Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <mad...@us...> - 2006-09-05 14:57:26
|
Revision: 2026
http://svn.sourceforge.net/selinux/?rev=2026&view=rev
Author: madmethod
Date: 2006-09-05 07:57:13 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Tag for libsepol 1.12.26
Added Paths:
-----------
tags/libsepol_1_12_26/
tags/libsepol_1_12_26/libsepol/
Copied: tags/libsepol_1_12_26/libsepol (from rev 2022, trunk/libsepol)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:52:40
|
Revision: 2025
http://svn.sourceforge.net/selinux/?rev=2025&view=rev
Author: madmethod
Date: 2006-09-05 07:52:19 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Tag for checkpolicy 1.30.11
Added Paths:
-----------
tags/checkpolicy_1_30_11/checkpolicy/
Copied: tags/checkpolicy_1_30_11/checkpolicy (from rev 2024, trunk/checkpolicy)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:51:57
|
Revision: 2024
http://svn.sourceforge.net/selinux/?rev=2024&view=rev
Author: madmethod
Date: 2006-09-05 07:51:48 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
make directory for checkpolicy 1.30.11 tag
Added Paths:
-----------
tags/checkpolicy_1_30_11/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:49:57
|
Revision: 2023
http://svn.sourceforge.net/selinux/?rev=2023&view=rev
Author: madmethod
Date: 2006-09-05 07:49:43 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
remove broken tags
Removed Paths:
-------------
tags/checkpolicy_1_30_11/
tags/libsepol_1_12_26/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:38:11
|
Revision: 2022
http://svn.sourceforge.net/selinux/?rev=2022&view=rev
Author: madmethod
Date: 2006-09-05 07:37:50 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Tag for libsepol 1.12.26
Added Paths:
-----------
tags/libsepol_1_12_26/
Copied: tags/libsepol_1_12_26 (from rev 2021, trunk/libsepol)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:36:59
|
Revision: 2021
http://svn.sourceforge.net/selinux/?rev=2021&view=rev
Author: madmethod
Date: 2006-09-05 07:36:49 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
s/21/12/
Modified Paths:
--------------
trunk/libsepol/ChangeLog
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2006-09-05 14:35:45 UTC (rev 2020)
+++ trunk/libsepol/ChangeLog 2006-09-05 14:36:49 UTC (rev 2021)
@@ -1,4 +1,4 @@
-1.21.26 2006-09-05
+1.12.26 2006-09-05
* Merged range transition enhancements and user format changes
Darrel Goeddel
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:35:58
|
Revision: 2020
http://svn.sourceforge.net/selinux/?rev=2020&view=rev
Author: madmethod
Date: 2006-09-05 07:35:45 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
libsepol 1.12.26
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2006-09-05 14:33:20 UTC (rev 2019)
+++ trunk/libsepol/ChangeLog 2006-09-05 14:35:45 UTC (rev 2020)
@@ -1,3 +1,7 @@
+1.21.26 2006-09-05
+ * Merged range transition enhancements and user format changes
+ Darrel Goeddel
+
1.12.25 2006-08-24
* Merged conditionally expand neverallows patch from Jeremy Mowery.
* Merged refactor expander patch from Jeremy Mowery.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2006-09-05 14:33:20 UTC (rev 2019)
+++ trunk/libsepol/VERSION 2006-09-05 14:35:45 UTC (rev 2020)
@@ -1 +1 @@
-1.12.25
+1.12.26
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:33:38
|
Revision: 2019
http://svn.sourceforge.net/selinux/?rev=2019&view=rev
Author: madmethod
Date: 2006-09-05 07:33:20 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Tag for checkpolicy 1.30.11
Added Paths:
-----------
tags/checkpolicy_1_30_11/
Copied: tags/checkpolicy_1_30_11 (from rev 2018, trunk/checkpolicy)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:31:54
|
Revision: 2018
http://svn.sourceforge.net/selinux/?rev=2018&view=rev
Author: madmethod
Date: 2006-09-05 07:31:38 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
checkpolicy 1.30.11
Modified Paths:
--------------
trunk/checkpolicy/ChangeLog
trunk/checkpolicy/VERSION
Modified: trunk/checkpolicy/ChangeLog
===================================================================
--- trunk/checkpolicy/ChangeLog 2006-09-05 14:28:31 UTC (rev 2017)
+++ trunk/checkpolicy/ChangeLog 2006-09-05 14:31:38 UTC (rev 2018)
@@ -1,3 +1,7 @@
+1.30.11 2006-09-05
+ * merged range_transition enhancements and user module format
+ changes from Darrel Goeddel
+
1.30.10 2006-08-03
* Merged symtab datum patch from Karl MacMillan.
Modified: trunk/checkpolicy/VERSION
===================================================================
--- trunk/checkpolicy/VERSION 2006-09-05 14:28:31 UTC (rev 2017)
+++ trunk/checkpolicy/VERSION 2006-09-05 14:31:38 UTC (rev 2018)
@@ -1 +1 @@
-1.30.10
+1.30.11
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:28:52
|
Revision: 2017
http://svn.sourceforge.net/selinux/?rev=2017&view=rev
Author: madmethod
Date: 2006-09-05 07:28:31 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@Tr...
Subject: semantic MLS representation for users
Date: Thu, 31 Aug 2006 17:21:21 -0500
Here is a second take on the previous patch. The changes are:
- no longer create semantic representation of user MLS fields when
reading in a kernel format policy
- no longer copy the semantic representation of user MLS fields
when expanding users
- no longer deal attempt to expand the semantic MLS components when
caching user information if the policy is already in kernel format
(the semantic info is no longer there)
---
Use the semantic representation for user_datums in modular policy formats.
All user_datums in a modular format use the semantic representation of the MLS
range and dfltlevel. There is also the possibility of having an expanded
version of that data also present in the user_datum. This is used much like
the role cache in the user_datum. When the user are indexed, the MLS info is
expanded. This info may be used to check the validity of context. This
expansion is not used when writing out a kernel format policy - the expansion
is performed again to ensure that the data it is present and in sync with the
rest of the policy.
Like the range_trans structs, user_datums from older modular formats will have
their MLS data converted to the new semantic structs.
Signed-off-by: Darrel Goeddel <dgo...@tr...>
Acked-By: Joshua Brindle <jbr...@tr...>
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/src/expand.c
trunk/libsepol/src/mls.c
trunk/libsepol/src/policydb.c
trunk/libsepol/src/users.c
trunk/libsepol/src/write.c
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/checkpolicy/policy_parse.y 2006-09-05 14:28:31 UTC (rev 2017)
@@ -3737,11 +3737,10 @@
free(id);
usrdatum->dfltlevel.sens = levdatum->level->sens;
- ebitmap_init(&usrdatum->dfltlevel.cat);
while ((id = queue_remove(id_queue))) {
- if (parse_categories(id, levdatum,
- &usrdatum->dfltlevel.cat)) {
+ if (parse_semantic_categories(id, levdatum,
+ &usrdatum->dfltlevel.cat)) {
free(id);
return -1;
}
@@ -3763,13 +3762,12 @@
return -1;
}
free(id);
+
usrdatum->range.level[l].sens = levdatum->level->sens;
- ebitmap_init(&usrdatum->range.level[l].cat);
while ((id = queue_remove(id_queue))) {
- if (parse_categories(id, levdatum,
- &usrdatum->range.level[l].
- cat)) {
+ if (parse_semantic_categories(id, levdatum,
+ &usrdatum->range.level[l].cat)) {
free(id);
return -1;
}
@@ -3782,33 +3780,14 @@
}
if (l == 0) {
- usrdatum->range.level[1].sens =
- usrdatum->range.level[0].sens;
- if (ebitmap_cpy(&usrdatum->range.level[1].cat,
- &usrdatum->range.level[0].cat)) {
+ if (mls_semantic_level_cpy(&usrdatum->range.level[1],
+ &usrdatum->range.level[0])) {
yyerror("out of memory");
- goto out;
+ return -1;
}
}
- if (!mls_level_dom(&usrdatum->range.level[1],
- &usrdatum->range.level[0])) {
- yyerror("high level does not dominate low level");
- goto out;
- }
- if (!mls_level_between(&usrdatum->dfltlevel,
- &usrdatum->range.level[0],
- &usrdatum->range.level[1])) {
- yyerror("default level not within user range");
- goto out;
- }
}
return 0;
-
- out:
- ebitmap_destroy(&usrdatum->dfltlevel.cat);
- ebitmap_destroy(&usrdatum->range.level[0].cat);
- ebitmap_destroy(&usrdatum->range.level[1].cat);
- return -1;
}
static int parse_security_context(context_struct_t * c)
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-05 14:28:31 UTC (rev 2017)
@@ -149,9 +149,11 @@
typedef struct user_datum {
symtab_datum_t s;
role_set_t roles; /* set of authorized roles for user */
- mls_range_t range; /* MLS range (min. - max.) for user */
- mls_level_t dfltlevel; /* default login MLS level for user */
+ mls_semantic_range_t range; /* MLS range (min. - max.) for user */
+ mls_semantic_level_t dfltlevel; /* default login MLS level for user */
ebitmap_t cache; /* This is an expanded set used for context validation during parsing */
+ mls_range_t exp_range; /* expanded range used for validation */
+ mls_level_t exp_dfltlevel; /* expanded range used for validation */
} user_datum_t;
/* Sensitivity attributes */
@@ -586,9 +588,10 @@
#define MOD_POLICYDB_VERSION_VALIDATETRANS 5
#define MOD_POLICYDB_VERSION_MLS 5
#define MOD_POLICYDB_VERSION_RANGETRANS 6
+#define MOD_POLICYDB_VERSION_MLS_USERS 6
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_RANGETRANS
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_MLS_USERS
#define POLICYDB_CONFIG_MLS 1
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/libsepol/src/expand.c 2006-09-05 14:28:31 UTC (rev 2017)
@@ -692,13 +692,46 @@
return -1;
}
- /* clone MLS stuff */
- if (mls_range_cpy(&new_user->range, &user->range) == -1
- || mls_level_cpy(&new_user->dfltlevel,
- &user->dfltlevel) == -1) {
- ERR(state->handle, "Out of memory!");
+ /* expand the semantic MLS info */
+ if (mls_semantic_range_expand(&user->range,
+ &new_user->exp_range,
+ state->out, state->handle)) {
return -1;
}
+ if (mls_semantic_level_expand(&user->dfltlevel,
+ &new_user->exp_dfltlevel,
+ state->out, state->handle)) {
+ return -1;
+ }
+ if (!mls_level_between(&new_user->exp_dfltlevel,
+ &new_user->exp_range.level[0],
+ &new_user->exp_range.level[1])) {
+ ERR(state->handle, "default level not within user "
+ "range");
+ return -1;
+ }
+ } else {
+ /* require that the MLS info match */
+ mls_range_t tmp_range;
+ mls_level_t tmp_level;
+
+ if (mls_semantic_range_expand(&user->range, &tmp_range,
+ state->out, state->handle)) {
+ return -1;
+ }
+ if (mls_semantic_level_expand(&user->dfltlevel, &tmp_level,
+ state->out, state->handle)) {
+ mls_range_destroy(&tmp_range);
+ return -1;
+ }
+ if (!mls_range_eq(&new_user->exp_range, &tmp_range) ||
+ !mls_level_eq(&new_user->exp_dfltlevel, &tmp_level)) {
+ mls_range_destroy(&tmp_range);
+ mls_level_destroy(&tmp_level);
+ return -1;
+ }
+ mls_range_destroy(&tmp_range);
+ mls_level_destroy(&tmp_level);
}
ebitmap_init(&tmp_union);
@@ -788,7 +821,7 @@
}
if (state->verbose)
- INFO(state->handle, "copying senitivity level %s", id);
+ INFO(state->handle, "copying sensitivity level %s", id);
if ((new_level =
(level_datum_t *) calloc(1, sizeof(*new_level))) == NULL
@@ -2207,6 +2240,17 @@
if (hashtab_map(state.base->p_roles.table, role_copy_callback, &state))
goto cleanup;
+ /* copy MLS's sensitivity level and categories - this needs to be done
+ * before expanding users (they need to be indexed too) */
+ if (hashtab_map(state.base->p_levels.table, sens_copy_callback, &state))
+ goto cleanup;
+ if (hashtab_map(state.base->p_cats.table, cats_copy_callback, &state))
+ goto cleanup;
+ if (policydb_index_others(handle, out, verbose)) {
+ ERR(handle, "Error while indexing out symbols");
+ goto cleanup;
+ }
+
/* copy users */
if (hashtab_map(state.base->p_users.table, user_copy_callback, &state))
goto cleanup;
@@ -2215,13 +2259,6 @@
if (hashtab_map(state.base->p_bools.table, bool_copy_callback, &state))
goto cleanup;
- /* now copy MLS's sensitivity level and categories */
- if (hashtab_map(state.base->p_levels.table, sens_copy_callback, &state)
- || hashtab_map(state.base->p_cats.table, cats_copy_callback,
- &state)) {
- goto cleanup;
- }
-
if (policydb_index_classes(out)) {
ERR(handle, "Error while indexing out classes");
goto cleanup;
Modified: trunk/libsepol/src/mls.c
===================================================================
--- trunk/libsepol/src/mls.c 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/libsepol/src/mls.c 2006-09-05 14:28:31 UTC (rev 2017)
@@ -310,7 +310,7 @@
if (!c->user || c->user > p->p_users.nprim)
return 0;
usrdatum = p->user_val_to_struct[c->user - 1];
- if (!mls_range_contains(usrdatum->range, c->range))
+ if (!mls_range_contains(usrdatum->exp_range, c->range))
return 0; /* user may not be associated with range */
return 1;
@@ -512,9 +512,9 @@
if (mls) {
mls_level_t *fromcon_sen = &(fromcon->range.level[0]);
mls_level_t *fromcon_clr = &(fromcon->range.level[1]);
- mls_level_t *user_low = &(user->range.level[0]);
- mls_level_t *user_clr = &(user->range.level[1]);
- mls_level_t *user_def = &(user->dfltlevel);
+ mls_level_t *user_low = &(user->exp_range.level[0]);
+ mls_level_t *user_clr = &(user->exp_range.level[1]);
+ mls_level_t *user_def = &(user->exp_dfltlevel);
mls_level_t *usercon_sen = &(usercon->range.level[0]);
mls_level_t *usercon_clr = &(usercon->range.level[1]);
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/libsepol/src/policydb.c 2006-09-05 14:28:31 UTC (rev 2017)
@@ -112,7 +112,7 @@
},
{
.type = POLICY_BASE,
- .version = MOD_POLICYDB_VERSION_RANGETRANS,
+ .version = MOD_POLICYDB_VERSION_MLS_USERS,
.sym_num = SYM_NUM,
.ocon_num = OCON_NODE6 + 1,
},
@@ -130,7 +130,7 @@
},
{
.type = POLICY_MOD,
- .version = MOD_POLICYDB_VERSION_RANGETRANS,
+ .version = MOD_POLICYDB_VERSION_MLS_USERS,
.sym_num = SYM_NUM,
.ocon_num = 0},
};
@@ -233,18 +233,22 @@
{
memset(x, 0, sizeof(user_datum_t));
role_set_init(&x->roles);
- mls_range_init(&x->range);
- mls_level_init(&x->dfltlevel);
+ mls_semantic_range_init(&x->range);
+ mls_semantic_level_init(&x->dfltlevel);
ebitmap_init(&x->cache);
+ mls_range_init(&x->exp_range);
+ mls_level_init(&x->exp_dfltlevel);
}
void user_datum_destroy(user_datum_t * x)
{
if (x != NULL) {
role_set_destroy(&x->roles);
- mls_range_destroy(&x->range);
- mls_level_destroy(&x->dfltlevel);
+ mls_semantic_range_destroy(&x->range);
+ mls_semantic_level_destroy(&x->dfltlevel);
ebitmap_destroy(&x->cache);
+ mls_range_destroy(&x->exp_range);
+ mls_level_destroy(&x->exp_dfltlevel);
}
}
@@ -498,6 +502,20 @@
return -1;
}
+ if (p->policy_type != POLICY_KERN) {
+ mls_range_destroy(&user->exp_range);
+ if (mls_semantic_range_expand(&user->range,
+ &user->exp_range, p, NULL)) {
+ return -1;
+ }
+
+ mls_level_destroy(&user->exp_dfltlevel);
+ if (mls_semantic_level_expand(&user->dfltlevel,
+ &user->exp_dfltlevel, p, NULL)) {
+ return -1;
+ }
+ }
+
return 0;
}
@@ -2235,18 +2253,38 @@
goto bad;
}
- /* users aren't allowed in mls modules but they can be required, the mls fields will be empty,
- * user declarations in non-mls modules will also have empty mls fields */
+ /* users were not allowed in mls modules before version
+ * MOD_POLICYDB_VERSION_MLS_USERS, but they could have been
+ * required - the mls fields will be empty. user declarations in
+ * non-mls modules will also have empty mls fields */
if ((p->policy_type == POLICY_KERN
&& p->policyvers >= POLICYDB_VERSION_MLS)
|| (p->policy_type == POLICY_MOD
- && p->policyvers >= MOD_POLICYDB_VERSION_MLS)
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)
|| (p->policy_type == POLICY_BASE
- && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
- if (mls_read_range_helper(&usrdatum->range, fp))
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS)) {
+ if (mls_read_range_helper(&usrdatum->exp_range, fp))
goto bad;
- if (mls_read_level(&usrdatum->dfltlevel, fp))
+ if (mls_read_level(&usrdatum->exp_dfltlevel, fp))
goto bad;
+ if (p->policy_type != POLICY_KERN) {
+ if (mls_range_to_semantic(&usrdatum->exp_range,
+ &usrdatum->range))
+ goto bad;
+ if (mls_level_to_semantic(&usrdatum->exp_dfltlevel,
+ &usrdatum->dfltlevel))
+ goto bad;
+ }
+ } else if ((p->policy_type == POLICY_MOD
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)
+ || (p->policy_type == POLICY_BASE
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS)) {
+ if (mls_read_semantic_range_helper(&usrdatum->range, fp))
+ goto bad;
+ if (mls_read_semantic_level_helper(&usrdatum->dfltlevel, fp))
+ goto bad;
}
if (hashtab_insert(h, key, usrdatum))
Modified: trunk/libsepol/src/users.c
===================================================================
--- trunk/libsepol/src/users.c 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/libsepol/src/users.c 2006-09-05 14:28:31 UTC (rev 2017)
@@ -47,13 +47,13 @@
context_init(&context);
if (mls_level_cpy(&context.range.level[0],
- &usrdatum->dfltlevel) < 0) {
+ &usrdatum->exp_dfltlevel) < 0) {
ERR(handle, "could not copy MLS level");
context_destroy(&context);
goto err;
}
if (mls_level_cpy(&context.range.level[1],
- &usrdatum->dfltlevel) < 0) {
+ &usrdatum->exp_dfltlevel) < 0) {
ERR(handle, "could not copy MLS level");
context_destroy(&context);
goto err;
@@ -71,7 +71,7 @@
free(str);
context_init(&context);
- if (mls_range_cpy(&context.range, &usrdatum->range) < 0) {
+ if (mls_range_cpy(&context.range, &usrdatum->exp_range) < 0) {
ERR(handle, "could not copy MLS range");
context_destroy(&context);
goto err;
@@ -191,8 +191,8 @@
context_destroy(&context);
goto err;
}
- if (mls_level_cpy(&usrdatum->dfltlevel, &context.range.level[0])
- < 0) {
+ if (mls_level_cpy(&usrdatum->exp_dfltlevel,
+ &context.range.level[0]) < 0) {
ERR(handle, "could not copy MLS level %s", cmls_level);
context_destroy(&context);
goto err;
@@ -211,13 +211,12 @@
context_destroy(&context);
goto err;
}
- if (mls_range_cpy(&usrdatum->range, &context.range) < 0) {
+ if (mls_range_cpy(&usrdatum->exp_range, &context.range) < 0) {
ERR(handle, "could not copy MLS range %s", cmls_range);
context_destroy(&context);
goto err;
}
context_destroy(&context);
-
} else if (cmls_level != NULL || cmls_range != NULL) {
ERR(handle, "MLS is disabled, but MLS level/range "
"was found for user %s", cname);
Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c 2006-09-05 14:27:55 UTC (rev 2016)
+++ trunk/libsepol/src/write.c 2006-09-05 14:28:31 UTC (rev 2017)
@@ -1005,18 +1005,27 @@
if (role_set_write(&usrdatum->roles, fp))
return POLICYDB_ERROR;
}
- /* Users are allowed in non-mls modules, so the empty field will be present
- in modules with users >= MOD_POLICYDB_VERSION_MLS */
+
if ((p->policyvers >= POLICYDB_VERSION_MLS
&& p->policy_type == POLICY_KERN)
|| (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS
&& p->policy_type == POLICY_MOD)
|| (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS_USERS
&& p->policy_type == POLICY_BASE)) {
- if (mls_write_range_helper(&usrdatum->range, fp))
+ if (mls_write_range_helper(&usrdatum->exp_range, fp))
return POLICYDB_ERROR;
- if (mls_write_level(&usrdatum->dfltlevel, fp))
+ if (mls_write_level(&usrdatum->exp_dfltlevel, fp))
return POLICYDB_ERROR;
+ } else if ((p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS
+ && p->policy_type == POLICY_MOD)
+ || (p->policyvers >= MOD_POLICYDB_VERSION_MLS_USERS
+ && p->policy_type == POLICY_BASE)) {
+ if (mls_write_semantic_range_helper(&usrdatum->range, fp))
+ return -1;
+ if (mls_write_semantic_level_helper(&usrdatum->dfltlevel, fp))
+ return -1;
}
return POLICYDB_SUCCESS;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:28:15
|
Revision: 2016
http://svn.sourceforge.net/selinux/?rev=2016&view=rev
Author: madmethod
Date: 2006-09-05 07:27:55 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@Tr...
Subject: semantic MLS representation for range_trans_rules
Date: Thu, 31 Aug 2006 08:42:35 -0500
Here is a second take on the previous patch. The changes are:
- create functions to initialize and destroy mls_semantic_cat structs
- move the definitions of the semantic_cat related functions to mls.c and just
declare the functions in mls_types.h
- fix a problem with compiling non-MLS policies (do not attempt expansion of
mls_semantic_cat structs because the MLS symbols will not be available)
---
Introduce a semantic representation for MLS levels and ranges to be used in
modular policy formats. This will allow expansion of levels such as "s0:c1.c5"
to happen at module expansion time. The range_trans_rules were updated to use
this new semantic format.
All range_transitions are now represented as range_trans_rules when in a modular
format (old range_trans structs are converted when the policy is read). The
semantic rules are expanded along with other rules when the module is expanded.
The ebitmap used for classes in the range_trans_rules has also been fixed to use
the standard "value - 1" indexing.
Signed-off-by: Darrel Goeddel <dgo...@tr...>
Acked-By: Joshua Brindle <jbr...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
trunk/libsepol/include/sepol/policydb/expand.h
trunk/libsepol/include/sepol/policydb/mls_types.h
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/src/expand.c
trunk/libsepol/src/mls.c
trunk/libsepol/src/policydb.c
trunk/libsepol/src/write.c
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/checkpolicy/policy_parse.y 2006-09-05 14:27:55 UTC (rev 2016)
@@ -3616,6 +3616,65 @@
return 0;
}
+static int
+parse_semantic_categories(char *id, level_datum_t * levdatum,
+ mls_semantic_cat_t ** cats)
+{
+ cat_datum_t *cdatum;
+ mls_semantic_cat_t *newcat;
+ unsigned int range_start, range_end;
+
+ if (id_has_dot(id)) {
+ char *id_start = id;
+ char *id_end = strchr(id, '.');
+
+ *(id_end++) = '\0';
+
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t)
+ id_start);
+ if (!cdatum) {
+ sprintf(errormsg, "unknown category %s", id_start);
+ yyerror(errormsg);
+ return -1;
+ }
+ range_start = cdatum->s.value;
+
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id_end);
+ if (!cdatum) {
+ sprintf(errormsg, "unknown category %s", id_end);
+ yyerror(errormsg);
+ return -1;
+ }
+ range_end = cdatum->s.value;
+ } else {
+ cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
+ (hashtab_key_t) id);
+ if (!cdatum) {
+ sprintf(errormsg, "unknown category %s", id);
+ yyerror(errormsg);
+ return -1;
+ }
+ range_start = range_end = cdatum->s.value;
+ }
+
+ newcat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!newcat) {
+ yyerror("out of memory");
+ return -1;
+ }
+
+ mls_semantic_cat_init(newcat);
+ newcat->next = *cats;
+ newcat->low = range_start;
+ newcat->high = range_end;
+
+ *cats = newcat;
+
+ return 0;
+}
+
static int define_user(void)
{
char *id;
@@ -4541,7 +4600,7 @@
goto out;
}
- ebitmap_set_bit(&rule->tclasses, cladatum->s.value,
+ ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1,
TRUE);
free(id);
}
@@ -4555,7 +4614,7 @@
goto out;
}
- ebitmap_set_bit(&rule->tclasses, cladatum->s.value, TRUE);
+ ebitmap_set_bit(&rule->tclasses, cladatum->s.value - 1, TRUE);
}
id = (char *)queue_remove(id_queue);
@@ -4574,11 +4633,12 @@
goto out;
}
free(id);
+
rule->trange.level[l].sens = levdatum->level->sens;
while ((id = queue_remove(id_queue))) {
- if (parse_categories(id, levdatum,
- &rule->trange.level[l].cat)) {
+ if (parse_semantic_categories(id, levdatum,
+ &rule->trange.level[l].cat)) {
free(id);
goto out;
}
@@ -4590,17 +4650,12 @@
break;
}
if (l == 0) {
- if (mls_level_cpy(&rule->trange.level[1],
- &rule->trange.level[0])) {
+ if (mls_semantic_level_cpy(&rule->trange.level[1],
+ &rule->trange.level[0])) {
yyerror("out of memory");
goto out;
}
}
- if (!mls_level_dom(&rule->trange.level[1], &rule->trange.level[0])) {
- yyerror("range_transition high level does not dominate "
- "low level");
- goto out;
- }
append_range_trans(rule);
return 0;
Modified: trunk/libsepol/include/sepol/policydb/expand.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/expand.h 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/include/sepol/policydb/expand.h 2006-09-05 14:27:55 UTC (rev 2016)
@@ -58,6 +58,10 @@
extern int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
unsigned char alwaysexpand);
extern int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * p);
+extern int mls_semantic_level_expand(mls_semantic_level_t *sl, mls_level_t *l,
+ policydb_t *p, sepol_handle_t *h);
+extern int mls_semantic_range_expand(mls_semantic_range_t *sr, mls_range_t *r,
+ policydb_t *p, sepol_handle_t *h);
extern int expand_rule(sepol_handle_t * handle,
policydb_t * source_pol,
avrule_t * source_rule, avtab_t * dest_avtab,
Modified: trunk/libsepol/include/sepol/policydb/mls_types.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/mls_types.h 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/include/sepol/policydb/mls_types.h 2006-09-05 14:27:55 UTC (rev 2016)
@@ -32,6 +32,7 @@
#define _SEPOL_POLICYDB_MLS_TYPES_H_
#include <stdint.h>
+#include <stdlib.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/flask_types.h>
@@ -125,4 +126,28 @@
mls_level_eq(&r1->level[1], &r2->level[1]));
}
+typedef struct mls_semantic_cat {
+ uint32_t low; /* first bit this struct represents */
+ uint32_t high; /* last bit represented - equals low for a single cat */
+ struct mls_semantic_cat *next;
+} mls_semantic_cat_t;
+
+typedef struct mls_semantic_level {
+ uint32_t sens;
+ mls_semantic_cat_t *cat;
+} mls_semantic_level_t;
+
+typedef struct mls_semantic_range {
+ mls_semantic_level_t level[2];
+} mls_semantic_range_t;
+
+extern void mls_semantic_cat_init(mls_semantic_cat_t *c);
+extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c);
+extern void mls_semantic_level_init(mls_semantic_level_t *l);
+extern void mls_semantic_level_destroy(mls_semantic_level_t *l);
+extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src);
+extern void mls_semantic_range_init(mls_semantic_range_t *r);
+extern void mls_semantic_range_destroy(mls_semantic_range_t *r);
+extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src);
+
#endif
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-05 14:27:55 UTC (rev 2016)
@@ -233,7 +233,7 @@
type_set_t stypes;
type_set_t ttypes;
ebitmap_t tclasses;
- mls_range_t trange;
+ mls_semantic_range_t trange;
struct range_trans_rule *next;
} range_trans_rule_t;
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/src/expand.c 2006-09-05 14:27:55 UTC (rev 2016)
@@ -580,12 +580,64 @@
return 0;
}
-static int mls_level_clone(mls_level_t * dst, mls_level_t * src)
+int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
+ policydb_t * p, sepol_handle_t * h)
{
- dst->sens = src->sens;
- if (ebitmap_cpy(&dst->cat, &src->cat)) {
+ mls_semantic_cat_t *cat;
+ level_datum_t *levdatum;
+ unsigned int i;
+
+ mls_level_init(l);
+
+ if (!p->mls)
+ return 0;
+
+ l->sens = sl->sens;
+ levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
+ p->p_sens_val_to_name[l->
+ sens -
+ 1]);
+ for (cat = sl->cat; cat; cat = cat->next) {
+ if (cat->low > cat->high) {
+ ERR(h, "Category range is not valid %s.%s",
+ p->p_cat_val_to_name[cat->low - 1],
+ p->p_cat_val_to_name[cat->high - 1]);
+ return -1;
+ }
+ for (i = cat->low - 1; i < cat->high; i++) {
+ if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
+ ERR(h, "Category %s can not be associate with "
+ "level %s",
+ p->p_cat_val_to_name[i],
+ p->p_sens_val_to_name[l->sens - 1]);
+ }
+ if (ebitmap_set_bit(&l->cat, i, 1)) {
+ ERR(h, "Out of memory!");
+ return -1;
+ }
+ }
+ }
+
+ return 0;
+}
+
+int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r,
+ policydb_t * p, sepol_handle_t * h)
+{
+ if (mls_semantic_level_expand(&sr->level[0], &r->level[0], p, h) < 0)
return -1;
+
+ if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) {
+ mls_semantic_level_destroy(&sr->level[0]);
+ return -1;
}
+
+ if (!mls_level_dom(&r->level[1], &r->level[0])) {
+ mls_range_destroy(r);
+ ERR(h, "MLS range high level does not dominate low level");
+ return -1;
+ }
+
return 0;
}
@@ -641,12 +693,9 @@
}
/* clone MLS stuff */
- if (mls_level_clone
- (&new_user->range.level[0], &user->range.level[0]) == -1
- || mls_level_clone(&new_user->range.level[1],
- &user->range.level[1]) == -1
- || mls_level_clone(&new_user->dfltlevel,
- &user->dfltlevel) == -1) {
+ if (mls_range_cpy(&new_user->range, &user->range) == -1
+ || mls_level_cpy(&new_user->dfltlevel,
+ &user->dfltlevel) == -1) {
ERR(state->handle, "Out of memory!");
return -1;
}
@@ -749,7 +798,7 @@
goto out_of_mem;
}
- if (mls_level_clone(new_level->level, level->level)) {
+ if (mls_level_cpy(new_level->level, level->level)) {
goto out_of_mem;
}
new_level->isalias = level->isalias;
@@ -965,16 +1014,23 @@
}
static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
- mls_range_t * trange, expand_state_t * state)
+ mls_semantic_range_t * trange,
+ expand_state_t * state)
{
range_trans_t *rt, *check_rt = state->out->range_tr;
+ mls_range_t exp_range;
+ int rc = -1;
+ if (mls_semantic_range_expand(trange, &exp_range, state->out,
+ state->handle))
+ goto out;
+
/* check for duplicates/conflicts */
while (check_rt) {
if ((check_rt->source_type == stype) &&
(check_rt->target_type == ttype) &&
(check_rt->target_class == tclass)) {
- if (mls_range_eq(&check_rt->target_range, trange)) {
+ if (mls_range_eq(&check_rt->target_range, &exp_range)) {
/* duplicate */
break;
} else {
@@ -983,19 +1039,23 @@
"Conflicting range trans rule %s %s : %s",
state->out->p_type_val_to_name[stype - 1],
state->out->p_type_val_to_name[ttype - 1],
- state->out->p_class_val_to_name[tclass]);
- return -1;
+ state->out->p_class_val_to_name[tclass -
+ 1]);
+ goto out;
}
}
check_rt = check_rt->next;
}
- if (check_rt) /* this is a dup - skip */
- return 0;
+ if (check_rt) {
+ /* this is a dup - skip */
+ rc = 0;
+ goto out;
+ }
rt = (range_trans_t *) calloc(1, sizeof(range_trans_t));
if (!rt) {
ERR(state->handle, "Out of memory!");
- return -1;
+ goto out;
}
rt->next = state->out->range_tr;
@@ -1004,12 +1064,16 @@
rt->source_type = stype;
rt->target_type = ttype;
rt->target_class = tclass;
- if (mls_range_cpy(&rt->target_range, trange)) {
+ if (mls_range_cpy(&rt->target_range, &exp_range)) {
ERR(state->handle, "Out of memory!");
- return -1;
+ goto out;
}
- return 0;
+ rc = 0;
+
+ out:
+ mls_range_destroy(&exp_range);
+ return rc;
}
static int expand_range_trans(expand_state_t * state,
@@ -1021,6 +1085,9 @@
ebitmap_t stypes, ttypes;
ebitmap_node_t *snode, *tnode, *cnode;
+ if (state->verbose)
+ INFO(state->handle, "expanding range transitions");
+
for (rule = rules; rule; rule = rule->next) {
ebitmap_init(&stypes);
ebitmap_init(&ttypes);
@@ -1053,7 +1120,7 @@
if (exp_rangetr_helper(i + 1,
j + 1,
- k,
+ k + 1,
&rule->trange,
state)) {
ebitmap_destroy(&stypes);
@@ -1615,52 +1682,6 @@
return 0;
}
-static int range_trans_clone(expand_state_t * state)
-{
- range_trans_t *range = state->base->range_tr, *last_new_range = NULL,
- *new_range = NULL;
- state->out->range_tr = NULL;
-
- if (state->verbose)
- INFO(state->handle, "copying range transitions");
-
- while (range != NULL) {
- if ((new_range = malloc(sizeof(*new_range))) == NULL) {
- goto out_of_mem;
- }
- memset(new_range, 0, sizeof(*new_range));
- new_range->source_type = state->typemap[range->source_type - 1];
- new_range->target_type = state->typemap[range->target_type - 1];
- new_range->target_class = range->target_class;
- if (mls_level_clone(&new_range->target_range.level[0],
- &range->target_range.level[0])) {
- goto out_of_mem;
- }
- if (mls_level_clone(&new_range->target_range.level[1],
- &range->target_range.level[1])) {
- goto out_of_mem;
- }
- new_range->next = NULL;
- if (last_new_range == NULL) {
- state->out->range_tr = last_new_range = new_range;
- } else {
- last_new_range->next = new_range;
- last_new_range = new_range;
- }
- range = range->next;
- }
- return 0;
-
- out_of_mem:
- ERR(state->handle, "Out of memory!");
- if (new_range) {
- ebitmap_destroy(&new_range->target_range.level[0].cat);
- ebitmap_destroy(&new_range->target_range.level[1].cat);
- free(new_range);
- }
- return -1;
-}
-
static int type_attr_map(hashtab_key_t key
__attribute__ ((unused)), hashtab_datum_t datum,
void *ptr)
@@ -2044,8 +2065,7 @@
}
/* expand the range transition rules */
- if ((base->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS) &&
- expand_range_trans(state, decl->range_tr_rules))
+ if (expand_range_trans(state, decl->range_tr_rules))
goto cleanup;
/* copy rules */
@@ -2261,11 +2281,6 @@
if (genfs_copy(&state))
goto cleanup;
- if ((base->policyvers < MOD_POLICYDB_VERSION_RANGETRANS) &&
- range_trans_clone(&state) == -1) {
- goto cleanup;
- }
-
/* Build the type<->attribute maps and remove attributes. */
state.out->attr_type_map = malloc(state.out->p_types.nprim *
sizeof(ebitmap_t));
Modified: trunk/libsepol/src/mls.c
===================================================================
--- trunk/libsepol/src/mls.c 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/src/mls.c 2006-09-05 14:27:55 UTC (rev 2016)
@@ -705,3 +705,94 @@
free(con);
return ret;
}
+
+void mls_semantic_cat_init(mls_semantic_cat_t * c)
+{
+ memset(c, 0, sizeof(mls_semantic_cat_t));
+}
+
+void mls_semantic_cat_destroy(mls_semantic_cat_t * c __attribute__ ((unused)))
+{
+ /* it's currently a simple struct - really nothing to destroy */
+ return;
+}
+
+void mls_semantic_level_init(mls_semantic_level_t * l)
+{
+ memset(l, 0, sizeof(mls_semantic_level_t));
+}
+
+void mls_semantic_level_destroy(mls_semantic_level_t * l)
+{
+ mls_semantic_cat_t *cur, *next;
+
+ if (l == NULL)
+ return;
+
+ next = l->cat;
+ while (next) {
+ cur = next;
+ next = cur->next;
+ mls_semantic_cat_destroy(cur);
+ free(cur);
+ }
+}
+
+int mls_semantic_level_cpy(mls_semantic_level_t * dst,
+ mls_semantic_level_t * src)
+{
+ mls_semantic_cat_t *cat, *newcat, *lnewcat = NULL;
+
+ mls_semantic_level_init(dst);
+ dst->sens = src->sens;
+ cat = src->cat;
+ while (cat) {
+ newcat =
+ (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!newcat)
+ goto err;
+
+ mls_semantic_cat_init(newcat);
+ if (lnewcat)
+ lnewcat->next = newcat;
+ else
+ dst->cat = newcat;
+
+ newcat->low = cat->low;
+ newcat->high = cat->high;
+
+ lnewcat = newcat;
+ cat = cat->next;
+ }
+ return 0;
+
+ err:
+ mls_semantic_level_destroy(dst);
+ return -1;
+}
+
+void mls_semantic_range_init(mls_semantic_range_t * r)
+{
+ mls_semantic_level_init(&r->level[0]);
+ mls_semantic_level_init(&r->level[1]);
+}
+
+void mls_semantic_range_destroy(mls_semantic_range_t * r)
+{
+ mls_semantic_level_destroy(&r->level[0]);
+ mls_semantic_level_destroy(&r->level[1]);
+}
+
+int mls_semantic_range_cpy(mls_semantic_range_t * dst,
+ mls_semantic_range_t * src)
+{
+ if (mls_semantic_level_cpy(&dst->level[0], &src->level[0]) < 0)
+ return -1;
+
+ if (mls_semantic_level_cpy(&dst->level[1], &src->level[1]) < 0) {
+ mls_semantic_level_destroy(&dst->level[0]);
+ return -1;
+ }
+
+ return 0;
+}
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/src/policydb.c 2006-09-05 14:27:55 UTC (rev 2016)
@@ -233,6 +233,8 @@
{
memset(x, 0, sizeof(user_datum_t));
role_set_init(&x->roles);
+ mls_range_init(&x->range);
+ mls_level_init(&x->dfltlevel);
ebitmap_init(&x->cache);
}
@@ -240,9 +242,8 @@
{
if (x != NULL) {
role_set_destroy(&x->roles);
- ebitmap_destroy(&x->range.level[0].cat);
- ebitmap_destroy(&x->range.level[1].cat);
- ebitmap_destroy(&x->dfltlevel.cat);
+ mls_range_destroy(&x->range);
+ mls_level_destroy(&x->dfltlevel);
ebitmap_destroy(&x->cache);
}
}
@@ -330,7 +331,8 @@
type_set_init(&x->stypes);
type_set_init(&x->ttypes);
ebitmap_init(&x->tclasses);
- mls_range_init(&x->trange);
+ mls_semantic_range_init(&x->trange);
+ x->next = NULL;
}
void range_trans_rule_destroy(range_trans_rule_t * x)
@@ -338,7 +340,7 @@
type_set_destroy(&x->stypes);
type_set_destroy(&x->ttypes);
ebitmap_destroy(&x->tclasses);
- mls_range_destroy(&x->trange);
+ mls_semantic_range_destroy(&x->trange);
}
void range_trans_rule_list_destroy(range_trans_rule_t * x)
@@ -1348,6 +1350,116 @@
}
/*
+ * Read a semantic MLS level structure from a policydb binary
+ * representation file.
+ */
+static int mls_read_semantic_level_helper(mls_semantic_level_t * l,
+ struct policy_file *fp)
+{
+ uint32_t *buf, ncat;
+ unsigned int i;
+ mls_semantic_cat_t *cat;
+
+ mls_semantic_level_init(l);
+
+ buf = next_entry(fp, sizeof(uint32_t) * 2);
+ if (!buf) {
+ ERR(fp->handle, "truncated level");
+ goto bad;
+ }
+ l->sens = le32_to_cpu(buf[0]);
+
+ ncat = le32_to_cpu(buf[1]);
+ for (i = 0; i < ncat; i++) {
+ cat = (mls_semantic_cat_t *) malloc(sizeof(mls_semantic_cat_t));
+ if (!cat) {
+ ERR(fp->handle, "out of memory");
+ goto bad;
+ }
+
+ mls_semantic_cat_init(cat);
+ cat->next = l->cat;
+ l->cat = cat;
+
+ buf = next_entry(fp, sizeof(uint32_t) * 2);
+ if (!buf) {
+ ERR(fp->handle, "error reading level categories");
+ goto bad;
+ }
+ cat->low = le32_to_cpu(buf[0]);
+ cat->high = le32_to_cpu(buf[1]);
+ }
+
+ return 0;
+
+ bad:
+ return -EINVAL;
+}
+
+/*
+ * Read a semantic MLS range structure from a policydb binary
+ * representation file.
+ */
+static int mls_read_semantic_range_helper(mls_semantic_range_t * r,
+ struct policy_file *fp)
+{
+ int rc;
+
+ rc = mls_read_semantic_level_helper(&r->level[0], fp);
+ if (rc)
+ return rc;
+
+ rc = mls_read_semantic_level_helper(&r->level[1], fp);
+
+ return rc;
+}
+
+static int mls_level_to_semantic(mls_level_t * l, mls_semantic_level_t * sl)
+{
+ unsigned int i;
+ ebitmap_node_t *cnode;
+ mls_semantic_cat_t *open_cat = NULL;
+
+ mls_semantic_level_init(sl);
+ sl->sens = l->sens;
+ ebitmap_for_each_bit(&l->cat, cnode, i) {
+ if (ebitmap_node_get_bit(cnode, i)) {
+ if (open_cat)
+ continue;
+ open_cat = (mls_semantic_cat_t *)
+ malloc(sizeof(mls_semantic_cat_t));
+ if (!open_cat)
+ return -1;
+
+ mls_semantic_cat_init(open_cat);
+ open_cat->low = i + 1;
+ open_cat->next = sl->cat;
+ sl->cat = open_cat;
+ } else {
+ if (!open_cat)
+ continue;
+ open_cat->high = i;
+ open_cat = NULL;
+ }
+ }
+ if (open_cat)
+ open_cat->high = i;
+
+ return 0;
+}
+
+static int mls_range_to_semantic(mls_range_t * r, mls_semantic_range_t * sr)
+{
+ if (mls_level_to_semantic(&r->level[0], &sr->level[0]))
+ return -1;
+
+ if (mls_level_to_semantic(&r->level[1], &sr->level[1]))
+ return -1;
+
+ return 0;
+}
+
+/*
* Read and validate a security context structure
* from a policydb binary representation file.
*/
@@ -2303,6 +2415,7 @@
{
uint32_t *buf, nel;
range_trans_t *rt, *lrt;
+ range_trans_rule_t *rtr, *lrtr = NULL;
unsigned int i;
int new_rangetr = (p->policy_type == POLICY_KERN &&
p->policyvers >= POLICYDB_VERSION_RANGETRANS);
@@ -2336,6 +2449,58 @@
return -1;
lrt = rt;
}
+
+ /* if this is a kernel policy, we are done - otherwise we need to
+ * convert these structs to range_trans_rule_ts */
+ if (p->policy_type == POLICY_KERN)
+ return 0;
+
+ /* create range_trans_rules_ts that correspond to the range_trans_ts
+ * that were just read in from an older policy */
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ rtr = malloc(sizeof(range_trans_rule_t));
+ if (!rtr) {
+ return -1;
+ }
+ range_trans_rule_init(rtr);
+
+ if (lrtr)
+ lrtr->next = rtr;
+ else
+ p->global->enabled->range_tr_rules = rtr;
+
+ if (ebitmap_set_bit(&rtr->stypes.types, rt->source_type - 1, 1))
+ return -1;
+
+ if (ebitmap_set_bit(&rtr->ttypes.types, rt->target_type - 1, 1))
+ return -1;
+
+ if (ebitmap_set_bit(&rtr->tclasses, rt->target_class - 1, 1))
+ return -1;
+
+ if (mls_range_to_semantic(&rt->target_range, &rtr->trange))
+ return -1;
+
+ lrtr = rtr;
+ }
+
+ /* now destroy the range_trans_ts */
+ lrt = NULL;
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ if (lrt) {
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
+ free(lrt);
+ }
+ lrt = rt;
+ }
+ if (lrt) {
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
+ free(lrt);
+ }
+ p->range_tr = NULL;
+
return 0;
}
@@ -2478,7 +2643,7 @@
if (ebitmap_read(&rt->tclasses, fp))
return -1;
- if (mls_read_range_helper(&rt->trange, fp))
+ if (mls_read_semantic_range_helper(&rt->trange, fp))
return -1;
lrt = rt;
Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c 2006-09-05 14:27:29 UTC (rev 2015)
+++ trunk/libsepol/src/write.c 2006-09-05 14:27:55 UTC (rev 2016)
@@ -308,6 +308,55 @@
}
/*
+ * Write a semantic MLS level structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_semantic_level_helper(mls_semantic_level_t * l,
+ struct policy_file *fp)
+{
+ uint32_t buf[2], ncat = 0;
+ size_t items;
+ mls_semantic_cat_t *cat;
+
+ for (cat = l->cat; cat; cat = cat->next)
+ ncat++;
+
+ buf[0] = cpu_to_le32(l->sens);
+ buf[1] = cpu_to_le32(ncat);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+
+ for (cat = l->cat; cat; cat = cat->next) {
+ buf[0] = cpu_to_le32(cat->low);
+ buf[1] = cpu_to_le32(cat->high);
+ items = put_entry(buf, sizeof(uint32_t), 2, fp);
+ if (items != 2)
+ return POLICYDB_ERROR;
+ }
+
+ return POLICYDB_SUCCESS;
+}
+
+/*
+ * Read a semantic MLS range structure to a policydb binary
+ * representation file.
+ */
+static int mls_write_semantic_range_helper(mls_semantic_range_t * r,
+ struct policy_file *fp)
+{
+ int rc;
+
+ rc = mls_write_semantic_level_helper(&r->level[0], fp);
+ if (rc)
+ return rc;
+
+ rc = mls_write_semantic_level_helper(&r->level[1], fp);
+
+ return rc;
+}
+
+/*
* Write a MLS level structure to a policydb binary
* representation file.
*/
@@ -1309,7 +1358,7 @@
return POLICYDB_ERROR;
if (ebitmap_write(&rt->tclasses, fp))
return POLICYDB_ERROR;
- if (mls_write_range_helper(&rt->trange, fp))
+ if (mls_write_semantic_range_helper(&rt->trange, fp))
return POLICYDB_ERROR;
}
return POLICYDB_SUCCESS;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2006-09-05 14:27:40
|
Revision: 2015
http://svn.sourceforge.net/selinux/?rev=2015&view=rev
Author: madmethod
Date: 2006-09-05 07:27:29 -0700 (Tue, 05 Sep 2006)
Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@Tr...
Subject: support for extended range_transitions
Date: Mon, 28 Aug 2006 11:24:25 -0500
Introduce support for kernel policy format version 21, base policy format version
6, and policy module format 6. These new formats allow for the definition of
range_transitions on security classes other than "process". The new module and
base formats (both 6) also move expansion of the range_transition statements
from compile time to the actual expansion phase. This change should allow for
using range_transitions in policy modules (with a bit more work in the future)
with another change in format.
The current range_transition statements are of the form:
range_transition <source types> <target types> <new range>
These statements affect process transitions only. The new supported format is:
range_transition <source types> <target types>:<target classes> <new range>
With this format it is possible to to specify a new range for operations such
as file creation. The old style statements are still allowed and they
implicitly refer to the "process" security class, thereby retaining the same
behavior as before.
The new kernel format now stores the security class on which the rule operates.
When dealing with older kernel policy formats, the "process" security class is
implicit.
The new module and base formats now store a representation of the rule just (the
new addition to the avrule_decl structure) and are expanded at the proper time.
The previous implementation expanded the rules at compilation time and could
produce an incomplete set of transitions if type attributes were used in the
statement.
Here is how range_transition statements are handled for the various formats:
for kernel policy version up to 18, there are no range_transition
for kernel policy versions 19 and 20, a list of old-style (no class specified)
range_trans structures are encoded
for kernel policy versions 21 and up, a list of new-style (class specified)
range_trans structures are encoded
for base policy versions up to 5, there are no range_transitions
for base policy version 5, a compile-time generated list of old-style (no
class specified) range_trans structures are encoded as they are in kernel
formats 19 and 20
for base policy versions 6 and up, an expressive rule stating the intention
of the statement is stored - that will be properly linked and expanded
for further usage
for module policy versions up to 6, there are no range_transitions
for base policy versions 6 and up, an expressive rule stating the intention
of the statement is stored jut like in base policy version 6 (of course we
still need more work to get them in there, but the format is supportive).
Signed-off-by: Darrel Goeddel <dgo...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/checkpolicy/module_compiler.c
trunk/checkpolicy/module_compiler.h
trunk/checkpolicy/policy_parse.y
trunk/libsepol/include/sepol/policydb/context.h
trunk/libsepol/include/sepol/policydb/mls_types.h
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/src/avrule_block.c
trunk/libsepol/src/expand.c
trunk/libsepol/src/mls.c
trunk/libsepol/src/policydb.c
trunk/libsepol/src/write.c
Modified: trunk/checkpolicy/module_compiler.c
===================================================================
--- trunk/checkpolicy/module_compiler.c 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/checkpolicy/module_compiler.c 2006-09-05 14:27:29 UTC (rev 2015)
@@ -1100,6 +1100,18 @@
decl->role_allow_rules = role_allow_rules;
}
+/* this doesn't actually append, but really prepends it */
+void append_range_trans(range_trans_rule_t * range_tr_rules)
+{
+ avrule_decl_t *decl = stack_top->decl;
+
+ /* range transitions are not allowed within conditionals */
+ assert(stack_top->type == 1);
+
+ range_tr_rules->next = decl->range_tr_rules;
+ decl->range_tr_rules = range_tr_rules;
+}
+
int begin_optional(int pass)
{
avrule_block_t *block = NULL;
Modified: trunk/checkpolicy/module_compiler.h
===================================================================
--- trunk/checkpolicy/module_compiler.h 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/checkpolicy/module_compiler.h 2006-09-05 14:27:29 UTC (rev 2015)
@@ -77,6 +77,7 @@
void append_avrule(avrule_t * avrule);
void append_role_trans(role_trans_rule_t * role_tr_rules);
void append_role_allow(role_allow_rule_t * role_allow_rules);
+void append_range_trans(range_trans_rule_t * range_tr_rules);
/* Create a new optional block and add it to the global policy.
* During the second pass resolve the block's requirements. Return 0
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/checkpolicy/policy_parse.y 2006-09-05 14:27:29 UTC (rev 2015)
@@ -101,7 +101,7 @@
static role_datum_t *merge_roles_dom(role_datum_t *r1,role_datum_t *r2);
static role_datum_t *define_role_dom(role_datum_t *r);
static int define_role_trans(void);
-static int define_range_trans(void);
+static int define_range_trans(int class_specified);
static int define_role_allow(void);
static int define_constraint(constraint_expr_t *expr);
static int define_validatetrans(constraint_expr_t *expr);
@@ -436,7 +436,9 @@
{if (define_compute_type(AVRULE_CHANGE)) return -1;}
;
range_trans_def : RANGE_TRANSITION names names mls_range_def ';'
- { if (define_range_trans()) return -1; }
+ { if (define_range_trans(0)) return -1; }
+ | RANGE_TRANSITION names names ':' names mls_range_def ';'
+ { if (define_range_trans(1)) return -1; }
;
te_avtab_def : allow_def
| auditallow_def
@@ -4472,15 +4474,12 @@
return define_genfs_context_helper(queue_remove(id_queue), has_type);
}
-static int define_range_trans(void)
+static int define_range_trans(int class_specified)
{
char *id;
level_datum_t *levdatum = 0;
- mls_range_t range;
- type_set_t doms, types;
- ebitmap_node_t *snode, *tnode;
- range_trans_t *rt = 0;
- unsigned int i, j;
+ class_datum_t *cladatum;
+ range_trans_rule_t *rule;
int l, add = 1;
if (!mlspol) {
@@ -4493,6 +4492,9 @@
free(id);
while ((id = queue_remove(id_queue)))
free(id);
+ if (class_specified)
+ while ((id = queue_remove(id_queue)))
+ free(id);
id = queue_remove(id_queue);
free(id);
for (l = 0; l < 2; l++) {
@@ -4507,43 +4509,78 @@
return 0;
}
- type_set_init(&doms);
- type_set_init(&types);
+ rule = malloc(sizeof(struct range_trans_rule));
+ if (!rule) {
+ yyerror("out of memory");
+ return -1;
+ }
+ range_trans_rule_init(rule);
while ((id = queue_remove(id_queue))) {
- if (set_types(&doms, id, &add, 0))
- return -1;
+ if (set_types(&rule->stypes, id, &add, 0))
+ goto out;
}
add = 1;
while ((id = queue_remove(id_queue))) {
- if (set_types(&types, id, &add, 0))
- return -1;
+ if (set_types(&rule->ttypes, id, &add, 0))
+ goto out;
}
+ if (class_specified) {
+ while ((id = queue_remove(id_queue))) {
+ if (!is_id_in_scope(SYM_CLASSES, id)) {
+ yyerror2("class %s is not within scope", id);
+ free(id);
+ goto out;
+ }
+ cladatum = hashtab_search(policydbp->p_classes.table,
+ id);
+ if (!cladatum) {
+ sprintf(errormsg, "unknown class %s", id);
+ yyerror(errormsg);
+ goto out;
+ }
+
+ ebitmap_set_bit(&rule->tclasses, cladatum->s.value,
+ TRUE);
+ free(id);
+ }
+ } else {
+ cladatum = hashtab_search(policydbp->p_classes.table,
+ "process");
+ if (!cladatum) {
+ sprintf(errormsg, "could not find process class for "
+ "legacy range_transition statement\n");
+ yyerror(errormsg);
+ goto out;
+ }
+
+ ebitmap_set_bit(&rule->tclasses, cladatum->s.value, TRUE);
+ }
+
id = (char *)queue_remove(id_queue);
if (!id) {
yyerror("no range in range_transition definition?");
- return -1;
+ goto out;
}
for (l = 0; l < 2; l++) {
levdatum = hashtab_search(policydbp->p_levels.table, id);
if (!levdatum) {
sprintf(errormsg,
- "unknown level %s used in range_transition definition",
- id);
+ "unknown level %s used in range_transition "
+ "definition", id);
yyerror(errormsg);
free(id);
- return -1;
+ goto out;
}
free(id);
- range.level[l].sens = levdatum->level->sens;
+ rule->trange.level[l].sens = levdatum->level->sens;
- ebitmap_init(&range.level[l].cat);
-
while ((id = queue_remove(id_queue))) {
- if (parse_categories(id, levdatum, &range.level[l].cat)) {
+ if (parse_categories(id, levdatum,
+ &rule->trange.level[l].cat)) {
free(id);
- return -1;
+ goto out;
}
free(id);
}
@@ -4553,73 +4590,24 @@
break;
}
if (l == 0) {
- range.level[1].sens = range.level[0].sens;
- if (ebitmap_cpy(&range.level[1].cat, &range.level[0].cat)) {
+ if (mls_level_cpy(&rule->trange.level[1],
+ &rule->trange.level[0])) {
yyerror("out of memory");
- return -1;
+ goto out;
}
}
-
- if (!mls_level_dom(&range.level[1], &range.level[0])) {
- yyerror
- ("range_transition high level does not dominate low level");
- return -1;
+ if (!mls_level_dom(&rule->trange.level[1], &rule->trange.level[0])) {
+ yyerror("range_transition high level does not dominate "
+ "low level");
+ goto out;
}
- /* FIXME: this expands type_sets at compile time which is inappropriate, the type_sets
- * should be stored which is a format change */
- ebitmap_for_each_bit(&doms.types, snode, i) {
- if (!ebitmap_node_get_bit(snode, i))
- continue;
- ebitmap_for_each_bit(&types.types, tnode, j) {
- if (!ebitmap_node_get_bit(tnode, j))
- continue;
-
- for (rt = policydbp->range_tr; rt; rt = rt->next) {
- if (rt->dom == (i + 1) && rt->type == (j + 1)) {
- sprintf(errormsg,
- "duplicate range_transition defined for (%s,%s)",
- policydbp->
- p_type_val_to_name[i],
- policydbp->
- p_type_val_to_name[j]);
- yyerror(errormsg);
- return -1;
- }
- }
-
- rt = malloc(sizeof(range_trans_t));
- if (!rt) {
- yyerror("out of memory");
- return -1;
- }
- memset(rt, 0, sizeof(range_trans_t));
- rt->dom = i + 1;
- rt->type = j + 1;
- rt->range.level[0].sens = range.level[0].sens;
- if (ebitmap_cpy(&rt->range.level[0].cat,
- &range.level[0].cat)) {
- yyerror("out of memory");
- free(rt);
- return -1;
- }
- rt->range.level[1].sens = range.level[1].sens;
- if (ebitmap_cpy(&rt->range.level[1].cat,
- &range.level[1].cat)) {
- yyerror("out of memory");
- free(rt);
- return -1;
- }
- rt->next = policydbp->range_tr;
- policydbp->range_tr = rt;
- }
- }
-
- type_set_destroy(&doms);
- type_set_destroy(&types);
- ebitmap_destroy(&range.level[0].cat);
- ebitmap_destroy(&range.level[1].cat);
+ append_range_trans(rule);
return 0;
+
+out:
+ range_trans_rule_destroy(rule);
+ return -1;
}
Modified: trunk/libsepol/include/sepol/policydb/context.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/context.h 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/include/sepol/policydb/context.h 2006-09-05 14:27:29 UTC (rev 2015)
@@ -36,8 +36,7 @@
static inline void mls_context_init(context_struct_t * c)
{
- mls_level_init(&c->range.level[0]);
- mls_level_init(&c->range.level[1]);
+ mls_range_init(&c->range);
}
static inline int mls_context_cpy(context_struct_t * dst,
@@ -62,8 +61,7 @@
if (c == NULL)
return;
- mls_level_destroy(&c->range.level[0]);
- mls_level_destroy(&c->range.level[1]);
+ mls_range_destroy(&c->range);
mls_context_init(c);
}
Modified: trunk/libsepol/include/sepol/policydb/mls_types.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/mls_types.h 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/include/sepol/policydb/mls_types.h 2006-09-05 14:27:29 UTC (rev 2015)
@@ -107,4 +107,22 @@
return -1;
}
+static inline void mls_range_init(struct mls_range *r)
+{
+ mls_level_init(&r->level[0]);
+ mls_level_init(&r->level[1]);
+}
+
+static inline void mls_range_destroy(struct mls_range *r)
+{
+ mls_level_destroy(&r->level[0]);
+ mls_level_destroy(&r->level[1]);
+}
+
+static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2)
+{
+ return (mls_level_eq(&r1->level[0], &r2->level[0]) &&
+ mls_level_eq(&r1->level[1], &r2->level[1]));
+}
+
#endif
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2006-09-05 14:27:29 UTC (rev 2015)
@@ -168,9 +168,10 @@
} cat_datum_t;
typedef struct range_trans {
- uint32_t dom; /* current process domain */
- uint32_t type; /* program executable type */
- mls_range_t range; /* new range */
+ uint32_t source_type;
+ uint32_t target_type;
+ uint32_t target_class;
+ mls_range_t target_range;
struct range_trans *next;
} range_trans_t;
@@ -228,6 +229,14 @@
struct role_allow_rule *next;
} role_allow_rule_t;
+typedef struct range_trans_rule {
+ type_set_t stypes;
+ type_set_t ttypes;
+ ebitmap_t tclasses;
+ mls_range_t trange;
+ struct range_trans_rule *next;
+} range_trans_rule_t;
+
/*
* The configuration data includes security contexts for
* initial SIDs, unlabeled file systems, TCP and UDP port numbers,
@@ -325,6 +334,7 @@
avrule_t *avrules;
role_trans_rule_t *role_tr_rules;
role_allow_rule_t *role_allow_rules;
+ range_trans_rule_t *range_tr_rules;
scope_index_t required; /* symbols needed to activate this block */
scope_index_t declared; /* symbols declared within this block */
@@ -513,6 +523,9 @@
extern void role_allow_rule_init(role_allow_rule_t * x);
extern void role_allow_rule_destroy(role_allow_rule_t * x);
extern void role_allow_rule_list_destroy(role_allow_rule_t * x);
+extern void range_trans_rule_init(range_trans_rule_t *x);
+extern void range_trans_rule_destroy(range_trans_rule_t *x);
+extern void range_trans_rule_list_destroy(range_trans_rule_t *x);
extern void type_datum_init(type_datum_t * x);
extern void type_datum_destroy(type_datum_t * x);
extern void user_datum_init(user_datum_t * x);
@@ -562,18 +575,20 @@
#define POLICYDB_VERSION_VALIDATETRANS 19
#define POLICYDB_VERSION_MLS 19
#define POLICYDB_VERSION_AVTAB 20
+#define POLICYDB_VERSION_RANGETRANS 21
/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS
/* Module versions and specific changes*/
#define MOD_POLICYDB_VERSION_BASE 4
#define MOD_POLICYDB_VERSION_VALIDATETRANS 5
#define MOD_POLICYDB_VERSION_MLS 5
+#define MOD_POLICYDB_VERSION_RANGETRANS 6
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_MLS
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_RANGETRANS
#define POLICYDB_CONFIG_MLS 1
Modified: trunk/libsepol/src/avrule_block.c
===================================================================
--- trunk/libsepol/src/avrule_block.c 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/src/avrule_block.c 2006-09-05 14:27:29 UTC (rev 2015)
@@ -99,6 +99,7 @@
avrule_list_destroy(x->avrules);
role_trans_rule_list_destroy(x->role_tr_rules);
role_allow_rule_list_destroy(x->role_allow_rules);
+ range_trans_rule_list_destroy(x->range_tr_rules);
scope_index_destroy(&x->required);
scope_index_destroy(&x->declared);
symtabs_destroy(x->symtab);
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/src/expand.c 2006-09-05 14:27:29 UTC (rev 2015)
@@ -964,6 +964,113 @@
return 0;
}
+static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
+ mls_range_t * trange, expand_state_t * state)
+{
+ range_trans_t *rt, *check_rt = state->out->range_tr;
+
+ /* check for duplicates/conflicts */
+ while (check_rt) {
+ if ((check_rt->source_type == stype) &&
+ (check_rt->target_type == ttype) &&
+ (check_rt->target_class == tclass)) {
+ if (mls_range_eq(&check_rt->target_range, trange)) {
+ /* duplicate */
+ break;
+ } else {
+ /* conflict */
+ ERR(state->handle,
+ "Conflicting range trans rule %s %s : %s",
+ state->out->p_type_val_to_name[stype - 1],
+ state->out->p_type_val_to_name[ttype - 1],
+ state->out->p_class_val_to_name[tclass]);
+ return -1;
+ }
+ }
+ check_rt = check_rt->next;
+ }
+ if (check_rt) /* this is a dup - skip */
+ return 0;
+
+ rt = (range_trans_t *) calloc(1, sizeof(range_trans_t));
+ if (!rt) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ rt->next = state->out->range_tr;
+ state->out->range_tr = rt;
+
+ rt->source_type = stype;
+ rt->target_type = ttype;
+ rt->target_class = tclass;
+ if (mls_range_cpy(&rt->target_range, trange)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int expand_range_trans(expand_state_t * state,
+ range_trans_rule_t * rules)
+{
+ unsigned int i, j, k;
+ range_trans_rule_t *rule;
+
+ ebitmap_t stypes, ttypes;
+ ebitmap_node_t *snode, *tnode, *cnode;
+
+ for (rule = rules; rule; rule = rule->next) {
+ ebitmap_init(&stypes);
+ ebitmap_init(&ttypes);
+
+ /* expand the type sets */
+ if (expand_convert_type_set(state->out, state->typemap,
+ &rule->stypes, &stypes, 1)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+ if (expand_convert_type_set(state->out, state->typemap,
+ &rule->ttypes, &ttypes, 1)) {
+ ebitmap_destroy(&stypes);
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
+ /* loop on source type */
+ ebitmap_for_each_bit(&stypes, snode, i) {
+ if (!ebitmap_node_get_bit(snode, i))
+ continue;
+ /* loop on target type */
+ ebitmap_for_each_bit(&ttypes, tnode, j) {
+ if (!ebitmap_node_get_bit(tnode, j))
+ continue;
+ /* loop on target class */
+ ebitmap_for_each_bit(&rule->tclasses, cnode, k) {
+ if (!ebitmap_node_get_bit(cnode, k))
+ continue;
+
+ if (exp_rangetr_helper(i + 1,
+ j + 1,
+ k,
+ &rule->trange,
+ state)) {
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ return -1;
+ }
+ }
+ }
+ }
+
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ }
+
+ return 0;
+}
+
/* Search for an AV tab node within a hash table with the given key.
* If the node does not exist, create it and return it; otherwise
* return the pre-existing one.
@@ -1522,14 +1629,17 @@
goto out_of_mem;
}
memset(new_range, 0, sizeof(*new_range));
- new_range->dom = state->typemap[range->dom - 1];
- new_range->type = state->typemap[range->type - 1];
- if (mls_level_clone
- (&new_range->range.level[0], &range->range.level[0]) == -1
- || mls_level_clone(&new_range->range.level[1],
- &range->range.level[1])) {
+ new_range->source_type = state->typemap[range->source_type - 1];
+ new_range->target_type = state->typemap[range->target_type - 1];
+ new_range->target_class = range->target_class;
+ if (mls_level_clone(&new_range->target_range.level[0],
+ &range->target_range.level[0])) {
goto out_of_mem;
}
+ if (mls_level_clone(&new_range->target_range.level[1],
+ &range->target_range.level[1])) {
+ goto out_of_mem;
+ }
new_range->next = NULL;
if (last_new_range == NULL) {
state->out->range_tr = last_new_range = new_range;
@@ -1544,8 +1654,8 @@
out_of_mem:
ERR(state->handle, "Out of memory!");
if (new_range) {
- ebitmap_destroy(&new_range->range.level[0].cat);
- ebitmap_destroy(&new_range->range.level[1].cat);
+ ebitmap_destroy(&new_range->target_range.level[0].cat);
+ ebitmap_destroy(&new_range->target_range.level[1].cat);
free(new_range);
}
return -1;
@@ -1933,6 +2043,11 @@
goto cleanup;
}
+ /* expand the range transition rules */
+ if ((base->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS) &&
+ expand_range_trans(state, decl->range_tr_rules))
+ goto cleanup;
+
/* copy rules */
cur_avrule = decl->avrules;
while (cur_avrule != NULL) {
@@ -2146,7 +2261,8 @@
if (genfs_copy(&state))
goto cleanup;
- if (range_trans_clone(&state) == -1) {
+ if ((base->policyvers < MOD_POLICYDB_VERSION_RANGETRANS) &&
+ range_trans_clone(&state) == -1) {
goto cleanup;
}
Modified: trunk/libsepol/src/mls.c
===================================================================
--- trunk/libsepol/src/mls.c 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/src/mls.c 2006-09-05 14:27:29 UTC (rev 2015)
@@ -608,23 +608,20 @@
sepol_security_class_t tclass,
uint32_t specified, context_struct_t * newcontext)
{
+ range_trans_t *rtr;
if (!policydb->mls)
return 0;
switch (specified) {
case AVTAB_TRANSITION:
- if (tclass == SECCLASS_PROCESS) {
- range_trans_t *rangetr;
-
- /* Look for a range transition rule. */
- for (rangetr = policydb->range_tr; rangetr;
- rangetr = rangetr->next) {
- if (rangetr->dom == scontext->type &&
- rangetr->type == tcontext->type) {
- /* Set the range from the rule */
- return mls_range_set(newcontext,
- &rangetr->range);
- }
+ /* Look for a range transition rule. */
+ for (rtr = policydb->range_tr; rtr; rtr = rtr->next) {
+ if (rtr->source_type == scontext->type &&
+ rtr->target_type == tcontext->type &&
+ rtr->target_class == tclass) {
+ /* Set the range from the rule */
+ return mls_range_set(newcontext,
+ &rtr->target_range);
}
}
/* Fallthrough */
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/src/policydb.c 2006-09-05 14:27:29 UTC (rev 2015)
@@ -48,6 +48,7 @@
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/avrule_block.h>
#include <sepol/policydb/util.h>
+#include <sepol/policydb/flask.h>
#include "private.h"
#include "debug.h"
@@ -92,6 +93,12 @@
.ocon_num = OCON_NODE6 + 1,
},
{
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_RANGETRANS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
.type = POLICY_BASE,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -104,6 +111,12 @@
.ocon_num = OCON_NODE6 + 1,
},
{
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_RANGETRANS,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -114,7 +127,12 @@
.version = MOD_POLICYDB_VERSION_MLS,
.sym_num = SYM_NUM,
.ocon_num = 0,
- }
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_RANGETRANS,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0},
};
#if 0
@@ -307,6 +325,32 @@
}
}
+void range_trans_rule_init(range_trans_rule_t * x)
+{
+ type_set_init(&x->stypes);
+ type_set_init(&x->ttypes);
+ ebitmap_init(&x->tclasses);
+ mls_range_init(&x->trange);
+}
+
+void range_trans_rule_destroy(range_trans_rule_t * x)
+{
+ type_set_destroy(&x->stypes);
+ type_set_destroy(&x->ttypes);
+ ebitmap_destroy(&x->tclasses);
+ mls_range_destroy(&x->trange);
+}
+
+void range_trans_rule_list_destroy(range_trans_rule_t * x)
+{
+ while (x != NULL) {
+ range_trans_rule_t *next = x->next;
+ range_trans_rule_destroy(x);
+ free(x);
+ x = next;
+ }
+}
+
void avrule_list_destroy(avrule_t * x)
{
avrule_t *next, *cur;
@@ -954,15 +998,15 @@
for (rt = p->range_tr; rt; rt = rt->next) {
if (lrt) {
- ebitmap_destroy(&lrt->range.level[0].cat);
- ebitmap_destroy(&lrt->range.level[1].cat);
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
free(lrt);
}
lrt = rt;
}
if (lrt) {
- ebitmap_destroy(&lrt->range.level[0].cat);
- ebitmap_destroy(&lrt->range.level[1].cat);
+ ebitmap_destroy(&lrt->target_range.level[0].cat);
+ ebitmap_destroy(&lrt->target_range.level[1].cat);
free(lrt);
}
@@ -2260,6 +2304,8 @@
uint32_t *buf, nel;
range_trans_t *rt, *lrt;
unsigned int i;
+ int new_rangetr = (p->policy_type == POLICY_KERN &&
+ p->policyvers >= POLICYDB_VERSION_RANGETRANS);
buf = next_entry(fp, sizeof(uint32_t));
if (!buf)
@@ -2277,9 +2323,16 @@
buf = next_entry(fp, (sizeof(uint32_t) * 2));
if (!buf)
return -1;
- rt->dom = le32_to_cpu(buf[0]);
- rt->type = le32_to_cpu(buf[1]);
- if (mls_read_range_helper(&rt->range, fp))
+ rt->source_type = le32_to_cpu(buf[0]);
+ rt->target_type = le32_to_cpu(buf[1]);
+ if (new_rangetr) {
+ buf = next_entry(fp, (sizeof(uint32_t)));
+ if (!buf)
+ return -1;
+ rt->target_class = le32_to_cpu(buf[0]);
+ } else
+ rt->target_class = SECCLASS_PROCESS;
+ if (mls_read_range_helper(&rt->target_range, fp))
return -1;
lrt = rt;
}
@@ -2393,6 +2446,47 @@
return 0;
}
+static int range_trans_rule_read(range_trans_rule_t ** r,
+ struct policy_file *fp)
+{
+ uint32_t *buf, nel;
+ unsigned int i;
+ range_trans_rule_t *rt, *lrt = NULL;
+
+ buf = next_entry(fp, sizeof(uint32_t));
+ if (!buf)
+ return -1;
+ nel = le32_to_cpu(buf[0]);
+ for (i = 0; i < nel; i++) {
+ rt = malloc(sizeof(range_trans_rule_t));
+ if (!rt) {
+ return -1;
+ }
+ range_trans_rule_init(rt);
+
+ if (lrt)
+ lrt->next = rt;
+ else
+ *r = rt;
+
+ if (type_set_read(&rt->stypes, fp))
+ return -1;
+
+ if (type_set_read(&rt->ttypes, fp))
+ return -1;
+
+ if (ebitmap_read(&rt->tclasses, fp))
+ return -1;
+
+ if (mls_read_range_helper(&rt->trange, fp))
+ return -1;
+
+ lrt = rt;
+ }
+
+ return 0;
+}
+
static int scope_index_read(scope_index_t * scope_index,
unsigned int num_scope_syms, struct policy_file *fp)
{
@@ -2440,6 +2534,10 @@
role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
return -1;
}
+ if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
+ range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
+ return -1;
+ }
if (scope_index_read(&decl->required, num_scope_syms, fp) == -1 ||
scope_index_read(&decl->declared, num_scope_syms, fp) == -1) {
return -1;
@@ -2835,7 +2933,8 @@
if ((p->policy_type == POLICY_KERN
&& p->policyvers >= POLICYDB_VERSION_MLS)
|| (p->policy_type == POLICY_BASE
- && p->policyvers >= MOD_POLICYDB_VERSION_MLS)) {
+ && p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_RANGETRANS)) {
if (range_read(p, fp)) {
goto bad;
}
Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c 2006-09-01 19:28:23 UTC (rev 2014)
+++ trunk/libsepol/src/write.c 2006-09-05 14:27:29 UTC (rev 2015)
@@ -39,6 +39,7 @@
#include <sepol/policydb/policydb.h>
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/expand.h>
+#include <sepol/policydb/flask.h>
#include "debug.h"
#include "private.h"
@@ -1124,21 +1125,44 @@
{
size_t nel, items;
struct range_trans *rt;
- uint32_t buf[32];
+ uint32_t buf[2];
+ int new_rangetr = (p->policy_type == POLICY_KERN &&
+ p->policyvers >= POLICYDB_VERSION_RANGETRANS);
+ int warning_issued = 0;
+
nel = 0;
- for (rt = p->range_tr; rt; rt = rt->next)
- nel++;
+ for (rt = p->range_tr; rt; rt = rt->next) {
+ /* all range_transitions are written for the new format, only
+ process related range_transitions are written for the old
+ format, so count accordingly */
+ if (new_rangetr || rt->target_class == SECCLASS_PROCESS)
+ nel++;
+ }
buf[0] = cpu_to_le32(nel);
items = put_entry(buf, sizeof(uint32_t), 1, fp);
if (items != 1)
return POLICYDB_ERROR;
for (rt = p->range_tr; rt; rt = rt->next) {
- buf[0] = cpu_to_le32(rt->dom);
- buf[1] = cpu_to_le32(rt->type);
+ if (!new_rangetr && rt->target_class != SECCLASS_PROCESS) {
+ if (!warning_issued)
+ WARN(fp->handle, "Discarding range_transition "
+ "rules for security classes other than "
+ "\"process\"");
+ warning_issued = 1;
+ continue;
+ }
+ buf[0] = cpu_to_le32(rt->source_type);
+ buf[1] = cpu_to_le32(rt->target_type);
items = put_entry(buf, sizeof(uint32_t), 2, fp);
if (items != 2)
return POLICYDB_ERROR;
- if (mls_write_range_helper(&rt->range, fp))
+ if (new_rangetr) {
+ buf[0] = cpu_to_le32(rt->target_class);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ }
+ if (mls_write_range_helper(&rt->target_range, fp))
return POLICYDB_ERROR;
}
return POLICYDB_SUCCESS;
@@ -1264,6 +1288,33 @@
return POLICYDB_SUCCESS;
}
+static int range_trans_rule_write(range_trans_rule_t * t,
+ struct policy_file *fp)
+{
+ int nel = 0;
+ size_t items;
+ uint32_t buf[1];
+ range_trans_rule_t *rt;
+
+ for (rt = t; rt; rt = rt->next)
+ nel++;
+ buf[0] = cpu_to_le32(nel);
+ items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ if (items != 1)
+ return POLICYDB_ERROR;
+ for (rt = t; rt; rt = rt->next) {
+ if (type_set_write(&rt->stypes, fp))
+ return POLICYDB_ERROR;
+ if (type_set_write(&rt->ttypes, fp))
+ return POLICYDB_ERROR;
+ if (ebitmap_write(&rt->tclasses, fp))
+ return POLICYDB_ERROR;
+ if (mls_write_range_helper(&rt->trange, fp))
+ return POLICYDB_ERROR;
+ }
+ return POLICYDB_SUCCESS;
+}
+
static int scope_index_write(scope_index_t * scope_index,
unsigned int num_scope_syms,
struct policy_file *fp)
@@ -1304,6 +1355,10 @@
role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
return POLICYDB_ERROR;
}
+ if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
+ range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
+ return POLICYDB_ERROR;
+ }
if (scope_index_write(&decl->required, num_scope_syms, fp) == -1 ||
scope_index_write(&decl->declared, num_scope_syms, fp) == -1) {
return POLICYDB_ERROR;
@@ -1528,6 +1583,7 @@
if ((p->policyvers >= POLICYDB_VERSION_MLS
&& p->policy_type == POLICY_KERN)
|| (p->policyvers >= MOD_POLICYDB_VERSION_MLS
+ && p->policyvers < MOD_POLICYDB_VERSION_MLS
&& p->policy_type == POLICY_BASE)) {
if (range_write(p, fp)) {
return POLICYDB_ERROR;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-09-01 19:28:28
|
Revision: 2014
http://svn.sourceforge.net/selinux/?rev=2014&view=rev
Author: ssmalley
Date: 2006-09-01 12:28:23 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
Tag for policycoreutils 1.30.28
Added Paths:
-----------
tags/policycoreutils_1_30_28/policycoreutils/
Copied: tags/policycoreutils_1_30_28/policycoreutils (from rev 2013, trunk/policycoreutils)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-09-01 19:28:03
|
Revision: 2013
http://svn.sourceforge.net/selinux/?rev=2013&view=rev
Author: ssmalley
Date: 2006-09-01 12:27:58 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
Tag for policycoreutils 1.30.28.
Added Paths:
-----------
tags/policycoreutils_1_30_28/
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-09-01 19:25:46
|
Revision: 2012
http://svn.sourceforge.net/selinux/?rev=2012&view=rev
Author: ssmalley
Date: 2006-09-01 12:25:42 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
policycoreutils 1.30.28
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2006-09-01 19:22:21 UTC (rev 2011)
+++ trunk/policycoreutils/ChangeLog 2006-09-01 19:25:42 UTC (rev 2012)
@@ -1,3 +1,7 @@
+1.30.28 2006-09-01
+ * Merged fix for restorecon // handling from Erich Schubert.
+ * Merged translations update and fixfiles fix from Dan Walsh.
+
1.30.27 2006-08-24
* Merged fix for restorecon symlink handling from Erich Schubert.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2006-09-01 19:22:21 UTC (rev 2011)
+++ trunk/policycoreutils/VERSION 2006-09-01 19:25:42 UTC (rev 2012)
@@ -1 +1 @@
-1.30.27
+1.30.28
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-09-01 19:22:50
|
Revision: 2011
http://svn.sourceforge.net/selinux/?rev=2011&view=rev
Author: ssmalley
Date: 2006-09-01 12:22:21 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: policycoreutils translations patch
Date: Thu, 24 Aug 2006 14:40:01 -0400
Updates to translation files and bug fix for fixfiles.
Acked-by: Stephen Smalley <sd...@ty...>
Acked-by: Darrel Goeddel <dgo...@tr...>
Modified Paths:
--------------
trunk/policycoreutils/po/af.po
trunk/policycoreutils/po/am.po
trunk/policycoreutils/po/ar.po
trunk/policycoreutils/po/be.po
trunk/policycoreutils/po/bg.po
trunk/policycoreutils/po/bn.po
trunk/policycoreutils/po/bn_IN.po
trunk/policycoreutils/po/ca.po
trunk/policycoreutils/po/cs.po
trunk/policycoreutils/po/cy.po
trunk/policycoreutils/po/da.po
trunk/policycoreutils/po/de.po
trunk/policycoreutils/po/el.po
trunk/policycoreutils/po/en_GB.po
trunk/policycoreutils/po/es.po
trunk/policycoreutils/po/et.po
trunk/policycoreutils/po/eu_ES.po
trunk/policycoreutils/po/fa.po
trunk/policycoreutils/po/fi.po
trunk/policycoreutils/po/fr.po
trunk/policycoreutils/po/gl.po
trunk/policycoreutils/po/gu.po
trunk/policycoreutils/po/he.po
trunk/policycoreutils/po/hi.po
trunk/policycoreutils/po/hr.po
trunk/policycoreutils/po/hu.po
trunk/policycoreutils/po/hy.po
trunk/policycoreutils/po/id.po
trunk/policycoreutils/po/is.po
trunk/policycoreutils/po/it.po
trunk/policycoreutils/po/ja.po
trunk/policycoreutils/po/ka.po
trunk/policycoreutils/po/kn.po
trunk/policycoreutils/po/ko.po
trunk/policycoreutils/po/ku.po
trunk/policycoreutils/po/lo.po
trunk/policycoreutils/po/lt.po
trunk/policycoreutils/po/lv.po
trunk/policycoreutils/po/mk.po
trunk/policycoreutils/po/ml.po
trunk/policycoreutils/po/mr.po
trunk/policycoreutils/po/ms.po
trunk/policycoreutils/po/my.po
trunk/policycoreutils/po/nb.po
trunk/policycoreutils/po/nl.po
trunk/policycoreutils/po/nn.po
trunk/policycoreutils/po/no.po
trunk/policycoreutils/po/nso.po
trunk/policycoreutils/po/or.po
trunk/policycoreutils/po/pa.po
trunk/policycoreutils/po/pl.po
trunk/policycoreutils/po/pt.po
trunk/policycoreutils/po/pt_BR.po
trunk/policycoreutils/po/ro.po
trunk/policycoreutils/po/ru.po
trunk/policycoreutils/po/si.po
trunk/policycoreutils/po/sk.po
trunk/policycoreutils/po/sl.po
trunk/policycoreutils/po/sq.po
trunk/policycoreutils/po/sr.po
trunk/policycoreutils/po/sr@Latn.po
trunk/policycoreutils/po/sv.po
trunk/policycoreutils/po/ta.po
trunk/policycoreutils/po/te.po
trunk/policycoreutils/po/th.po
trunk/policycoreutils/po/tr.po
trunk/policycoreutils/po/uk.po
trunk/policycoreutils/po/ur.po
trunk/policycoreutils/po/vi.po
trunk/policycoreutils/po/zh_CN.po
trunk/policycoreutils/po/zh_TW.po
trunk/policycoreutils/po/zu.po
trunk/policycoreutils/scripts/fixfiles
Modified: trunk/policycoreutils/po/af.po
===================================================================
--- trunk/policycoreutils/po/af.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/af.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL...@li...>\n"
@@ -21,7 +21,7 @@
msgid "usage: %s [-bq]\n"
msgstr ""
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr ""
@@ -31,26 +31,26 @@
msgid "Out of memory!\n"
msgstr ""
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -60,187 +60,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr ""
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr ""
@@ -251,27 +251,27 @@
" <args ...> are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr ""
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr ""
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr ""
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr ""
Modified: trunk/policycoreutils/po/am.po
===================================================================
--- trunk/policycoreutils/po/am.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/am.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL...@li...>\n"
@@ -21,7 +21,7 @@
msgid "usage: %s [-bq]\n"
msgstr ""
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr ""
@@ -31,26 +31,26 @@
msgid "Out of memory!\n"
msgstr ""
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -60,187 +60,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr ""
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr ""
@@ -251,27 +251,27 @@
" <args ...> are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr ""
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr ""
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr ""
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr ""
Modified: trunk/policycoreutils/po/ar.po
===================================================================
--- trunk/policycoreutils/po/ar.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/ar.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL...@li...>\n"
@@ -21,7 +21,7 @@
msgid "usage: %s [-bq]\n"
msgstr ""
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr ""
@@ -31,26 +31,26 @@
msgid "Out of memory!\n"
msgstr ""
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -60,187 +60,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr ""
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr ""
@@ -251,27 +251,27 @@
" <args ...> are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr ""
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr ""
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr ""
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr ""
Modified: trunk/policycoreutils/po/be.po
===================================================================
--- trunk/policycoreutils/po/be.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/be.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL...@li...>\n"
@@ -21,7 +21,7 @@
msgid "usage: %s [-bq]\n"
msgstr ""
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr ""
@@ -31,26 +31,26 @@
msgid "Out of memory!\n"
msgstr ""
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -60,187 +60,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr ""
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr ""
@@ -251,27 +251,27 @@
" <args ...> are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr ""
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr ""
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr ""
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr ""
Modified: trunk/policycoreutils/po/bg.po
===================================================================
--- trunk/policycoreutils/po/bg.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/bg.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL...@li...>\n"
@@ -21,7 +21,7 @@
msgid "usage: %s [-bq]\n"
msgstr ""
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr ""
@@ -31,26 +31,26 @@
msgid "Out of memory!\n"
msgstr ""
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -60,187 +60,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr ""
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr ""
@@ -251,27 +251,27 @@
" <args ...> are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr ""
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr ""
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr ""
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr ""
Modified: trunk/policycoreutils/po/bn.po
===================================================================
--- trunk/policycoreutils/po/bn.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/bn.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -8,7 +8,7 @@
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL...@li...>\n"
@@ -21,7 +21,7 @@
msgid "usage: %s [-bq]\n"
msgstr ""
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr ""
@@ -31,26 +31,26 @@
msgid "Out of memory!\n"
msgstr ""
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr ""
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr ""
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr ""
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr ""
@@ -60,187 +60,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr ""
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr ""
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr ""
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr ""
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr ""
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr ""
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr ""
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr ""
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr ""
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr ""
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr ""
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr ""
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr ""
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr ""
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr ""
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr ""
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr ""
@@ -251,27 +251,27 @@
" <args ...> are the arguments to that script."
msgstr ""
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr ""
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr ""
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr ""
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr ""
Modified: trunk/policycoreutils/po/bn_IN.po
===================================================================
--- trunk/policycoreutils/po/bn_IN.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/bn_IN.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -35,7 +35,7 @@
msgstr ""
"Project-Id-Version: bn_IN\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: 2006-05-09 18:04+0530\n"
"Last-Translator: Runa Bhattacharjee <ru...@re...>\n"
"Language-Team: Bangla (INDIA) <red...@be...>\n"
@@ -50,7 +50,7 @@
msgid "usage: %s [-bq]\n"
msgstr "ব্যবহারপ্রণালী: %s [-bq]\n"
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr "%s: চিহ্নিত নিয়মনীতি লোড করা যায়নি: %s\n"
@@ -60,26 +60,26 @@
msgid "Out of memory!\n"
msgstr "মেমরি অবশিষ্ট নেই!\n"
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr "PAM আরম্ভ করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr "PAM_TTY নির্ধারণ করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr "পাসওয়ার্ড:"
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr "shadow passwd ফাইলের মধ্যে আপনার তথ্য পাওয়া যায়নি।\n"
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr "getpass'র দ্বারা /dev/tty খোলা সম্ভব হয়নি\n"
@@ -89,191 +89,191 @@
msgid "Error initing capabilities, aborting.\n"
msgstr "কর্ম init করতে ব্যর্থ, পরিত্যাগ করা হচ\xE0\xA7\x8Dছে।\n"
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr "কর্ম drop করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে।\n"
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr "uid পরিবর্তন করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে।\n"
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr "KEEPCAPS'র মান পুনরায় নির্ধারণ করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে\n"
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr "SETUID বৈশিষ্ট্য drop করতে ব্যর্থ, পরিত্যাগ করা হচ্ছে\n"
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr "দুঃক্ষিত, newrole শুধুমাত্র একটি SELinux কার্নেলে ব্যবহার করা যাবে।\n"
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr "enforcing মোড নির্ধারণ করা যায়নি।\n"
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr "ত্রুটি: একাধিক ভূমিকা উল্লিখিত হয়েছে\n"
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr "ত্রুটি: একাধিক ধরনের ফাইল নির্ধারিত হয়েছে\n"
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr "দূঃক্ষিত, -l শুধুমাত্র SELinux MLS সমর্থনের সাথে ব্যবহার করা যাবে\n"
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr "ত্রুটি: একাধিক স্তর নির্ধারিত হয়েছে\n"
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr "ডিফল্ট প্রকৃতি সনাক্ত করা যায়নি।\n"
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr "old_context প্রাপ্ত করতে ব্যর্থ।\n"
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr "new context প্রাপ্ত করতে ব্যর্থ।\n"
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr "passwd ফাইলের মধ্যে আপনার তথ্য সনাক্ত করা যায়নি।\n"
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr "ত্রুটি! বৈধ শেল ব্যবহার করা হয়নি।\n"
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr "ত্রুটি! tty সংক্রান্ত তথ্য প্রাপ্ত করা যায়নি।\n"
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr "%s'র পরিচয় প্রমাণিত করা হচ্ছে।\n"
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr "newrole: %s'র পাসওয়ার্ড সঠিক নয়\n"
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
msgid "failed to set new role %s\n"
msgstr "new role %s স্থাপন করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:657
+#: ../newrole/newrole.c:671
#, c-format
msgid "failed to set new type %s\n"
msgstr "নতুন ধরন %s স্থাপন করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:670
+#: ../newrole/newrole.c:688
#, c-format
msgid "failed to build new range with level %s\n"
msgstr "%s স্তর সহ নতুন রেঞ্জ নির্মাণ করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:674
+#: ../newrole/newrole.c:693
#, c-format
msgid "failed to set new range %s\n"
msgstr "নতুন রেঞ্জ %s স্থাপন করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:688
+#: ../newrole/newrole.c:708
#, c-format
msgid "failed to convert new context to string\n"
msgstr "new context'কে string হিসাবে রূপান্তর করা যায়নি\n"
-#: ../newrole/newrole.c:698
+#: ../newrole/newrole.c:717
#, c-format
msgid "%s is not a valid context\n"
msgstr "%s বৈধ context নয়\n"
-#: ../newrole/newrole.c:711
+#: ../newrole/newrole.c:730
#, c-format
msgid "Error! Could not open %s.\n"
msgstr "ত্রুটি! %s খুলতে ব্যর্থ।\n"
-#: ../newrole/newrole.c:717
+#: ../newrole/newrole.c:738
#, c-format
msgid "%s! Could not get current context for %s, not relabeling tty.\n"
msgstr ""
"%s! %s'র ক্ষেত্রে বর্তমান context প্রাপ্ত করা যায়নি, tty'র লেবেল পরিবর্তন করা হবে "
"না।\n"
-#: ../newrole/newrole.c:728
+#: ../newrole/newrole.c:757
#, c-format
msgid "%s! Could not get new context for %s, not relabeling tty.\n"
msgstr ""
"%s! %s'র ক্ষেত্রে নতুন context প্রাপ্ত করা যায়নি, tty'র লেবেল পরিবর্তন করা হবে "
"না।\n"
-#: ../newrole/newrole.c:740
+#: ../newrole/newrole.c:771
#, c-format
msgid "%s! Could not set new context for %s\n"
msgstr "%s! %s'র ক্ষেত্রে নতুন context স্থাপন করা যায়নি\n"
-#: ../newrole/newrole.c:752
+#: ../newrole/newrole.c:784
#, c-format
msgid "newrole: failure forking: %s"
msgstr "newrole: fork করতে ব্যর্থ: %s"
-#: ../newrole/newrole.c:754
+#: ../newrole/newrole.c:789
#, c-format
msgid "Warning! Could not restore context for %s\n"
msgstr "সতর্কবার্তা! %s'র context পুনরুদ্ধার করতে ব্যর্থ\n"
-#: ../newrole/newrole.c:774
+#: ../newrole/newrole.c:810
#, c-format
msgid "%s changed labels.\n"
msgstr "%s'র লেবেল পরিবর্তিত হয়েছে।\n"
-#: ../newrole/newrole.c:798
+#: ../newrole/newrole.c:834
#, c-format
msgid "Could not close descriptors.\n"
msgstr "বিবরণ প্রদর্শন বন্ধ করা যায়নি।\n"
-#: ../newrole/newrole.c:832 ../run_init/run_init.c:390
+#: ../newrole/newrole.c:869 ../run_init/run_init.c:397
#, c-format
msgid "Could not set exec context to %s.\n"
msgstr "exec context %s হিসাবে স্থাপন করা যায়নি।\n"
-#: ../newrole/newrole.c:842
+#: ../newrole/newrole.c:881
#, c-format
msgid "Error connecting to audit system.\n"
msgstr "অডিট সিস্টেমের সাথে সংযোগ করতে ব্যর্থ।\n"
-#: ../newrole/newrole.c:847
+#: ../newrole/newrole.c:886
#, c-format
msgid "Error allocating memory.\n"
msgstr "মেমরি নির্ধারণ করতে ব্যর্থ।\n"
-#: ../newrole/newrole.c:853
+#: ../newrole/newrole.c:892
#, c-format
msgid "Error sending audit message.\n"
msgstr "অডিট সংক্রান্ত বার্তা পাঠাতে ব্যর্থ।\n"
-#: ../newrole/newrole.c:864
+#: ../newrole/newrole.c:903
msgid "failed to exec shell\n"
msgstr "শেল exec করতে ব্যর্থ\n"
@@ -287,27 +287,27 @@
" এই ক্ষেত্রে: <script> দ্বারা সঞ্চালনের উদ্দেশ্যে init স্ক্রিপ্ট চিহ্নিত করা হয়,\n"
" <args ...>'র মধ্যে উপরোক্ত স্ক্রিপ্টের আর্গুমেন্ট উল্লিখিত হয়।"
-#: ../run_init/run_init.c:264
+#: ../run_init/run_init.c:267
#, c-format
msgid "run_init: incorrect password for %s\n"
msgstr "run_init: %s'র পাসওয়ার্ড সঠিক নয়\n"
-#: ../run_init/run_init.c:295
+#: ../run_init/run_init.c:301
#, c-format
msgid "Could not open file %s\n"
msgstr "%s ফাইল খুলতে ব্যর্থ\n"
-#: ../run_init/run_init.c:322
+#: ../run_init/run_init.c:328
#, c-format
msgid "No context in file %s\n"
msgstr "%s ফাইলে কোনো context উপস্থিত নেই\n"
-#: ../run_init/run_init.c:345
+#: ../run_init/run_init.c:353
#, c-format
msgid "Sorry, run_init may be used only on a SELinux kernel.\n"
msgstr "দুঃক্ষিত, run_init শুধুমাত্র SELinux কার্নেলের সাথে ব্যবহারযোগ্য।\n"
-#: ../run_init/run_init.c:364
+#: ../run_init/run_init.c:372
#, c-format
msgid "authentication failed.\n"
msgstr "অনুমোদন করতে ব্যর্থ।\n"
Modified: trunk/policycoreutils/po/ca.po
===================================================================
--- trunk/policycoreutils/po/ca.po 2006-09-01 19:20:50 UTC (rev 2010)
+++ trunk/policycoreutils/po/ca.po 2006-09-01 19:22:21 UTC (rev 2011)
@@ -21,7 +21,7 @@
msgstr ""
"Project-Id-Version: policycoreutils\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2006-05-26 13:48-0400\n"
+"POT-Creation-Date: 2006-06-29 15:53-0400\n"
"PO-Revision-Date: 2006-05-13 10:34+0200\n"
"Last-Translator: Josep Puigdemont Casamajó <jos...@gm...>\n"
"Language-Team: Catalan <tra...@so...>\n"
@@ -34,7 +34,7 @@
msgid "usage: %s [-bq]\n"
msgstr "Forma d'ús: %s [-bq]\n"
-#: ../load_policy/load_policy.c:62
+#: ../load_policy/load_policy.c:66
#, c-format
msgid "%s: Can't load policy: %s\n"
msgstr "%s: No es pot carregar la política: %s\n"
@@ -44,26 +44,26 @@
msgid "Out of memory!\n"
msgstr "No hi ha prou memòria!\n"
-#: ../newrole/newrole.c:201 ../run_init/run_init.c:126
+#: ../newrole/newrole.c:199 ../run_init/run_init.c:126
#, c-format
msgid "failed to initialize PAM\n"
msgstr "no s'ha pogut inicialitzar el PAM\n"
-#: ../newrole/newrole.c:212
+#: ../newrole/newrole.c:210
#, c-format
msgid "failed to set PAM_TTY\n"
msgstr "no s'ha pogut establir PAM_TTY\n"
-#: ../newrole/newrole.c:250 ../run_init/run_init.c:155
+#: ../newrole/newrole.c:246 ../run_init/run_init.c:154
msgid "Password:"
msgstr "Contrasenya:"
-#: ../newrole/newrole.c:282 ../run_init/run_init.c:187
+#: ../newrole/newrole.c:281 ../run_init/run_init.c:189
#, c-format
msgid "Cannot find your entry in the shadow passwd file.\n"
msgstr "No s'ha pogut trobar la vostra entrada en el fitxer passwd ocult.\n"
-#: ../newrole/newrole.c:288 ../run_init/run_init.c:193
+#: ../newrole/newrole.c:287 ../run_init/run_init.c:195
#, c-format
msgid "getpass cannot open /dev/tty\n"
msgstr "El getpass no pot obrir /dev/tty\n"
@@ -73,187 +73,187 @@
msgid "Error initing capabilities, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:367
+#: ../newrole/newrole.c:368
#, c-format
msgid "Error dropping capabilities, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:374
+#: ../newrole/newrole.c:375
#, c-format
msgid "Error changing uid, aborting.\n"
msgstr ""
-#: ../newrole/newrole.c:380
+#: ../newrole/newrole.c:382
#, c-format
msgid "Error resetting KEEPCAPS, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:386
+#: ../newrole/newrole.c:390
#, c-format
msgid "Error dropping SETUID capability, aborting\n"
msgstr ""
-#: ../newrole/newrole.c:459
+#: ../newrole/newrole.c:463
#, c-format
msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
msgstr ""
-#: ../newrole/newrole.c:464
+#: ../newrole/newrole.c:468
#, c-format
msgid "Could not determine enforcing mode.\n"
msgstr ""
-#: ../newrole/newrole.c:481
+#: ../newrole/newrole.c:488
#, c-format
msgid "Error: multiple roles specified\n"
msgstr ""
-#: ../newrole/newrole.c:490
+#: ../newrole/newrole.c:498
#, c-format
msgid "Error: multiple types specified\n"
msgstr ""
-#: ../newrole/newrole.c:498
+#: ../newrole/newrole.c:508
#, c-format
msgid "Sorry, -l may be used with SELinux MLS support.\n"
msgstr ""
-#: ../newrole/newrole.c:503
+#: ../newrole/newrole.c:515
#, c-format
msgid "Error: multiple levels specified\n"
msgstr ""
-#: ../newrole/newrole.c:527
+#: ../newrole/newrole.c:537
#, c-format
msgid "Couldn't get default type.\n"
msgstr ""
-#: ../newrole/newrole.c:549
+#: ../newrole/newrole.c:559
#, c-format
msgid "failed to get old_context.\n"
msgstr ""
-#: ../newrole/newrole.c:563
+#: ../newrole/newrole.c:572
#, c-format
msgid "failed to get new context.\n"
msgstr ""
-#: ../newrole/newrole.c:586
+#: ../newrole/newrole.c:596
#, c-format
msgid "cannot find your entry in the passwd file.\n"
msgstr ""
-#: ../newrole/newrole.c:596
+#: ../newrole/newrole.c:606
#, c-format
msgid "Error! Shell is not valid.\n"
msgstr ""
-#: ../newrole/newrole.c:603
+#: ../newrole/newrole.c:614
#, c-format
msgid "Error! Could not retrieve tty information.\n"
msgstr ""
-#: ../newrole/newrole.c:607
+#: ../newrole/newrole.c:618
#, c-format
msgid "Authenticating %s.\n"
msgstr "S'està autenticant %s.\n"
-#: ../newrole/newrole.c:621
+#: ../newrole/newrole.c:632
#, c-format
msgid "newrole: incorrect password for %s\n"
msgstr ""
-#: ../newrole/newrole.c:645
+#: ../newrole/newrole.c:657
#, c-format
...
[truncated message content] |
|
From: <ssm...@us...> - 2006-09-01 19:20:54
|
Revision: 2010
http://svn.sourceforge.net/selinux/?rev=2010&view=rev
Author: ssmalley
Date: 2006-09-01 12:20:50 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
Author: Erich Schubert
Email: er...@de...
Subject: Bug in restorecon for symlinks in root dir
Date: Wed, 30 Aug 2006 15:23:00 +0200
How about this fix for correct handling of //lib64 etc.?
In contrast to my previous mail, the "len == 0" part in the if statement
should be necessary (for the /lib64 case; since path="" in that
situation)
The "len == 0" test is only unneeded if we used my initial patch (with
strcpy("/", path)); since the len == 0 case should then never occur.
The patch is straightforward - it only adds / to the path if it doesn't
end in a slash yet. Since this will result in path names at most 1 char
shorter than before, the buffer size check doesn't need to be modified
(though it wastes one character then)
Acked-by: Stephen Smalley <sd...@ty...>
Acked-by: Joshua Brindle <jbr...@tr...>
Modified Paths:
--------------
trunk/policycoreutils/restorecon/restorecon.c
Modified: trunk/policycoreutils/restorecon/restorecon.c
===================================================================
--- trunk/policycoreutils/restorecon/restorecon.c 2006-08-30 13:29:02 UTC (rev 2009)
+++ trunk/policycoreutils/restorecon/restorecon.c 2006-09-01 19:20:50 UTC (rev 2010)
@@ -197,8 +197,11 @@
return 1;
}
p += len;
- *p = '/';
- p++;
+ /* ensure trailing slash of directory name */
+ if (len == 0 || *(p - 1) != '/') {
+ *p = '/';
+ p++;
+ }
strcpy(p, file_sep);
filename = path;
} else {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2006-08-30 13:29:10
|
Revision: 2009 Author: ssmalley Date: 2006-08-30 06:29:02 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2009&view=rev Log Message: ----------- Move into place. Added Paths: ----------- tags/policycoreutils_1_30_27/policycoreutils/ Removed Paths: ------------- tags/policycoreutils_1_30_27_tmp/ Copied: tags/policycoreutils_1_30_27/policycoreutils (from rev 2008, tags/policycoreutils_1_30_27_tmp) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:28:34
|
Revision: 2008 Author: ssmalley Date: 2006-08-30 06:28:29 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2008&view=rev Log Message: ----------- Create. Added Paths: ----------- tags/policycoreutils_1_30_27/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:28:16
|
Revision: 2007 Author: ssmalley Date: 2006-08-30 06:28:10 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2007&view=rev Log Message: ----------- Move aside for restructuring. Added Paths: ----------- tags/policycoreutils_1_30_27_tmp/ Removed Paths: ------------- tags/policycoreutils_1_30_27/ Copied: tags/policycoreutils_1_30_27_tmp (from rev 2006, tags/policycoreutils_1_30_27) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:27:05
|
Revision: 2006 Author: ssmalley Date: 2006-08-30 06:26:56 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2006&view=rev Log Message: ----------- Move into place. Added Paths: ----------- tags/libselinux_1_30_27/libselinux/ Removed Paths: ------------- tags/libselinux_1_30_27_tmp/ Copied: tags/libselinux_1_30_27/libselinux (from rev 2005, tags/libselinux_1_30_27_tmp) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:26:38
|
Revision: 2005 Author: ssmalley Date: 2006-08-30 06:26:29 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2005&view=rev Log Message: ----------- Create. Added Paths: ----------- tags/libselinux_1_30_27/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:26:13
|
Revision: 2004 Author: ssmalley Date: 2006-08-30 06:26:04 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2004&view=rev Log Message: ----------- Move aside so we can restructure. Added Paths: ----------- tags/libselinux_1_30_27_tmp/ Removed Paths: ------------- tags/libselinux_1_30_27/ Copied: tags/libselinux_1_30_27_tmp (from rev 2003, tags/libselinux_1_30_27) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:24:27
|
Revision: 2003 Author: ssmalley Date: 2006-08-30 06:24:12 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2003&view=rev Log Message: ----------- Move into place. Added Paths: ----------- tags/libsepol_1_12_25/libsepol/ Removed Paths: ------------- tags/libsepol_1_12_25_tmp/ Copied: tags/libsepol_1_12_25/libsepol (from rev 2002, tags/libsepol_1_12_25_tmp) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
|
From: <ssm...@us...> - 2006-08-30 13:23:28
|
Revision: 2002 Author: ssmalley Date: 2006-08-30 06:23:20 -0700 (Wed, 30 Aug 2006) ViewCVS: http://svn.sourceforge.net/selinux/?rev=2002&view=rev Log Message: ----------- Create. Added Paths: ----------- tags/libsepol_1_12_25/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
