self):
+ return self.use_tcp() or self.use_udp()
+
+ def find_port(self, port):
+ for begin,end in self.ports.keys():
+ if port >= begin and port <= end:
+ return self.ports[begin,end]
+ return None
+
+ def set_program(self, program):
+ if self.type not in APPLICATIONS:
+ raise ValueError(_("USER Types are not allowed executables"))
+
+ self.program = program
+
+ def set_init_script(self, initscript):
+ if self.type != DAEMON:
+ raise ValueError(_("Only DAEMON apps can use an init script"))
+
+ self.initscript = initscript
+
+ def set_in_tcp(self, all, reserved, unreserved, ports):
+ self.in_tcp = [ all, reserved, unreserved, verify_ports(ports)]
+
+ def set_in_udp(self, all, reserved, unreserved, ports):
+ self.in_udp = [ all, reserved, unreserved, verify_ports(ports)]
+
+ def set_out_tcp(self, all, ports):
+ self.out_tcp = [ all , False, False, verify_ports(ports) ]
+
+ def set_out_udp(self, all, ports):
+ self.out_udp = [ all , False, False, verify_ports(ports) ]
+
+ def set_use_syslog(self, val):
+ if val != True and val != False:
+ raise ValueError(_("use_syslog must be a boolean value "))
+
+ self.use_syslog = val
+
+ def set_use_pam(self, val):
+ self.use_pam = val == True
+
+ def set_use_tmp(self, val):
+ if self.type not in APPLICATIONS:
+ raise ValueError(_("USER Types autoomatically get a tmp type"))
+
+ if val:
+ self.DEFAULT_DIRS["tmp"][1].append("/tmp");
+ else:
+ self.DEFAULT_DIRS["tmp"][1]=[]
+
+ def set_use_uid(self, val):
+ self.use_uid = val == True
+
+ def generate_uid_rules(self):
+ if self.use_uid:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_uid_rules)
+ else:
+ return ""
+
+ def generate_syslog_rules(self):
+ if self.use_syslog:
+ return re.sub("TEMPLATETYPE", self.name, executable.te_syslog_rules)
+ else:
+ return ""
+
+ def generate_pam_rules(self):
+ newte =""
+ if self.use_pam:
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_pam_rules)
+ return newte
+
+ def generate_network_action(self, protocol, action, port_name):
+ line = ""
+ method = "corenet_%s_%s_%s" % (protocol, action, port_name)
+ if method in methods:
+ line = "%s(%s_t)\n" % (method, self.name)
+ else:
+ line = """
+gen_require(`
+ type %s_t;
+')
+allow %s_t %s_t:%s_socket name_%s;
+""" % (port_name, self.name, port_name, protocol, action)
+ return line
+
+ def generate_network_types(self):
+ for i in self.in_tcp[PORTS]:
+ rec = self.find_port(int(i))
+ if rec == None:
+ self.need_tcp_type = True;
+ else:
+ port_name = rec[0][:-2]
+ line = self.generate_network_action("tcp", "bind", port_name)
+# line = "corenet_tcp_bind_%s(%s_t)\n" % (port_name, self.name)
+ if line not in self.found_tcp_ports:
+ self.found_tcp_ports.append(line)
+
+ for i in self.out_tcp[PORTS]:
+ rec = self.find_port(int(i))
+ if rec == None:
+ self.need_tcp_type = True;
+ else:
+ port_name = rec[0][:-2]
+ line = self.generate_network_action("tcp", "connect", port_name)
+# line = "corenet_tcp_connect_%s(%s_t)\n" % (port_name, self.name)
+ if line not in self.found_tcp_ports:
+ self.found_tcp_ports.append(line)
+
+ for i in self.in_udp[PORTS]:
+ rec = self.find_port(int(i))
+ if rec == None:
+ self.need_udp_type = True;
+ else:
+ port_name = rec[0][:-2]
+ line = self.generate_network_action("udp", "bind", port_name)
+# line = "corenet_udp_bind_%s(%s_t)\n" % (port_name, self.name)
+ if line not in self.found_udp_ports:
+ self.found_udp_ports.append(line)
+
+ if self.need_udp_type == True or self.need_tcp_type == True:
+ return re.sub("TEMPLATETYPE", self.name, network.te_port_types)
+ return ""
+
+ def __find_path(self, file):
+ for d in self.DEFAULT_DIRS:
+ if file.find(d) == 0:
+ self.DEFAULT_DIRS[d][1].append(file)
+ return self.DEFAULT_DIRS[d]
+ self.DEFAULT_DIRS["rw"][1].append(file)
+ return self.DEFAULT_DIRS["rw"]
+
+ def add_file(self, file):
+ self.files[file] = self.__find_path(file)
+
+ def add_dir(self, file):
+ self.dirs[file] = self.__find_path(file)
+
+ def generate_network_rules(self):
+ newte = ""
+ if self.use_network():
+ newte = "\n"
+
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_network)
+
+ if self.use_tcp():
+ newte += "\n"
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_tcp)
+
+ if self.use_in_tcp():
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_tcp)
+
+ if self.need_tcp_type and len(self.in_tcp[PORTS]) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_tcp)
+
+ if self.need_tcp_type and len(self.out_tcp[PORTS]) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_need_port_tcp)
+
+
+ if self.in_tcp[ALL]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_tcp)
+ if self.in_tcp[RESERVED]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_tcp)
+ if self.in_tcp[UNRESERVED]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_tcp)
+
+ if self.out_tcp[ALL]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_all_ports_tcp)
+ if self.out_tcp[RESERVED]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_reserved_ports_tcp)
+ if self.out_tcp[UNRESERVED]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_out_unreserved_ports_tcp)
+
+ for i in self.found_tcp_ports:
+ newte += i
+
+ if self.use_udp():
+ newte += "\n"
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_udp)
+
+ if self.need_udp_type:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_need_port_udp)
+ if self.use_in_udp():
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_udp)
+ if self.in_udp[ALL]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_all_ports_udp)
+ if self.in_udp[RESERVED]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_reserved_ports_udp)
+ if self.in_udp[UNRESERVED]:
+ newte += re.sub("TEMPLATETYPE", self.name, network.te_in_unreserved_ports_udp)
+
+ for i in self.found_udp_ports:
+ newte += i
+ return newte
+
+ def generate_transition_rules(self):
+ newte = ""
+ for app in self.transition_domains:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_transition_rules)
+ newte += re.sub("APPLICATION", app, tmp)
+
+ if self.type == USER:
+ for u in self.transition_users:
+ temp = re.sub("TEMPLATETYPE", self.name, executable.te_userapp_trans_rules)
+ newte += re.sub("USER", u, temp)
+
+ return newte
+
+ def generate_admin_rules(self):
+ newte = ""
+ if self.type == RUSER:
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_admin_rules)
+
+ for app in self.admin_domains:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_admin_domain_rules)
+ newte += re.sub("APPLICATION", app, tmp)
+ return newte
+
+ def generate_admin_if(self):
+ newif = ""
+ if self.initscript != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_admin)
+ for d in self.DEFAULT_DIRS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_admin_rules)
+
+ if newif != "":
+ ret = re.sub("TEMPLATETYPE", self.name, executable.if_begin_admin)
+ ret += newif
+ ret += re.sub("TEMPLATETYPE", self.name, executable.if_end_admin)
+ return ret
+
+ return ""
+
+ def generate_cgi_types(self):
+ return re.sub("TEMPLATETYPE", self.file_name, executable.te_cgi_types)
+
+ def generate_userapp_types(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_types)
+
+ def generate_inetd_types(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_types)
+
+ def generate_login_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_types)
+
+ def generate_x_login_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_types)
+
+ def generate_root_user_types(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_root_user_types)
+
+ def generate_daemon_types(self):
+ newte = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_types)
+ if self.initscript != "":
+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_initscript_types)
+ return newte
+
+ def generate_tmp_types(self):
+ if self.use_tmp:
+ return re.sub("TEMPLATETYPE", self.name, tmp.te_types)
+ else:
+ return ""
+
+ def generate_cgi_te(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
+
+ def generate_daemon_rules(self):
+ newif = re.sub("TEMPLATETYPE", self.name, executable.te_daemon_rules)
+
+ return newif
+
+ def generate_login_user_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_login_user_rules)
+
+ def generate_x_login_user_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, user.te_x_login_user_rules)
+
+ def generate_root_user_rules(self):
+ newte =re.sub("TEMPLATETYPE", self.name, user.te_root_user_rules)
+ return newte
+
+ def generate_userapp_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_userapp_rules)
+
+ def generate_inetd_rules(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_inetd_rules)
+
+ def generate_tmp_rules(self):
+ if self.use_tmp:
+ return re.sub("TEMPLATETYPE", self.name, tmp.te_rules)
+ else:
+ return ""
+
+ def generate_cgi_rules(self):
+ newte = ""
+ newte += re.sub("TEMPLATETYPE", self.name, executable.te_cgi_rules)
+ return newte
+
+ def generate_user_if(self):
+ newif = ""
+ if self.type == USER:
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_user_program_rules)
+
+ return newif
+
+ def generate_if(self):
+ newif = ""
+ if self.program != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_program_rules)
+ if self.initscript != "":
+ newif += re.sub("TEMPLATETYPE", self.name, executable.if_initscript_rules)
+
+ for d in self.DEFAULT_DIRS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_rules)
+ for i in self.DEFAULT_DIRS[d][1]:
+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
+ newif += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].if_stream_rules)
+ break
+ newif += self.generate_user_if()
+ newif += self.generate_admin_if()
+
+ return newif
+
+ def generate_default_types(self):
+ return self.DEFAULT_TYPES[self.type][0]()
+
+ def generate_default_rules(self):
+ return self.DEFAULT_TYPES[self.type][1]()
+
+ def generate_roles_rules(self):
+ newte = ""
+ if self.type in ( TUSER, XUSER):
+ roles = ""
+ if len(self.roles) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, user.te_newrole_rules)
+ for role in self.roles:
+ tmp = re.sub("TEMPLATETYPE", self.name, user.te_roles_rules)
+ newte += re.sub("ROLE", role, tmp)
+ return newte
+
+ def generate_te(self):
+ newte = self.generate_default_types()
+ for d in self.DEFAULT_DIRS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ # CGI scripts already have a rw_t
+ if self.type != CGI or d != "rw":
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_types)
+
+ newte += self.generate_network_types()
+ newte += self.generate_tmp_types()
+ newte += self.generate_default_rules()
+
+ for d in self.DEFAULT_DIRS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_rules)
+ for i in self.DEFAULT_DIRS[d][1]:
+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
+ newte += re.sub("TEMPLATETYPE", self.name, self.DEFAULT_DIRS[d][2].te_stream_rules)
+ break
+
+ newte += self.generate_network_rules()
+ newte += self.generate_tmp_rules()
+ newte += self.generate_uid_rules()
+ newte += self.generate_syslog_rules()
+ newte += self.generate_pam_rules()
+ newte += self.generate_roles_rules()
+ newte += self.generate_transition_rules()
+ newte += self.generate_admin_rules()
+ return newte
+
+ def generate_fc(self):
+ newfc = ""
+ if self.program == "":
+ raise ValueError(_("You must enter the executable path for your confined process"))
+
+ t1 = re.sub("EXECUTABLE", self.program, executable.fc_program)
+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
+
+ if self.initscript != "":
+ t1 = re.sub("EXECUTABLE", self.initscript, executable.fc_initscript)
+ newfc += re.sub("TEMPLATETYPE", self.name, t1)
+
+ for i in self.files.keys():
+ if os.path.exists(i) and stat.S_ISSOCK(os.stat(i)[stat.ST_MODE]):
+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_sock_file)
+ else:
+ t1 = re.sub("TEMPLATETYPE", self.name, self.files[i][2].fc_file)
+ t2 = re.sub("FILENAME", i, t1)
+ newfc += re.sub("FILETYPE", self.files[i][0], t2)
+
+ for i in self.dirs.keys():
+ t1 = re.sub("TEMPLATETYPE", self.name, self.dirs[i][2].fc_dir)
+ t2 = re.sub("FILENAME", i, t1)
+ newfc += re.sub("FILETYPE", self.dirs[i][0], t2)
+
+ return newfc
+
+ def generate_user_sh(self):
+ newsh = ""
+ if self.type in ( TUSER, XUSER):
+ roles = ""
+ for role in self.roles:
+ roles += " %s_r" % role
+ if roles != "":
+ roles += " system_r"
+ tmp = re.sub("TEMPLATETYPE", self.name, script.users)
+ newsh += re.sub("ROLES", roles, tmp)
+ return newsh
+
+ def generate_sh(self):
+ newsh = re.sub("TEMPLATETYPE", self.name, script.compile)
+ newsh = re.sub("PACKAGEFILENAME", self.file_name, newsh)
+ if self.program != "":
+ newsh += re.sub("FILENAME", self.program, script.restorecon)
+ if self.initscript != "":
+ newsh += re.sub("FILENAME", self.initscript, script.restorecon)
+
+ for i in self.files.keys():
+ newsh += re.sub("FILENAME", i, script.restorecon)
+
+ for i in self.dirs.keys():
+ newsh += re.sub("FILENAME", i, script.restorecon)
+
+ for i in self.in_tcp[PORTS] + self.out_tcp[PORTS]:
+ if self.find_port(i) == None:
+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
+ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
+ if self.find_port(i) == None:
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
+
+ newsh += self.generate_user_sh()
+
+ return newsh
+
+ def write_te(self, out_dir):
+ tefile = "%s/%s.te" % (out_dir, self.file_name)
+ fd = open(tefile, "w")
+ fd.write(self.generate_te())
+ fd.close()
+ return tefile
+
+ def write_sh(self, out_dir):
+ shfile = "%s/%s.sh" % (out_dir, self.file_name)
+ fd = open(shfile, "w")
+ fd.write(self.generate_sh())
+ fd.close()
+ return shfile
+
+ def write_if(self, out_dir):
+ iffile = "%s/%s.if" % (out_dir, self.file_name)
+ fd = open(iffile, "w")
+ fd.write(self.generate_if())
+ fd.close()
+ return iffile
+
+ def write_fc(self,out_dir):
+ fcfile = "%s/%s.fc" % (out_dir, self.file_name)
+ if self.type in APPLICATIONS:
+ fd = open(fcfile, "w")
+ fd.write(self.generate_fc())
+ fd.close()
+ return fcfile
+
+ def generate(self, out_dir = "."):
+ out = "Created the following files:\n"
+ out += "%-25s %s\n" % (_("Type Enforcment file"), self.write_te(out_dir))
+ out += "%-25s %s\n" % (_("Interface file"), self.write_if(out_dir))
+ out += "%-25s %s\n" % (_("File Contexts file"), self.write_fc(out_dir))
+ out += "%-25s %s\n" % (_("Setup Script"),self.write_sh(out_dir))
+ return out
+
+def errorExit(error):
+ sys.stderr.write("%s: " % sys.argv[0])
+ sys.stderr.write("%s\n" % error)
+ sys.stderr.flush()
+ sys.exit(1)
+
+
+if __name__ == '__main__':
+ mypolicy = policy("mycgi", CGI)
+ mypolicy.set_program("/var/www/cgi-bin/cgi")
+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
+ mypolicy.set_in_udp(1, 0, 0, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(False)
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
+ mypolicy.set_out_tcp(0,"8000")
+ print mypolicy.generate("/var/tmp")
+
+ mypolicy = policy("myuser", USER)
+ mypolicy.set_program("/usr/bin/myuser")
+ mypolicy.set_in_tcp(1, 0, 0, "513")
+ mypolicy.set_in_udp(1, 0, 0, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(True)
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
+ mypolicy.add_file("/var/lib/myuser/myuser.sock")
+ mypolicy.set_out_tcp(0,"8000")
+ mypolicy.set_transition_users(["unconfined", "staff"])
+ print mypolicy.generate("/var/tmp")
+
+
+ mypolicy = policy("myrwho", DAEMON)
+ mypolicy.set_program("/usr/sbin/myrwhod")
+ mypolicy.set_init_script("/etc/init.d/myrwhod")
+ mypolicy.set_in_tcp(1, 0, 0, "513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(True)
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
+ mypolicy.add_dir("/var/run/myrwho")
+ mypolicy.add_dir("/var/lib/myrwho")
+ print mypolicy.generate("/var/tmp")
+
+ mypolicy = policy("myinetd", INETD)
+ mypolicy.set_program("/usr/bin/mytest")
+ mypolicy.set_in_tcp(1, 0, 0, "513")
+ mypolicy.set_in_udp(1, 0, 0, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_tmp(True)
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
+ mypolicy.add_file("/var/lib/mysql/mysql.sock")
+ mypolicy.add_file("/var/run/rpcbind.sock")
+ mypolicy.add_file("/var/run/daemon.pub")
+ mypolicy.add_file("/var/log/daemon.log")
+ mypolicy.add_dir("/var/lib/daemon")
+ mypolicy.add_dir("/etc/daemon")
+ mypolicy.add_dir("/etc/daemon/special")
+ mypolicy.set_out_tcp(0,"8000")
+ print mypolicy.generate("/var/tmp")
+
+ mypolicy = policy("mytuser", TUSER)
+ mypolicy.set_transition_domains(["sudo"])
+ mypolicy.set_admin_roles(["mydbadm"])
+ print mypolicy.generate("/var/tmp")
+
+ mypolicy = policy("myxuser", XUSER)
+ mypolicy.set_in_tcp(1, 1, 1, "28920")
+ mypolicy.set_in_udp(0, 0, 1, "1513")
+ mypolicy.set_use_uid(True)
+ mypolicy.set_use_syslog(True)
+ mypolicy.set_use_pam(True)
+ mypolicy.set_transition_domains(["mozilla"])
+ print mypolicy.generate("/var/tmp")
+
+ mypolicy = policy("mydbadm", RUSER)
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
+ print mypolicy.generate("/var/tmp")
+
+ sys.exit(0)
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/portsPage.py policycoreutils-2.0.27/gui/portsPage.py
--- nsapolicycoreutils/gui/portsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/portsPage.py 2007-10-01 17:44:08.000000000 -0400
@@ -0,0 +1,251 @@
+## portsPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import seobject
+import commands
+from semanagePage import *;
+
+##
+## I18N
+##
+PROGNAME = "policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+TYPE_COL = 0
+PROTOCOL_COL = 1
+MLS_COL = 2
+PORT_COL = 3
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class portsPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "ports", "Network Port")
+ xml.signal_connect("on_group_clicked", self.on_group_clicked)
+ self.group = False
+ self.ports_filter = xml.get_widget("portsFilterEntry")
+ self.ports_filter.connect("focus_out_event", self.filter_changed)
+ self.ports_filter.connect("activate", self.filter_changed)
+ self.ports_name_entry = xml.get_widget("portsNameEntry")
+ self.ports_protocol_combo = xml.get_widget("portsProtocolCombo")
+ self.ports_number_entry = xml.get_widget("portsNumberEntry")
+ self.ports_mls_entry = xml.get_widget("portsMLSEntry")
+ self.ports_add_button = xml.get_widget("portsAddButton")
+ self.ports_properties_button = xml.get_widget("portsPropertiesButton")
+ self.ports_delete_button = xml.get_widget("portsDeleteButton")
+ liststore = self.ports_protocol_combo.get_model()
+ iter = liststore.get_iter_first()
+ self.ports_protocol_combo.set_active_iter(iter)
+ self.init_store()
+ self.edit = True
+ self.load()
+
+ def filter_changed(self, *arg):
+ filter = arg[0].get_text()
+ if filter != self.filter:
+ if self.edit:
+ self.load(filter)
+ else:
+ self.group_load(filter)
+
+ def init_store(self):
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING , gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+
+ col = gtk.TreeViewColumn(_("SELinux Port\nType"), gtk.CellRendererText(), text = TYPE_COL)
+ col.set_sort_column_id(TYPE_COL)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.store.set_sort_column_id(TYPE_COL, gtk.SORT_ASCENDING)
+
+ col = gtk.TreeViewColumn(_("Protocol"), gtk.CellRendererText(), text = PROTOCOL_COL)
+ col.set_sort_column_id(PROTOCOL_COL)
+ col.set_resizable(True)
+ self.view.append_column(col)
+
+ self.mls_col = gtk.TreeViewColumn(_("MLS/MCS\nLevel"), gtk.CellRendererText(), text = MLS_COL)
+ self.mls_col.set_resizable(True)
+ self.mls_col.set_sort_column_id(MLS_COL)
+ self.view.append_column(self.mls_col)
+
+ col = gtk.TreeViewColumn(_("Port"), gtk.CellRendererText(), text = PORT_COL)
+ col.set_sort_column_id(PORT_COL)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ self.store.set_sort_func(PORT_COL,self.sort_int, "")
+
+ def sort_int(self, treemodel, iter1, iter2, user_data):
+ try:
+ p1 = int(treemodel.get_value(iter1,2))
+ p2 = int(treemodel.get_value(iter2,2))
+ if p1 > p2:
+ return 1
+ if p1 == p2:
+ return 0
+ return -1
+ except:
+ return 0
+
+ def load(self,filter = ""):
+ self.filter=filter
+ self.port = seobject.portRecords()
+ dict = self.port.get_all(self.local)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
+ for k in keys:
+ if not (self.match(str(k[0]), filter) or self.match(dict[k][0], filter) or self.match(dict[k][1], filter) or self.match(dict[k][2], filter)):
+ continue
+ iter = self.store.append()
+ if k[0] == k[1]:
+ self.store.set_value(iter, PORT_COL, k[0])
+ else:
+ rec = "%s-%s" % k
+ self.store.set_value(iter, PORT_COL, rec)
+ self.store.set_value(iter, TYPE_COL, dict[k][0])
+ self.store.set_value(iter, PROTOCOL_COL, dict[k][1])
+ self.store.set_value(iter, MLS_COL, dict[k][2])
+ self.view.get_selection().select_path ((0,))
+
+ def group_load(self, filter = ""):
+ self.filter=filter
+ self.port = seobject.portRecords()
+ dict = self.port.get_all_by_type(self.local)
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
+ for k in keys:
+ ports_string = ", ".join(dict[k])
+ if not (self.match(ports_string, filter) or self.match(k[0], filter) or self.match(k[1], filter) ):
+ continue
+ iter = self.store.append()
+ self.store.set_value(iter, TYPE_COL, k[0])
+ self.store.set_value(iter, PROTOCOL_COL, k[1])
+ self.store.set_value(iter, PORT_COL, ports_string)
+ self.store.set_value(iter, MLS_COL, "")
+ self.view.get_selection().select_path ((0,))
+
+ def propertiesDialog(self):
+ if self.edit:
+ semanagePage.propertiesDialog(self)
+
+ def dialogInit(self):
+ store, iter = self.view.get_selection().get_selected()
+ self.ports_number_entry.set_text(store.get_value(iter, PORT_COL))
+ self.ports_number_entry.set_sensitive(False)
+ self.ports_protocol_combo.set_sensitive(False)
+ self.ports_name_entry.set_text(store.get_value(iter, TYPE_COL))
+ self.ports_mls_entry.set_text(store.get_value(iter, MLS_COL))
+ protocol = store.get_value(iter, PROTOCOL_COL)
+ liststore = self.ports_protocol_combo.get_model()
+ iter = liststore.get_iter_first()
+ while iter != None and liststore.get_value(iter,0) != protocol:
+ iter = liststore.iter_next(iter)
+ if iter != None:
+ self.ports_protocol_combo.set_active_iter(iter)
+
+ def dialogClear(self):
+ self.ports_number_entry.set_text("")
+ self.ports_number_entry.set_sensitive(True)
+ self.ports_protocol_combo.set_sensitive(True)
+ self.ports_name_entry.set_text("")
+ self.ports_mls_entry.set_text("s0")
+
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ port = store.get_value(iter, PORT_COL)
+ protocol = store.get_value(iter, 1)
+ try:
+ (rc, out) = commands.getstatusoutput("semanage port -d -p %s %s" % (protocol, port))
+ if rc != 0:
+ return self.error(out)
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def add(self):
+ target = self.ports_name_entry.get_text().strip()
+ mls = self.ports_mls_entry.get_text().strip()
+ port_number = self.ports_number_entry.get_text().strip()
+ if port_number == "":
+ port_number = "1"
+ if not port_number.isdigit():
+ self.error(_("Port number \"%s\" is not valid. 0 < PORT_NUMBER < 65536 ") % port_number )
+ return False
+ list_model = self.ports_protocol_combo.get_model()
+ iter = self.ports_protocol_combo.get_active_iter()
+ protocol = list_model.get_value(iter,0)
+ (rc, out) = commands.getstatusoutput("semanage port -a -p %s -r %s -t %s %s" % (protocol, mls, target, port_number))
+ if rc != 0:
+ self.error(out)
+ return False
+ iter = self.store.append()
+
+ self.store.set_value(iter, TYPE_COL, target)
+ self.store.set_value(iter, PORT_COL, port_number)
+ self.store.set_value(iter, PROTOCOL_COL, protocol)
+ self.store.set_value(iter, MLS_COL, mls)
+
+ def modify(self):
+ target = self.ports_name_entry.get_text().strip()
+ mls = self.ports_mls_entry.get_text().strip()
+ port_number = self.ports_number_entry.get_text().strip()
+ list_model = self.ports_protocol_combo.get_model()
+ iter = self.ports_protocol_combo.get_active_iter()
+ protocol = list_model.get_value(iter,0)
+ (rc, out) = commands.getstatusoutput("semanage port -m -p %s -r %s -t %s %s" % (protocol, mls, target, port_number))
+ if rc != 0:
+ self.error(out)
+ return False
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, TYPE_COL, target)
+ self.store.set_value(iter, PORT_COL, port_number)
+ self.store.set_value(iter, PROTOCOL_COL, protocol)
+ self.store.set_value(iter, MLS_COL, mls)
+
+ def on_group_clicked(self, button):
+ self.ports_add_button.set_sensitive(self.group)
+ self.ports_properties_button.set_sensitive(self.group)
+ self.ports_delete_button.set_sensitive(self.group)
+ self.mls_col.set_visible(self.group)
+
+ self.group = not self.group
+ if self.group:
+ button.set_label(_("List View"))
+ self.group_load(self.filter)
+ else:
+ button.set_label(_("Group View"))
+ self.load(self.filter)
+
+ return True
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/selinux.tbl policycoreutils-2.0.27/gui/selinux.tbl
--- nsapolicycoreutils/gui/selinux.tbl 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/selinux.tbl 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,295 @@
+! allow_console_login _("Login") _("Allow direct login to the console device. Required for System 390")
+acct_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for acct daemon")
+allow_cvs_read_shadow _("CVS") _("Allow cvs daemon to read shadow")
+allow_daemons_dump_core _("Admin") _("Allow all daemons to write corefiles to /")
+allow_daemons_use_tty _("Admin") _("Allow all daemons the ability to use unallocated ttys")
+allow_execheap _("Memory Protection") _("Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+allow_execmem _("Memory Protection") _("Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
+allow_execmod _("Memory Protection") _("Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
+allow_execstack _("Memory Protection") _("Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
+allow_ftpd_full_access _("FTP") _("Allow ftpd to full access to the system")
+allow_ftpd_anon_write _("FTP") _("Allow ftpd to upload files to directories labeled public_content_rw_t")
+allow_ftpd_use_cifs _("FTP") _("Allow ftp servers to use cifs used for public file transfer services")
+allow_ftpd_use_nfs _("FTP") _("Allow ftp servers to use nfs used for public file transfer services")
+allow_gpg_execstack _("Memory Protection") _("Allow gpg executable stack")
+allow_gadmin_exec_content _("User Privs") _("Allow gadmin SELinux user accounts to execute files in his home directory or /tmp")
+allow_gssd_read_tmp _("NFS") _("Allow gssd to read temp directory")
+allow_guest_exec_content _("User Privs") _("Allow guest SELinux user accounts to execute files in his home directory or /tmp")
+allow_httpd_anon_write _("HTTPD Service") _("Allow httpd daemon to write files in directories labeled public_content_rw_t")
+allow_httpd_dbus_avahi _("HTTPD Service") _("Allow Apache to communicate with avahi service")
+allow_httpd_mod_auth_pam _("HTTPD Service") _("Allow Apache to use mod_auth_pam")
+allow_httpd_sys_script_anon_write _("HTTPD Service") _("Allow httpd scripts to write files in directories labeled public_content_rw_t")
+allow_java_execstack _("Memory Protection") _("Allow java executable stack")
+allow_kerberos _("Kerberos") _("Allow daemons to use kerberos files")
+allow_mount_anyfile _("Mount") _("Allow mount to mount any file")
+allow_mounton_anydir _("Mount") _("Allow mount to mount any directory")
+allow_mplayer_execstack _("Memory Protection") _("Allow mplayer executable stack")
+allow_nfsd_anon_write _("NFS") _("Allow nfs servers to modify public files used for public file transfer services")
+allow_polyinstantiation _("Polyinstantiation") _("Enable polyinstantiated directory support")
+allow_ptrace _("Compatibility") _("Allow sysadm_t to debug or ptrace applications")
+allow_rsync_anon_write _("rsync") _("Allow rsync to write files in directories labeled public_content_rw_t")
+allow_smbd_anon_write _("Samba") _("Allow Samba to write files in directories labeled public_content_rw_t")
+allow_ssh_keysign _("SSH") _("Allow ssh to run ssh-keysign")
+allow_staff_exec_content _("User Privs") _("Allow staff SELinux user accounts to execute files in his home directory or /tmp")
+allow_sysadm_exec_content _("User Privs") _("Allow sysadm SELinux user accounts to execute files in his home directory or /tmp")
+allow_unconfined_exec_content _("User Privs") _("Allow unconfined SELinux user accounts to execute files in his home directory or /tmp")
+allow_unlabeled_packets _("Network Configuration") _("Allow unlabeled packets to flow on the network")
+allow_user_exec_content _("User Privs") _("Allow user SELinux user accounts to execute files in his home directory or /tmp")
+allow_unconfined_execmem_dyntrans _("Memory Protection") _("Allow unconfined to dyntrans to unconfined_execmem")
+allow_user_mysql_connect _("Databases") _("Allow user to connect to mysql socket")
+allow_user_postgresql_connect _("Databases") _("Allow user to connect to postgres socket")
+allow_write_xshm _("XServer") _("Allow clients to write to X shared memory")
+allow_xguest_exec_content _("User Privs") _("Allow xguest SELinux user accounts to execute files in his home directory or /tmp")
+allow_ypbind _("NIS") _("Allow daemons to run with NIS")
+allow_zebra_write_config _("Zebra") _("Allow zebra daemon to write it configuration files")
+browser_confine_staff _("Web Applications") _("Transition staff SELinux user to Web Browser Domain")
+browser_confine_sysadm _("Web Applications") _("Transition sysadm SELinux user to Web Browser Domain")
+browser_confine_user _("Web Applications") _("Transition user SELinux user to Web Browser Domain")
+browser_confine_xguest _("Web Applications") _("Transition xguest SELinux user to Web Browser Domain")
+browser_write_staff_data _("Web Applications") _("Allow staff Web Browsers to write to home directories")
+browser_write_sysadm_data _("Web Applications") _("Allow staff Web Browsers to write to home directories")
+browser_write_user_data _("Web Applications") _("Allow staff Web Browsers to write to home directories")
+browser_write_xguest_data _("Web Applications") _("Allow staff Web Browsers to write to home directories")
+amanda_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amanda")
+amavis_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for amavis")
+apmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for apmd daemon")
+arpwatch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for arpwatch daemon")
+auditd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for auditd daemon")
+automount_disable_trans _("Mount") _("Disable SELinux protection for automount daemon")
+avahi_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for avahi")
+bluetooth_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for bluetooth daemon")
+canna_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for canna daemon")
+cardmgr_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cardmgr daemon")
+ccs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Cluster Server")
+cdrecord_read_content _("User Privs") _("Allow cdrecord to read various content. nfs, samba, removable devices, user temp and untrusted content files")
+ciped_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ciped daemon")
+clamd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamd daemon")
+clamscan_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clamscan")
+clvmd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for clvmd")
+comsat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for comsat daemon")
+courier_authdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+courier_pcp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+courier_pop_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+courier_sqwebmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+courier_tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for courier daemon")
+cpucontrol_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpucontrol daemon")
+cpuspeed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cpuspeed daemon")
+cron_can_relabel _("Cron") _("Allow system cron jobs to relabel filesystem for restoring file contexts")
+crond_disable_trans _("Cron") _("Disable SELinux protection for crond daemon")
+cupsd_config_disable_trans _("Printing") _("Disable SELinux protection for cupsd back end server")
+cupsd_disable_trans _("Printing") _("Disable SELinux protection for cupsd daemon")
+cupsd_lpd_disable_trans _("Printing") _("Disable SELinux protection for cupsd_lpd")
+cvs_disable_trans _("CVS") _("Disable SELinux protection for cvs daemon")
+cyrus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for cyrus daemon")
+dbskkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbskkd daemon")
+dbusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dbusd daemon")
+dccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccd")
+dccifd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccifd")
+dccm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dccm")
+ddt_client_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ddt daemon")
+devfsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for devfsd daemon")
+dhcpc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpc daemon")
+dhcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dhcpd daemon")
+dictd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dictd daemon")
+direct_sysadm_daemon _("Admin") _("Allow sysadm_t to directly start daemons")
+disable_evolution_trans _("Web Applications") _("Disable SELinux protection for Evolution")
+disable_games_trans _("Games") _("Disable SELinux protection for games")
+disable_mozilla_trans _("Web Applications") _("Disable SELinux protection for the web browsers")
+disable_thunderbird_trans _("Web Applications") _("Disable SELinux protection for Thunderbird")
+distccd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for distccd daemon")
+dmesg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dmesg daemon")
+dnsmasq_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dnsmasq daemon")
+dovecot_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for dovecot daemon")
+entropyd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for entropyd daemon")
+fcron_crond _("Cron") _("Enable extra rules in the cron domain to support fcron")
+fetchmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fetchmail")
+fingerd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fingerd daemon")
+freshclam_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for freshclam daemon")
+fsdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for fsdaemon daemon")
+ftpd_disable_trans _("FTP") _("Disable SELinux protection for ftpd daemon")
+ftpd_is_daemon _("FTP") _("Allow ftpd to run directly without inetd")
+ftp_home_dir _("FTP") _("Allow ftp to read/write files in the user home directories")
+global_ssp _("Admin") _("This should be enabled when all programs are compiled with ProPolice/SSP stack smashing protection. All domains will be allowed to read from /dev/urandom")
+gpm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for gpm daemon")
+gssd_disable_trans _("NFS") _("Disable SELinux protection for gss daemon")
+hald_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for Hal daemon")
+hide_broken_symptoms _("Compatibility") _("Do not audit things that we know to be broken but which are not security risks")
+hostname_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hostname daemon")
+hotplug_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hotplug daemon")
+howl_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for howl daemon")
+hplip_disable_trans _("Printing") _("Disable SELinux protection for cups hplip daemon")
+httpd_builtin_scripting _("HTTPD Service") _("Allow HTTPD to support built-in scripting")
+httpd_can_sendmail _("HTTPD Service") _("Allow HTTPD to send mail")
+httpd_can_network_connect_db _("HTTPD Service") _("Allow HTTPD scripts and modules to network connect to databases")
+httpd_can_network_connect _("HTTPD Service") _("Allow HTTPD scripts and modules to connect to the network")
+httpd_can_network_relay _("HTTPD Service") _("Allow httpd to act as a relay")
+httpd_disable_trans _("HTTPD Service") _("Disable SELinux protection for httpd daemon")
+httpd_enable_cgi _("HTTPD Service") _("Allow HTTPD cgi support")
+httpd_enable_ftp_server _("HTTPD Service") _("Allow HTTPD to run as a ftp server")
+httpd_enable_homedirs _("HTTPD Service") _("Allow HTTPD to read home directories")
+httpd_rotatelogs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for httpd rotatelogs")
+httpd_ssi_exec _("HTTPD Service") _("Allow HTTPD to run SSI executables in the same domain as system CGI scripts")
+httpd_suexec_disable_trans _("HTTPD Service") _("Disable SELinux protection for http suexec")
+httpd_tty_comm _("HTTPD Service") _("Unify HTTPD to communicate with the terminal. Needed for handling certificates")
+httpd_unified _("HTTPD Service") _("Unify HTTPD handling of all content files")
+hwclock_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for hwclock daemon")
+i18n_input_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for i18n daemon")
+imazesrv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for imazesrv daemon")
+inetd_child_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd child daemons")
+inetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for inetd daemon")
+innd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for innd daemon")
+iptables_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iptables daemon")
+ircd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ircd daemon")
+irqbalance_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for irqbalance daemon")
+iscsid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for iscsi daemon")
+jabberd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for jabberd daemon")
+kadmind_disable_trans _("Kerberos") _("Disable SELinux protection for kadmind daemon")
+klogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for klogd daemon")
+krb5kdc_disable_trans _("Kerberos") _("Disable SELinux protection for krb5kdc daemon")
+ktalkd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ktalk daemons")
+kudzu_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for kudzu daemon")
+locate_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for locate daemon")
+lpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lpd daemon")
+lrrd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lrrd daemon")
+lvm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for lvm daemon")
+mailman_mail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mailman")
+mail_read_content _("Web Applications") _("Allow evolution and thunderbird to read user files")
+mdadm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mdadm daemon")
+monopd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for monopd daemon")
+mozilla_read_content _("Web Applications") _("Allow the mozilla browser to read user files")
+mrtg_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for mrtg daemon")
+mysqld_disable_trans _("Databases") _("Disable SELinux protection for mysqld daemon")
+nagios_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nagios daemon")
+named_disable_trans _("Name Service") _("Disable SELinux protection for named daemon")
+named_write_master_zones _("Name Service") _("Allow named to overwrite master zone files")
+nessusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nessusd daemon")
+NetworkManager_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for NetworkManager")
+nfsd_disable_trans _("NFS") _("Disable SELinux protection for nfsd daemon")
+nfs_export_all_ro _("NFS") _("Allow NFS to share any file/directory read only")
+nfs_export_all_rw _("NFS") _("Allow NFS to share any file/directory read/write")
+nmbd_disable_trans _("Samba") _("Disable SELinux protection for nmbd daemon")
+nrpe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nrpe daemon")
+nscd_disable_trans _("Name Service") _("Disable SELinux protection for nscd daemon")
+nsd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for nsd daemon")
+ntpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ntpd daemon")
+oddjob_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob")
+oddjob_mkhomedir_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for oddjob_mkhomedir")
+openvpn_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for openvpn daemon")
+pam_console_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pam daemon")
+pegasus_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pegasus")
+perdition_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for perdition daemon")
+portmap_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portmap daemon")
+portslave_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for portslave daemon")
+postfix_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for postfix")
+postgresql_disable_trans _("Databases") _("Disable SELinux protection for postgresql daemon")
+openvpn_enable_homedirs _("Network Configuration") _("Allow openvpn service access to users home directories")
+pppd_can_insmod _("pppd") _("Allow pppd daemon to insert modules into the kernel")
+pppd_disable_trans _("pppd") _("Disable SELinux protection for pppd daemon")
+pppd_disable_trans _("pppd") _("Disable SELinux protection for the mozilla ppp daemon")
+pppd_for_user _("pppd") _("Allow pppd to be run for a regular user")
+pptp_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pptp")
+prelink_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for prelink daemon")
+privoxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for privoxy daemon")
+ptal_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ptal daemon")
+pxe_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pxe daemon")
+pyzord_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for pyzord")
+quota_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for quota daemon")
+radiusd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radiusd daemon")
+radvd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for radvd daemon")
+rdisc_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rdisc")
+readahead_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for readahead")
+read_default_t _("Admin") _("Allow programs to read files in non-standard locations (default_t)")
+read_untrusted_content _("Web Applications") _("Allow programs to read untrusted content without relabel")
+restorecond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for restorecond")
+rhgb_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rhgb daemon")
+ricci_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci")
+ricci_modclusterd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ricci_modclusterd")
+rlogind_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rlogind daemon")
+rpcd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rpcd daemon")
+rshd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for rshd")
+rsync_disable_trans _("rsync") _("Disable SELinux protection for rsync daemon")
+run_ssh_inetd _("SSH") _("Allow ssh to run from inetd instead of as a daemon")
+samba_enable_home_dirs _("Samba") _("Allow Samba to share users home directories")
+samba_share_nfs _("Samba") _("Allow Samba to share nfs directories")
+allow_saslauthd_read_shadow _("SASL authentication server") _("Allow sasl authentication server to read /etc/shadow")
+allow_xserver_execmem _("XServer") _("Allow X-Windows server to map a memory region as both executable and writable")
+saslauthd_disable_trans _("SASL authentication server") _("Disable SELinux protection for saslauthd daemon")
+scannerdaemon_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for scannerdaemon daemon")
+secure_mode _("Admin") _("Do not allow transition to sysadm_t, sudo and su effected")
+secure_mode_insmod _("Admin") _("Do not allow any processes to load kernel modules")
+secure_mode_policyload _("Admin") _("Do not allow any processes to modify kernel SELinux policy")
+sendmail_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sendmail daemon")
+setrans_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setrans")
+setroubleshootd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for setroubleshoot daemon")
+slapd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slapd daemon")
+slrnpull_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for slrnpull daemon")
+smbd_disable_trans _("Samba") _("Disable SELinux protection for smbd daemon")
+snmpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snmpd daemon")
+snort_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for snort daemon")
+soundd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for soundd daemon")
+sound_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sound daemon")
+spamd_disable_trans _("Spam Protection") _("Disable SELinux protection for spamd daemon")
+spamd_enable_home_dirs _("Spam Protection") _("Allow spamd to access home directories")
+spamassassin_can_network _("Spam Protection") _("Allow Spam Assassin daemon network access")
+speedmgmt_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for speedmgmt daemon")
+squid_connect_any _("Squid") _("Allow squid daemon to connect to the network")
+squid_disable_trans _("Squid") _("Disable SELinux protection for squid daemon")
+ssh_keygen_disable_trans _("SSH") _("Disable SELinux protection for ssh daemon")
+ssh_sysadm_login _("SSH") _("Allow ssh logins as sysadm_r:sysadm_t")
+staff_read_sysadm_file _("Admin") _("Allow staff_r users to search the sysadm home dir and read files (such as ~/.bashrc)")
+stunnel_disable_trans _("Universal SSL tunnel") _("Disable SELinux protection for stunnel daemon")
+stunnel_is_daemon _("Universal SSL tunnel") _("Allow stunnel daemon to run as standalone, outside of xinetd")
+swat_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for swat daemon")
+sxid_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for sxid daemon")
+syslogd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for syslogd daemon")
+system_crond_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for system cron jobs")
+tcpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tcp daemon")
+telnetd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for telnet daemon")
+tftpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for tftpd daemon")
+transproxy_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for transproxy daemon")
+udev_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for udev daemon")
+uml_switch_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uml daemon")
+unlimitedInetd _("Admin") _("Allow xinetd to run unconfined, including any services it starts that do not have a domain transition explicitly defined")
+unlimitedRC _("Admin") _("Allow rc scripts to run unconfined, including any daemon started by an rc script that does not have a domain transition explicitly defined")
+unlimitedRPM _("Admin") _("Allow rpm to run unconfined")
+unlimitedUtils _("Admin") _("Allow privileged utilities like hotplug and insmod to run unconfined")
+updfstab_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for updfstab daemon")
+uptimed_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uptimed daemon")
+use_lpd_server _("Printing") _("Use lpd server instead of cups")
+use_nfs_home_dirs _("NFS") _("Support NFS home directories")
+user_canbe_sysadm _("User Privs") _("Allow user_r to reach sysadm_r via su, sudo, or userhelper. Otherwise, only staff_r can do so")
+user_can_mount _("Mount") _("Allow users to execute the mount command")
+user_direct_mouse _("User Privs") _("Allow regular users direct mouse access (only allow the X server)")
+user_dmesg _("User Privs") _("Allow users to run the dmesg command")
+user_net_control _("User Privs") _("Allow users to control network interfaces (also needs USERCTL=true)")
+user_ping _("User Privs") _("Allow normal user to execute ping")
+user_rw_noexattrfile _("User Privs") _("Allow user to r/w noextattrfile (FAT, CDROM, FLOPPY)")
+user_rw_usb _("User Privs") _("Allow users to rw usb devices")
+user_tcp_server _("User Privs") _("Allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users) disabling this forces FTP passive mode and may change other protocols")
+user_ttyfile_stat _("User Privs") _("Allow user to stat ttyfiles")
+use_samba_home_dirs _("Samba") _("Allow users to login with CIFS home directories")
+uucpd_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for uucpd daemon")
+vmware_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for vmware daemon")
+watchdog_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for watchdog daemon")
+winbind_disable_trans _("Samba") _("Disable SELinux protection for winbind daemon")
+write_untrusted_content _("Web Applications") _("Allow web applications to write untrusted content to disk (implies read)")
+xdm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xdm daemon")
+xdm_sysadm_login _("XServer") _("Allow xdm logins as sysadm_r:sysadm_t")
+xend_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen daemon")
+xen_use_raw_disk _("XEN") _("Allow xen to read/write physical disk devices")
+xfs_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xfs daemon")
+xm_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for xen control")
+ypbind_disable_trans _("NIS") _("Disable SELinux protection for ypbind daemon")
+yppasswdd_disable_trans _("NIS") _("Disable SELinux protection for NIS Password Daemon")
+ypserv_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for ypserv daemon")
+ypxfr_disable_trans _("NIS") _("Disable SELinux protection for NIS Transfer Daemon")
+zebra_disable_trans _("SELinux Service Protection") _("Disable SELinux protection for zebra daemon")
+httpd_use_cifs _("HTTPD Service") _("Allow httpd to access samba/cifs file systems")
+httpd_use_nfs _("HTTPD Service") _("Allow httpd to access nfs file systems")
+samba_domain_controller _("Samba") _("Allow samba to act as the domain controller, add users, groups and change passwords")
+samba_export_all_ro _("Samba") _("Allow Samba to share any file/directory read only")
+samba_export_all_rw _("Samba") _("Allow Samba to share any file/directory read/write")
+samba_run_unconfined _("Samba") _("Allow Samba to run unconfined scripts in /var/lib/samba/scripts directory")
+webadm_manage_user_files _("HTTPD Service") _("Allow SELinux webadm user to manage unprivileged users home directories")
+webadm_read_user_files _("HTTPD Service") _("Allow SELinux webadm user to read unprivileged users home directories")
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/semanagePage.py policycoreutils-2.0.27/gui/semanagePage.py
--- nsapolicycoreutils/gui/semanagePage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/semanagePage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,147 @@
+## semanagePage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import seobject
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class semanagePage:
+ def __init__(self, xml, name, description):
+ self.xml = xml
+ self.local = False
+ self.view = xml.get_widget("%sView" % name)
+ self.dialog = xml.get_widget("%sDialog" % name)
+ self.filter_entry = xml.get_widget("%sFilterEntry" % name )
+ self.filter_entry.connect("focus_out_event", self.filter_changed)
+ self.filter_entry.connect("activate", self.filter_changed)
+
+ self.view.connect("row_activated", self.rowActivated)
+ self.view.get_selection().connect("changed", self.itemSelected)
+ self.description = description;
+
+ def get_description(self):
+ return self.description
+
+ def itemSelected(self, args):
+ return
+
+ def filter_changed(self, *arg):
+ filter = arg[0].get_text()
+ if filter != self.filter:
+ self.load(filter)
+
+ def match(self, target, filter):
+ try:
+ f=filter.lower()
+ t=target.lower()
+ if t.find(f) >= 0:
+ return True
+ except:
+ pass
+ return False
+
+ def rowActivated(self, view, row, Column):
+ self.propertiesDialog()
+
+ def verify(self, message, title="" ):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
+ gtk.BUTTONS_YES_NO,
+ message)
+ dlg.set_title(title)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ rc = dlg.run()
+ dlg.destroy()
+ return rc
+
+ def error(self, message):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_ERROR,
+ gtk.BUTTONS_CLOSE,
+ message)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ dlg.run()
+ dlg.destroy()
+
+ def deleteDialog(self):
+ store, iter = self.view.get_selection().get_selected()
+ if self.verify(_("Are you sure you want to delete %s '%s'?" % (self.description, store.get_value(iter, 0))), _("Delete %s" % self.description)) == gtk.RESPONSE_YES:
+ self.delete()
+
+ def use_menus(self):
+ return True
+
+ def addDialog(self):
+ self.dialogClear()
+ self.dialog.set_title(_("Add %s" % self.description))
+ self.dialog.set_position(gtk.WIN_POS_MOUSE)
+
+ while self.dialog.run() == gtk.RESPONSE_OK:
+ try:
+ if self.add() == False:
+ continue
+ break;
+ except ValueError, e:
+ self.error(e.args[0])
+ print
+ self.dialog.hide()
+
+ def propertiesDialog(self):
+ self.dialogInit()
+ self.dialog.set_title(_("Modify %s" % self.description))
+ self.dialog.set_position(gtk.WIN_POS_MOUSE)
+ while self.dialog.run() == gtk.RESPONSE_OK:
+ try:
+ if self.modify() == False:
+ continue
+ break;
+ except ValueError, e:
+ self.error(e.args[0])
+ self.dialog.hide()
+
+
+ def on_local_clicked(self, button):
+ self.local = not self.local
+ if self.local:
+ button.set_label(_("all"))
+ else:
+ button.set_label(_("Customized"))
+
+ self.load(self.filter)
+ return True
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/statusPage.py policycoreutils-2.0.27/gui/statusPage.py
--- nsapolicycoreutils/gui/statusPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/statusPage.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,219 @@
+## statusPage.py - show selinux status
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import tempfile
+
+INSTALLPATH = '/usr/share/system-config-selinux'
+sys.path.append(INSTALLPATH)
+
+rhplPath = "/usr/lib/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1])
+if not rhplPath in sys.path:
+ sys.path.append(rhplPath)
+
+rhplPath = "/usr/lib64/python%d.%d/site-packages/rhpl" % (sys.version_info[0], sys.version_info[1])
+if not rhplPath in sys.path:
+ sys.path.append(rhplPath)
+
+from Conf import *
+import commands
+ENFORCING = 0
+PERMISSIVE = 1
+DISABLED = 2
+modearray = ( "enforcing", "permissive", "disabled" )
+
+SELINUXDIR = "/etc/selinux/"
+RELABELFILE = "/.autorelabel"
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+import selinux
+try:
+ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class statusPage:
+ def __init__(self, xml):
+ self.xml = xml
+ self.needRelabel = False
+
+ self.type = selinux.selinux_getpolicytype()
+ # Bring in widgets from glade file.
+ self.typeHBox = xml.get_widget("typeHBox")
+ self.selinuxTypeOptionMenu = xml.get_widget("selinuxTypeOptionMenu")
+ self.typeLabel = xml.get_widget("typeLabel")
+ self.enabledOptionMenu = xml.get_widget("enabledOptionMenu")
+ self.currentOptionMenu = xml.get_widget("currentOptionMenu")
+ self.relabel_checkbutton = xml.get_widget("relabelCheckbutton")
+ self.relabel_checkbutton.set_active(self.is_relabel())
+ self.relabel_checkbutton.connect("toggled", self.on_relabel_toggle)
+ if self.get_current_mode() == ENFORCING or self.get_current_mode() == PERMISSIVE:
+ self.currentOptionMenu.append_text(_("Enforcing"))
+ self.currentOptionMenu.append_text(_("Permissive"))
+ self.currentOptionMenu.set_active(self.get_current_mode())
+ self.currentOptionMenu.connect("changed", self.set_current_mode)
+ self.currentOptionMenu.set_sensitive(True)
+ else:
+ self.currentOptionMenu.append_text(_("Disabled"))
+ self.currentOptionMenu.set_active(0)
+ self.currentOptionMenu.set_sensitive(False)
+
+
+ if self.read_selinux_config() == None:
+ self.selinuxsupport = False
+ else:
+ self.enabledOptionMenu.connect("changed", self.enabled_changed)
+ #
+ # This line must come after read_selinux_config
+ #
+ self.selinuxTypeOptionMenu.connect("changed", self.typemenu_changed)
+
+ self.typeLabel.set_mnemonic_widget(self.selinuxTypeOptionMenu)
+
+ def use_menus(self):
+ return False
+
+ def get_description(self):
+ return _("Status")
+
+ def get_current_mode(self):
+ if selinux.is_selinux_enabled():
+ if selinux.security_getenforce() > 0:
+ return ENFORCING
+ else:
+ return PERMISSIVE
+ else:
+ return DISABLED
+
+ def set_current_mode(self,menu):
+ selinux.security_setenforce(menu.get_active() == 0)
+
+ def is_relabel(self):
+ return os.access(RELABELFILE, os.F_OK) != 0
+
+ def on_relabel_toggle(self,button):
+ if button.get_active():
+ fd = open(RELABELFILE,"w")
+ fd.close()
+ else:
+ if os.access(RELABELFILE, os.F_OK) != 0:
+ os.unlink(RELABELFILE)
+
+ def verify(self, message):
+ dlg = gtk.MessageDialog(None, 0, gtk.MESSAGE_INFO,
+ gtk.BUTTONS_YES_NO,
+ message)
+ dlg.set_position(gtk.WIN_POS_MOUSE)
+ dlg.show_all()
+ rc = dlg.run()
+ dlg.destroy()
+ return rc
+
+ def typemenu_changed(self, menu):
+ type = self.get_type()
+ enabled = self.enabledOptionMenu.get_active()
+ if self.initialtype != type:
+ if self.verify(_("Changing the policy type will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO:
+ menu.set_active(self.typeHistory)
+ return None
+
+ self.relabel_checkbutton.set_active(True)
+ self.conf["SELINUX"] = modearray[enabled]
+ self.conf["SELINUXTYPE"]=type
+ self.conf.write()
+ self.typeHistory = menu.get_active()
+
+ def enabled_changed(self, combo):
+ enabled = combo.get_active()
+ type = self.get_type()
+
+ if self.initEnabled == DISABLED and enabled < 2:
+ if self.verify(_("Changing to SELinux enabled will cause a relabel of the entire file system on the next boot. Relabeling takes a long time depending on the size of the file system. Do you wish to continue?")) == gtk.RESPONSE_NO:
+ return None
+ self.relabel_checkbutton.set_active(True)
+
+ if self.initEnabled != DISABLED and enabled == DISABLED:
+ if self.verify(_("Changing to SELinux disabled requires a reboot. It is not recommended. If you later decide to turn SELinux back on, the system will be required to relabel. If you just want to see if SELinux is causing a problem on your system, you can go to permissive mode which will only log errors and not enforce SELinux policy. Permissive mode does not require a reboot Do you wish to continue?")) == gtk.RESPONSE_NO:
+ return None
+
+ self.conf["SELINUX"] = modearray[enabled]
+ self.conf["SELINUXTYPE"]=type
+ self.conf.write()
+
+ def read_selinux_config(self):
+ self.initialtype = "targeted"
+ self.initEnabled = DISABLED
+ self.types = []
+ if os.access(SELINUXDIR, os.F_OK) == 0:
+ #File doesn't exist. return
+ return None
+
+ self.conf = ConfShellVar(SELINUXDIR+"config")
+ self.conf.rcs = 1
+ if self.conf.has_key("SELINUX"):
+ value = self.conf.vars["SELINUX"].upper().strip()
+ else:
+ value = "ENFORCING"
+ self.conf.vars["SELINUX"] = value
+
+ if value == "ENFORCING":
+ self.initEnabled = ENFORCING
+ self.enabledOptionMenu.set_active(ENFORCING)
+ elif value == "PERMISSIVE":
+ self.initEnabled = PERMISSIVE
+ self.enabledOptionMenu.set_active(PERMISSIVE)
+ elif value == "DISABLED":
+ self.initEnabled = DISABLED
+ self.enabledOptionMenu.set_active(DISABLED)
+
+ if self.conf.has_key("SELINUXTYPE"):
+ self.initialtype = self.conf.vars["SELINUXTYPE"].strip()
+ else:
+ self.conf.vars["SELINUXTYPE"] = self.initialtype
+
+ n = 0
+ current = n
+
+ for i in os.listdir(SELINUXDIR):
+ if os.path.isdir(SELINUXDIR+i) and os.path.isdir(SELINUXDIR+i+"/policy"):
+ self.types.append(i)
+ self.selinuxTypeOptionMenu.append_text(i)
+ if i == self.initialtype:
+ current = n
+ n = n+1
+ self.selinuxTypeOptionMenu.set_active(current)
+ self.typeHistory = current
+
+ return 0
+
+ def get_type(self):
+ return self.types[self.selinuxTypeOptionMenu.get_active()]
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.glade policycoreutils-2.0.27/gui/system-config-selinux.glade
--- nsapolicycoreutils/gui/system-config-selinux.glade 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/system-config-selinux.glade 2007-10-01 17:44:01.000000000 -0400
@@ -0,0 +1,3339 @@
+<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
+<!DOCTYPE glade-interface SYSTEM "http://glade.gnome.org/glade-2.0.dtd">
+
+<glade-interface>
+<requires lib="gnome"/>
+<requires lib="bonobo"/>
+
+<widget class="GtkAboutDialog" id="aboutWindow">
+ <property name="border_width">5</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="name" translatable="yes">system-config-selinux</property>
+ <property name="copyright" translatable="yes">Copyright (c)2006 Red Hat, Inc.
+Copyright (c) 2006 Dan Walsh <dwalsh@redhat.com></property>
+ <property name="wrap_license">False</property>
+ <property name="authors">Daniel Walsh <dwalsh@redhat.com>
+</property>
+ <property name="translator_credits" translatable="yes" comments="TRANSLATORS: Replace this string with your names, one name per line.">translator-credits</property>
+ <property name="logo">system-config-selinux.png</property>
+</widget>
+
+<widget class="GtkDialog" id="loginsDialog">
+ <property name="title" translatable="yes">Add SELinux Login Mapping</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_DIALOG</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+ <property name="has_separator">True</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="dialog-vbox1">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child internal-child="action_area">
+ <widget class="GtkHButtonBox" id="dialog-action_area1">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+
+ <child>
+ <widget class="GtkButton" id="cancelbutton1">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-6</property>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="okbutton1">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-ok</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-5</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">GTK_PACK_END</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox2">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkTable" id="table1">
+ <property name="visible">True</property>
+ <property name="n_rows">3</property>
+ <property name="n_columns">2</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">4</property>
+ <property name="column_spacing">6</property>
+
+ <child>
+ <widget class="GtkLabel" id="label15">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Login Name</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label16">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">SELinux User</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label17">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">MLS/MCS Range</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="loginsNameEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkComboBox" id="loginsSelinuxUserCombo">
+ <property name="visible">True</property>
+ <property name="add_tearoffs">False</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="loginsMLSEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+<widget class="GtkDialog" id="portsDialog">
+ <property name="title" translatable="yes">Add SELinux Network Ports</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_DIALOG</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+ <property name="has_separator">True</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox3">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child internal-child="action_area">
+ <widget class="GtkHButtonBox" id="hbuttonbox1">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+
+ <child>
+ <widget class="GtkButton" id="button1">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-6</property>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button2">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-ok</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-5</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">GTK_PACK_END</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox4">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkTable" id="table2">
+ <property name="visible">True</property>
+ <property name="n_rows">4</property>
+ <property name="n_columns">2</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">4</property>
+ <property name="column_spacing">6</property>
+
+ <child>
+ <widget class="GtkLabel" id="label18">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Port Number</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label19">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Protocol</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label20">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">SELinux Type</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="portsNumberEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkComboBox" id="portsProtocolCombo">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes">tcp
+udp</property>
+ <property name="add_tearoffs">False</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="portsNameEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label21">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">MLS/MCS
+Level</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="portsMLSEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+<widget class="GtkDialog" id="translationsDialog">
+ <property name="title" translatable="yes">Add SELinux Login Mapping</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_DIALOG</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+ <property name="has_separator">True</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox5">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child internal-child="action_area">
+ <widget class="GtkHButtonBox" id="hbuttonbox2">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+
+ <child>
+ <widget class="GtkButton" id="button3">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-6</property>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button4">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-ok</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-5</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">GTK_PACK_END</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox6">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkTable" id="table3">
+ <property name="visible">True</property>
+ <property name="n_rows">2</property>
+ <property name="n_columns">2</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">4</property>
+ <property name="column_spacing">6</property>
+
+ <child>
+ <widget class="GtkLabel" id="label22">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">SELinux MLS/MCS
+Level</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label24">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Translation</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="translationsLevelEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="translationsEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+<widget class="GtkDialog" id="fcontextDialog">
+ <property name="title" translatable="yes">Add SELinux Login Mapping</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_DIALOG</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+ <property name="has_separator">True</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox7">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child internal-child="action_area">
+ <widget class="GtkHButtonBox" id="hbuttonbox3">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+
+ <child>
+ <widget class="GtkButton" id="button5">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-6</property>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button6">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-ok</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-5</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">GTK_PACK_END</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox8">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkTable" id="table4">
+ <property name="visible">True</property>
+ <property name="n_rows">4</property>
+ <property name="n_columns">2</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">4</property>
+ <property name="column_spacing">6</property>
+
+ <child>
+ <widget class="GtkLabel" id="label25">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">File Specification</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label26">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">File Type</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label27">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">SELinux Type</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="fcontextEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkComboBox" id="fcontextFileTypeCombo">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes">all files
+regular file
+directory
+character device
+block device
+socket
+symbolic link
+named pipe
+</property>
+ <property name="add_tearoffs">False</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="fcontextTypeEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label31">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">MLS</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="fcontextMLSEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+<widget class="GtkDialog" id="usersDialog">
+ <property name="title" translatable="yes">Add SELinux User</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_DIALOG</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+ <property name="has_separator">True</property>
+
+ <child internal-child="vbox">
+ <widget class="GtkVBox" id="vbox9">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child internal-child="action_area">
+ <widget class="GtkHButtonBox" id="hbuttonbox4">
+ <property name="visible">True</property>
+ <property name="layout_style">GTK_BUTTONBOX_END</property>
+
+ <child>
+ <widget class="GtkButton" id="button7">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-cancel</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-6</property>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkButton" id="button8">
+ <property name="visible">True</property>
+ <property name="can_default">True</property>
+ <property name="can_focus">True</property>
+ <property name="label">gtk-ok</property>
+ <property name="use_stock">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="response_id">-5</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ <property name="pack_type">GTK_PACK_END</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox10">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkTable" id="table5">
+ <property name="visible">True</property>
+ <property name="n_rows">5</property>
+ <property name="n_columns">2</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">4</property>
+ <property name="column_spacing">6</property>
+
+ <child>
+ <widget class="GtkLabel" id="label32">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">SELinux User</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label33">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Label Prefix</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label34">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">MLS/MCS Range</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="mlsRangeEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label35">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">MLS/MCS Level</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="mlsLevelEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label36">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">SELinux Roles</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">4</property>
+ <property name="bottom_attach">5</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="selinuxRolesEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">4</property>
+ <property name="bottom_attach">5</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="selinuxUserEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="labelPrefixEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">*</property>
+ <property name="activates_default">False</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+</widget>
+
+<widget class="GnomeApp" id="mainWindow">
+ <property name="width_request">800</property>
+ <property name="height_request">500</property>
+ <property name="title" translatable="yes">SELinux Administration</property>
+ <property name="type">GTK_WINDOW_TOPLEVEL</property>
+ <property name="window_position">GTK_WIN_POS_NONE</property>
+ <property name="modal">False</property>
+ <property name="resizable">True</property>
+ <property name="destroy_with_parent">False</property>
+ <property name="icon">system-config-selinux.png</property>
+ <property name="decorated">True</property>
+ <property name="skip_taskbar_hint">False</property>
+ <property name="skip_pager_hint">False</property>
+ <property name="type_hint">GDK_WINDOW_TYPE_HINT_NORMAL</property>
+ <property name="gravity">GDK_GRAVITY_NORTH_WEST</property>
+ <property name="focus_on_map">True</property>
+ <property name="urgency_hint">False</property>
+ <property name="enable_layout_config">True</property>
+
+ <child internal-child="dock">
+ <widget class="BonoboDock" id="bonobodock2">
+ <property name="visible">True</property>
+ <property name="allow_floating">True</property>
+
+ <child>
+ <widget class="BonoboDockItem" id="bonobodockitem3">
+ <property name="visible">True</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkMenuBar" id="menubar1">
+ <property name="visible">True</property>
+ <property name="pack_direction">GTK_PACK_DIRECTION_LTR</property>
+ <property name="child_pack_direction">GTK_PACK_DIRECTION_LTR</property>
+
+ <child>
+ <widget class="GtkMenuItem" id="file1">
+ <property name="visible">True</property>
+ <property name="stock_item">GNOMEUIINFO_MENU_FILE_TREE</property>
+
+ <child>
+ <widget class="GtkMenu" id="file1_menu">
+
+ <child>
+ <widget class="GtkImageMenuItem" id="add_menu_item">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Add</property>
+ <property name="use_underline">True</property>
+ <signal name="activate" handler="on_add_clicked" last_modification_time="Sat, 17 Mar 2007 12:21:12 GMT"/>
+ <accelerator key="a" modifiers="GDK_CONTROL_MASK" signal="activate"/>
+
+ <child internal-child="image">
+ <widget class="GtkImage" id="image13">
+ <property name="visible">True</property>
+ <property name="stock">gtk-add</property>
+ <property name="icon_size">1</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkImageMenuItem" id="properties_menu_item">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">_Properties</property>
+ <property name="use_underline">True</property>
+ <signal name="activate" handler="on_properties_clicked" last_modification_time="Sat, 17 Mar 2007 12:21:12 GMT"/>
+ <accelerator key="p" modifiers="GDK_CONTROL_MASK" signal="activate"/>
+
+ <child internal-child="image">
+ <widget class="GtkImage" id="image14">
+ <property name="visible">True</property>
+ <property name="stock">gtk-properties</property>
+ <property name="icon_size">1</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkImageMenuItem" id="delete_menu_item">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">_Delete</property>
+ <property name="use_underline">True</property>
+ <signal name="activate" handler="on_delete_clicked" last_modification_time="Sat, 17 Mar 2007 12:21:12 GMT"/>
+ <accelerator key="Delete" modifiers="0" signal="activate"/>
+
+ <child internal-child="image">
+ <widget class="GtkImage" id="image15">
+ <property name="visible">True</property>
+ <property name="stock">gtk-delete</property>
+ <property name="icon_size">1</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkImageMenuItem" id="quit">
+ <property name="visible">True</property>
+ <property name="stock_item">GNOMEUIINFO_MENU_EXIT_ITEM</property>
+ <signal name="activate" handler="on_quit_activate" last_modification_time="Fri, 06 Oct 2006 13:58:19 GMT"/>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkMenuItem" id="help1">
+ <property name="visible">True</property>
+ <property name="stock_item">GNOMEUIINFO_MENU_HELP_TREE</property>
+
+ <child>
+ <widget class="GtkMenu" id="help1_menu">
+
+ <child>
+ <widget class="GtkImageMenuItem" id="about">
+ <property name="visible">True</property>
+ <property name="stock_item">GNOMEUIINFO_MENU_ABOUT_ITEM</property>
+ <signal name="activate" handler="on_about_activate" last_modification_time="Fri, 06 Oct 2006 13:58:02 GMT"/>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="placement">BONOBO_DOCK_TOP</property>
+ <property name="band">0</property>
+ <property name="position">0</property>
+ <property name="offset">0</property>
+ <property name="behavior">BONOBO_DOCK_ITEM_BEH_EXCLUSIVE|BONOBO_DOCK_ITEM_BEH_NEVER_VERTICAL|BONOBO_DOCK_ITEM_BEH_LOCKED</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHPaned" id="hpaned1">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="position">0</property>
+
+ <child>
+ <widget class="GtkFrame" id="frame1">
+ <property name="border_width">5</property>
+ <property name="visible">True</property>
+ <property name="label_xalign">0</property>
+ <property name="label_yalign">0.5</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment1">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">1</property>
+ <property name="yscale">1</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">12</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkTreeView" id="selectView">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select Management Object</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label45">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes"><b>Select:</b></property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">True</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">label_item</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="shrink">False</property>
+ <property name="resize">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkNotebook" id="notebook">
+ <property name="visible">True</property>
+ <property name="show_tabs">False</property>
+ <property name="show_border">True</property>
+ <property name="tab_pos">GTK_POS_TOP</property>
+ <property name="scrollable">False</property>
+ <property name="enable_popup">False</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox1">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkTable" id="table6">
+ <property name="visible">True</property>
+ <property name="n_rows">4</property>
+ <property name="n_columns">2</property>
+ <property name="homogeneous">False</property>
+ <property name="row_spacing">5</property>
+ <property name="column_spacing">5</property>
+
+ <child>
+ <widget class="GtkLabel" id="label29">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">System Default Enforcing Mode</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkComboBox" id="enabledOptionMenu">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes">Enforcing
+Permissive
+Disabled
+</property>
+ <property name="add_tearoffs">False</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">0</property>
+ <property name="bottom_attach">1</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label48">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Current Enforcing Mode</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkComboBox" id="currentOptionMenu">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes"></property>
+ <property name="add_tearoffs">False</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">1</property>
+ <property name="bottom_attach">2</property>
+ <property name="x_options">fill</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="typeLabel">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">System Default Policy Type: </property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">1</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options"></property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkComboBox" id="selinuxTypeOptionMenu">
+ <property name="visible">True</property>
+ <property name="items" translatable="yes"></property>
+ <property name="add_tearoffs">False</property>
+ <property name="focus_on_click">True</property>
+ </widget>
+ <packing>
+ <property name="left_attach">1</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">2</property>
+ <property name="bottom_attach">3</property>
+ <property name="x_options">fill</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkCheckButton" id="relabelCheckbutton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Select if you wish to relabel then entire file system on next reboot. Relabeling can take a very long time, depending on the size of the system. If you are changing policy types or going from disabled to enforcing, a relabel is required.</property>
+ <property name="can_focus">True</property>
+ <property name="relief">GTK_RELIEF_NORMAL</property>
+ <property name="focus_on_click">True</property>
+ <property name="active">False</property>
+ <property name="inconsistent">False</property>
+ <property name="draw_indicator">True</property>
+
+ <child>
+ <widget class="GtkAlignment" id="alignment4">
+ <property name="visible">True</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xscale">0</property>
+ <property name="yscale">0</property>
+ <property name="top_padding">0</property>
+ <property name="bottom_padding">0</property>
+ <property name="left_padding">0</property>
+ <property name="right_padding">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox6">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">2</property>
+
+ <child>
+ <widget class="GtkImage" id="image2">
+ <property name="visible">True</property>
+ <property name="stock">gtk-refresh</property>
+ <property name="icon_size">4</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label49">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Relabel on next reboot.</property>
+ <property name="use_underline">True</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="right_attach">2</property>
+ <property name="top_attach">3</property>
+ <property name="bottom_attach">4</property>
+ <property name="x_options">fill</property>
+ <property name="y_options">fill</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label37">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label37</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox18">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar9">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">True</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="booleanRevertButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Revert boolean setting to system default</property>
+ <property name="stock_id">gtk-revert-to-saved</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton34">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Toggle between Customized and All Booleans</property>
+ <property name="label" translatable="yes">Customized</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-find</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox7">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label51">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="booleansFilter">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow18">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="booleansView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">False</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label50">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label50</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox11">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar2">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">True</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton5">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add File Context</property>
+ <property name="stock_id">gtk-add</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Mon, 16 Jan 2006 18:27:03 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton6">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Modify File Context</property>
+ <property name="stock_id">gtk-properties</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_properties_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:51 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton7">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Delete File Context</property>
+ <property name="stock_id">gtk-delete</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="customizedButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Toggle between all and customized file context</property>
+ <property name="label" translatable="yes">Customized</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-find</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow17">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkViewport" id="viewport1">
+ <property name="visible">True</property>
+ <property name="shadow_type">GTK_SHADOW_IN</property>
+
+ <child>
+ <widget class="GtkVBox" id="vbox19">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkHBox" id="hbox8">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label52">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="fcontextFilterEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkTreeView" id="fcontextView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">True</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label38">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label38</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox12">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar3">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">True</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton8">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add SELinux User Mapping</property>
+ <property name="stock_id">gtk-add</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Mon, 16 Jan 2006 18:27:03 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton29">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Modify SELinux User Mapping</property>
+ <property name="stock_id">gtk-properties</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_properties_clicked" last_modification_time="Wed, 15 Nov 2006 16:38:33 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton10">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Delete SELinux User Mapping</property>
+ <property name="stock_id">gtk-delete</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox13">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label57">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="loginsFilterEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow16">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="loginsView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">True</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label39">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label39</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox14">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar5">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">True</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton14">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add Translation</property>
+ <property name="stock_id">gtk-add</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Mon, 16 Jan 2006 18:27:03 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton15">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Modify Translation</property>
+ <property name="stock_id">gtk-properties</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_properties_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:51 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton16">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Delete Translation</property>
+ <property name="stock_id">gtk-delete</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox12">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label56">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="usersFilterEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow11">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="usersView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">True</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label41">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label41</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox13">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar4">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">True</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton11">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add SELinux User</property>
+ <property name="stock_id">gtk-add</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Mon, 16 Jan 2006 18:27:03 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton12">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Modify SELinux User</property>
+ <property name="stock_id">gtk-properties</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_properties_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:51 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton13">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add SELinux User</property>
+ <property name="stock_id">gtk-delete</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox10">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label54">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="translationsFilterEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow12">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="translationsView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">True</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label40">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label40</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox15">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar6">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">False</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="portsAddButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Add Network Port</property>
+ <property name="stock_id">gtk-add</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Mon, 16 Jan 2006 18:27:03 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="portsPropertiesButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Edit Network Port</property>
+ <property name="stock_id">gtk-properties</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_properties_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:51 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="portsDeleteButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Delete Network Port</property>
+ <property name="stock_id">gtk-delete</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolItem" id="toolitem2">
+ <property name="visible">True</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+
+ <child>
+ <widget class="GtkVSeparator" id="vseparator1">
+ <property name="width_request">32</property>
+ <property name="visible">True</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="listViewButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Toggle between Customized and All Ports</property>
+ <property name="label" translatable="yes">Group View</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-indent</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_group_clicked" last_modification_time="Mon, 01 Oct 2007 21:31:19 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton35">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Toggle between Customized and All Ports</property>
+ <property name="label" translatable="yes">Customized</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-find</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_local_clicked" last_modification_time="Wed, 19 Sep 2007 19:14:08 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox9">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label53">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="portsFilterEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow13">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="portsView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">True</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label42">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label42</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkVBox" id="vbox17">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkToolbar" id="toolbar8">
+ <property name="visible">True</property>
+ <property name="orientation">GTK_ORIENTATION_HORIZONTAL</property>
+ <property name="toolbar_style">GTK_TOOLBAR_BOTH</property>
+ <property name="tooltips">True</property>
+ <property name="show_arrow">True</property>
+
+ <child>
+ <widget class="GtkToolButton" id="newModuleButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Generate new policy module</property>
+ <property name="stock_id">gtk-new</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_new_clicked" last_modification_time="Sat, 17 Mar 2007 15:53:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton23">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Load policy module</property>
+ <property name="stock_id">gtk-add</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_add_clicked" last_modification_time="Mon, 16 Jan 2006 18:27:03 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="toolbutton25">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Remove loadable policy module</property>
+ <property name="stock_id">gtk-remove</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_delete_clicked" last_modification_time="Mon, 16 Jan 2006 18:26:29 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolItem" id="toolitem3">
+ <property name="visible">True</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+
+ <child>
+ <widget class="GtkVSeparator" id="vseparator2">
+ <property name="width_request">10</property>
+ <property name="visible">True</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="enableAuditButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Enable additional audit rules, that are normally not reported in the log files.</property>
+ <property name="label" translatable="yes">Enable Audit</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-zoom-in</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_disable_audit_clicked" last_modification_time="Wed, 15 Nov 2006 16:29:34 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkToolButton" id="disableAuditButton">
+ <property name="visible">True</property>
+ <property name="tooltip" translatable="yes">Disable additional audit rules, that are normally not reported in the log files.</property>
+ <property name="label" translatable="yes">Disable Audit</property>
+ <property name="use_underline">True</property>
+ <property name="stock_id">gtk-zoom-out</property>
+ <property name="visible_horizontal">True</property>
+ <property name="visible_vertical">True</property>
+ <property name="is_important">False</property>
+ <signal name="clicked" handler="on_disable_audit_clicked" last_modification_time="Wed, 15 Nov 2006 16:29:34 GMT"/>
+ </widget>
+ <packing>
+ <property name="expand">False</property>
+ <property name="homogeneous">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkHBox" id="hbox11">
+ <property name="visible">True</property>
+ <property name="homogeneous">False</property>
+ <property name="spacing">0</property>
+
+ <child>
+ <widget class="GtkLabel" id="label55">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">Filter</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="padding">10</property>
+ <property name="expand">False</property>
+ <property name="fill">False</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkEntry" id="modulesFilterEntry">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="editable">True</property>
+ <property name="visibility">True</property>
+ <property name="max_length">0</property>
+ <property name="text" translatable="yes"></property>
+ <property name="has_frame">True</property>
+ <property name="invisible_char">•</property>
+ <property name="activates_default">False</property>
+ <signal name="changed" handler="on_booleansFilter_changed" last_modification_time="Fri, 06 Apr 2007 12:39:26 GMT"/>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">5</property>
+ <property name="expand">False</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkScrolledWindow" id="scrolledwindow15">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="hscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="vscrollbar_policy">GTK_POLICY_ALWAYS</property>
+ <property name="shadow_type">GTK_SHADOW_NONE</property>
+ <property name="window_placement">GTK_CORNER_TOP_LEFT</property>
+
+ <child>
+ <widget class="GtkTreeView" id="modulesView">
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="headers_visible">True</property>
+ <property name="rules_hint">False</property>
+ <property name="reorderable">False</property>
+ <property name="enable_search">True</property>
+ <property name="fixed_height_mode">False</property>
+ <property name="hover_selection">False</property>
+ <property name="hover_expand">False</property>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="tab_expand">False</property>
+ <property name="tab_fill">True</property>
+ </packing>
+ </child>
+
+ <child>
+ <widget class="GtkLabel" id="label44">
+ <property name="visible">True</property>
+ <property name="label" translatable="yes">label44</property>
+ <property name="use_underline">False</property>
+ <property name="use_markup">False</property>
+ <property name="justify">GTK_JUSTIFY_LEFT</property>
+ <property name="wrap">False</property>
+ <property name="selectable">False</property>
+ <property name="xalign">0.5</property>
+ <property name="yalign">0.5</property>
+ <property name="xpad">0</property>
+ <property name="ypad">0</property>
+ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
+ <property name="width_chars">-1</property>
+ <property name="single_line_mode">False</property>
+ <property name="angle">0</property>
+ </widget>
+ <packing>
+ <property name="type">tab</property>
+ </packing>
+ </child>
+ </widget>
+ <packing>
+ <property name="shrink">True</property>
+ <property name="resize">True</property>
+ </packing>
+ </child>
+ </widget>
+ </child>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+
+ <child internal-child="appbar">
+ <widget class="GnomeAppBar" id="appbar2">
+ <property name="visible">True</property>
+ <property name="has_progress">True</property>
+ <property name="has_status">True</property>
+ </widget>
+ <packing>
+ <property name="padding">0</property>
+ <property name="expand">True</property>
+ <property name="fill">True</property>
+ </packing>
+ </child>
+</widget>
+
+</glade-interface>
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinux.py policycoreutils-2.0.27/gui/system-config-selinux.py
--- nsapolicycoreutils/gui/system-config-selinux.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/system-config-selinux.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,175 @@
+#!/usr/bin/python
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
+#
+# Dan Walsh <dwalsh@redhat.com>
+#
+# Copyright 2006 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+import signal
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import gnome
+import sys
+import statusPage
+import booleansPage
+import loginsPage
+import usersPage
+import portsPage
+import modulesPage
+import fcontextPage
+import translationsPage
+import selinux
+##
+## I18N
+##
+PROGNAME="system-config-selinux"
+
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME,
+ localedir="/usr/share/locale",
+ unicode=False,
+ codeset = 'utf-8')
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+gnome.program_init("SELinux Management Tool", "5")
+
+version = "1.0"
+
+sys.path.append('/usr/share/system-config-selinux')
+
+
+
+##
+## Pull in the Glade file
+##
+if os.access("system-config-selinux.glade", os.F_OK):
+ xml = gtk.glade.XML ("system-config-selinux.glade", domain=PROGNAME)
+else:
+ xml = gtk.glade.XML ("/usr/share/system-config-selinux/system-config-selinux.glade", domain=PROGNAME)
+
+class childWindow:
+ def __init__(self):
+ self.tabs=[]
+ self.xml = xml
+ xml.signal_connect("on_quit_activate", self.destroy)
+ xml.signal_connect("on_delete_clicked", self.delete)
+ xml.signal_connect("on_add_clicked", self.add)
+ xml.signal_connect("on_properties_clicked", self.properties)
+ xml.signal_connect("on_local_clicked", self.on_local_clicked)
+ self.add_page(statusPage.statusPage(xml))
+ if selinux.is_selinux_enabled() > 0:
+ self.add_page(booleansPage.booleansPage(xml))
+ self.add_page(fcontextPage.fcontextPage(xml))
+ self.add_page(loginsPage.loginsPage(xml))
+ self.add_page(usersPage.usersPage(xml))
+ self.add_page(translationsPage.translationsPage(xml))
+ self.add_page(portsPage.portsPage(xml))
+ self.add_page(modulesPage.modulesPage(xml)) # modules
+
+ xml.signal_connect("on_quit_activate", self.destroy)
+ xml.signal_connect("on_policy_activate", self.policy)
+ xml.signal_connect("on_logging_activate", self.logging)
+ xml.signal_connect("on_about_activate", self.on_about_activate)
+
+ self.add_menu = xml.get_widget("add_menu_item")
+ self.properties_menu = xml.get_widget("properties_menu_item")
+ self.delete_menu = xml.get_widget("delete_menu_item")
+
+ def add_page(self, page):
+ self.tabs.append(page)
+
+ def policy(self, args):
+ os.spawnl(os.P_NOWAIT, "/usr/share/system-config-selinux/semanagegui.py")
+ def logging(self, args):
+ os.spawnl(os.P_NOWAIT, "/usr/bin/seaudit")
+
+ def delete(self, args):
+ self.tabs[self.notebook.get_current_page()].deleteDialog()
+
+ def add(self, args):
+ self.tabs[self.notebook.get_current_page()].addDialog()
+
+ def properties(self, args):
+ self.tabs[self.notebook.get_current_page()].propertiesDialog()
+
+ def on_local_clicked(self, button):
+ self.tabs[self.notebook.get_current_page()].on_local_clicked(button)
+
+ def on_about_activate(self, args):
+ dlg = xml.get_widget ("aboutWindow")
+ dlg.run ()
+ dlg.hide ()
+
+ def destroy(self, args):
+ gtk.main_quit()
+
+ def use_menus(self, use_menus):
+ self.add_menu.set_sensitive(use_menus)
+ self.properties_menu.set_sensitive(use_menus)
+ self.delete_menu.set_sensitive(use_menus)
+
+ def itemSelected(self, selection):
+ store, rows = selection.get_selected_rows()
+ if store != None and len(rows) > 0:
+ self.notebook.set_current_page(rows[0][0])
+ self.use_menus(self.tabs[rows[0][0]].use_menus())
+ else:
+ self.notebook.set_current_page(0)
+ self.use_menus(self.tabs[0].use_menus())
+
+
+ def setupScreen(self):
+ # Bring in widgets from glade file.
+ self.mainWindow = self.xml.get_widget("mainWindow")
+ self.notebook = self.xml.get_widget("notebook")
+ self.view = self.xml.get_widget("selectView")
+ self.view.get_selection().connect("changed", self.itemSelected)
+ self.store = gtk.ListStore(gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+ col = gtk.TreeViewColumn("", gtk.CellRendererText(), text = 0)
+ col.set_resizable(True)
+ self.view.append_column(col)
+
+ for page in self.tabs:
+ iter = self.store.append()
+ self.store.set_value(iter, 0, page.get_description())
+ self.view.get_selection().select_path ((0,))
+
+ def stand_alone(self):
+ desktopName = _("Configue SELinux")
+
+ self.setupScreen()
+
+ self.mainWindow.connect("destroy", self.destroy)
+
+ self.mainWindow.show_all()
+ gtk.main()
+
+if __name__ == "__main__":
+ signal.signal (signal.SIGINT, signal.SIG_DFL)
+
+ app = childWindow()
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/executable.py policycoreutils-2.0.27/gui/templates/executable.py
--- nsapolicycoreutils/gui/templates/executable.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/executable.py 2007-09-28 15:36:45.000000000 -0400
@@ -0,0 +1,291 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### Type Enforcement File #############################
+te_daemon_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type TEMPLATETYPE_t;
+type TEMPLATETYPE_exec_t;
+domain_type(TEMPLATETYPE_t)
+init_daemon_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
+"""
+
+te_initscript_types="""
+type TEMPLATETYPE_script_exec_t;
+init_script_type(TEMPLATETYPE_script_exec_t)
+"""
+
+te_inetd_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type TEMPLATETYPE_t;
+type TEMPLATETYPE_exec_t;
+inetd_service_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
+"""
+
+te_userapp_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type TEMPLATETYPE_t;
+type TEMPLATETYPE_exec_t;
+application_domain(TEMPLATETYPE_t, TEMPLATETYPE_exec_t)
+role system_r types TEMPLATETYPE_t;
+
+"""
+
+te_cgi_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+apache_content_template(TEMPLATETYPE)
+"""
+
+te_daemon_rules="""
+########################################
+#
+# TEMPLATETYPE local policy
+#
+
+# Init script handling
+domain_use_interactive_fds(TEMPLATETYPE_t)
+
+## internal communication is often done using fifo and unix sockets.
+allow TEMPLATETYPE_t self:fifo_file rw_file_perms;
+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
+
+files_read_etc_files(TEMPLATETYPE_t)
+
+libs_use_ld_so(TEMPLATETYPE_t)
+libs_use_shared_libs(TEMPLATETYPE_t)
+
+miscfiles_read_localization(TEMPLATETYPE_t)
+
+ifdef(`targeted_policy',`
+ term_dontaudit_use_unallocated_ttys(TEMPLATETYPE_t)
+ term_dontaudit_use_generic_ptys(TEMPLATETYPE_t)
+')
+
+"""
+
+te_inetd_rules="""
+"""
+
+te_userapp_rules="""
+########################################
+#
+# TEMPLATETYPE local policy
+#
+
+## internal communication is often done using fifo and unix sockets.
+allow TEMPLATETYPE_t self:fifo_file rw_file_perms;
+allow TEMPLATETYPE_t self:unix_stream_socket create_stream_socket_perms;
+
+files_read_etc_files(TEMPLATETYPE_t)
+
+libs_use_ld_so(TEMPLATETYPE_t)
+libs_use_shared_libs(TEMPLATETYPE_t)
+
+miscfiles_read_localization(TEMPLATETYPE_t)
+
+"""
+
+te_cgi_rules="""
+"""
+
+te_uid_rules="""
+auth_use_nsswitch(TEMPLATETYPE_t)
+"""
+
+te_syslog_rules="""
+logging_send_syslog_msg(TEMPLATETYPE_t)
+"""
+
+te_pam_rules="""
+auth_domtrans_chk_passwd(TEMPLATETYPE_t)
+"""
+
+te_userapp_trans_rules="""
+optional_policy(`
+ gen_require(`
+ type USER_t;
+ type USER_devpts_t;
+ type USER_tty_device_t;
+ role USER_r;
+ ')
+
+ TEMPLATETYPE_run(USER_t, USER_r, { USER_tty_device_t USER_devpts_t })
+')
+"""
+
+########################### Interface File #############################
+if_program_rules="""
+## <summary>policy for TEMPLATETYPE</summary>
+
+########################################
+## <summary>
+## Execute a domain transition to run TEMPLATETYPE.
+## </summary>
+## <param name=\"domain\">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_domtrans',`
+ gen_require(`
+ type TEMPLATETYPE_t;
+ type TEMPLATETYPE_exec_t;
+ ')
+
+ domtrans_pattern($1,TEMPLATETYPE_exec_t,TEMPLATETYPE_t)
+')
+
+"""
+
+if_user_program_rules="""
+########################################
+## <summary>
+## Execute TEMPLATETYPE in the TEMPLATETYPE domain, and
+## allow the specified role the TEMPLATETYPE domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to be allowed the TEMPLATETYPE domain.
+## </summary>
+## </param>
+## <param name="terminal">
+## <summary>
+## The type of the role's terminal.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_run',`
+ gen_require(`
+ type TEMPLATETYPE_t;
+ ')
+
+ TEMPLATETYPE_domtrans($1)
+ role $2 types TEMPLATETYPE_t;
+ dontaudit TEMPLATETYPE_t $3:chr_file rw_term_perms;
+')
+
+"""
+
+if_initscript_rules="""
+########################################
+## <summary>
+## Execute TEMPLATETYPE server in the TEMPLATETYPE domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## The type of the process performing this action.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_script_domtrans',`
+ gen_require(`
+ type TEMPLATETYPE_script_exec_t;
+ ')
+
+ init_script_domtrans_spec($1,TEMPLATETYPE_script_exec_t)
+')
+"""
+
+if_begin_admin="""
+########################################
+## <summary>
+## All of the rules required to administrate an TEMPLATETYPE environment
+## </summary>
+## <param name="prefix">
+## <summary>
+## Prefix of the domain. Example, user would be
+## the prefix for the uder_t domain.
+## </summary>
+## </param>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to be allowed to manage the TEMPLATETYPE domain.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`TEMPLATETYPE_admin',`
+ gen_require(`
+ type TEMPLATETYPE_t;
+ ')
+
+ allow $2 TEMPLATETYPE_t:process { ptrace signal_perms getattr };
+ read_files_pattern($2, TEMPLATETYPE_t, TEMPLATETYPE_t)
+
+"""
+
+if_initscript_admin="""
+ # Allow $1 to restart the apache service
+ TEMPLATETYPE_script_domtrans($2)
+ domain_system_change_exemption($2)
+ role_transition $3 TEMPLATETYPE_script_exec_t system_r;
+ allow $3 system_r;
+"""
+
+if_end_admin="""
+')
+"""
+
+########################### File Context ##################################
+fc_program="""\
+
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_exec_t,s0)
+"""
+fc_initscript="""\
+
+EXECUTABLE -- gen_context(system_u:object_r:TEMPLATETYPE_script_exec_t,s0)
+"""
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/__init__.py policycoreutils-2.0.27/gui/templates/__init__.py
--- nsapolicycoreutils/gui/templates/__init__.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/__init__.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,18 @@
+#
+# Copyright (C) 2007 Red Hat, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/network.py policycoreutils-2.0.27/gui/templates/network.py
--- nsapolicycoreutils/gui/templates/network.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/network.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,80 @@
+te_port_types="""
+type TEMPLATETYPE_port_t;
+corenet_port(TEMPLATETYPE_port_t)
+"""
+
+te_network="""\
+sysnet_dns_name_resolve(TEMPLATETYPE_t)
+corenet_all_recvfrom_unlabeled(TEMPLATETYPE_t)
+"""
+
+te_tcp="""\
+allow TEMPLATETYPE_t self:tcp_socket create_stream_socket_perms;
+corenet_tcp_sendrecv_all_if(TEMPLATETYPE_t)
+corenet_tcp_sendrecv_all_nodes(TEMPLATETYPE_t)
+corenet_tcp_sendrecv_all_ports(TEMPLATETYPE_t)
+"""
+
+te_in_tcp="""\
+corenet_tcp_bind_all_nodes(TEMPLATETYPE_t)
+"""
+
+te_in_need_port_tcp="""\
+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_bind;
+"""
+
+te_out_need_port_tcp="""\
+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:tcp_socket name_connect;
+"""
+
+te_udp="""\
+allow TEMPLATETYPE_t self:udp_socket { create_socket_perms listen };
+corenet_udp_sendrecv_all_if(TEMPLATETYPE_t)
+corenet_udp_sendrecv_all_nodes(TEMPLATETYPE_t)
+corenet_udp_sendrecv_all_ports(TEMPLATETYPE_t)
+"""
+
+te_in_udp="""\
+corenet_udp_bind_all_nodes(TEMPLATETYPE_t)
+"""
+
+te_in_need_port_udp="""\
+allow TEMPLATETYPE_t TEMPLATETYPE_port_t:udp_socket name_bind;
+"""
+
+te_out_all_ports_tcp="""\
+corenet_tcp_connect_all_ports(TEMPLATETYPE_t)
+"""
+
+te_out_reserved_ports_tcp="""\
+corenet_tcp_connect_all_rpc_ports(TEMPLATETYPE_t)
+"""
+
+te_out_unreserved_ports_tcp="""\
+corenet_tcp_connect_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
+te_in_all_ports_tcp="""\
+corenet_tcp_bind_all_ports(TEMPLATETYPE_t)
+"""
+
+te_in_reserved_ports_tcp="""\
+corenet_tcp_bind_all_rpc_ports(TEMPLATETYPE_t)
+"""
+
+te_in_unreserved_ports_tcp="""\
+corenet_tcp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
+te_in_all_ports_udp="""\
+corenet_udp_bind_all_ports(TEMPLATETYPE_t)
+"""
+
+te_in_reserved_ports_udp="""\
+corenet_udp_bind_all_rpc_ports(TEMPLATETYPE_t)
+"""
+
+te_in_unreserved_ports_udp="""\
+corenet_udp_bind_all_unreserved_ports(TEMPLATETYPE_t)
+"""
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py policycoreutils-2.0.27/gui/templates/rw.py
--- nsapolicycoreutils/gui/templates/rw.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/rw.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,128 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+
+########################### tmp Template File #############################
+te_types="""
+type TEMPLATETYPE_rw_t;
+files_type(TEMPLATETYPE_rw_t)
+"""
+
+te_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:file manage_file_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_rw_t:dir create_dir_perms;
+"""
+
+########################### Interface File #############################
+if_rules="""
+########################################
+## <summary>
+## Search TEMPLATETYPE rw directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_search_rw_dir',`
+ gen_require(`
+ type TEMPLATETYPE_rw_t;
+ ')
+
+ allow $1 TEMPLATETYPE_rw_t:dir search_dir_perms;
+ files_search_rw($1)
+')
+
+########################################
+## <summary>
+## Read TEMPLATETYPE rw files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_read_rw_files',`
+ gen_require(`
+ type TEMPLATETYPE_rw_t;
+ ')
+
+ allow $1 TEMPLATETYPE_rw_t:file r_file_perms;
+ allow $1 TEMPLATETYPE_rw_t:dir list_dir_perms;
+ files_search_rw($1)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## TEMPLATETYPE rw files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_rw_files',`
+ gen_require(`
+ type TEMPLATETYPE_rw_t;
+ ')
+
+ allow $1 TEMPLATETYPE_rw_t:file manage_file_perms;
+ allow $1 TEMPLATETYPE_rw_t:dir rw_dir_perms;
+')
+
+########################################
+## <summary>
+## Manage TEMPLATETYPE rw files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_rw',`
+ gen_require(`
+ type TEMPLATETYPE_rw_t;
+ ')
+
+ manage_dir_perms($1,TEMPLATETYPE_rw_t,TEMPLATETYPE_rw_t)
+ manage_file_perms($1,TEMPLATETYPE_rw_t,TEMPLATETYPE_rw_t)
+ manage_lnk_file_perms($1,TEMPLATETYPE_rw_t,TEMPLATETYPE_rw_t)
+')
+
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_rw($2)
+"""
+
+########################### File Context ##################################
+fc_file="""
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
+
+fc_dir="""
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_rw_t,s0)
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.27/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/script.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,50 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+
+########################### tmp Template File #############################
+compile="""
+#!/bin/sh
+if [ ! -f /usr/share/selinux/devel/Makefile ]; then
+echo 'selinux-policy-devel not installed, package required for building policy'
+echo '# yum install selinux-policy-devel'
+exit 1
+fi
+make -f /usr/share/selinux/devel/Makefile
+/usr/sbin/semodule -i PACKAGEFILENAME.pp
+
+"""
+
+restorecon="""\
+/sbin/restorecon -F -R -v FILENAME
+"""
+
+tcp_ports="""\
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p tcp PORTNUM
+"""
+
+udp_ports="""\
+/usr/sbin/semanage port -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
+users="""\
+/usr/sbin/semanage user -a -P TEMPLATETYPE -R "TEMPLATETYPE_rROLES" TEMPLATETYPE_u
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/semodule.py policycoreutils-2.0.27/gui/templates/semodule.py
--- nsapolicycoreutils/gui/templates/semodule.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/semodule.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,41 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+
+########################### tmp Template File #############################
+compile="""
+#!/bin/sh
+make -f /usr/share/selinux/devel/Makefile
+semodule -i TEMPLATETYPE.pp
+"""
+
+restorecon="""
+restorecon -R -v FILENAME
+"""
+
+tcp_ports="""
+semanage ports -a -t TEMPLATETYPE_port_t -p tcp PORTNUM
+"""
+
+udp_ports="""
+semanage ports -a -t TEMPLATETYPE_port_t -p udp PORTNUM
+"""
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/tmp.py policycoreutils-2.0.27/gui/templates/tmp.py
--- nsapolicycoreutils/gui/templates/tmp.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/tmp.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,97 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### tmp Template File #############################
+
+te_types="""
+type TEMPLATETYPE_tmp_t;
+files_tmp_file(TEMPLATETYPE_tmp_t)
+"""
+
+te_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:file manage_file_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_tmp_t:dir create_dir_perms;
+files_tmp_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_tmp_t, { file dir })
+"""
+
+if_rules="""
+########################################
+## <summary>
+## Do not audit attempts to read,
+## TEMPLATETYPE tmp files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_dontaudit_read_tmp_files',`
+ gen_require(`
+ type TEMPLATETYPE_tmp_t;
+ ')
+
+ dontaudit $1 TEMPLATETYPE_tmp_t:file r_file_perms;
+')
+
+########################################
+## <summary>
+## Allow domain to read, TEMPLATETYPE tmp files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_read_tmp_files',`
+ gen_require(`
+ type TEMPLATETYPE_tmp_t;
+ ')
+
+ allow $1 TEMPLATETYPE_tmp_t:file r_file_perms;
+')
+
+########################################
+## <summary>
+## Allow domain to manage TEMPLATETYPE tmp files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_tmp',`
+ gen_require(`
+ type TEMPLATETYPE_tmp_t;
+ ')
+
+ manage_dir_perms($1,TEMPLATETYPE_tmp_t,TEMPLATETYPE_tmp_t)
+ manage_file_perms($1,TEMPLATETYPE_tmp_t,TEMPLATETYPE_tmp_t)
+ manage_lnk_file_perms($1,TEMPLATETYPE_tmp_t,TEMPLATETYPE_tmp_t)
+')
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_tmp($2)
+"""
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/user.py policycoreutils-2.0.27/gui/templates/user.py
--- nsapolicycoreutils/gui/templates/user.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/user.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,139 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### Type Enforcement File #############################
+
+te_login_user_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+userdom_unpriv_login_user(TEMPLATETYPE)
+"""
+
+te_x_login_user_types="""\
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+userdom_unpriv_xwindows_login_user(TEMPLATETYPE)
+"""
+
+te_root_user_types="""\
+
+policy_module(TEMPLATETYPE,1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+userdom_base_user_template(TEMPLATETYPE)
+"""
+
+te_login_user_rules="""\
+
+########################################
+#
+# TEMPLATETYPE local policy
+#
+
+"""
+
+te_x_login_user_rules="""\
+
+########################################
+#
+# TEMPLATETYPE local policy
+#
+
+"""
+
+te_root_user_rules="""\
+
+########################################
+#
+# TEMPLATETYPE local policy
+#
+
+"""
+
+te_transition_rules="""
+optional_policy(`
+ APPLICATION_per_role_template(TEMPLATETYPE,TEMPLATETYPE_t,TEMPLATETYPE_r)
+')
+"""
+
+te_admin_rules="""
+allow TEMPLATETYPE_t self:capability { dac_override dac_read_search kill sys_ptrace sys_nice };
+files_dontaudit_search_all_dirs(TEMPLATETYPE_t)
+
+selinux_get_enforce_mode(TEMPLATETYPE_t)
+seutil_domtrans_setfiles(TEMPLATETYPE_t)
+seutil_search_default_contexts(TEMPLATETYPE_t)
+
+logging_send_syslog_msg(TEMPLATETYPE_t)
+
+kernel_read_system_state(TEMPLATETYPE_t)
+
+domain_dontaudit_search_all_domains_state(TEMPLATETYPE_t)
+domain_dontaudit_ptrace_all_domains(TEMPLATETYPE_t)
+
+userdom_dontaudit_search_sysadm_home_dirs(TEMPLATETYPE_t)
+userdom_dontaudit_search_generic_user_home_dirs(TEMPLATETYPE_t)
+
+bool TEMPLATETYPE_read_user_files false;
+bool TEMPLATETYPE_manage_user_files false;
+
+if (TEMPLATETYPE_read_user_files) {
+ userdom_read_unpriv_users_home_content_files(TEMPLATETYPE_t)
+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
+}
+
+if (TEMPLATETYPE_manage_user_files) {
+ userdom_manage_unpriv_users_home_content_dirs(TEMPLATETYPE_t)
+ userdom_read_unpriv_users_tmp_files(TEMPLATETYPE_t)
+ userdom_write_unpriv_users_tmp_files(TEMPLATETYPE_t)
+}
+
+"""
+
+te_admin_domain_rules="""
+optional_policy(`
+ APPLICATION_admin(TEMPLATETYPE,TEMPLATETYPE_t,TEMPLATETYPE_r)
+')
+"""
+
+te_roles_rules="""
+userdom_role_change_template(TEMPLATETYPE, ROLE)
+"""
+
+te_newrole_rules="""
+seutil_run_newrole(TEMPLATETYPE_t,TEMPLATETYPE_r,{ TEMPLATETYPE_devpts_t TEMPLATETYPE_tty_device_t })
+"""
+
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_lib.py policycoreutils-2.0.27/gui/templates/var_lib.py
--- nsapolicycoreutils/gui/templates/var_lib.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/var_lib.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,162 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### var_lib Template File #############################
+
+########################### Type Enforcement File #############################
+te_types="""
+type TEMPLATETYPE_var_lib_t;
+files_type(TEMPLATETYPE_var_lib_t)
+"""
+te_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:file manage_file_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:dir manage_dir_perms;
+files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, { file dir })
+"""
+
+te_stream_rules="""\
+allow TEMPLATETYPE_t TEMPLATETYPE_var_lib_t:sock_file manage_file_perms;
+files_var_lib_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_lib_t, sock_file)
+"""
+
+
+########################### Interface File #############################
+if_rules="""
+########################################
+## <summary>
+## Search TEMPLATETYPE lib directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_search_lib',`
+ gen_require(`
+ type TEMPLATETYPE_var_lib_t;
+ ')
+
+ allow $1 TEMPLATETYPE_var_lib_t:dir search_dir_perms;
+ files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+## Read TEMPLATETYPE lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_read_lib_files',`
+ gen_require(`
+ type TEMPLATETYPE_var_lib_t;
+ ')
+
+ allow $1 TEMPLATETYPE_var_lib_t:file r_file_perms;
+ allow $1 TEMPLATETYPE_var_lib_t:dir list_dir_perms;
+ files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## TEMPLATETYPE lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_lib_files',`
+ gen_require(`
+ type TEMPLATETYPE_var_lib_t;
+ ')
+
+ allow $1 TEMPLATETYPE_var_lib_t:file manage_file_perms;
+ allow $1 TEMPLATETYPE_var_lib_t:dir rw_dir_perms;
+ files_search_var_lib($1)
+')
+
+########################################
+## <summary>
+## Manage TEMPLATETYPE var_lib files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_var_lib',`
+ gen_require(`
+ type TEMPLATETYPE_var_lib_t;
+ ')
+
+ manage_dir_perms($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t)
+ manage_file_perms($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t)
+ manage_lnk_file_perms($1,TEMPLATETYPE_var_lib_t,TEMPLATETYPE_var_lib_t)
+')
+
+"""
+
+if_stream_rules="""
+########################################
+## <summary>
+## Connect to TEMPLATETYPE over an unix stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+ gen_require(`
+ type TEMPLATETYPE_t, TEMPLATETYPE_var_lib_t;
+ ')
+
+ files_search_pids($1)
+ allow $1 TEMPLATETYPE_var_lib_t:sock_file write;
+ allow $1 TEMPLATETYPE_t:unix_stream_socket connectto;
+')
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_var_lib($2)
+"""
+
+########################### File Context ##################################
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
+
+fc_sock_file="""\
+FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
+
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_lib_t,s0)
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_log.py policycoreutils-2.0.27/gui/templates/var_log.py
--- nsapolicycoreutils/gui/templates/var_log.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/var_log.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,112 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### var_log Template File #############################
+
+########################### Type Enforcement File #############################
+te_types="""
+type TEMPLATETYPE_log_t;
+logging_log_file(TEMPLATETYPE_log_t)
+"""
+
+te_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_log_t:file manage_file_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_log_t:dir { rw_dir_perms setattr };
+logging_log_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_log_t,{ file dir })
+"""
+
+########################### Interface File #############################
+if_rules="""
+########################################
+## <summary>
+## Allow the specified domain to read TEMPLATETYPE's log files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`TEMPLATETYPE_read_log',`
+ gen_require(`
+ type TEMPLATETYPE_log_t;
+ ')
+
+ logging_search_logs($1)
+ allow $1 TEMPLATETYPE_log_t:dir r_dir_perms;
+ allow $1 TEMPLATETYPE_log_t:file { read getattr lock };
+')
+
+########################################
+## <summary>
+## Allow the specified domain to append
+## TEMPLATETYPE log files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_append_log',`
+ gen_require(`
+ type var_log_t, TEMPLATETYPE_log_t;
+ ')
+
+ logging_search_logs($1)
+ allow $1 TEMPLATETYPE_log_t:dir r_dir_perms;
+ allow $1 TEMPLATETYPE_log_t:file { getattr append };
+')
+
+########################################
+## <summary>
+## Allow domain to manage TEMPLATETYPE log files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_log',`
+ gen_require(`
+ type TEMPLATETYPE_log_t;
+ ')
+
+ manage_dir_perms($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t)
+ manage_file_perms($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t)
+ manage_lnk_file_perms($1,TEMPLATETYPE_log_t,TEMPLATETYPE_log_t)
+')
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_log($2)
+"""
+
+########################### File Context ##################################
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
+
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_log_t,s0)
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_run.py policycoreutils-2.0.27/gui/templates/var_run.py
--- nsapolicycoreutils/gui/templates/var_run.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/var_run.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,119 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### var_run Template File #############################
+
+te_types="""
+type TEMPLATETYPE_var_run_t;
+files_pid_file(TEMPLATETYPE_var_run_t)
+"""
+
+te_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:file manage_file_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:dir manage_dir_perms;
+files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, { file dir })
+"""
+
+te_stream_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_var_run_t:sock_file manage_file_perms;
+files_pid_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_var_run_t, sock_file)
+"""
+
+if_rules="""
+########################################
+## <summary>
+## Read TEMPLATETYPE PID files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_read_pid_files',`
+ gen_require(`
+ type TEMPLATETYPE_var_run_t;
+ ')
+
+ files_search_pids($1)
+ allow $1 TEMPLATETYPE_var_run_t:file r_file_perms;
+')
+
+########################################
+## <summary>
+## Manage TEMPLATETYPE var_run files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_var_run',`
+ gen_require(`
+ type TEMPLATETYPE_var_run_t;
+ ')
+
+ manage_dir_perms($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t)
+ manage_file_perms($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t)
+ manage_lnk_file_perms($1,TEMPLATETYPE_var_run_t,TEMPLATETYPE_var_run_t)
+')
+
+"""
+
+if_stream_rules="""\
+########################################
+## <summary>
+## Connect to TEMPLATETYPE over an unix stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_stream_connect',`
+ gen_require(`
+ type TEMPLATETYPE_t, TEMPLATETYPE_var_run_t;
+ ')
+
+ files_search_pids($1)
+ allow $1 TEMPLATETYPE_var_run_t:sock_file write;
+ allow $1 TEMPLATETYPE_t:unix_stream_socket connectto;
+')
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_var_run($2)
+"""
+
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
+fc_sock_file="""\
+FILENAME -s gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_var_run_t,s0)
+"""
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/var_spool.py policycoreutils-2.0.27/gui/templates/var_spool.py
--- nsapolicycoreutils/gui/templates/var_spool.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/templates/var_spool.py 2007-09-27 11:20:32.000000000 -0400
@@ -0,0 +1,131 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# policygentool is a tool for the initial generation of SELinux policy
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+# 02111-1307 USA
+#
+#
+########################### var_spool Template File #############################
+
+########################### Type Enforcement File #############################
+te_types="""
+type TEMPLATETYPE_spool_t;
+files_type(TEMPLATETYPE_spool_t)
+"""
+te_rules="""
+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:dir manage_dir_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:file manage_file_perms;
+allow TEMPLATETYPE_t TEMPLATETYPE_spool_t:sock_file create_file_perms;
+files_spool_filetrans(TEMPLATETYPE_t,TEMPLATETYPE_spool_t, { file dir sock_file })
+"""
+
+########################### Interface File #############################
+if_rules="""
+########################################
+## <summary>
+## Search TEMPLATETYPE spool directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_search_spool',`
+ gen_require(`
+ type TEMPLATETYPE_spool_t;
+ ')
+
+ allow $1 TEMPLATETYPE_spool_t:dir search_dir_perms;
+ files_search_spool($1)
+')
+
+########################################
+## <summary>
+## Read TEMPLATETYPE spool files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_read_spool_files',`
+ gen_require(`
+ type TEMPLATETYPE_spool_t;
+ ')
+
+ allow $1 TEMPLATETYPE_spool_t:file r_file_perms;
+ allow $1 TEMPLATETYPE_spool_t:dir list_dir_perms;
+ files_search_spool($1)
+')
+
+########################################
+## <summary>
+## Create, read, write, and delete
+## TEMPLATETYPE spool files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_spool_files',`
+ gen_require(`
+ type TEMPLATETYPE_spool_t;
+ ')
+
+ allow $1 TEMPLATETYPE_spool_t:file manage_file_perms;
+ allow $1 TEMPLATETYPE_spool_t:dir rw_dir_perms;
+ files_search_spool($1)
+')
+
+########################################
+## <summary>
+## Allow domain to manage TEMPLATETYPE spool files
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`TEMPLATETYPE_manage_spool',`
+ gen_require(`
+ type TEMPLATETYPE_spool_t;
+ ')
+
+ manage_dir_perms($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t)
+ manage_file_perms($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t)
+ manage_lnk_file_perms($1,TEMPLATETYPE_spool_t,TEMPLATETYPE_spool_t)
+')
+
+"""
+
+if_admin_rules="""
+ TEMPLATETYPE_manage_spool($2)
+"""
+
+########################### File Context ##################################
+fc_file="""\
+FILENAME -- gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
+
+fc_dir="""\
+FILENAME(/.*)? gen_context(system_u:object_r:TEMPLATETYPE_spool_t,s0)
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/translationsPage.py policycoreutils-2.0.27/gui/translationsPage.py
--- nsapolicycoreutils/gui/translationsPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/translationsPage.py 2007-09-27 11:20:33.000000000 -0400
@@ -0,0 +1,118 @@
+## translationsPage.py - show selinux translations
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import seobject
+from semanagePage import *;
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class translationsPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "translations", _("Translation"))
+ self.firstTime = False
+
+ self.translation_filter = xml.get_widget("translationsFilterEntry")
+ self.translation_filter.connect("focus_out_event", self.filter_changed)
+ self.translation_filter.connect("activate", self.filter_changed)
+
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+ col = gtk.TreeViewColumn(_("Sensitvity Level"), gtk.CellRendererText(), text = 0)
+ col.set_sort_column_id(0)
+ col.set_sizing(gtk.TREE_VIEW_COLUMN_FIXED)
+ col.set_resizable(True)
+ col.set_fixed_width(250)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("Translation"), gtk.CellRendererText(), text = 1)
+ col.set_sort_column_id(1)
+ col.set_resizable(True)
+ self.view.append_column(col)
+
+ self.load()
+ self.translationsLevelEntry = xml.get_widget("translationsLevelEntry")
+ self.translationsEntry = xml.get_widget("translationsEntry")
+
+ def load(self, filter = ""):
+ self.filter = filter
+ self.translation = seobject.setransRecords()
+ dict = self.translation.get_all()
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
+ for k in keys:
+ if not (self.match(k, filter) or self.match(dict[k], filter)):
+ continue
+ iter = self.store.append()
+ self.store.set_value(iter, 0, k)
+ self.store.set_value(iter, 1, dict[k])
+ self.view.get_selection().select_path ((0,))
+
+ def dialogInit(self):
+ store, iter = self.view.get_selection().get_selected()
+ self.translationsLevelEntry.set_text(store.get_value(iter, 0))
+ self.translationsLevelEntry.set_sensitive(False)
+ self.translationsEntry.set_text(store.get_value(iter, 1))
+
+ def dialogClear(self):
+ self.translationsLevelEntry.set_text("")
+ self.translationsLevelEntry.set_sensitive(True)
+ self.translationsEntry.set_text("")
+
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ try:
+ level = store.get_value(iter, 0)
+ self.translation.delete(level)
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+ except ValueError, e:
+ self.error(e.args[0])
+
+ def add(self):
+ level = self.translationsLevelEntry.get_text().strip()
+ translation = self.translationsEntry.get_text().strip()
+ self.translation.add(level, translation)
+ iter = self.store.append()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
+
+ def modify(self):
+ level = self.translationsLevelEntry.get_text().strip()
+ translation = self.translationsEntry.get_text().strip()
+ self.translation.modify(level, translation)
+ store, iter = self.view.get_selection().get_selected()
+ self.store.set_value(iter, 0, level)
+ self.store.set_value(iter, 1, translation)
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/usersPage.py policycoreutils-2.0.27/gui/usersPage.py
--- nsapolicycoreutils/gui/usersPage.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.27/gui/usersPage.py 2007-09-27 11:20:33.000000000 -0400
@@ -0,0 +1,172 @@
+## usersPage.py - show selinux mappings
+## Copyright (C) 2006 Red Hat, Inc.
+
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+## Author: Dan Walsh
+import string
+import gtk
+import gtk.glade
+import os
+import gobject
+import sys
+import commands
+import seobject
+from semanagePage import *;
+
+##
+## I18N
+##
+PROGNAME="policycoreutils"
+import gettext
+gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+gettext.textdomain(PROGNAME)
+try:
+ gettext.install(PROGNAME, localedir="/usr/share/locale", unicode=1)
+except IOError:
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
+class usersPage(semanagePage):
+ def __init__(self, xml):
+ semanagePage.__init__(self, xml, "users", "SELinux User")
+
+ self.store = gtk.ListStore(gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING, gobject.TYPE_STRING)
+ self.view.set_model(self.store)
+ self.store.set_sort_column_id(0, gtk.SORT_ASCENDING)
+
+ col = gtk.TreeViewColumn(_("SELinux\nUser"), gtk.CellRendererText(), text = 0)
+ col.set_sort_column_id(0)
+ col.set_resizable(True)
+ self.view.append_column(col)
+
+ col = gtk.TreeViewColumn(_("Labeling\nPrefix"), gtk.CellRendererText(), text = 1)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("MLS/\nMCS Level"), gtk.CellRendererText(), text = 2)
+ col.set_resizable(True)
+ self.view.append_column(col)
+ col = gtk.TreeViewColumn(_("MLS/\nMCS Range"), gtk.CellRendererText(), text = 3)
+ col.set_resizable(True)
+ self.view.append_column(col)
+
+ col = gtk.TreeViewColumn(_("SELinux Roles"), gtk.CellRendererText(), text = 4)
+ col.set_resizable(True)
+ self.view.append_column(col)
+
+ self.load()
+ self.selinuxUserEntry = xml.get_widget("selinuxUserEntry")
+ self.labelPrefixEntry = xml.get_widget("labelPrefixEntry")
+ self.mlsLevelEntry = xml.get_widget("mlsLevelEntry")
+ self.mlsRangeEntry = xml.get_widget("mlsRangeEntry")
+ self.selinuxRolesEntry = xml.get_widget("selinuxRolesEntry")
+
+ def load(self, filter = ""):
+ self.filter=filter
+ self.user = seobject.seluserRecords()
+ dict = self.user.get_all()
+ keys = dict.keys()
+ keys.sort()
+ self.store.clear()
+ for k in keys:
+ level = seobject.translate(dict[k][1])
+ range = seobject.translate(dict[k][2])
+ if not (self.match(k, filter) or self.match(dict[k][0], filter) or self.match(level, filter) or self.match(range, filter) or self.match(dict[k][3], filter)):
+ continue
+
+ iter = self.store.append()
+ self.store.set_value(iter, 0, k)
+ self.store.set_value(iter, 1, dict[k][0])
+ self.store.set_value(iter, 2, level)
+ self.store.set_value(iter, 3, range)
+ self.store.set_value(iter, 4, dict[k][3])
+ self.view.get_selection().select_path ((0,))
+
+ def delete(self):
+ if semanagePage.delete(self) == gtk.RESPONSE_NO:
+ return None
+
+ def dialogInit(self):
+ store, iter = self.view.get_selection().get_selected()
+ self.selinuxUserEntry.set_text(store.get_value(iter, 0))
+ self.selinuxUserEntry.set_sensitive(False)
+ self.labelPrefixEntry.set_text(store.get_value(iter, 1))
+ self.mlsLevelEntry.set_text(store.get_value(iter, 2))
+ self.mlsRangeEntry.set_text(store.get_value(iter, 3))
+ self.selinuxRolesEntry.set_text(store.get_value(iter, 4))
+ protocol=store.get_value(iter, 2)
+
+ def dialogClear(self):
+ self.selinuxUserEntry.set_text("")
+ self.selinuxUserEntry.set_sensitive(True)
+ self.labelPrefixEntry.set_text("")
+ self.mlsLevelEntry.set_text("s0")
+ self.mlsRangeEntry.set_text("s0")
+ self.selinuxRolesEntry.set_text("")
+
+ def add(self):
+ user = self.selinuxUserEntry.get_text()
+ prefix = self.labelPrefixEntry.get_text()
+ level = self.mlsLevelEntry.get_text()
+ range = self.mlsRangeEntry.get_text()
+ roles = self.selinuxRolesEntry.get_text()
+
+ (rc, out) = commands.getstatusoutput("semanage user -a -R '%s' -r %s-%s -P %s %s" % (roles, level, range, prefix, user))
+ if rc != 0:
+ self.error(out)
+ return False
+ iter = self.store.append()
+ self.store.set_value(iter, 0, user)
+ self.store.set_value(iter, 1, prefix)
+ self.store.set_value(iter, 2, level)
+ self.store.set_value(iter, 3, range)
+ self.store.set_value(iter, 4, roles)
+
+ def modify(self):
+ user = self.selinuxUserEntry.get_text()
+ prefix = self.labelPrefixEntry.get_text()
+ level = self.mlsLevelEntry.get_text()
+ range = self.mlsRangeEntry.get_text()
+ roles = self.selinuxRolesEntry.get_text()
+
+ (rc, out) = commands.getstatusoutput("semanage user -m -R '%s' -r %s-%s -P %s %s" % (roles, level, range, prefix, user))
+
+ if rc != 0:
+ self.error(out)
+ return False
+ store, iter = self.view.get_selection().get_selected()
+ iter = self.store.append()
+ self.store.set_value(iter, 0, user)
+ self.store.set_value(iter, 1, prefix)
+ self.store.set_value(iter, 2, level)
+ self.store.set_value(iter, 3, range)
+ self.store.set_value(iter, 4, roles)
+
+ def delete(self):
+ store, iter = self.view.get_selection().get_selected()
+ try:
+ user=store.get_value(iter, 0)
+ if user == "root" or user == "user_u":
+ raise ValueError(_("SELinux user '%s' is required") % user)
+
+ (rc, out) = commands.getstatusoutput("semanage user -d %s" % user)
+ if rc != 0:
+ self.error(out)
+ return False
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+ except ValueError, e:
+ self.error(e.args[0])
+