diff --git a/policycoreutils-gui.patch b/policycoreutils-gui.patch
index 72791c9..e0a00c0 100644
--- a/policycoreutils-gui.patch
+++ b/policycoreutils-gui.patch
@@ -937,8 +937,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/modulesPage.py polic
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policycoreutils-2.0.31/gui/polgen.glade
--- nsapolicycoreutils/gui/polgen.glade 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/polgen.glade 2007-10-16 19:23:01.000000000 -0400
-@@ -0,0 +1,2583 @@
++++ policycoreutils-2.0.31/gui/polgen.glade 2007-10-16 21:32:19.000000000 -0400
+@@ -0,0 +1,3012 @@
+
+
+
@@ -2873,7 +2873,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+ False
+
+
-+
+
+
+ 0
@@ -3244,6 +3243,257 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ True
++ Select booleans that the application uses
++
++
++
++ 16
++ True
++ False
++ 6
++
++
++
++ True
++ 0
++ 0.5
++ GTK_SHADOW_NONE
++
++
++
++ True
++ 0.5
++ 0.5
++ 1
++ 1
++ 0
++ 0
++ 12
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ True
++ GTK_RELIEF_NORMAL
++ True
++
++
++
++
++ True
++ 0.5
++ 0.5
++ 0
++ 0
++ 0
++ 0
++ 0
++ 0
++
++
++
++ True
++ False
++ 2
++
++
++
++ True
++ gtk-add
++ 4
++ 0.5
++ 0.5
++ 0
++ 0
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ Add Boolean
++ True
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 0
++ False
++ False
++
++
++
++
++
++
++
++
++ 0
++ False
++ False
++
++
++
++
++
++ True
++ True
++ gtk-delete
++ True
++ GTK_RELIEF_NORMAL
++ True
++
++
++
++
++ 0
++ False
++ False
++
++
++
++
++ 4
++ False
++ True
++
++
++
++
++
++ True
++ True
++ GTK_POLICY_NEVER
++ GTK_POLICY_NEVER
++ GTK_SHADOW_IN
++ GTK_CORNER_TOP_LEFT
++
++
++
++ True
++ GTK_SHADOW_IN
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ True
++ GTK_POLICY_ALWAYS
++ GTK_POLICY_ALWAYS
++ GTK_SHADOW_IN
++ GTK_CORNER_TOP_LEFT
++
++
++
++ True
++ Add/Remove booleans used for this confined application/user
++ True
++ True
++ False
++ False
++ True
++ False
++ False
++ False
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
++ False
++ True
++
++
++
++
++
++ True
++
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ tab
++
++
++
++
+
+ True
+ Select directory to generate policy in
@@ -3337,7 +3587,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
-+
++
+ True
+
+ False
@@ -3380,7 +3630,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
-+
++
+ True
+
+ False
@@ -3423,7 +3673,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
-+
++
+ True
+
+ False
@@ -3521,12 +3771,191 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.glade policyc
+
+
+
++
++ Add Booleans Dialog
++ GTK_WINDOW_TOPLEVEL
++ GTK_WIN_POS_MOUSE
++ False
++ 400
++ True
++ False
++ True
++ False
++ False
++ GDK_WINDOW_TYPE_HINT_DIALOG
++ GDK_GRAVITY_NORTH_WEST
++ True
++ False
++ True
++
++
++
++ True
++ False
++ 0
++
++
++
++ True
++ GTK_BUTTONBOX_END
++
++
++
++ True
++ True
++ True
++ gtk-cancel
++ True
++ GTK_RELIEF_NORMAL
++ True
++ -6
++
++
++
++
++
++ True
++ True
++ True
++ gtk-add
++ True
++ GTK_RELIEF_NORMAL
++ True
++ -5
++
++
++
++
++ 0
++ False
++ True
++ GTK_PACK_END
++
++
++
++
++
++ True
++ 2
++ 2
++ False
++ 0
++ 0
++
++
++
++ True
++ Boolean Name
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 0
++ 1
++ 0
++ 1
++ fill
++
++
++
++
++
++
++ True
++ Description
++ False
++ False
++ GTK_JUSTIFY_LEFT
++ False
++ False
++ 0.5
++ 0.5
++ 0
++ 0
++ PANGO_ELLIPSIZE_NONE
++ -1
++ False
++ 0
++
++
++ 0
++ 1
++ 1
++ 2
++ fill
++
++
++
++
++
++
++ True
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 1
++ 2
++ 0
++ 1
++
++
++
++
++
++
++ True
++ True
++ True
++ True
++ 0
++
++ True
++ •
++ False
++
++
++ 1
++ 2
++ 1
++ 2
++
++
++
++
++
++ 0
++ True
++ True
++
++
++
++
++
++
+
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policycoreutils-2.0.31/gui/polgengui.py
--- nsapolicycoreutils/gui/polgengui.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/polgengui.py 2007-10-16 19:43:06.000000000 -0400
-@@ -0,0 +1,551 @@
-+#!/usr/bin/python
++++ policycoreutils-2.0.31/gui/polgengui.py 2007-10-16 21:32:31.000000000 -0400
+@@ -0,0 +1,590 @@
++#!/usr/bin/python -E
+#
+# system-config-selinux.py - GUI for SELinux Config tool in system-config-selinux
+#
@@ -3638,9 +4067,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ OUT_NET_PAGE = 8
+ COMMON_APPS_PAGE = 9
+ FILES_PAGE = 10
-+ GEN_POLICY_PAGE = 11
-+ GEN_USER_POLICY_PAGE = 12
-+ FINISH_PAGE = 13
++ BOOLEAN_PAGE = 11
++ GEN_POLICY_PAGE = 12
++ GEN_USER_POLICY_PAGE = 13
++ FINISH_PAGE = 14
+
+ def __init__(self):
+ self.xml = xml
@@ -3648,9 +4078,11 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.all_modules=get_all_modules()
+ self.name=""
+ xml.signal_connect("on_delete_clicked", self.delete)
++ xml.signal_connect("on_delete_boolean_clicked", self.delete_boolean)
+ xml.signal_connect("on_exec_select_clicked", self.exec_select)
+ xml.signal_connect("on_init_script_select_clicked", self.init_script_select)
+ xml.signal_connect("on_add_clicked", self.add)
++ xml.signal_connect("on_add_boolean_clicked", self.add_boolean)
+ xml.signal_connect("on_add_dir_clicked", self.add_dir)
+ xml.signal_connect("on_about_clicked", self.on_about_clicked)
+ xml.get_widget ("cancel_button").connect("clicked",self.quit)
@@ -3659,14 +4091,18 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ self.back_button = xml.get_widget ("back_button")
+ self.back_button.connect("clicked",self.back)
+
++ self.boolean_dialog = xml.get_widget ("boolean_dialog")
++ self.boolean_name_entry = xml.get_widget ("boolean_name_entry")
++ self.boolean_description_entry = xml.get_widget ("boolean_description_entry")
++
+ self.notebook = xml.get_widget ("notebook1")
+ self.pages={}
+ for i in polgen.USERS:
-+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE]
-+ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE]
++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.TRANSITION_PAGE, self.ROLE_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE]
++ self.pages[polgen.RUSER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.ADMIN_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.BOOLEAN_PAGE, self.GEN_USER_POLICY_PAGE, self.FINISH_PAGE]
+ for i in polgen.APPLICATIONS:
-+ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
-+ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE,self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
++ self.pages[i] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
++ self.pages[polgen.USER] = [ self.START_PAGE, self.SELECT_TYPE_PAGE, self.APP_PAGE, self.USER_TRANSITION_PAGE, self.IN_NET_PAGE, self.OUT_NET_PAGE, self.COMMON_APPS_PAGE, self.FILES_PAGE, self.BOOLEAN_PAGE, self.GEN_POLICY_PAGE, self.FINISH_PAGE ]
+
+ self.current_page = 0
+ self.back_button.set_sensitive(0)
@@ -3701,6 +4137,15 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ for b in self.network_buttons.keys():
+ b.connect("clicked",self.network_all_clicked)
+
++ self.boolean_treeview = self.xml.get_widget("boolean_treeview")
++ self.boolean_store = gtk.ListStore(gobject.TYPE_STRING,gobject.TYPE_STRING)
++ self.boolean_treeview.set_model(self.boolean_store)
++ self.boolean_store.set_sort_column_id(0, gtk.SORT_ASCENDING)
++ col = gtk.TreeViewColumn(_("Name"), gtk.CellRendererText(), text = 0)
++ self.boolean_treeview.append_column(col)
++ col = gtk.TreeViewColumn(_("Description"), gtk.CellRendererText(), text = 1)
++ self.boolean_treeview.append_column(col)
++
+ self.role_treeview = self.xml.get_widget("role_treeview")
+ self.role_store = gtk.ListStore(gobject.TYPE_STRING)
+ self.role_treeview.set_model(self.role_store)
@@ -3860,6 +4305,12 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ my_policy.set_in_udp(self.in_udp_all_checkbutton.get_active(), self.in_udp_reserved_checkbutton.get_active(), self.in_udp_unreserved_checkbutton.get_active(), self.in_udp_entry.get_text())
+ my_policy.set_out_tcp(self.out_tcp_all_checkbutton.get_active(), self.out_tcp_entry.get_text())
+ my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text())
++
++ iter= self.boolean_store.get_iter_first()
++ while(iter):
++ my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1))
++ iter= self.boolean_store.iter_next(iter)
++
+ if self.get_type() in polgen.APPLICATIONS:
+ my_policy.set_program(self.exec_entry.get_text())
+ my_policy.set_use_syslog(self.syslog_checkbutton.get_active() == 1)
@@ -3910,6 +4361,23 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ store.remove(iter)
+ self.view.get_selection().select_path ((0,))
+
++ def delete_boolean(self, args):
++ store, iter = self.boolean_treeview.get_selection().get_selected()
++ if iter != None:
++ store.remove(iter)
++ self.boolean_treeview.get_selection().select_path ((0,))
++
++ def add_boolean(self,type):
++ self.boolean_name_entry.set_text("")
++ self.boolean_description_entry.set_text("")
++ rc = self.boolean_dialog.run()
++ self.boolean_dialog.hide()
++ if rc == gtk.RESPONSE_CANCEL:
++ return
++ iter = self.boolean_store.append()
++ self.boolean_store.set_value(iter, 0, self.boolean_name_entry.get_text())
++ self.boolean_store.set_value(iter, 1, self.boolean_description_entry.get_text())
++
+ def __add(self,type):
+ rc = self.file_dialog.run()
+ self.file_dialog.hide()
@@ -4079,8 +4547,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
+ app.stand_alone()
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.31/gui/polgen.py
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/polgen.py 2007-10-16 19:23:12.000000000 -0400
-@@ -0,0 +1,818 @@
++++ policycoreutils-2.0.31/gui/polgen.py 2007-10-16 21:32:25.000000000 -0400
+@@ -0,0 +1,839 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
+#
@@ -4105,6 +4573,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+import os, sys, stat
+import re
+from templates import executable
++from templates import boolean
+from templates import etc_rw
+from templates import var_spool
+from templates import var_lib
@@ -4243,6 +4712,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.use_audit = False
+ self.use_terminal = False
+ self.use_mail = False
++ self.booleans = {}
+ self.files = {}
+ self.dirs = {}
+ self.found_tcp_ports=[]
@@ -4448,6 +4918,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ self.DEFAULT_DIRS["rw"][1].append(file)
+ return self.DEFAULT_DIRS["rw"]
+
++ def add_boolean(self, name, description):
++ self.booleans[name] = description
++
+ def add_file(self, file):
+ self.files[file] = self.__find_path(file)
+
@@ -4586,6 +5059,19 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ else:
+ return ""
+
++ def generate_booleans(self):
++ newte = ""
++ for b in self.booleans:
++ tmp = re.sub("BOOLEAN", b, boolean.te_boolean)
++ newte += re.sub("DESCRIPTION", self.booleans[b], tmp)
++ return newte
++
++ def generate_boolean_rules(self):
++ newte = ""
++ for b in self.booleans:
++ newte += re.sub("BOOLEAN", b, boolean.te_rules)
++ return newte
++
+ def generate_cgi_te(self):
+ return re.sub("TEMPLATETYPE", self.name, executable.te_cgi_types)
+
@@ -4683,7 +5169,9 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+
+ newte += self.generate_network_types()
+ newte += self.generate_tmp_types()
++ newte += self.generate_booleans()
+ newte += self.generate_default_rules()
++ newte += self.generate_boolean_rules()
+
+ for d in self.DEFAULT_DIRS:
+ if len(self.DEFAULT_DIRS[d][1]) > 0:
@@ -4884,6 +5372,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
+ mypolicy = policy("mytuser", TUSER)
+ mypolicy.set_transition_domains(["sudo"])
+ mypolicy.set_admin_roles(["mydbadm"])
++ mypolicy.add_boolean("allow_mytuser_setuid", "Allow mytuser users to run setuid applications")
+ print mypolicy.generate("/var/tmp")
+
+ mypolicy = policy("myxuser", XUSER)
@@ -9349,6 +9838,50 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/system-config-selinu
+
+ app = childWindow()
+ app.stand_alone()
+diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/boolean.py policycoreutils-2.0.31/gui/templates/boolean.py
+--- nsapolicycoreutils/gui/templates/boolean.py 1969-12-31 19:00:00.000000000 -0500
++++ policycoreutils-2.0.31/gui/templates/boolean.py 2007-10-16 21:30:53.000000000 -0400
+@@ -0,0 +1,40 @@
++# Copyright (C) 2007 Red Hat
++# see file 'COPYING' for use and warranty information
++#
++# policygentool is a tool for the initial generation of SELinux policy
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of
++# the License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
++# 02111-1307 USA
++#
++#
++########################### boolean Template File ###########################
++
++te_boolean="""
++##
++##
++## DESCRIPTION
++##
++##
++gen_tunable(BOOLEAN,false)
++"""
++
++te_rules="""
++tunable_policy(`BOOLEAN',`
++#TRUE
++',`
++#FALSE
++')
++"""
++
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/etc_rw.py policycoreutils-2.0.31/gui/templates/etc_rw.py
--- nsapolicycoreutils/gui/templates/etc_rw.py 1969-12-31 19:00:00.000000000 -0500
+++ policycoreutils-2.0.31/gui/templates/etc_rw.py 2007-10-16 19:23:37.000000000 -0400
@@ -10091,7 +10624,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/rw.py poli
+"""
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py policycoreutils-2.0.31/gui/templates/script.py
--- nsapolicycoreutils/gui/templates/script.py 1969-12-31 19:00:00.000000000 -0500
-+++ policycoreutils-2.0.31/gui/templates/script.py 2007-10-16 19:24:22.000000000 -0400
++++ policycoreutils-2.0.31/gui/templates/script.py 2007-10-16 21:31:31.000000000 -0400
@@ -0,0 +1,91 @@
+# Copyright (C) 2007 Red Hat
+# see file 'COPYING' for use and warranty information
@@ -10136,7 +10669,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/templates/script.py
+if [ $# -eq 1 ]; then
+ if [ "$1" = "--update" ] ; then
+ time=`ls -l --time-style="+%x %X" TEMPLATETYPE.te | awk '{ printf "%s %s", $6, $7 }'`
-+ rules=`ausearch --start $time -m avc --raw | grep TEMPLATETYPE`
++ rules=`ausearch --start $time -m avc --raw -se TEMPLATETYPE`
+ if [ x"$rules" != "x" ] ; then
+ echo "Found avc's to update policy with"
+ echo -e "$rules" | audit2allow -R
diff --git a/policycoreutils.spec b/policycoreutils.spec
index a9516eb..699bf6d 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -6,7 +6,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.0.31
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policycoreutils-%{version}.tgz
@@ -205,6 +205,9 @@ if [ "$1" -ge "1" ]; then
fi
%changelog
+* Mon Oct 15 2007 Dan Walsh 2.0.31-4
+- Add booleans page
+
* Mon Oct 15 2007 Dan Walsh 2.0.31-3
- Lots of updates to gui