From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/
Date: Wed, 13 Jul 2011 21:57:19 +0000 (UTC) [thread overview]
Message-ID: <1e5751d8b256df635ba6f1e489732f11cb729e12.SwifT@gentoo> (raw)
commit: 1e5751d8b256df635ba6f1e489732f11cb729e12
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Wed Jul 13 21:50:06 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Wed Jul 13 21:50:06 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=1e5751d8
Bump policycoreutils to 2.0.85
---
sys-apps/policycoreutils/ChangeLog | 437 ++++++++
...policycoreutils-2.0.85-fix-seunshare-vuln.patch | 1084 ++++++++++++++++++++
.../files/policycoreutils-2.0.85-python3.tar.gz | Bin 0 -> 19750 bytes
.../files/policycoreutils-2.0.85-sesandbox.patch | 387 +++++++
sys-apps/policycoreutils/metadata.xml | 17 +
.../policycoreutils/policycoreutils-2.0.85.ebuild | 116 +++
6 files changed, 2041 insertions(+), 0 deletions(-)
diff --git a/sys-apps/policycoreutils/ChangeLog b/sys-apps/policycoreutils/ChangeLog
new file mode 100644
index 0000000..7888b40
--- /dev/null
+++ b/sys-apps/policycoreutils/ChangeLog
@@ -0,0 +1,437 @@
+# ChangeLog for sys-apps/policycoreutils
+# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/ChangeLog,v 1.86 2011/07/08 10:54:27 ssuominen Exp $
+
+ 13 Jul 2011; <swift@gentoo.org> +policycoreutils-2.0.85.ebuild,
+ +files/policycoreutils-2.0.85-fix-seunshare-vuln.patch,
+ +files/policycoreutils-2.0.85-python3.tar.gz,
+ +files/policycoreutils-2.0.85-sesandbox.patch, +metadata.xml:
+ Add fix for bug #374897 and initial support for python3
+
+*policycoreutils-2.0.85 (12 Jul 2011)
+
+ 12 Jul 2011; <swift@gentoo.org> +files/policycoreutils-2.0.69-setfiles.diff,
+ +policycoreutils-2.0.85.ebuild, +metadata.xml:
+ Bump to 2.0.85
+
+ 08 Jul 2011; Samuli Suominen <ssuominen@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild, policycoreutils-2.0.69-r2.ebuild:
+ Convert from "useq" to "use".
+
+*policycoreutils-2.0.82-r1 (30 Jun 2011)
+
+ 30 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82-r1.ebuild:
+ Overwrite invalid .po files with valid ones, fixes bug #372807
+
+ 16 Jun 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Drop use_nls dependency on gettext. Its mandatory. See bug #299681.
+ Also put gettext in COMMON_DEPS, it is more than a RDEPEND.
+
+ 28 May 2011; Anthony G. Basile <blueness@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Stable amd64 x86
+
+ 16 Apr 2011; Anthony G. Basile <blueness@gentoo.org> metadata.xml:
+ Updated metadata info.
+
+ 08 Feb 2011; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.82.ebuild:
+ Set SUPPORT_PYTHON_ABIS (bug #353762). Fix dependencies. Fix installation
+ with FEATURES="multilib-strict".
+
+*policycoreutils-2.0.82 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.82.ebuild:
+ New upstream release.
+
+*policycoreutils-2.0.69-r2 (05 Feb 2011)
+
+ 05 Feb 2011; Anthony G. Basile <blueness@gentoo.org>
+ +policycoreutils-2.0.69-r2.ebuild,
+ +files/policycoreutils-2.0.69-setfiles.diff:
+ Fixed bug #300613
+
+ 04 Apr 2010; Arfrever Frehtes Taifersar Arahesis <arfrever@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild,
+ policycoreutils-2.0.69-r1.ebuild:
+ Delete calls to deprecated python_version().
+
+*policycoreutils-2.0.69-r1 (20 Sep 2009)
+
+ 20 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69-r1.ebuild:
+ Update rlpkg for ext4 and btrfs.
+
+ 14 Sep 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.69.ebuild:
+ Fix libsemanage DEP.
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-2.0.55.ebuild, policycoreutils-2.0.69.ebuild:
+ Add python_need_rebuild.
+
+*policycoreutils-2.0.69 (02 Aug 2009)
+
+ 02 Aug 2009; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.69.ebuild:
+ New upstream release.
+
+ 18 Jul 2009; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.34.15.ebuild, policycoreutils-2.0.55.ebuild:
+ Mark stable. Remove old ebuilds.
+
+*policycoreutils-2.0.55 (03 Oct 2008)
+
+ 03 Oct 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-2.0.55.ebuild:
+ Initial commit of policycoreutils 2.0.
+
+ 29 May 2008; Ali Polatel <hawking@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ python_mod_optimize is ROOT aware. Fixed python_mod_cleanup.
+
+ 26 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.15.ebuild:
+ Fix libsemanage dependency.
+
+ 13 May 2008; Chris PeBenito <pebenito@gentoo.org>
+ -files/policycoreutils-1.28-quietlp.diff,
+ -files/policycoreutils-1.32-quietlp.diff,
+ -files/policycoreutils-unsigned-char-ppc.diff,
+ -policycoreutils-1.28.ebuild, -policycoreutils-1.30-r1.ebuild,
+ -policycoreutils-1.34.1.ebuild, -policycoreutils-1.34.11.ebuild,
+ policycoreutils-1.34.15.ebuild:
+ Mark 1.34.15 stable, clear old ebuilds.
+
+*policycoreutils-1.34.15 (29 Jan 2008)
+
+ 29 Jan 2008; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.15.ebuild:
+ New upstream bugfix release.
+
+ 19 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.11.ebuild:
+ Fix quoting in unpack.
+
+*policycoreutils-1.34.11 (18 Oct 2007)
+
+ 18 Oct 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.11.ebuild:
+ New upstream release.
+
+ 04 Jun 2007; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.34.1.ebuild:
+ Mark stable.
+
+*policycoreutils-1.34.1 (15 Feb 2007)
+
+ 15 Feb 2007; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.34.1.ebuild:
+ New upstream release.
+
+ 24 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Fix glibc handling.
+
+ 09 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30.30.ebuild:
+ Stable to make repoman happy.
+
+*policycoreutils-1.30.30 (05 Oct 2006)
+
+ 05 Oct 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.32-quietlp.diff, +policycoreutils-1.30.30.ebuild:
+ Add SVN snapshot and updated extras in preparation for reference policy.
+
+ 31 Jul 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.30-r1.ebuild:
+ Mark stable, long overdue.
+
+*policycoreutils-1.30-r1 (28 Mar 2006)
+
+ 28 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.30.ebuild, +policycoreutils-1.30-r1.ebuild:
+ Fix install location of python site packages.
+
+ 22 Feb 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Alpha stable
+
+ 19 Feb 2006; Joshua Kinard <kumba@gentoo.org> policycoreutils-1.28.ebuild:
+ Marked stable on mips.
+
+*policycoreutils-1.30 (18 Mar 2006)
+
+ 18 Mar 2006; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.30.ebuild:
+ New upstream release.
+
+ 05 Feb 2006; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-unsigned-char-ppc.diff,
+ policycoreutils-1.28.ebuild:
+ Add patch to fix #121689.
+
+ 17 Jan 2006; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.28.ebuild:
+ Mark stable, x86, amd64, ppc, sparc.
+
+ 14 Jan 2006; Stephen Bennett <spb@gentoo.org> policycoreutils-1.28.ebuild:
+ Added ~alpha
+
+ 15 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24-r2.ebuild,
+ policycoreutils-1.28.ebuild:
+ Tighten up versioning to try to prevent mismatch problems as seen in #112348.
+
+*policycoreutils-1.28 (09 Dec 2005)
+
+ 09 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.28-quietlp.diff, -policycoreutils-1.24-r1.ebuild,
+ +policycoreutils-1.28.ebuild:
+ New upstream release.
+
+*policycoreutils-1.24-r2 (08 Dec 2005)
+
+ 08 Dec 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r2.ebuild:
+ Add compatability symlink for genhomedircon.
+
+*policycoreutils-1.24-r1 (09 Sep 2005)
+
+ 09 Sep 2005; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.24-r1.ebuild:
+ Update for fixed selinuxconfig source policy path.
+
+ 11 Jul 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild, policycoreutils-1.24.ebuild:
+ Fix RDEPEND for building stages. Libsepol is required now.
+
+*policycoreutils-1.24 (25 Jun 2005)
+
+ 25 Jun 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.24-genhomedircon-quiet.diff,
+ -policycoreutils-1.20-r1.ebuild, +policycoreutils-1.24.ebuild:
+ New upstream release.
+
+ 10 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ mips stable
+
+ 01 May 2005; Stephen Bennett <spb@gentoo.org> policycoreutils-1.22.ebuild:
+ Added ~mips.
+
+ 01 May 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.22.ebuild:
+ Mark stable.
+
+*policycoreutils-1.22 (13 Mar 2005)
+
+ 13 Mar 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.22-genhomedircon-quiet.diff,
+ +policycoreutils-1.22.ebuild:
+ New upstream release.
+
+*policycoreutils-1.20-r1 (13 Feb 2005)
+
+ 13 Feb 2005; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.16.ebuild, +policycoreutils-1.20-r1.ebuild,
+ -policycoreutils-1.20.ebuild:
+ Add back some tools deleted from upstream libselinux.
+
+*policycoreutils-1.20 (07 Jan 2005)
+
+ 07 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18-r1.ebuild, +policycoreutils-1.20.ebuild:
+ New upstream release. Mark 1.18-r1 stable.
+
+*policycoreutils-1.18-r1 (03 Jan 2005)
+
+ 03 Jan 2005; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-nonls.diff, +policycoreutils-1.18-r1.ebuild:
+ Make pam and nls optional for embedded systems use.
+
+ 22 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Ensure a few dirs and perms during stage1 build.
+
+ 15 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.18.ebuild:
+ Fix libsepol dep.
+
+*policycoreutils-1.18 (14 Nov 2004)
+
+ 14 Nov 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.18.ebuild:
+ New upstream release.
+
+*policycoreutils-1.16 (07 Sep 2004)
+
+ 07 Sep 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.16-genhomedircon-compat.diff,
+ +policycoreutils-1.16.ebuild:
+ New upstream release.
+
+ 08 Aug 2004; Tom Martin <slarti@gentoo.org> policycoreutils-1.12-r1.ebuild,
+ policycoreutils-1.12-r2.ebuild, policycoreutils-1.14.ebuild,
+ policycoreutils-1.4-r1.ebuild:
+ Typo in DESCRIPTION: utilites -> utilities. Bug 59717.
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Bump extras to fix free() bug in runscript_selinux.so.
+
+*policycoreutils-1.12-r2 (06 Jul 2004)
+
+ 06 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/runscript-selinux.diff, +policycoreutils-1.12-r2.ebuild:
+ Fix free() error in runscript_selinux.so.
+
+ 03 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.14.ebuild:
+ Update extras.
+
+*policycoreutils-1.14 (02 Jul 2004)
+
+ 02 Jul 2004; Chris PeBenito <pebenito@gentoo.org>
+ +files/policycoreutils-1.14-genhomedircon-compat.diff,
+ +policycoreutils-1.14.ebuild:
+ New upstream version.
+
+*policycoreutils-1.12-r1 (28 Jun 2004)
+
+ 28 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12-r1.ebuild:
+ Add toggle_bool to extras.
+
+ 11 Jun 2004; Chris PeBenito <pebenito@gentoo.org>
+ -policycoreutils-1.10-r1.ebuild, policycoreutils-1.12.ebuild:
+ Mark stable
+
+*policycoreutils-1.12 (14 May 2004)
+
+ 14 May 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.12.ebuild:
+ New upstream release.
+
+*policycoreutils-1.10-r1 (28 Apr 2004)
+
+ 28 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ +policycoreutils-1.10-r1.ebuild, -policycoreutils-1.10.ebuild,
+ -policycoreutils-1.8.ebuild:
+ Update extras and mark stable.
+
+*policycoreutils-1.10 (20 Apr 2004)
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.8.ebuild:
+ More specific versioning for libselinux.
+
+ 08 Apr 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Mark stable for 2004.1
+
+ 15 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ Update extras.
+
+*policycoreutils-1.8 (12 Mar 2004)
+
+ 12 Mar 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.8.ebuild:
+ New upstream release.
+
+*policycoreutils-1.6 (24 Feb 2004)
+
+ 24 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild, policycoreutils-1.6.ebuild:
+ New upstream release. Mark 1.4-r1 stable.
+
+*policycoreutils-1.4-r1 (09 Feb 2004)
+
+ 09 Feb 2004; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4-r1.ebuild:
+ Move extras to mirrors, and add runscript_selinux.so.
+
+ 31 Jan 2004; Chris PeBenito <pebenito@gentoo.org> files/rlpkg:
+ Switch to portageq from inline python. Add missing quotes for completeness.
+
+ 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ Mark stable.
+
+*policycoreutils-1.4 (06 Dec 2003)
+
+ 06 Dec 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.4.ebuild:
+ New upstream version.
+
+*policycoreutils-1.2-r2 (23 Nov 2003)
+
+ 23 Nov 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r2.ebuild:
+ Bump to add /sbin/seinit.
+
+ 29 Oct 2003; Joshua Brindle <method@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ added sparc
+
+*policycoreutils-1.2-r1 (20 Oct 2003)
+
+ 20 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2-r1.ebuild:
+ Remove unneeded -lattr linking from Makefiles.
+
+ 07 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild:
+ Mark stable.
+
+*policycoreutils-1.2 (03 Oct 2003)
+
+ 03 Oct 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.2.ebuild, files/policycoreutils-1.2-gentoo.diff:
+ New upstream version.
+
+ 29 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Add build USE flag; when asserted, only setfiles is built and merged.
+
+ 22 Sep 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild:
+ Move selinux-base-policy RDEPEND to checkpolicy. No longer RDEPEND on
+ checkpolicy.
+
+ 22 Sep 2003; <paul@gentoo.org> metadata.xml:
+ Fix metadata.xml
+
+ 24 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1-r1.ebuild, policycoreutils-1.1.ebuild:
+ Mark stable
+
+*policycoreutils-1.1-r1 (18 Aug 2003)
+
+ 18 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, policycoreutils-1.1-r1.ebuild,
+ files/avc_enforcing, files/avc_toggle,
+ files/policycoreutils-1.1-setfiles.diff:
+ Add setfiles patch for alternate root. Add avc_enforcing and avc_toggle
+ scripts for ease of use for old API users. Use package description from RPM
+ spec file in metadata.xml long description.
+
+*policycoreutils-1.1 (14 Aug 2003)
+
+ 14 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.1.ebuild:
+ New upstream version
+
+ 10 Aug 2003; Chris PeBenito <pebenito@gentoo.org>
+ policycoreutils-1.0.ebuild, files/rlpkg:
+ Add mkinitrd RDEP, add rlpkg.
+
+*policycoreutils-1.0 (03 Aug 2003)
+
+ 03 Aug 2003; Chris PeBenito <pebenito@gentoo.org> metadata.xml,
+ policycoreutils-1.0.ebuild, files/policycoreutils-1.0-gentoo.diff:
+ Initial commit
+
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch
new file mode 100644
index 0000000..ba00a0f
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-fix-seunshare-vuln.patch
@@ -0,0 +1,1084 @@
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox policycoreutils-2.0.85/sandbox/sandbox
+--- policycoreutils-2.0.85.orig/sandbox/sandbox 2011-07-13 19:49:59.186002432 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox 2011-07-13 23:19:06.323002791 +0200
+@@ -19,16 +19,18 @@
+ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ #
+
+-import os, sys, socket, random, fcntl, shutil, re, subprocess
++import os, stat, sys, socket, random, fcntl, shutil, re, subprocess
+ import selinux
+ import signal
+ from tempfile import mkdtemp
+ import pwd
++import commands
++import gettext
+
+ PROGNAME = "policycoreutils"
+-HOMEDIR=pwd.getpwuid(os.getuid()).pw_dir
++SEUNSHARE = "/usr/sbin/seunshare"
++SANDBOXSH = "/usr/share/sesandbox/sesandboxX.sh"
+
+-import gettext
+ gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
+ gettext.textdomain(PROGNAME)
+
+@@ -41,6 +43,7 @@
+ import __builtin__
+ __builtin__.__dict__['_'] = unicode
+
++DEFAULT_WINDOWSIZE = "1000x700"
+ DEFAULT_TYPE = "sandbox_t"
+ DEFAULT_X_TYPE = "sandbox_x_t"
+ SAVE_FILES = {}
+@@ -63,15 +66,15 @@
+ sys.stderr.flush()
+ sys.exit(1)
+
+-def copyfile(file, dir, dest):
++def copyfile(file, srcdir, dest):
+ import re
+- if file.startswith(dir):
++ if file.startswith(srcdir):
+ dname = os.path.dirname(file)
+ bname = os.path.basename(file)
+- if dname == dir:
++ if dname == srcdir:
+ dest = dest + "/" + bname
+ else:
+- newdir = re.sub(dir, dest, dname)
++ newdir = re.sub(srcdir, dest, dname)
+ if not os.path.exists(newdir):
+ os.makedirs(newdir)
+ dest = newdir + "/" + bname
+@@ -81,9 +84,10 @@
+ shutil.copytree(file, dest)
+ else:
+ shutil.copy2(file, dest)
++
+ except shutil.Error, elist:
+- for e in elist:
+- sys.stderr.write(e[1])
++ for e in elist.message:
++ sys.stderr.write(e[2])
+
+ SAVE_FILES[file] = (dest, os.path.getmtime(dest))
+
+@@ -161,7 +165,7 @@
+ if not self.__options.homedir or not self.__options.tmpdir:
+ self.usage(_("Homedir and tempdir required for level mounts"))
+
+- if not os.path.exists("/usr/sbin/seunshare"):
++ if not os.path.exists(SEUNSHARE):
+ raise ValueError(_("""
+ /usr/sbin/seunshare is required for the action you want to perform.
+ """))
+@@ -194,6 +198,8 @@
+ self.__include(option, opt, i[:-1], parser)
+ except IOError, e:
+ sys.stderr.write(str(e))
++ except TypeError, e:
++ sys.stderr.write(str(e))
+ fd.close()
+
+ def __copyfiles(self):
+@@ -212,7 +218,9 @@
+ /etc/gdm/Xsession
+ """)
+ else:
+- command = " ".join(self.__paths)
++ command = self.__paths[0] + " "
++ for p in self.__paths[1:]:
++ command += "'%s' " % p
+ fd.write("""#! /bin/sh
+ #TITLE: %s
+ /usr/bin/test -r ~/.xmodmap && /usr/bin/xmodmap ~/.xmodmap
+@@ -230,9 +238,9 @@
+ def __parse_options(self):
+ from optparse import OptionParser
+ usage = _("""
+-sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
++sesandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] command
+
+-sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
++sesandbox [-h] [-l level ] [-[X|M] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [ -w windowsize ] [[-i file ] ...] [ -t type ] -S
+ """)
+
+ parser = OptionParser(version=self.VERSION, usage=usage)
+@@ -268,6 +276,10 @@
+ action="callback", callback=self.__validdir,
+ help=_("alternate /tmp directory to use for mounting"))
+
++ parser.add_option("-w", "--windowsize", dest="windowsize",
++ type="string", default=DEFAULT_WINDOWSIZE,
++ help="size of the sandbox window")
++
+ parser.add_option("-W", "--windowmanager", dest="wm",
+ type="string",
+ default="/usr/bin/matchbox-window-manager -use_titlebar no",
+@@ -276,12 +288,18 @@
+ parser.add_option("-l", "--level", dest="level",
+ help=_("MCS/MLS level for the sesandbox"))
+
++ parser.add_option("-C", "--capabilities",
++ action="store_true", dest="usecaps", default=False,
++ help="Allow apps requiring capabilities to run within the sandbox.")
++
++
+ self.__parser=parser
+
+ self.__options, cmds = parser.parse_args()
+
+ if self.__options.X_ind:
+ self.setype = DEFAULT_X_TYPE
++ self.dpi=commands.getoutput("xrdb -query | grep dpi | /bin/cut -f 2")
+
+ if self.__options.setype:
+ self.setype = self.__options.setype
+@@ -300,6 +318,10 @@
+ self.__homedir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
+ else:
++ if self.__options.level:
++ self.__homedir = self.__options.homedir
++ self.__tmpdir = self.__options.tmpdir
++
+ if len(cmds) == 0:
+ self.usage(_("Command required"))
+ cmds[0] = fullpath(cmds[0])
+@@ -329,44 +351,45 @@
+ def __setup_dir(self):
+ if self.__options.level or self.__options.session:
+ return
+- sandboxdir = HOMEDIR + "/.sesandbox"
+- if not os.path.exists(sandboxdir):
+- os.mkdir(sandboxdir)
+
+ if self.__options.homedir:
+ selinux.chcon(self.__options.homedir, self.__filecon, recursive=True)
+ self.__homedir = self.__options.homedir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sesandbox")
++ self.__homedir = mkdtemp(dir="/tmp", prefix=".sesandbox_home_")
+
+ if self.__options.tmpdir:
+ selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
+ self.__tmpdir = self.__options.tmpdir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox")
++ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox_tmp_")
+ selinux.setfscreatecon(None)
+ self.__copyfiles()
+
+ def __execute(self):
+ try:
+- if self.__options.X_ind:
+- xmodmapfile = self.__homedir + "/.xmodmap"
+- xd = open(xmodmapfile,"w")
+- subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
+- xd.close()
+-
+- self.__setup_sandboxrc(self.__options.wm)
+-
+- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sesandbox/sesandboxX.sh" ]
+- rc = subprocess.Popen(cmds).wait()
+- return rc
+-
++ cmds = [ SEUNSHARE, "-Z", self.__execcon ]
++ if self.__options.usecaps:
++ cmds.append('-C')
++ if not self.__options.level:
++ cmds.append('-k')
+ if self.__mount:
+- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon ] + self.__paths
+- rc = subprocess.Popen(cmds).wait()
+- return rc
++ cmds += [ "-t", self.__tmpdir, "-h", self.__homedir ]
++
++ if self.__options.X_ind:
++ xmodmapfile = self.__homedir + "/.xmodmap"
++ xd = open(xmodmapfile,"w")
++ subprocess.Popen(["/usr/bin/xmodmap","-pke"],stdout=xd).wait()
++ xd.close()
++
++ self.__setup_sandboxrc(self.__options.wm)
++
++ cmds += [ "--", SANDBOXSH, self.__options.windowsize, self.dpi ]
++ else:
++ cmds += [ "--" ] + self.__paths
++ return subprocess.Popen(cmds).wait()
+
+ selinux.setexeccon(self.__execcon)
+ rc = subprocess.Popen(self.__cmds).wait()
+@@ -404,7 +427,7 @@
+ sandbox = Sandbox()
+ rc = sandbox.main()
+ except OSError, error:
+- error_exit(error.args[1])
++ error_exit(error)
+ except ValueError, error:
+ error_exit(error.args[0])
+ except KeyError, error:
+diff -uNr policycoreutils-2.0.85.orig/sandbox/seunshare.c policycoreutils-2.0.85/sandbox/seunshare.c
+--- policycoreutils-2.0.85.orig/sandbox/seunshare.c 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/seunshare.c 2011-07-13 21:33:33.601002609 +0200
+@@ -1,10 +1,17 @@
++/*
++ * Authors: Dan Walsh <dwalsh@redhat.com>
++ * Authors: Thomas Liu <tliu@fedoraproject.org>
++ *
++ * Does not include cgroups support (as opposed to seunshare in fedora)
++ */
++
++#define _GNU_SOURCE
+ #include <signal.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <syslog.h>
+ #include <sys/mount.h>
+ #include <pwd.h>
+-#define _GNU_SOURCE
+ #include <sched.h>
+ #include <string.h>
+ #include <stdio.h>
+@@ -15,6 +22,10 @@
+ #include <limits.h>
+ #include <stdlib.h>
+ #include <errno.h>
++#include <regex.h>
++#include <sys/fsuid.h>
++#include <fcntl.h>
++#include <dirent.h>
+
+ #include <selinux/selinux.h>
+ #include <selinux/context.h> /* for context-mangling functions */
+@@ -22,6 +33,8 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <glob.h>
++#include <regex.h>
+
+ #ifdef USE_NLS
+ #include <locale.h> /* for setlocale() */
+@@ -39,26 +52,44 @@
+ #define MS_PRIVATE 1<<18
+ #endif
+
++static int verbose = 0;
++static int child = 0;
++
++static capng_select_t cap_set = CAPNG_SELECT_BOTH;
++
+ /**
+- * This function will drop all capabilities
+- * Returns zero on success, non-zero otherwise
++ * This function will drop all capabilities
+ */
+-static int drop_capabilities(uid_t uid)
++static int drop_caps()
+ {
+- capng_clear(CAPNG_SELECT_BOTH);
+-
+- if (capng_lock() < 0)
++ if (capng_have_capabilities(cap_set) == CAPNG_NONE)
++ return 0;
++ capng_clear(cap_set);
++ if (capng_lock() == -1 || capng_apply(cap_set) == -1) {
++ fprintf(stderr, _("Failed to drop all capabilities\n"));
+ return -1;
+- /* Change uid */
+- if (setresuid(uid, uid, uid)) {
+- fprintf(stderr, _("Error changing uid, aborting.\n"));
++ }
++ return 0;
++}
++
++/**
++ * This function will drop all privileges.
++ */
++static int drop_privs(uid_t uid) {
++ if (drop_caps() == -1 || setresuid(uid, uid, uid) == -1) {
++ fprintf(stderr, _("Failed to drop privileges\n"));
+ return -1;
+ }
+- return capng_apply(CAPNG_SELECT_BOTH);
++ return 0;
+ }
+
+-#define DEFAULT_PATH "/usr/bin:/bin"
+-static int verbose = 0;
++/**
++ * If the user sends a siginto to seunshare, kill the child's session
++ */
++void handler(int sig) {
++ if (child > 0)
++ kill(-child, sig);
++}
+
+ /**
+ * Take care of any signal setup
+@@ -81,24 +112,109 @@
+ return -1;
+ }
+
++ if (signal(SIGINT, handler) == SIG_ERR) {
++ perror("Unable to set SIGHUP handler");
++ return -1;
++ }
++
+ return 0;
+ }
+
++#define status_to_retval(status,retval) do { \
++ if ((status) == -1) \
++ retval = -1; \
++ else if (WIFEXITED((status))) \
++ retval = WEXITSTATUS((status)); \
++ else if (WIFSIGNALED((status))) \
++ retval = 128 + WTERMSIG((status)); \
++ else \
++ retval = -1; \
++ } while(0)
++
++
++/**
++ * Spawn external command using system() with dropped privileges.
++ * TODO: avoid system() and use exec*() instead.
++ */
++static int spawn_command(const char *cmd, uid_t uid) {
++ int child;
++ int status = -1;
++
++ if (verbose > 1)
++ printf("spawn_command: %s\n", cmd);
++
++ child = fork();
++ if (child == -1) {
++ perror(_("Unable to fork"));
++ return status;
++ }
++
++ if (child == 0) {
++ if (drop_privs(uid) != 0)
++ exit(-1);
++
++ status = system(cmd);
++ status_to_retval(status, status);
++ exit(status);
++ }
++
++ waitpid(child, &status, 0);
++ status_to_retval(status, status);
++ return status;
++}
++
+ /**
+- * This function makes sure the mounted directory is owned by the user executing
+- * seunshare.
+- * If so, it returns 0. If it can not figure this out or they are different, it returns -1.
++ * Check file/directory ownership, struct stat * must be passed to the functions.
+ */
+-static int verify_mount(const char *mntdir, struct passwd *pwd) {
++static int check_owner_uid(uid_t uid, const char *file, struct stat *st) {
++ if (S_ISLNK(st->st_mode)) {
++ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++ return -1;
++ }
++ if (st->st_uid != uid) {
++ fprintf(stderr, _("Error: %s not owned by UID %d\n"), file, uid);
++ return -1;
++ }
++ return 0;
++}
++
++static int check_owner_gid(gid_t gid, const char *file, struct stat *st) {
++ if (S_ISLNK(st->st_mode)) {
++ fprintf(stderr, _("Error: %s must not be a symbolic link\n"), file);
++ return -1;
++ }
++ if (st->st_gid != gid) {
++ fprintf(stderr, _("Error: %s not owned by GID %d\n"), file, gid);
++ return -1;
++ }
++ return 0;
++}
++
++#define equal_stats(one,two) \
++ ((one)->st_dev == (two)->st_dev && (one)->st_ino == (two)->st_ino && \
++ (one)->st_uid == (two)->st_uid && (one)->st_gid == (two)->st_gid && \
++ (one)->st_mode == (two)->st_mode)
++
++/**
++ * Sanity check specified directory. Store stat info for future comparison, or compare
++ * with previously saved info to detect replaced directories.
++ * Note: this function does not perform owner checks.
++ */
++static int verify_directory(const char *dir, struct stat *st_in, struct stat *st_out) {
+ struct stat sb;
+- if (stat(mntdir, &sb) == -1) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), mntdir, strerror(errno));
++
++ if (st_out == NULL) st_out = &sb;
++
++ if (lstat(dir, st_out) == -1) {
++ fprintf(stderr, _("Failed to stat %s: %s\n"), dir, strerror(errno));
+ return -1;
+ }
+- if (sb.st_uid != pwd->pw_uid) {
+- errno = EPERM;
+- syslog(LOG_AUTHPRIV | LOG_ALERT, "%s attempted to mount an invalid directory, %s", pwd->pw_name, mntdir);
+- perror(_("Invalid mount point, reporting to administrator"));
++ if (! S_ISDIR(st_out->st_mode)) {
++ fprintf(stderr, _("Error: %s is not a directory: %s\n"), dir, strerror(errno));
++ return -1;
++ }
++ if (st_in && !equal_stats(st_in, st_out)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), dir);
+ return -1;
+ }
+ return 0;
+@@ -123,7 +239,7 @@
+
+ /* check the shell skipping newline char */
+ if (!strcmp(shell_name, buf)) {
+- rc = 1;
++ rc = 0;
+ break;
+ }
+ }
+@@ -131,45 +247,388 @@
+ return rc;
+ }
+
+-static int seunshare_mount(const char *src, const char *dst, struct passwd *pwd) {
++/*
++ * Mount directory and check that we mounted the right directory.
++ */
++static int seunshare_mount(const char *src, const char *dst, struct stat *src_st) {
++ int flags = MS_REC;
++ int is_tmp = 0;
++
+ if (verbose)
+- printf("Mount %s on %s\n", src, dst);
+- if (mount(dst, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
++ printf(_("Mounting %s on %s\n"), src, dst);
++
++ if (strcmp("/tmp", dst) == 0) {
++ flags = flags | MS_NODEV | MS_NOSUID | MS_NOEXEC;
++ is_tmp = 1;
++ }
++
++ /* mount directory */
++ if (mount(dst, dst, NULL, MS_BIND | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
+ return -1;
+ }
+
+- if (mount(dst, dst, NULL, MS_PRIVATE | MS_REC, NULL) < 0) {
++ if (mount(dst, dst, NULL, MS_PRIVATE | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to make %s private: %s\n"), dst, strerror(errno));
+ return -1;
+ }
+
+- if (mount(src, dst, NULL, MS_BIND | MS_REC, NULL) < 0) {
++ if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
+ return -1;
+ }
+
+- if (verify_mount(dst, pwd) < 0)
++ /* verify whether we mounted what we expected to mount */
++ if (verify_directory(dst, src_st, NULL) < 0)
+ return -1;
++
++ /* bind mount /tmp on /var/tmp too */
++ if (is_tmp) {
++ if (verbose)
++ printf(_("Mounting /tmp on /var/tmp\n"));
++
++ if (mount("/var/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
++ return -1;
++ }
++ if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
++ return -1;
++ }
++ if (mount("/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
++ fprintf(stderr, _("Failed to mount /tmp on /var/tmp: %s\n"), strerror(errno));
++ return -1;
++ }
++ }
++
++ return 0;
+ }
+
+-#define USAGE_STRING _("USAGE: seunshare [ -v ] [ -t tmpdir ] [ -h homedir ] -- CONTEXT executable [args] ")
++/*
++ * If path is empty or ends with "/." or "/.." return -1 else return 0;
++ */
++static int bad_path(const char *path) {
++ const char *ptr;
++ ptr = path;
++ while (*ptr) ptr++;
++ if (ptr == path) return -1; // ptr null
++ ptr--;
++ if (ptr != path && *ptr == '.') {
++ ptr--;
++ if (*ptr == '/') return -1; // path ends in /.
++ if (*ptr == '.') {
++ if (ptr != path) {
++ ptr--;
++ if (*ptr == '/') return -1; // path ends in /..
++ }
++ }
++ }
++ return 0;
++}
++
++static int rsynccmd(const char *src, const char *dst, char **cmdbuf) {
++ char *buf = NULL;
++ char *newbuf = NULL;
++ glob_t fglob;
++ fglob.gl_offs = 0;
++ int flags = GLOB_PERIOD;
++ unsigned int i = 0;
++ int rc = -1;
++
++ /* match glob for all files in src dir */
++ if (asprintf(&buf, "%s/*", src) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ return -1;
++ }
++
++ if (glob(buf, flags, NULL, &fglob) != 0) {
++ free(buf);
++ buf = NULL;
++ return -1;
++ }
++
++ free(buf);
++ buf = NULL;
++
++ for (i=0; i < fglob.gl_pathc; i++) {
++ const char * path = fglob.gl_pathv[i];
++
++ if (bad_path(path))
++ continue;
++
++ if (!buf) {
++ if (asprintf(&newbuf, "\'%s\'", path) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ } else {
++ if (asprintf(&newbuf, "%s \'%s\'", buf, path) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ }
++
++ free(buf); buf = newbuf;
++ newbuf = NULL;
++ }
++
++ if (buf) {
++ if (asprintf(&newbuf, "/usr/bin/rsync -trlHDq %s '%s'", buf, dst) == -1) {
++ fprintf(stderr, "Out of memory\n");
++ goto err;
++ }
++ *cmdbuf = newbuf;
++ } else {
++ *cmdbuf = NULL;
++ }
++ rc = 0;
++
++err:
++ free(buf);
++ buf = NULL;
++ globfree(&fglob);
++ return rc;
++}
++
++/**
++ * Clean up runtime temporary directory. Returns 0 if no problem was detected,
++ * >0 if some error was detected, but errors here are treated as non-fatal and
++ * left to tmpwatch to finish incomplete cleanup.
++ */
++static int cleanup_tmpdir(const char *tmpdir, const char *src, struct passwd *pwd, int copy_content) {
++ char *cmdbuf = NULL;
++ int rc = 0;
++
++ /* rsync files back */
++ if (copy_content) {
++ if (asprintf(&cmdbuf, "/usr/bin/rsync --exclude=.X11-unix -utrlHDq --delete '%s/' '%s/'", tmpdir, src) == -1) {
++ fprintf(stderr, _("Out of memory\n"));
++ cmdbuf = NULL;
++ rc++;
++ }
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
++ fprintf(stderr, _("Failed to copy files from the runtime temporary directory\n"));
++ rc++;
++ }
++ free(cmdbuf);
++ cmdbuf = NULL;
++ }
++
++ /* remove files from the runtime temporary directory */
++ if (asprintf(&cmdbuf, "/bin/rm -r '%s/' 2>/dev/null", tmpdir) == -1) {
++ fprintf(stderr, _("Out of memory\n"));
++ cmdbuf = NULL;
++ rc++;
++ }
++ /* this may fail if there's root-owned file left in the runtime tmpdir */
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0)
++ rc++;
++ free(cmdbuf);
++ cmdbuf = NULL;
++
++ /* remove runtime temporary directory */
++ setfsuid(0);
++ if (rmdir(tmpdir) == -1)
++ fprintf(stderr, _("Failed to remove directory %s: %s\n"), tmpdir, strerror(errno));
++ setfsuid(pwd->pw_uid);
++
++ return 0;
++}
++
++/**
++ * seunshare will create a tmpdir in /tmp, with root ownership. The parent process
++ * waits for its child to exit to attempt to remove the directory. If it fails to remove
++ * the directory, we will need to rely on tmpreaper/tmpwatch to clean it up.
++ */
++static char *create_tmpdir(const char *src, struct stat *src_st, struct stat *out_st, struct passwd *pwd, security_context_t execcon) {
++ char *tmpdir = NULL;
++ char *cmdbuf = NULL;
++ int fd_t = -1, fd_s = -1;
++ struct stat tmp_st;
++ security_context_t con = NULL;
++
++ /* get selinux context */
++ if (execcon) {
++ setfsuid(pwd->pw_uid);
++ if ((fd_s = open(src, O_RDONLY)) < 0) {
++ fprintf(stderr, _("Failed to open directory %s: %s\n"), src, strerror(errno));
++ goto err;
++ }
++ if (fstat(fd_s, &tmp_st) == -1) {
++ fprintf(stderr, _("Failed to stat directory %s: %s\n"), src, strerror(errno));
++ goto err;
++ }
++ if (!equal_stats(src_st, &tmp_st)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), src);
++ goto err;
++ }
++
++ /* ok to not reach this if there is an error */
++ setfsuid(0);
++ }
++
++ if (asprintf(&tmpdir, "/tmp/.sandbox-%s-XXXXXX", pwd->pw_name) == -1) {
++ fprintf(stderr, _("Out of memory\n"));
++ tmpdir = NULL;
++ goto err;
++ }
++ if (mkdtemp(tmpdir) == NULL) {
++ fprintf(stderr, _("Failed to create temporary directory: %s\n"), strerror(errno));
++ goto err;
++ }
++
++ /* temporary directory must be owned by root:user */
++ if (verify_directory(tmpdir, NULL, out_st) < 0) {
++ goto err;
++ }
++ if (check_owner_uid(0, tmpdir, out_st) < 0) goto err;
++ if (check_owner_gid(getgid(), tmpdir, out_st) < 0) goto err;
++
++ /* change permission of the temporary directory */
++ if ((fd_t = open(tmpdir, O_RDONLY)) < 0) {
++ fprintf(stderr, _("Failed to open directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ if (fstat(fd_t, &tmp_st) == -1) {
++ fprintf(stderr, _("Failed to stat directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ if (!equal_stats(out_st, &tmp_st)) {
++ fprintf(stderr, _("Error: %s was replaced by a different directory\n"), tmpdir);
++ goto err;
++ }
++ if (fchmod(fd_t, 01770) == -1) {
++ fprintf(stderr, _("Unable to change mode on %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ /* re-stat again to pick change mode */
++ if (fstat(fd_t, out_st) == -1) {
++ fprintf(stderr, _("Failed to stat directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++
++ /* copy selinux context */
++ if (execcon) {
++ if (fsetfilecon(fd_t, con) == -1) {
++ fprintf(stderr, _("Failed to set context of the directory %s: %s\n"), tmpdir, strerror(errno));
++ goto err;
++ }
++ }
++
++ setfsuid(pwd->pw_uid);
++
++ if (rsynccmd(src, tmpdir, &cmdbuf) < 0) {
++ goto err;
++ }
++
++ /* ok to not reach this if there is an error */
++ setfsuid(0);
++
++ if (cmdbuf && spawn_command(cmdbuf, pwd->pw_uid) != 0) {
++ fprintf(stderr, _("Failed to populate runtime temporary directory\n"));
++ cleanup_tmpdir(tmpdir, src, pwd, 0);
++ goto err;
++ }
++
++ goto good;
++err:
++ free(tmpdir);
++ tmpdir = NULL;
++good:
++ free(cmdbuf);
++ cmdbuf = NULL;
++ freecon(con);
++ con = NULL;
++ if (fd_t >= 0)
++ close(fd_t);
++ if (fd_s >= 0)
++ close(fd_s);
++ return tmpdir;
++}
++
++#define DEFAULT_PATH "/usr/bin:/bin"
++#define USAGE_STRING _("USAGE: seunshare [ -v ] -C -t tmpdir -h homedir [-Z context] -- executable [args]")
++#define PROC_BASE "/proc"
++
++static int killall (security_context_t execcon) {
++ DIR *dir;
++ security_context_t scon;
++ struct dirent *de;
++ pid_t *pid_table, pid, self;
++ int i;
++ int pids, max_pids;
++ int running = 0;
++ self = getpid();
++ if (!(dir = opendir(PROC_BASE))) {
++ return -1;
++ }
++ max_pids = 256;
++ pid_table = malloc(max_pids * sizeof(pid_t));
++ if (!pid_table) {
++ return -1;
++ }
++ pids = 0;
++ context_t con;
++ con = context_new(execcon);
++ const char *mcs = context_range_get(con);
++ printf("mcs=%s\n", mcs);
++ while ((de = readdir(dir)) != NULL) {
++ if (!(pid = (pid_t)atoi(de->d_name)) || pid == self)
++ continue;
++
++ if (pids == max_pids) {
++ if(!(pid_table = realloc(pid_table, 2*pids*sizeof(pid_t)))) {
++ return -1;
++ }
++ max_pids *= 2;
++ }
++ pid_table[pids++] = pid;
++ }
++
++ (void)closedir(dir);
++
++ for (i = 0; i < pids; i++) {
++ pid_t id = pid_table[i];
++
++ if (getpidcon(id, &scon) == 0) {
++ context_t pidcon = context_new(scon);
++ /* Attempt to kill remaining processes */
++ if (strcmp(context_range_get(pidcon), mcs) == 0)
++ kill(id, SIGKILL);
++
++ context_free(pidcon);
++ freecon(scon);
++ }
++ running++;
++ }
++
++ context_free(con);
++ free(pid_table);
++ return running;
++}
+
+ int main(int argc, char **argv) {
+- int rc;
+ int status = -1;
++ security_context_t execcon = NULL;
+
+- security_context_t scontext;
+-
+- int flag_index; /* flag index in argv[] */
+ int clflag; /* holds codes for command line flags */
+- char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */
++ int kill_all = 0;
++
+ char *homedir_s = NULL; /* homedir spec'd by user in argv[] */
++ char *tmpdir_s = NULL; /* tmpdir spec'd by user in argv[] */
++ char * tmpdir_r = NULL; /* tmpdir created by seunshare */
++
++ struct stat st_homedir;
++ struct stat st_tmpdir_s;
++ struct stat st_tmpdir_r;
+
+ const struct option long_options[] = {
+ {"homedir", 1, 0, 'h'},
+ {"tmpdir", 1, 0, 't'},
++ {"kill", 1, 0, 'k'},
+ {"verbose", 1, 0, 'v'},
++ {"context", 1, 0, 'Z'},
++ {"capabilities", 1, 0, 'C'},
+ {NULL, 0, 0, 0}
+ };
+
+@@ -187,34 +646,33 @@
+ }
+
+ if (verify_shell(pwd->pw_shell) < 0) {
+- fprintf(stderr, _("Error! Shell is not valid.\n"));
++ fprintf(stderr, _("Error: User shell is not valid.\n"));
+ return -1;
+ }
+
+ while (1) {
+- clflag = getopt_long(argc, argv, "h:t:", long_options,
+- &flag_index);
++ clflag = getopt_long(argc, argv, "Cvh:t:Z", long_options, NULL);
+ if (clflag == -1)
+ break;
+
+ switch (clflag) {
+ case 't':
+- if (!(tmpdir_s = realpath(optarg, NULL))) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), optarg, strerror(errno));
+- return -1;
+- }
+- if (verify_mount(tmpdir_s, pwd) < 0) return -1;
++ tmpdir_s = optarg;
++ break;
++ case 'k':
++ kill_all = 1;
+ break;
+ case 'h':
+- if (!(homedir_s = realpath(optarg, NULL))) {
+- fprintf(stderr, _("Invalid mount point %s: %s\n"), optarg, strerror(errno));
+- return -1;
+- }
+- if (verify_mount(homedir_s, pwd) < 0) return -1;
+- if (verify_mount(pwd->pw_dir, pwd) < 0) return -1;
++ homedir_s = optarg;
+ break;
+ case 'v':
+- verbose = 1;
++ verbose++;
++ break;
++ case 'C':
++ cap_set = CAPNG_SELECT_CAPS;
++ break;
++ case 'Z':
++ execcon = optarg;
+ break;
+ default:
+ fprintf(stderr, "%s\n", USAGE_STRING);
+@@ -223,74 +681,80 @@
+ }
+
+ if (! homedir_s && ! tmpdir_s) {
+- fprintf(stderr, _("Error: tmpdir and/or homedir required \n"),
+- "%s\n", USAGE_STRING);
++ fprintf(stderr, _("Error: tmpdir and/or homedir required\n %s\n"), USAGE_STRING);
+ return -1;
+ }
+
+- if (argc - optind < 2) {
+- fprintf(stderr, _("Error: context and executable required \n"),
+- "%s\n", USAGE_STRING);
++ if (argc - optind < 1) {
++ fprintf(stderr, _("Error: executable required \n %s\n"), USAGE_STRING);
+ return -1;
+ }
+
+- scontext = argv[optind++];
+-
+- if (set_signal_handles())
+- return -1;
+-
+- if (unshare(CLONE_NEWNS) < 0) {
+- perror(_("Failed to unshare"));
++ if (execcon && is_selinux_enabled() != -1) {
++ fprintf(stderr, _("Error: execution context specified, but SELinux is not enabled\n"));
+ return -1;
+ }
+
+- if (homedir_s && tmpdir_s && (strncmp(pwd->pw_dir, tmpdir_s, strlen(pwd->pw_dir)) == 0)) {
+- if (seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
+- return -1;
+- if (seunshare_mount(homedir_s, pwd->pw_dir, pwd) < 0)
+- return -1;
+- } else {
+- if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir, pwd) < 0)
+- return -1;
+-
+- if (tmpdir_s && seunshare_mount(tmpdir_s, "/tmp", pwd) < 0)
+- return -1;
+- }
++ if (set_signal_handles()) return -1;
++
++ /* set fsuid to ruid */
++ /* Changing fsuid is usually required when user-specified directory is
++ * on an NFS mount. It's also desired to avoid leaking info about
++ * existence of the files not accessible to the user.
++ */
++ setfsuid(uid);
+
+- if (drop_capabilities(uid)) {
+- perror(_("Failed to drop all capabilities"));
++ /* verify homedir and tmpdir */
++ if (homedir_s && (
++ verify_directory(homedir_s, NULL, &st_homedir) < 0 ||
++ check_owner_uid(uid, homedir_s, &st_homedir))) return -1;
++ if (tmpdir_s && (
++ verify_directory(tmpdir_s, NULL, &st_tmpdir_s) < 0 ||
++ check_owner_uid(uid, tmpdir_s, &st_tmpdir_s))) return -1;
++ setfsuid(0);
++
++ /* create runtime tmpdir */
++ if (tmpdir_s && (tmpdir_r = create_tmpdir(tmpdir_s, &st_tmpdir_s, &st_tmpdir_r, pwd, execcon)) == NULL) {
++ fprintf(stderr, _("Failed to create runtime temporary directory\n"));
+ return -1;
+ }
+
+- int child = fork();
++ /* spawn child process */
++ child = fork();
+ if (child == -1) {
+ perror(_("Unable to fork"));
+- return -1;
++ goto err;
+ }
+
+- if (!child) {
+- char *display=NULL;
+- /* Construct a new environment */
+- char *d = getenv("DISPLAY");
+- if (d) {
+- display = strdup(d);
+- if (!display) {
+- perror(_("Out of memory"));
+- exit(-1);
+- }
++ if (child == 0) {
++ char *display = NULL;
++ int rc = -1;
++
++ if (unshare(CLONE_NEWNS) < 0) {
++ perror(_("Failed to unshare"));
++ goto childerr;
+ }
+
+- if ((rc = clearenv())) {
+- perror(_("Unable to clear environment"));
+- free(display);
+- exit(-1);
++ /* assume fsuid == ruid after this point */
++ setfsuid(uid);
++
++ /* mount homedir and tmpdir, in this order */
++ if (homedir_s && seunshare_mount(homedir_s, pwd->pw_dir, &st_homedir) != 0) goto childerr;
++ if (tmpdir_s && seunshare_mount(tmpdir_r, "/tmp", &st_tmpdir_r) != 0) goto childerr;
++
++ if (drop_privs(uid) != 0) goto childerr;
++
++ /* construct a new environment */
++ if ((display = getenv("DISPLAY")) != NULL) {
++ if ((display = strdup(display)) == NULL) {
++ perror(_("Out of memory"));
++ goto childerr;
++ }
+ }
+-
+- if (setexeccon(scontext)) {
+- fprintf(stderr, _("Could not set exec context to %s.\n"),
+- scontext);
+- free(display);
+- exit(-1);
++
++ if ((rc = clearenv()) != 0) {
++ perror(_("Failed to clear environment"));
++ goto childerr;
+ }
+
+ if (display)
+@@ -300,22 +764,46 @@
+ rc |= setenv("USER", pwd->pw_name, 1);
+ rc |= setenv("LOGNAME", pwd->pw_name, 1);
+ rc |= setenv("PATH", DEFAULT_PATH, 1);
+-
++
++ if (rc != 0) {
++ fprintf(stderr, _("Failed to construct environment\n"));
++ goto childerr;
++ }
++
++ /* selinux context */
++ if (execcon && setexeccon(execcon) != 0) {
++ fprintf(stderr, _("Could not set exec context to %s.\n"), execcon);
++ goto childerr;
++ }
++
+ if (chdir(pwd->pw_dir)) {
+ perror(_("Failed to change dir to homedir"));
+- exit(-1);
++ goto childerr;
+ }
++
+ setsid();
++
+ execv(argv[optind], argv + optind);
++ fprintf(stderr, _("Failed to execute command %s: %s\n"), argv[optind], strerror(errno));
++childerr:
+ free(display);
+- perror("execv");
+ exit(-1);
+- } else {
+- waitpid(child, &status, 0);
+ }
+
+- free(tmpdir_s);
+- free(homedir_s);
++ drop_caps();
+
++ /* parent waits for child exit to do the cleanup */
++ waitpid(child, &status, 0);
++ status_to_retval(status, status);
++
++ /* Make sure all child processes exit */
++ kill(-child, SIGTERM);
++
++ if (execcon && kill_all)
++ killall(execcon);
++
++ if (tmpdir_r) cleanup_tmpdir(tmpdir_r, tmpdir_s, pwd, 1);
++err:
++ free(tmpdir_r);
+ return status;
+ }
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz
new file mode 100644
index 0000000..49b3169
Binary files /dev/null and b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz differ
diff --git a/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch
new file mode 100644
index 0000000..42bd083
--- /dev/null
+++ b/sys-apps/policycoreutils/files/policycoreutils-2.0.85-sesandbox.patch
@@ -0,0 +1,387 @@
+diff -uNr policycoreutils-2.0.85.orig/sandbox/Makefile policycoreutils-2.0.85/sandbox/Makefile
+--- policycoreutils-2.0.85.orig/sandbox/Makefile 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/Makefile 2011-07-13 19:32:10.337002401 +0200
+@@ -6,28 +6,37 @@
+ SBINDIR ?= $(PREFIX)/sbin
+ MANDIR ?= $(PREFIX)/share/man
+ LOCALEDIR ?= /usr/share/locale
+-SHAREDIR ?= $(PREFIX)/share/sandbox
++SHAREDIR ?= $(PREFIX)/share/sesandbox
+ override CFLAGS += $(LDFLAGS) -I$(PREFIX)/include -DPACKAGE="\"policycoreutils\""
+ LDLIBS += -lselinux -lcap-ng
+
+-all: sandbox seunshare sandboxX.sh
++all: sesandbox seunshare sesandboxX.sh
++
++sesandbox: sandbox
++ cp sandbox sesandbox
++ cp sandbox.8 sesandbox.8
++ cp sandbox.init sesandbox.init
++ cp sandbox.config sesandbox.config
++
++sesandboxX.sh: sandboxX.sh
++ cp sandboxX.sh sesandboxX.sh
+
+ seunshare: seunshare.o $(EXTRA_OBJS)
+ $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+
+ install: all
+ -mkdir -p $(BINDIR)
+- install -m 755 sandbox $(BINDIR)
++ install -m 755 sesandbox $(BINDIR)
+ -mkdir -p $(MANDIR)/man8
+- install -m 644 sandbox.8 $(MANDIR)/man8/
++ install -m 644 sesandbox.8 $(MANDIR)/man8/
+ -mkdir -p $(SBINDIR)
+ install -m 4755 seunshare $(SBINDIR)/
+ -mkdir -p $(SHAREDIR)
+- install -m 755 sandboxX.sh $(SHAREDIR)
++ install -m 755 sesandboxX.sh $(SHAREDIR)
+ -mkdir -p $(INITDIR)
+- install -m 755 sandbox.init $(INITDIR)/sandbox
++ install -m 755 sesandbox.init $(INITDIR)/sesandbox
+ -mkdir -p $(SYSCONFDIR)
+- install -m 644 sandbox.config $(SYSCONFDIR)/sandbox
++ install -m 644 sesandbox.config $(SYSCONFDIR)/sesandbox
+
+ test:
+ @python test_sandbox.py -v
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox policycoreutils-2.0.85/sandbox/sandbox
+--- policycoreutils-2.0.85.orig/sandbox/sandbox 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox 2011-07-13 18:39:07.068002310 +0200
+@@ -142,7 +142,7 @@
+ return cmd
+
+ class Sandbox:
+- VERSION = "sandbox .1"
++ VERSION = "sesandbox .1"
+ SYSLOG = "/var/log/messages"
+
+ def __init__(self):
+@@ -204,7 +204,7 @@
+ copyfile(f, "/tmp", self.__tmpdir)
+
+ def __setup_sandboxrc(self, wm = "/usr/bin/matchbox-window-manager -use_titlebar no"):
+- execfile =self.__homedir + "/.sandboxrc"
++ execfile =self.__homedir + "/.sesandboxrc"
+ fd = open(execfile, "w+")
+ if self.__options.session:
+ fd.write("""#!/bin/sh
+@@ -230,9 +230,9 @@
+ def __parse_options(self):
+ from optparse import OptionParser
+ usage = _("""
+-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
++sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] command
+
+-sandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
++sesandbox [-h] [-[X|M] [-l level ] [-H homedir] [-T tempdir]] [-I includefile ] [-W windowmanager ] [[-i file ] ...] [ -t type ] -S
+ """)
+
+ parser = OptionParser(version=self.VERSION, usage=usage)
+@@ -240,22 +240,22 @@
+ parser.add_option("-i", "--include",
+ action="callback", callback=self.__include,
+ type="string",
+- help=_("include file in sandbox"))
++ help=_("include file in sesandbox"))
+ parser.add_option("-I", "--includefile", action="callback", callback=self.__includefile,
+ type="string",
+- help=_("read list of files to include in sandbox from INCLUDEFILE"))
++ help=_("read list of files to include in sesandbox from INCLUDEFILE"))
+ parser.add_option("-t", "--type", dest="setype", action="store", default=None,
+- help=_("run sandbox with SELinux type"))
++ help=_("run sesandbox with SELinux type"))
+ parser.add_option("-M", "--mount",
+ action="callback", callback=self.__mount_callback,
+ help=_("mount new home and/or tmp directory"))
+
+ parser.add_option("-S", "--session", action="store_true", dest="session",
+- default=False, help=_("run complete desktop session within sandbox"))
++ default=False, help=_("run complete desktop session within sesandbox"))
+
+ parser.add_option("-X", dest="X_ind",
+ action="callback", callback=self.__x_callback,
+- default=False, help=_("run X application within a sandbox"))
++ default=False, help=_("run X application within a sesandbox"))
+
+ parser.add_option("-H", "--homedir",
+ action="callback", callback=self.__validdir,
+@@ -274,7 +274,7 @@
+ help=_("alternate window manager"))
+
+ parser.add_option("-l", "--level", dest="level",
+- help=_("MCS/MLS level for the sandbox"))
++ help=_("MCS/MLS level for the sesandbox"))
+
+ self.__parser=parser
+
+@@ -293,9 +293,9 @@
+ if not self.__options.setype:
+ self.setype = selinux.getcon()[1].split(":")[2]
+ if not self.__options.homedir or not self.__options.tmpdir:
+- self.usage(_("You must specify a Homedir and tempdir when setting up a session sandbox"))
++ self.usage(_("You must specify a Homedir and tempdir when setting up a session sesandbox"))
+ if len(cmds) > 0:
+- self.usage(_("Commands are not allowed in a session sandbox"))
++ self.usage(_("Commands are not allowed in a session sesandbox"))
+ self.__options.X_ind = True
+ self.__homedir = self.__options.homedir
+ self.__tmpdir = self.__options.tmpdir
+@@ -329,7 +329,7 @@
+ def __setup_dir(self):
+ if self.__options.level or self.__options.session:
+ return
+- sandboxdir = HOMEDIR + "/.sandbox"
++ sandboxdir = HOMEDIR + "/.sesandbox"
+ if not os.path.exists(sandboxdir):
+ os.mkdir(sandboxdir)
+
+@@ -338,14 +338,14 @@
+ self.__homedir = self.__options.homedir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sandbox")
++ self.__homedir = mkdtemp(dir=sandboxdir, prefix=".sesandbox")
+
+ if self.__options.tmpdir:
+ selinux.chcon(self.__options.tmpdir, self.__filecon, recursive=True)
+ self.__tmpdir = self.__options.tmpdir
+ else:
+ selinux.setfscreatecon(self.__filecon)
+- self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox")
++ self.__tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox")
+ selinux.setfscreatecon(None)
+ self.__copyfiles()
+
+@@ -359,7 +359,7 @@
+
+ self.__setup_sandboxrc(self.__options.wm)
+
+- cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sandbox/sandboxX.sh" ]
++ cmds = [ '/usr/sbin/seunshare', "-t", self.__tmpdir, "-h", self.__homedir, "--", self.__execcon, "/usr/share/sesandbox/sesandboxX.sh" ]
+ rc = subprocess.Popen(cmds).wait()
+ return rc
+
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox.8 policycoreutils-2.0.85/sandbox/sandbox.8
+--- policycoreutils-2.0.85.orig/sandbox/sandbox.8 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox.8 2011-07-13 18:40:09.803002312 +0200
+@@ -1,8 +1,8 @@
+ .TH SANDBOX "8" "May 2009" "chcat" "User Commands"
+ .SH NAME
+-sandbox \- Run cmd under an SELinux sandbox
++sesandbox \- Run cmd under an SELinux sandbox
+ .SH SYNOPSIS
+-.B sandbox
++.B sesandbox
+ [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] cmd
+ [-l level ] [[-M | -X] -H homedir -T tempdir ] [-I includefile ] [ -W windowmanager ] [[-i file ]...] [ -t type ] -S
+ .br
+@@ -12,11 +12,8 @@
+ .I cmd
+ application within a tightly confined SELinux domain. The default sandbox domain only allows applications the ability to read and write stdin, stdout and any other file descriptors handed to it. It is not allowed to open any other files. The -M option will mount an alternate homedir and tmpdir to be used by the sandbox.
+
+-If you have the
+-.I policycoreutils-sandbox
+-package installed, you can use the -X option and the -M option.
+ .B sandbox -X
+-allows you to run X applications within a sandbox. These applications will start up their own X Server and create a temporary home directory and /tmp. The default SELinux policy does not allow any capabilities or network access. It also prevents all access to the users other processes and files. Files specified on the command that are in the home directory or /tmp will be copied into the sandbox directories.
++allows you to run X applications within a sandbox. These applications will start up their own X Server and create a temporary home directory and /tmp. The default SELinux policy does not allow any capabilities or network access. It also prevents all access to the users other processes and files. Files specified on the command that are in the home directory or /tmp will be copied into the sesandbox directories.
+
+ If directories are specified with -H or -T the directory will have its context modified with chcon(1) unless a level is specified with -l. If the MLS/MCS security level is specified, the user is responsible to set the correct labels.
+ .PP
+@@ -25,10 +22,10 @@
+ Use alternate homedir to mount over your home directory. Defaults to temporary. Requires -X or -M.
+ .TP
+ \fB\-i file\fR
+-Copy this file into the appropriate temporary sandbox directory. Command can be repeated.
++Copy this file into the appropriate temporary sesandbox directory. Command can be repeated.
+ .TP
+ \fB\-I inputfile\fR Copy all files listed in inputfile into the
+-appropriate temporary sandbox directories.
++appropriate temporary sesandbox directories.
+ .TP
+ \fB\-l\fR
+ Specify the MLS/MCS Security Level to run the sandbox with. Defaults to random.
+@@ -44,7 +41,7 @@
+ .TP
+ \fB\-W windowmanager\fR
+ Select alternative window manager to run within
+-.B sandbox -X.
++.B sesandbox -X.
+ Default to /usr/bin/matchbox-window-manager.
+ .TP
+ \fB\-X\fR
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandbox.init policycoreutils-2.0.85/sandbox/sandbox.init
+--- policycoreutils-2.0.85.orig/sandbox/sandbox.init 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandbox.init 2011-07-13 18:38:08.850002308 +0200
+@@ -1,22 +1,22 @@
+ #!/bin/bash
+ ## BEGIN INIT INFO
+-# Provides: sandbox
++# Provides: sesandbox
+ # Default-Start: 3 4 5
+ # Default-Stop: 0 1 2 3 4 6
+ # Required-Start:
+ #
+ ## END INIT INFO
+-# sandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sandbox unshared
++# sesandbox: Set up / mountpoint to be shared, /var/tmp, /tmp, /home/sesandbox unshared
+ #
+ # chkconfig: 345 1 99
+ #
+-# Description: sandbox and other apps that want to use pam_namespace
++# Description: sesandbox and other apps that want to use pam_namespace
+ # on /var/tmp, /tmp and home directories, requires this script
+ # to be run at boot time.
+ # This script sets up the / mount point and all of its
+ # subdirectories as shared. The script sets up
+ # /tmp, /var/tmp, /home and any homedirs listed in
+-# /etc/sysconfig/sandbox and all of their subdirectories
++# /etc/sysconfig/sesandbox and all of their subdirectories
+ # as unshared.
+ # All processes that use pam_namespace will see
+ # modifications to the global mountspace, except for the
+@@ -28,14 +28,14 @@
+
+ HOMEDIRS="/home"
+
+-. /etc/sysconfig/sandbox
++. /etc/sysconfig/sesandbox
+
+-LOCKFILE=/var/lock/subsys/sandbox
++LOCKFILE=/var/lock/subsys/sesandbox
+
+ base=${0##*/}
+
+ start() {
+- echo -n "Starting sandbox"
++ echo -n "Starting sesandbox"
+
+ [ -f "$LOCKFILE" ] && return 1
+
+@@ -54,7 +54,7 @@
+ }
+
+ stop() {
+- echo -n "Stopping sandbox"
++ echo -n "Stopping sesandbox"
+
+ [ -f "$LOCKFILE" ] || return 1
+ }
+diff -uNr policycoreutils-2.0.85.orig/sandbox/sandboxX.sh policycoreutils-2.0.85/sandbox/sandboxX.sh
+--- policycoreutils-2.0.85.orig/sandbox/sandboxX.sh 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/sandboxX.sh 2011-07-13 18:40:28.382002312 +0200
+@@ -1,13 +1,13 @@
+ #!/bin/bash
+ context=`id -Z | secon -t -l -P`
+-export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sandboxrc | /usr/bin/cut -b8-80`"
++export TITLE="Sandbox $context -- `grep ^#TITLE: ~/.sesandboxrc | /usr/bin/cut -b8-80`"
+ export SCREENSIZE="1000x700"
+ #export SCREENSIZE=`xdpyinfo | awk '/dimensions/ { print $2 }'`
+ trap "exit 0" HUP
+
+ (/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1 2>/dev/null) | while read D; do
+ export DISPLAY=:$D
+- python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sandboxrc" % os.environ["HOME"])'
++ python -c 'import gtk, os, commands; commands.getstatusoutput("%s/.sesandboxrc" % os.environ["HOME"])'
+ export EXITCODE=$?
+ kill -HUP 0
+ break
+diff -uNr policycoreutils-2.0.85.orig/sandbox/test_sandbox.py policycoreutils-2.0.85/sandbox/test_sandbox.py
+--- policycoreutils-2.0.85.orig/sandbox/test_sandbox.py 2011-07-13 18:35:00.498002303 +0200
++++ policycoreutils-2.0.85/sandbox/test_sandbox.py 2011-07-13 18:42:21.058002316 +0200
+@@ -19,73 +19,73 @@
+ '"Sandbox should have succeeded for this test %r' % err)
+
+ def test_simple_success(self):
+- "Verify that we can read file descriptors handed to sandbox"
++ "Verify that we can read file descriptors handed to sesandbox"
+ p1 = Popen(['cat', '/etc/passwd'], stdout = PIPE)
+- p2 = Popen(['sandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE)
++ p2 = Popen(['sesandbox', 'grep', 'root'], stdin = p1.stdout, stdout=PIPE)
+ out, err = p2.communicate()
+ self.assert_('root' in out)
+
+ def test_cant_kill(self):
+- "Verify that we cannot send kill signal in the sandbox"
++ "Verify that we cannot send kill signal in the sesandbox"
+ pid = os.getpid()
+- p = Popen(['sandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
++ p = Popen(['sesandbox', 'kill', '-HUP', str(pid)], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertDenied(err)
+
+ def test_cant_ping(self):
+- "Verify that we can't ping within the sandbox"
+- p = Popen(['sandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't ping within the sesandbox"
++ p = Popen(['sesandbox', 'ping', '-c 1 ', '127.0.0.1'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertDenied(err)
+
+ def test_cant_mkdir(self):
+- "Verify that we can't mkdir within the sandbox"
+- p = Popen(['sandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't mkdir within the sesandbox"
++ p = Popen(['sesandbox', 'mkdir', '~/test'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_cant_list_homedir(self):
+- "Verify that we can't list homedir within the sandbox"
+- p = Popen(['sandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't list homedir within the sesandbox"
++ p = Popen(['sesandbox', 'ls', '~'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_cant_send_mail(self):
+- "Verify that we can't send mail within the sandbox"
+- p = Popen(['sandbox', 'mail'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't send mail within the sesandbox"
++ p = Popen(['sesandbox', 'mail'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertDenied(err)
+
+ def test_cant_sudo(self):
+- "Verify that we can't run sudo within the sandbox"
+- p = Popen(['sandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
++ "Verify that we can't run sudo within the sesandbox"
++ p = Popen(['sesandbox', 'sudo'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertFailure(p.returncode)
+
+ def test_mount(self):
+ "Verify that we mount a file system"
+- p = Popen(['sandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ p = Popen(['sesandbox', '-M', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_set_level(self):
+ "Verify that we set level a file system"
+- p = Popen(['sandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
++ p = Popen(['sesandbox', '-l', 's0', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ self.assertSuccess(p.returncode, err)
+
+ def test_homedir(self):
+ "Verify that we set homedir a file system"
+- homedir = mkdtemp(dir=".", prefix=".sandbox_test")
+- p = Popen(['sandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ homedir = mkdtemp(dir=".", prefix=".sesandbox_test")
++ p = Popen(['sesandbox', '-H', homedir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ shutil.rmtree(homedir)
+ self.assertSuccess(p.returncode, err)
+
+ def test_tmpdir(self):
+ "Verify that we set tmpdir a file system"
+- tmpdir = mkdtemp(dir="/tmp", prefix=".sandbox_test")
+- p = Popen(['sandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
++ tmpdir = mkdtemp(dir="/tmp", prefix=".sesandbox_test")
++ p = Popen(['sesandbox', '-T', tmpdir, '-M', 'id'], stdout=PIPE, stderr=PIPE)
+ out, err = p.communicate()
+ shutil.rmtree(tmpdir)
+ self.assertSuccess(p.returncode, err)
diff --git a/sys-apps/policycoreutils/metadata.xml b/sys-apps/policycoreutils/metadata.xml
new file mode 100644
index 0000000..87cddb0
--- /dev/null
+++ b/sys-apps/policycoreutils/metadata.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>selinux</herd>
+ <longdescription>
+ Policycoreutils contains the policy core utilities that are required
+ for basic operation of a SELinux system. These utilities include
+ load_policy to load policies, setfiles to label filesystems, newrole
+ to switch roles, and run_init to run /etc/init.d scripts in the proper
+ context.
+
+ Gentoo-specific tools include rlpkg for relabeling packages by name,
+ avc_toggle to toggle between enforcing and permissive modes, and
+ avc_enforcing to query the current mode of the system, enforcing or
+ permissive.
+ </longdescription>
+</pkgmetadata>
diff --git a/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild b/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild
new file mode 100644
index 0000000..cc8b09a
--- /dev/null
+++ b/sys-apps/policycoreutils/policycoreutils-2.0.85.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/policycoreutils/policycoreutils-2.0.82.ebuild,v 1.4 2011/06/16 01:33:17 blueness Exp $
+
+EAPI="3"
+PYTHON_DEPEND="*"
+PYTHON_USE_WITH="xml"
+SUPPORT_PYTHON_ABIS="1"
+RESTRICT_PYTHON_ABIS="*-jython"
+
+inherit multilib python toolchain-funcs eutils
+
+EXTRAS_VER="1.20"
+SEMNG_VER="2.0.46"
+SELNX_VER="2.0.98"
+SEPOL_VER="2.0.42"
+
+IUSE=""
+
+DESCRIPTION="SELinux core utilities"
+HOMEPAGE="http://userspace.selinuxproject.org"
+SRC_URI="http://userspace.selinuxproject.org/releases/20101221/devel/${P}.tar.gz
+ mirror://gentoo/policycoreutils-extra-${EXTRAS_VER}.tar.bz2
+ http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=blob_plain;f=sys-apps/policycoreutils/files/policycoreutils-2.0.85-python3.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+COMMON_DEPS=">=sys-libs/libselinux-${SELNX_VER}[python]
+ >=sys-libs/glibc-2.4
+ >=sys-process/audit-1.5.1
+ >=sys-libs/libcap-1.10-r10
+ sys-libs/pam
+ >=sys-libs/libsemanage-${SEMNG_VER}[python]
+ sys-libs/libcap-ng
+ >=sys-libs/libsepol-${SEPOL_VER}
+ sys-devel/gettext"
+
+# pax-utils for scanelf used by rlpkg
+RDEPEND="${COMMON_DEPS}
+ dev-python/sepolgen
+ app-misc/pax-utils"
+
+DEPEND="${COMMON_DEPS}"
+
+S2=${WORKDIR}/policycoreutils-extra
+
+src_prepare() {
+ # rlpkg is more useful than fixfiles
+ sed -i -e '/^all/s/fixfiles//' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 1 failed"
+ sed -i -e '/fixfiles/d' "${S}/scripts/Makefile" \
+ || die "fixfiles sed 2 failed"
+ # We currently do not support MCS, so the sandbox code in policycoreutils
+ # is not usable yet. However, work for MCS is on the way and a reported
+ # vulnerability (bug #374897) might go by unnoticed if we ignore it now.
+ # As such, we will
+ # - prepare support for switching name from "sandbox" to "sesandbox"
+ epatch "${FILESDIR}/policycoreutils-2.0.85-sesandbox.patch"
+ # - patch the sandbox and seunshare code to fix the vulnerability
+ # (uses, with permission, extract from
+ # http://pkgs.fedoraproject.org/gitweb/?p=policycoreutils.git;a=blob_plain;f=policycoreutils-rhat.patch;hb=HEAD)
+ epatch "${FILESDIR}/policycoreutils-2.0.85-fix-seunshare-vuln.patch"
+ # But for now, disable building sandbox code
+ sed -i -e 's/sandbox //' "${S}/Makefile" || die "failed removing sandbox"
+ # Overwrite gl.po, id.po and et.po with valid PO file
+ cp "${S}/po/sq.po" "${S}/po/gl.po" || die "failed to copy ${S}/po/sq.po to gl.po"
+ cp "${S}/po/sq.po" "${S}/po/id.po" || die "failed to copy ${S}/po/sq.po to id.po"
+ cp "${S}/po/sq.po" "${S}/po/et.po" || die "failed to copy ${S}/po/sq.po to et.po"
+ # Fixed scripts for Python 3 support
+ cp "${WORKDIR}/seobject.py" "${S}/semanage/seobject.py" || die "failed to copy seobject.py"
+ cp "${WORKDIR}/semanage" "${S}/semanage/semanage" || die "failed to copy semanage"
+ cp "${WORKDIR}/chcat" "${S}/scripts/chcat" || die "failed to copy chcat"
+ cp "${WORKDIR}/audit2allow" "${S}/audit2allow/audit2allow" || die "failed to copy audit2allow"
+ cp "${WORKDIR}/rlpkg" "${S2}/scripts/rlpkg" || die "failed to copy rlpkg"
+}
+
+src_compile() {
+ python_copy_sources semanage sandbox
+ building() {
+ einfo "Compiling policycoreutils"
+ emake -C "${S}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+ einfo "Compiling policycoreutils-extra"
+ emake -C "${S2}" AUDIT_LOG_PRIVS="y" CC="$(tc-getCC)" PYLIBVER="python$(python_get_version)" || die
+ }
+ python_execute_function -s --source-dir semanage building
+}
+
+src_install() {
+ # Python scripts are present in many places. There are no extension modules.
+ installation() {
+ einfo "Installing policycoreutils"
+ emake -C "${S}" DESTDIR="${T}/images/${PYTHON_ABI}" AUDIT_LOG_PRIV="y" PYLIBVER="python$(python_get_version)" install || return 1
+
+ einfo "Installing policycoreutils-extra"
+ emake -C "${S2}" DESTDIR="${T}/images/${PYTHON_ABI}" SHLIBDIR="${D}$(get_libdir)/rc" install || return 1
+ }
+ python_execute_function installation
+ python_merge_intermediate_installation_images "${T}/images"
+
+ # remove redhat-style init script
+ rm -fR "${D}/etc/rc.d"
+
+ # compatibility symlinks
+ dosym /sbin/setfiles /usr/sbin/setfiles
+ dosym /$(get_libdir)/rc/runscript_selinux.so /$(get_libdir)/rcscripts/runscript_selinux.so
+}
+
+pkg_postinst() {
+ python_mod_optimize seobject.py
+}
+
+pkg_postrm() {
+ python_mod_cleanup seobject.py
+}
next reply other threads:[~2011-07-13 21:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-13 21:57 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-05-26 14:48 [gentoo-commits] proj/hardened-dev:master commit in: sys-apps/policycoreutils/files/, sys-apps/policycoreutils/ Sven Vermeulen
2011-08-03 10:19 Anthony G. Basile
2011-07-13 21:57 Sven Vermeulen
2011-07-07 18:41 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e5751d8b256df635ba6f1e489732f11cb729e12.SwifT@gentoo \
--to=sven.vermeulen@siphos.be \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox