Compare commits
No commits in common. 'c9' and 'cs10' have entirely different histories.
@ -1,27 +0,0 @@
|
||||
From 31ccf6f0fc5e77870f496fac4bea94a6ba2e5c30 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Thu, 20 Aug 2015 12:58:41 +0200
|
||||
Subject: [PATCH] sandbox: add -reset to Xephyr as it works better with it in
|
||||
recent Fedoras
|
||||
Content-type: text/plain
|
||||
|
||||
---
|
||||
sandbox/sandboxX.sh | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sandbox/sandboxX.sh b/sandbox/sandboxX.sh
|
||||
index eaa500d08143..4774528027ef 100644
|
||||
--- a/sandbox/sandboxX.sh
|
||||
+++ b/sandbox/sandboxX.sh
|
||||
@@ -20,7 +20,7 @@ cat > ~/.config/openbox/rc.xml << EOF
|
||||
</openbox_config>
|
||||
EOF
|
||||
|
||||
-(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
+(/usr/bin/Xephyr -resizeable -title "$TITLE" -terminate -reset -screen $SCREENSIZE -dpi $DPI -nolisten tcp -displayfd 5 5>&1 2>/dev/null) | while read D; do
|
||||
export DISPLAY=:$D
|
||||
cat > ~/seremote << __EOF
|
||||
#!/bin/sh
|
||||
--
|
||||
2.39.1
|
||||
|
||||
@ -1,47 +0,0 @@
|
||||
From 837c347bbee5db90d11144363525113edc8baed3 Mon Sep 17 00:00:00 2001
|
||||
From: Dan Walsh <dwalsh@redhat.com>
|
||||
Date: Mon, 21 Apr 2014 13:54:40 -0400
|
||||
Subject: [PATCH] Fix STANDARD_FILE_CONTEXT section in man pages
|
||||
Content-type: text/plain
|
||||
|
||||
Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 7 +++++--
|
||||
1 file changed, 5 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index a488dcbf54f2..7d90ffb5a22f 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -679,10 +679,13 @@ Default Defined Ports:""")
|
||||
|
||||
def _file_context(self):
|
||||
flist = []
|
||||
+ flist_non_exec = []
|
||||
mpaths = []
|
||||
for f in self.all_file_types:
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
+ if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
||||
+ flist_non_exec.append(f)
|
||||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
if len(mpaths) == 0:
|
||||
@@ -741,12 +744,12 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
SELinux defines the file context types for the %(domainname)s, if you wanted to
|
||||
store files with these types in a different paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk.
|
||||
|
||||
-.B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?'
|
||||
+.B semanage fcontext -a -t %(type)s '/srv/my%(domainname)s_content(/.*)?'
|
||||
.br
|
||||
.B restorecon -R -v /srv/my%(domainname)s_content
|
||||
|
||||
Note: SELinux often uses regular expressions to specify labels that match multiple files.
|
||||
-""" % {'domainname': self.domainname, "type": flist[0]})
|
||||
+""" % {'domainname': self.domainname, "type": flist_non_exec[-1]})
|
||||
|
||||
self.fd.write(r"""
|
||||
.I The following file types are defined for %(domainname)s:
|
||||
--
|
||||
2.39.1
|
||||
|
||||
@ -1,28 +0,0 @@
|
||||
From f21d5f9316094015c81339d25d69d3dc7150bd8a Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Grepl <mgrepl@redhat.com>
|
||||
Date: Mon, 12 May 2014 14:11:22 +0200
|
||||
Subject: [PATCH] If there is no executable we don't want to print a part of
|
||||
STANDARD FILE CONTEXT
|
||||
Content-type: text/plain
|
||||
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 7d90ffb5a22f..11809dcede43 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -737,7 +737,8 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d
|
||||
.PP
|
||||
""" % {'domainname': self.domainname, 'equiv': e, 'alt': e.split('/')[-1]})
|
||||
|
||||
- self.fd.write(r"""
|
||||
+ if flist_non_exec:
|
||||
+ self.fd.write(r"""
|
||||
.PP
|
||||
.B STANDARD FILE CONTEXT
|
||||
|
||||
--
|
||||
2.39.1
|
||||
|
||||
@ -0,0 +1,178 @@
|
||||
From 4884c917237e53e34d3fc75dcf4f07217cfd7584 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 30 Jul 2021 14:14:37 +0200
|
||||
Subject: [PATCH] Use SHA-2 instead of SHA-1
|
||||
Content-type: text/plain
|
||||
|
||||
The use of SHA-1 in RHEL9 is deprecated
|
||||
---
|
||||
policycoreutils/setfiles/restorecon.8 | 10 +++++-----
|
||||
policycoreutils/setfiles/restorecon_xattr.8 | 8 ++++----
|
||||
policycoreutils/setfiles/restorecon_xattr.c | 12 ++++++------
|
||||
policycoreutils/setfiles/setfiles.8 | 10 +++++-----
|
||||
4 files changed, 20 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||
index c3cc5c9b0e52..6160aced5922 100644
|
||||
--- a/policycoreutils/setfiles/restorecon.8
|
||||
+++ b/policycoreutils/setfiles/restorecon.8
|
||||
@@ -95,14 +95,14 @@ display usage information and exit.
|
||||
ignore files that do not exist.
|
||||
.TP
|
||||
.B \-I
|
||||
-ignore digest to force checking of labels even if the stored SHA1 digest
|
||||
-matches the specfiles SHA1 digest. The digest will then be updated provided
|
||||
+ignore digest to force checking of labels even if the stored SHA256 digest
|
||||
+matches the specfiles SHA256 digest. The digest will then be updated provided
|
||||
there are no errors. See the
|
||||
.B NOTES
|
||||
section for further details.
|
||||
.TP
|
||||
.B \-D
|
||||
-Set or update any directory SHA1 digests. Use this option to
|
||||
+Set or update any directory SHA256 digests. Use this option to
|
||||
enable usage of the
|
||||
.IR security.sehash
|
||||
extended attribute.
|
||||
@@ -200,7 +200,7 @@ the
|
||||
.B \-D
|
||||
option to
|
||||
.B restorecon
|
||||
-will cause it to store a SHA1 digest of the default specfiles set in an extended
|
||||
+will cause it to store a SHA256 digest of the default specfiles set in an extended
|
||||
attribute named
|
||||
.IR security.sehash
|
||||
on each directory specified in
|
||||
@@ -217,7 +217,7 @@ for further details.
|
||||
.sp
|
||||
The
|
||||
.B \-I
|
||||
-option will ignore the SHA1 digest from each directory specified in
|
||||
+option will ignore the SHA256 digest from each directory specified in
|
||||
.IR pathname \ ...
|
||||
and provided the
|
||||
.B \-n
|
||||
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
|
||||
index 51d12a4dbb80..09bfd8c40ab4 100644
|
||||
--- a/policycoreutils/setfiles/restorecon_xattr.8
|
||||
+++ b/policycoreutils/setfiles/restorecon_xattr.8
|
||||
@@ -23,7 +23,7 @@ or
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
.B restorecon_xattr
|
||||
-will display the SHA1 digests added to extended attributes
|
||||
+will display the SHA256 digests added to extended attributes
|
||||
.I security.sehash
|
||||
or delete the attribute completely. These attributes are set by
|
||||
.BR restorecon (8)
|
||||
@@ -48,12 +48,12 @@ extended attribute and are automatically excluded from searches.
|
||||
.sp
|
||||
By default
|
||||
.B restorecon_xattr
|
||||
-will display the SHA1 digests with "Match" appended if they match the default
|
||||
+will display the SHA256 digests with "Match" appended if they match the default
|
||||
specfile set or the
|
||||
.I specfile
|
||||
set used with the
|
||||
.B \-f
|
||||
-option. Non-matching SHA1 digests will be displayed with "No Match" appended.
|
||||
+option. Non-matching SHA256 digests will be displayed with "No Match" appended.
|
||||
This feature can be disabled by the
|
||||
.B \-n
|
||||
option.
|
||||
@@ -87,7 +87,7 @@ Do not append "Match" or "No Match" to displayed digests.
|
||||
recursively descend directories.
|
||||
.TP
|
||||
.B \-v
|
||||
-display SHA1 digest generated by specfile set (Note that this digest is not
|
||||
+display SHA256 digest generated by specfile set (Note that this digest is not
|
||||
used to match the
|
||||
.I security.sehash
|
||||
directory digest entries, and is shown for reference only).
|
||||
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
|
||||
index 31fb82fd2099..bc22d3fd4560 100644
|
||||
--- a/policycoreutils/setfiles/restorecon_xattr.c
|
||||
+++ b/policycoreutils/setfiles/restorecon_xattr.c
|
||||
@@ -38,7 +38,7 @@ int main(int argc, char **argv)
|
||||
unsigned int xattr_flags = 0, delete_digest = 0, recurse = 0;
|
||||
unsigned int delete_all_digests = 0, ignore_mounts = 0;
|
||||
bool display_digest = false;
|
||||
- char *sha1_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
|
||||
+ char *sha256_buf, **specfiles, *fc_file = NULL, *pathname = NULL;
|
||||
unsigned char *fc_digest = NULL;
|
||||
size_t i, fc_digest_len = 0, num_specfiles;
|
||||
|
||||
@@ -133,8 +133,8 @@ int main(int argc, char **argv)
|
||||
exit(-1);
|
||||
}
|
||||
|
||||
- sha1_buf = malloc(fc_digest_len * 2 + 1);
|
||||
- if (!sha1_buf) {
|
||||
+ sha256_buf = malloc(fc_digest_len * 2 + 1);
|
||||
+ if (!sha256_buf) {
|
||||
fprintf(stderr,
|
||||
"Error allocating digest buffer: %s\n",
|
||||
strerror(errno));
|
||||
@@ -143,16 +143,16 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
for (i = 0; i < fc_digest_len; i++)
|
||||
- sprintf((&sha1_buf[i * 2]), "%02x", fc_digest[i]);
|
||||
+ sprintf((&sha256_buf[i * 2]), "%02x", fc_digest[i]);
|
||||
|
||||
- printf("specfiles SHA1 digest: %s\n", sha1_buf);
|
||||
+ printf("specfiles SHA256 digest: %s\n", sha256_buf);
|
||||
|
||||
printf("calculated using the following specfile(s):\n");
|
||||
if (specfiles) {
|
||||
for (i = 0; i < num_specfiles; i++)
|
||||
printf("%s\n", specfiles[i]);
|
||||
}
|
||||
- free(sha1_buf);
|
||||
+ free(sha256_buf);
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index ee01725050bb..57c663a99d67 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -95,14 +95,14 @@ display usage information and exit.
|
||||
ignore files that do not exist.
|
||||
.TP
|
||||
.B \-I
|
||||
-ignore digest to force checking of labels even if the stored SHA1 digest
|
||||
-matches the specfiles SHA1 digest. The digest will then be updated provided
|
||||
+ignore digest to force checking of labels even if the stored SHA256 digest
|
||||
+matches the specfiles SHA256 digest. The digest will then be updated provided
|
||||
there are no errors. See the
|
||||
.B NOTES
|
||||
section for further details.
|
||||
.TP
|
||||
.B \-D
|
||||
-Set or update any directory SHA1 digests. Use this option to
|
||||
+Set or update any directory SHA256 digests. Use this option to
|
||||
enable usage of the
|
||||
.IR security.sehash
|
||||
extended attribute.
|
||||
@@ -261,7 +261,7 @@ the
|
||||
.B \-D
|
||||
option to
|
||||
.B setfiles
|
||||
-will cause it to store a SHA1 digest of the
|
||||
+will cause it to store a SHA256 digest of the
|
||||
.B spec_file
|
||||
set in an extended attribute named
|
||||
.IR security.sehash
|
||||
@@ -282,7 +282,7 @@ for further details.
|
||||
.sp
|
||||
The
|
||||
.B \-I
|
||||
-option will ignore the SHA1 digest from each directory specified in
|
||||
+option will ignore the SHA256 digest from each directory specified in
|
||||
.IR pathname \ ...
|
||||
and provided the
|
||||
.B \-n
|
||||
--
|
||||
2.44.0
|
||||
|
||||
@ -0,0 +1,44 @@
|
||||
From dc3eca6bd964e545fda4a1e19d07c26a347c5d9a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||
Date: Mon, 19 Aug 2024 19:51:51 +0200
|
||||
Subject: [PATCH] sepolgen-ifgen: allow M4 escaped filenames
|
||||
Content-type: text/plain
|
||||
|
||||
When a file name in type transition rule used in an interface is same as
|
||||
a keyword, it needs to be M4 escaped so that the keyword is not expanded
|
||||
by M4, e.g.
|
||||
|
||||
- filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
|
||||
+ filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")
|
||||
|
||||
But sepolgen-ifgen could not parse such string:
|
||||
|
||||
# sepolgen-ifgen
|
||||
Illegal character '`'
|
||||
|
||||
This change allows M4 escaping inside quoted strings and fixed described
|
||||
problem.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=2254206
|
||||
|
||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
python/sepolgen/src/sepolgen/refparser.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
|
||||
index e261d3f78f87..9622ee9a29ce 100644
|
||||
--- a/python/sepolgen/src/sepolgen/refparser.py
|
||||
+++ b/python/sepolgen/src/sepolgen/refparser.py
|
||||
@@ -261,7 +261,7 @@ def t_IDENTIFIER(t):
|
||||
return t
|
||||
|
||||
def t_FILENAME(t):
|
||||
- r'\"[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\"'
|
||||
+ r'\"`*[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\'*\"'
|
||||
# Handle any keywords
|
||||
t.type = reserved.get(t.value,'FILENAME')
|
||||
return t
|
||||
--
|
||||
2.46.0
|
||||
|
||||
@ -1,64 +0,0 @@
|
||||
From b9b94a3254905518f00c4746c0bd712921af31cb Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 27 Feb 2017 17:12:39 +0100
|
||||
Subject: [PATCH] sepolicy: Drop old interface file_type_is_executable(f) and
|
||||
file_type_is_entrypoint(f)
|
||||
Content-type: text/plain
|
||||
|
||||
- use direct queries
|
||||
- load exec_types and entry_types only once
|
||||
---
|
||||
python/sepolicy/sepolicy/manpage.py | 22 ++++++++++++++++++++--
|
||||
1 file changed, 20 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
|
||||
index 11809dcede43..543fef6c8d13 100755
|
||||
--- a/python/sepolicy/sepolicy/manpage.py
|
||||
+++ b/python/sepolicy/sepolicy/manpage.py
|
||||
@@ -127,8 +127,24 @@ def gen_domains():
|
||||
domains.sort()
|
||||
return domains
|
||||
|
||||
-types = None
|
||||
|
||||
+exec_types = None
|
||||
+
|
||||
+def _gen_exec_types():
|
||||
+ global exec_types
|
||||
+ if exec_types is None:
|
||||
+ exec_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "exec_type"))["types"]
|
||||
+ return exec_types
|
||||
+
|
||||
+entry_types = None
|
||||
+
|
||||
+def _gen_entry_types():
|
||||
+ global entry_types
|
||||
+ if entry_types is None:
|
||||
+ entry_types = next(sepolicy.info(sepolicy.ATTRIBUTE, "entry_type"))["types"]
|
||||
+ return entry_types
|
||||
+
|
||||
+types = None
|
||||
|
||||
def _gen_types():
|
||||
global types
|
||||
@@ -368,6 +384,8 @@ class ManPage:
|
||||
self.all_file_types = sepolicy.get_all_file_types()
|
||||
self.role_allows = sepolicy.get_all_role_allows()
|
||||
self.types = _gen_types()
|
||||
+ self.exec_types = _gen_exec_types()
|
||||
+ self.entry_types = _gen_entry_types()
|
||||
|
||||
if self.source_files:
|
||||
self.fcpath = self.root + "file_contexts"
|
||||
@@ -684,7 +702,7 @@ Default Defined Ports:""")
|
||||
for f in self.all_file_types:
|
||||
if f.startswith(self.domainname):
|
||||
flist.append(f)
|
||||
- if not file_type_is_executable(f) or not file_type_is_entrypoint(f):
|
||||
+ if f not in self.exec_types or f not in self.entry_types:
|
||||
flist_non_exec.append(f)
|
||||
if f in self.fcdict:
|
||||
mpaths = mpaths + self.fcdict[f]["regex"]
|
||||
--
|
||||
2.39.1
|
||||
|
||||
@ -1,75 +0,0 @@
|
||||
From 09ad91e1fb8640e48cef895ead49d9c770016915 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 4 May 2023 14:04:47 +0200
|
||||
Subject: [PATCH] python/chcat: Improve man pages
|
||||
Content-type: text/plain
|
||||
|
||||
- Explain applying range/list of categories
|
||||
- "-d" removes all categories of given file/user
|
||||
- Add examples
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: James Carter <jwcart2@gmail.com>
|
||||
---
|
||||
python/chcat/chcat.8 | 23 ++++++++++++++++-------
|
||||
1 file changed, 16 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/python/chcat/chcat.8 b/python/chcat/chcat.8
|
||||
index d095a2558d3a..3e1f7ca23361 100644
|
||||
--- a/python/chcat/chcat.8
|
||||
+++ b/python/chcat/chcat.8
|
||||
@@ -1,6 +1,6 @@
|
||||
.TH CHCAT "8" "September 2005" "chcat" "User Commands"
|
||||
.SH NAME
|
||||
-chcat \- change file SELinux security category
|
||||
+chcat \- change SELinux security categories of files/users
|
||||
.SH SYNOPSIS
|
||||
.B chcat
|
||||
\fIcategory file\fR...
|
||||
@@ -25,23 +25,33 @@ chcat \- change file SELinux security category
|
||||
.br
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
-Change/Remove the security \fIcategory\fR for each \fIfile\fR or \fIuser\fR.
|
||||
-.PP
|
||||
-Use +/- to add/remove categories from a \fIfile\fR or \fIuser\fR.
|
||||
+Use +/- to add/remove categories from a \fIfile\fR or \fIuser\fR (only a single category can be specified at a time). Or specify the desired list/range of categories to be applied (replacing the existing categories).
|
||||
.PP
|
||||
.B
|
||||
Note:
|
||||
-When removing a category you must specify '\-\-' on the command line before using the \-Category syntax. This tells the command that you have finished entering options and are now specifying a category name instead.
|
||||
+When removing a category you must specify '\-\-' on the command line before using the \-Category syntax. This tells the command that you have finished entering options and are now specifying a category name instead.
|
||||
|
||||
.TP
|
||||
\fB\-d\fR
|
||||
-delete the category from each FILE/USER.
|
||||
+delete all categories from given FILE/USER.
|
||||
.TP
|
||||
\fB\-L\fR
|
||||
list available categories.
|
||||
.TP
|
||||
\fB\-l\fR
|
||||
Tells chcat to operate on users instead of files.
|
||||
+
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Replace categories of user "test" with c0.c6
|
||||
+# chcat -l c0.c6 test
|
||||
+Add category c1023 to user "test"
|
||||
+# chcat -l +c1023 test
|
||||
+Remove category c5 from file "file"
|
||||
+# chcat -- -c5 file
|
||||
+Remove all categories from file "file"
|
||||
+# chcat -d file
|
||||
+
|
||||
.SH "SEE ALSO"
|
||||
.TP
|
||||
chcon(1), selinux(8), semanage(8)
|
||||
@@ -52,4 +62,3 @@ When operating on files this script wraps the chcon command.
|
||||
/etc/selinux/{SELINUXTYPE}/setrans.conf
|
||||
.br
|
||||
/etc/selinux/{SELINUXTYPE}/seusers
|
||||
-
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,80 +0,0 @@
|
||||
From b67240b8663c3df471e8ce06b087ec7fb8b9d57c Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 4 May 2023 14:04:48 +0200
|
||||
Subject: [PATCH] python/audit2allow: Add missing options to man page
|
||||
Content-type: text/plain
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
python/audit2allow/audit2allow.1 | 24 +++++++++++++++++++-----
|
||||
1 file changed, 19 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1
|
||||
index 04ec32398011..c31021d39489 100644
|
||||
--- a/python/audit2allow/audit2allow.1
|
||||
+++ b/python/audit2allow/audit2allow.1
|
||||
@@ -40,10 +40,10 @@
|
||||
Read input from audit and message log, conflicts with \-i
|
||||
.TP
|
||||
.B "\-b" | "\-\-boot"
|
||||
-Read input from audit messages since last boot conflicts with \-i
|
||||
+Read input from audit messages since last boot, conflicts with \-i
|
||||
.TP
|
||||
.B "\-d" | "\-\-dmesg"
|
||||
-Read input from output of
|
||||
+Read input from output of
|
||||
.I /bin/dmesg.
|
||||
Note that all audit messages are not available via dmesg when
|
||||
auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead.
|
||||
@@ -51,15 +51,22 @@ auditd is running; use "ausearch \-m avc | audit2allow" or "\-a" instead.
|
||||
.B "\-D" | "\-\-dontaudit"
|
||||
Generate dontaudit rules (Default: allow)
|
||||
.TP
|
||||
+.B "\-e" | "\-\-explain"
|
||||
+Fully explain generated output
|
||||
+.TP
|
||||
.B "\-h" | "\-\-help"
|
||||
Print a short usage message
|
||||
.TP
|
||||
.B "\-i <inputfile>" | "\-\-input <inputfile>"
|
||||
-read input from
|
||||
+Read input from
|
||||
.I <inputfile>
|
||||
.TP
|
||||
+.B "\-\-interface-info=<interface_info_file>"
|
||||
+Read interface information from
|
||||
+.I <interface_info_file>
|
||||
+.TP
|
||||
.B "\-l" | "\-\-lastreload"
|
||||
-read input only after last policy reload
|
||||
+Read input only after last policy reload
|
||||
.TP
|
||||
.B "\-m <modulename>" | "\-\-module <modulename>"
|
||||
Generate module/require output <modulename>
|
||||
@@ -70,8 +77,12 @@ Generate loadable module package, conflicts with \-o
|
||||
.B "\-p <policyfile>" | "\-\-policy <policyfile>"
|
||||
Policy file to use for analysis
|
||||
.TP
|
||||
+.B "\-\-perm-map <perm_map_file>"
|
||||
+Read permission map from
|
||||
+.I <perm_map_file>
|
||||
+.TP
|
||||
.B "\-o <outputfile>" | "\-\-output <outputfile>"
|
||||
-append output to
|
||||
+Append output to
|
||||
.I <outputfile>
|
||||
.TP
|
||||
.B "\-r" | "\-\-requires"
|
||||
@@ -85,6 +96,9 @@ This is the default behavior.
|
||||
Generate reference policy using installed macros.
|
||||
This attempts to match denials against interfaces and may be inaccurate.
|
||||
.TP
|
||||
+.B "\-t <type_regex>" | "\-\-type=<type_regex>"
|
||||
+Only process messages with a type that matches this regex
|
||||
+.TP
|
||||
.B "\-x" | "\-\-xperms"
|
||||
Generate extended permission access vector rules
|
||||
.TP
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,465 +0,0 @@
|
||||
From 4ebc1057f6e5494909045bbcc7ea8896bd32a094 Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 4 May 2023 14:04:49 +0200
|
||||
Subject: [PATCH] python/semanage: Improve man pages
|
||||
Content-type: text/plain
|
||||
|
||||
- Add missing options
|
||||
- Add more examples
|
||||
- Note special cases
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
python/semanage/semanage-boolean.8 | 9 ++++++---
|
||||
python/semanage/semanage-dontaudit.8 | 8 +++++---
|
||||
python/semanage/semanage-export.8 | 10 +++++++++-
|
||||
python/semanage/semanage-fcontext.8 | 17 +++++++++++------
|
||||
python/semanage/semanage-ibendport.8 | 6 ++++--
|
||||
python/semanage/semanage-ibpkey.8 | 6 ++++--
|
||||
python/semanage/semanage-import.8 | 10 +++++++++-
|
||||
python/semanage/semanage-interface.8 | 8 ++++++--
|
||||
python/semanage/semanage-login.8 | 14 ++++++++------
|
||||
python/semanage/semanage-module.8 | 15 ++++++++++-----
|
||||
python/semanage/semanage-node.8 | 16 +++++++++++++---
|
||||
python/semanage/semanage-permissive.8 | 8 +++++---
|
||||
python/semanage/semanage-port.8 | 10 ++++++----
|
||||
python/semanage/semanage-user.8 | 8 +++++---
|
||||
14 files changed, 101 insertions(+), 44 deletions(-)
|
||||
|
||||
diff --git a/python/semanage/semanage-boolean.8 b/python/semanage/semanage-boolean.8
|
||||
index 1282d10626ff..3b664023d3fe 100644
|
||||
--- a/python/semanage/semanage-boolean.8
|
||||
+++ b/python/semanage/semanage-boolean.8
|
||||
@@ -7,11 +7,14 @@ semanage\-boolean \- SELinux Policy Management boolean tool
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage boolean command controls the settings of booleans in SELinux policy. booleans are if\-then\-else rules written in SELinux Policy. They can be used to customize the way that SELinux Policy rules effect a confined domain.
|
||||
+from policy sources.
|
||||
+.B semanage boolean
|
||||
+command controls the settings of booleans in SELinux policy. Booleans are if\-then\-else rules written in SELinux Policy. They can be used to customize the way that SELinux Policy rules effect a confined domain.
|
||||
+
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -45,7 +48,7 @@ Disable the boolean
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
-Turn on the apache can send mail boolean
|
||||
+Turn on the "apache can send mail" boolean (persistent version of #setsebool httpd_can_sendmail on)
|
||||
# semanage boolean \-m \-\-on httpd_can_sendmail
|
||||
|
||||
List customized booleans
|
||||
diff --git a/python/semanage/semanage-dontaudit.8 b/python/semanage/semanage-dontaudit.8
|
||||
index 81accc6f83de..51d1f4b6b0e0 100644
|
||||
--- a/python/semanage/semanage-dontaudit.8
|
||||
+++ b/python/semanage/semanage-dontaudit.8
|
||||
@@ -7,13 +7,15 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage dontaudit toggles whether or not dontaudit rules will be in the policy. Policy writers use dontaudit rules to cause
|
||||
-confined applications to use alternative paths. Dontaudit rules are denied but not reported in the logs. Some times dontaudit rules can cause bugs in applications but policy writers will not realize it since the AVC is not audited. Turning off dontaudit rules with this command to see if the kernel is blocking an access.
|
||||
+from policy sources.
|
||||
+.B semanage dontaudit
|
||||
+toggles whether or not dontaudit rules will be in the policy. Policy writers use dontaudit rules to cause
|
||||
+confined applications to use alternative paths. Dontaudit rules are denied but not reported in the logs. Sometimes dontaudit rules can cause bugs in applications but policy writers will not realize it since the AVC is not audited. Turn off dontaudit rules with this command to see if the kernel is blocking an access.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-S STORE, \-\-store STORE
|
||||
Select an alternate SELinux Policy Store to manage
|
||||
diff --git a/python/semanage/semanage-export.8 b/python/semanage/semanage-export.8
|
||||
index d422683bd5c8..5198479306df 100644
|
||||
--- a/python/semanage/semanage-export.8
|
||||
+++ b/python/semanage/semanage-export.8
|
||||
@@ -7,7 +7,15 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage import and export can be used to extract the SELinux modifications from one machine and apply them to another. You can put a whole group of semanage commands within a file and apply them to a machine in a single transaction.
|
||||
+from policy sources.
|
||||
+.B semanage import
|
||||
+and
|
||||
+.B export
|
||||
+can be used to extract the SELinux modifications from one machine and apply them to another. Please note that this will remove all current semanage customizations on the second machine as the command list generated using
|
||||
+.B semanage export
|
||||
+start with
|
||||
+.I <command> -D
|
||||
+for all semanage sub-commands. You can put a whole group of semanage commands within a file and apply them to a machine in a single transaction.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
diff --git a/python/semanage/semanage-fcontext.8 b/python/semanage/semanage-fcontext.8
|
||||
index 1ebf085faed8..3e327d88d146 100644
|
||||
--- a/python/semanage/semanage-fcontext.8
|
||||
+++ b/python/semanage/semanage-fcontext.8
|
||||
@@ -8,8 +8,10 @@ semanage\-fcontext \- SELinux Policy Management file context tool
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage fcontext is used to manage the default
|
||||
-file system labeling on an SELinux system. This command maps file paths using regular expressions to SELinux labels.
|
||||
+from policy sources.
|
||||
+.B semanage fcontext
|
||||
+is used to manage the default file system labeling on an SELinux system.
|
||||
+This command maps file paths using regular expressions to SELinux labels.
|
||||
|
||||
FILE_SPEC may contain either a fully qualified path,
|
||||
or a Perl compatible regular expression (PCRE),
|
||||
@@ -32,7 +34,7 @@ to avoid unintentionally impacting other parts of the filesystem.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -82,12 +84,13 @@ MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login ma
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
-.I remember to run restorecon after you set the file context
|
||||
-Add file-context for everything under /web
|
||||
+.I Remember to run restorecon after you set the file context
|
||||
+Add file-context httpd_sys_content_t for everything under /web
|
||||
# semanage fcontext \-a \-t httpd_sys_content_t "/web(/.*)?"
|
||||
# restorecon \-R \-v /web
|
||||
|
||||
Substitute /home1 with /home when setting file context
|
||||
+i.e. label everything under /home1 the same way /home is labeled
|
||||
# semanage fcontext \-a \-e /home /home1
|
||||
# restorecon \-R \-v /home1
|
||||
|
||||
@@ -99,7 +102,9 @@ execute the following commands.
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR selinux (8),
|
||||
-.BR semanage (8)
|
||||
+.BR semanage (8),
|
||||
+.BR restorecon (8),
|
||||
+.BR selabel_file (5)
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
diff --git a/python/semanage/semanage-ibendport.8 b/python/semanage/semanage-ibendport.8
|
||||
index 0a29eae18031..53fe4ee8512a 100644
|
||||
--- a/python/semanage/semanage-ibendport.8
|
||||
+++ b/python/semanage/semanage-ibendport.8
|
||||
@@ -5,12 +5,14 @@
|
||||
.B semanage ibendport [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-t TYPE \-z IBDEV_NAME \-r RANGE port | \-\-delete \-z IBDEV_NAME port | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-z IBDEV_NAME \-r RANGE port ]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage ibendport controls the ibendport number to ibendport type definitions.
|
||||
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
|
||||
+.B semanage ibendport
|
||||
+controls the ibendport number to ibendport type definitions.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
diff --git a/python/semanage/semanage-ibpkey.8 b/python/semanage/semanage-ibpkey.8
|
||||
index 51f455abaeab..6cc5e02fbcb6 100644
|
||||
--- a/python/semanage/semanage-ibpkey.8
|
||||
+++ b/python/semanage/semanage-ibpkey.8
|
||||
@@ -5,12 +5,14 @@
|
||||
.B semanage ibpkey [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-t TYPE \-x SUBNET_PREFIX \-r RANGE ibpkey_name | ibpkey_range | \-\-delete \-x SUBNET_PREFIX ibpkey_name | ibpkey_range | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-x SUBNET_PREFIX \-r RANGE ibpkey_name | ibpkey_range ]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage ibpkey controls the ibpkey number to ibpkey type definitions.
|
||||
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
|
||||
+.B semanage ibpkey
|
||||
+controls the ibpkey number to ibpkey type definitions.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
diff --git a/python/semanage/semanage-import.8 b/python/semanage/semanage-import.8
|
||||
index 4a9b3e765f34..041e9ab052fb 100644
|
||||
--- a/python/semanage/semanage-import.8
|
||||
+++ b/python/semanage/semanage-import.8
|
||||
@@ -7,7 +7,15 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage import and export can be used to extract the SELinux modifications from one machine and apply them to another. You can put a whole group of semanage commands within a file and apply them to a machine in a single transaction.
|
||||
+from policy sources.
|
||||
+.B semanage import
|
||||
+and
|
||||
+.B export
|
||||
+can be used to extract the SELinux modifications from one machine and apply them to another. Please note that this will remove all current semanage customizations on the second machine as the command list generated using
|
||||
+.B semanage export
|
||||
+start with
|
||||
+.I <command> -D
|
||||
+for all semanage sub-commands. You can put a whole group of semanage commands within a file and apply them to a machine in a single transaction.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
diff --git a/python/semanage/semanage-interface.8 b/python/semanage/semanage-interface.8
|
||||
index d9d526dc7391..080db70b6ec2 100644
|
||||
--- a/python/semanage/semanage-interface.8
|
||||
+++ b/python/semanage/semanage-interface.8
|
||||
@@ -7,12 +7,14 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage interface controls the labels assigned to network interfaces.
|
||||
+from policy sources.
|
||||
+.B semanage interface
|
||||
+controls the labels assigned to network interfaces.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -54,6 +56,8 @@ MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login ma
|
||||
.nf
|
||||
list all interface definitions
|
||||
# semanage interface \-l
|
||||
+Assign type netif_t and MLS/MCS range s0:c0.c1023 to interface eth0
|
||||
+# semanage interface \-a \-t netif_t \-r s0:c0.c1023 eth0
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR selinux (8),
|
||||
diff --git a/python/semanage/semanage-login.8 b/python/semanage/semanage-login.8
|
||||
index f451bdc65d53..9076a1edcedb 100644
|
||||
--- a/python/semanage/semanage-login.8
|
||||
+++ b/python/semanage/semanage-login.8
|
||||
@@ -7,12 +7,14 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage login controls the mapping between a Linux User and the SELinux User. It can be used to turn on confined users. For example you could define that a particular user or group of users will login to a system as the user_u user. Prefix the group name with a '%' sign to indicate a group name.
|
||||
+from policy sources.
|
||||
+.B semanage login
|
||||
+controls the mapping between a Linux User and the SELinux User. It can be used to turn on confined users. For example you could define that a particular user or group of users will login to a system as the user_u user. Prefix the group name with a '%' sign to indicate a group name.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -52,11 +54,11 @@ MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login ma
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
-Modify the default user on the system to the guest_u user
|
||||
+Set the default SELinux user on the system to guest_u
|
||||
# semanage login \-m \-s guest_u __default__
|
||||
-Assign gijoe user on an MLS machine a range and to the staff_u user
|
||||
-# semanage login \-a \-s staff_u \-rSystemLow-Secret gijoe
|
||||
-Assign all users in the engineering group to the staff_u user
|
||||
+Map user gijoe to SELinux user staff_u and assign MLS range SystemLow\-Secret
|
||||
+# semanage login \-a \-s staff_u \-rSystemLow\-Secret gijoe
|
||||
+Map all users in the engineering group to SELinux user staff_u
|
||||
# semanage login \-a \-s staff_u %engineering
|
||||
|
||||
.SH "SEE ALSO"
|
||||
diff --git a/python/semanage/semanage-module.8 b/python/semanage/semanage-module.8
|
||||
index e00571672565..6913b0cd47d9 100644
|
||||
--- a/python/semanage/semanage-module.8
|
||||
+++ b/python/semanage/semanage-module.8
|
||||
@@ -5,12 +5,14 @@
|
||||
.B semanage module [\-h] [\-n] [\-N] [\-S STORE] (\-a | \-r | \-e | \-d | \-\-extract | \-\-list [\-C] | \-\-deleteall) [module_name]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage module installs, removes, disables SELinux Policy modules.
|
||||
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
|
||||
+.B semanage module
|
||||
+installs, removes, disables, or enables SELinux Policy modules.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -22,11 +24,14 @@ Do not reload policy after commit
|
||||
Select an alternate SELinux Policy Store to manage
|
||||
.TP
|
||||
.I \-a, \-\-add
|
||||
-Install specified module
|
||||
+Install specified module. Accepts both binary policy files (.pp) and CIL source files
|
||||
.TP
|
||||
.I \-r, \-\-remove
|
||||
Remove specified module
|
||||
.TP
|
||||
+.I \-D, \-\-deleteall
|
||||
+Remove all local customizations related to modules
|
||||
+.TP
|
||||
.I \-d \-\-disable
|
||||
Disable specified module
|
||||
.TP
|
||||
@@ -48,8 +53,8 @@ List all modules
|
||||
# semanage module \-l
|
||||
Disable unconfined module
|
||||
# semanage module \-\-disable unconfined
|
||||
-Install custom apache policy module
|
||||
-# semanage module \-a myapache
|
||||
+Install custom apache policy module (same as #semodule -i myapache.pp)
|
||||
+# semanage module \-a myapache.pp
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR selinux (8),
|
||||
diff --git a/python/semanage/semanage-node.8 b/python/semanage/semanage-node.8
|
||||
index a0098221c85b..c78d6c3eaf76 100644
|
||||
--- a/python/semanage/semanage-node.8
|
||||
+++ b/python/semanage/semanage-node.8
|
||||
@@ -7,12 +7,14 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage controls the ipaddress to node type definitions.
|
||||
+from policy sources.
|
||||
+.B semanage node
|
||||
+controls the IP address to node type definitions.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -54,5 +56,13 @@ SELinux type for the object
|
||||
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.
|
||||
.TP
|
||||
.I \-p PROTO, \-\-proto PROTO
|
||||
-
|
||||
Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6).
|
||||
+
|
||||
+.SH "EXAMPLE"
|
||||
+.nf
|
||||
+Apply type node_t to ipv4 node 127.0.0.2
|
||||
+# semanage node \-a \-t node_t \-p ipv4 \-M 255.255.255.255 127.0.0.2
|
||||
+
|
||||
+.SH "SEE ALSO"
|
||||
+.BR selinux (8),
|
||||
+.BR semanage (8)
|
||||
diff --git a/python/semanage/semanage-permissive.8 b/python/semanage/semanage-permissive.8
|
||||
index 5c3364fa54f8..0414a850082a 100644
|
||||
--- a/python/semanage/semanage-permissive.8
|
||||
+++ b/python/semanage/semanage-permissive.8
|
||||
@@ -5,12 +5,14 @@
|
||||
.B semanage permissive [\-h] [\-n] [\-N] [\-S STORE] (\-\-add TYPE | \-\-delete TYPE | \-\-deleteall | \-\-extract | \-\-list)
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage permissive adds or removes a SELinux Policy permissive module.
|
||||
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
|
||||
+.B semanage permissive
|
||||
+adds or removes a SELinux Policy permissive module. Please note that this command can make any domain permissive, but can only remove the permissive property from domains where it was added by semanage permissive ("semanage permissive -d" can only be used on types listed as "Customized Permissive Types" by "semanage permissive -l").
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-a, \-\-add
|
||||
Add a record of the specified object type
|
||||
@@ -38,7 +40,7 @@ Select an alternate SELinux Policy Store to manage
|
||||
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
-List all permissive modules
|
||||
+List all permissive domains ("Builtin Permissive Types" where set by the system policy, or a custom policy module)
|
||||
# semanage permissive \-l
|
||||
Make httpd_t (Web Server) a permissive domain
|
||||
# semanage permissive \-a httpd_t
|
||||
diff --git a/python/semanage/semanage-port.8 b/python/semanage/semanage-port.8
|
||||
index 12ec14c2cb33..c6048660ca21 100644
|
||||
--- a/python/semanage/semanage-port.8
|
||||
+++ b/python/semanage/semanage-port.8
|
||||
@@ -5,12 +5,14 @@
|
||||
.B semanage port [\-h] [\-n] [\-N] [\-S STORE] [ \-\-add \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range | \-\-delete \-p PROTOCOL port_name | port_range | \-\-deleteall | \-\-extract | \-\-list [\-C] | \-\-modify \-t TYPE \-p PROTOCOL \-r RANGE port_name | port_range ]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage port controls the port number to port type definitions.
|
||||
+semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources.
|
||||
+.B semanage port
|
||||
+controls the port number to port type definitions.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -55,9 +57,9 @@ Protocol for the specified port (tcp|udp|dccp|sctp) or internet protocol version
|
||||
.nf
|
||||
List all port definitions
|
||||
# semanage port \-l
|
||||
-Allow Apache to listen on tcp port 81
|
||||
+Allow Apache to listen on tcp port 81 (i.e. assign tcp port 81 label http_port_t, which apache is allowed to listen on)
|
||||
# semanage port \-a \-t http_port_t \-p tcp 81
|
||||
-Allow sshd to listen on tcp port 8991
|
||||
+Allow sshd to listen on tcp port 8991 (i.e. assign tcp port 8991 label ssh_port_t, which sshd is allowed to listen on)
|
||||
# semanage port \-a \-t ssh_port_t \-p tcp 8991
|
||||
|
||||
.SH "SEE ALSO"
|
||||
diff --git a/python/semanage/semanage-user.8 b/python/semanage/semanage-user.8
|
||||
index 23fec698e042..50d50bea7af8 100644
|
||||
--- a/python/semanage/semanage-user.8
|
||||
+++ b/python/semanage/semanage-user.8
|
||||
@@ -7,12 +7,14 @@
|
||||
.SH "DESCRIPTION"
|
||||
semanage is used to configure certain elements of
|
||||
SELinux policy without requiring modification to or recompilation
|
||||
-from policy sources. semanage user controls the mapping between an SELinux User and the roles and MLS/MCS levels.
|
||||
+from policy sources.
|
||||
+.B semanage user
|
||||
+controls the mapping between an SELinux User and the roles and MLS/MCS levels.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-h, \-\-help
|
||||
-show this help message and exit
|
||||
+Show this help message and exit
|
||||
.TP
|
||||
.I \-n, \-\-noheading
|
||||
Do not print heading when listing the specified object type
|
||||
@@ -59,7 +61,7 @@ List SELinux users
|
||||
# semanage user \-l
|
||||
Modify groups for staff_u user
|
||||
# semanage user \-m \-R "system_r unconfined_r staff_r" staff_u
|
||||
-Add level for TopSecret Users
|
||||
+Assign user topsecret_u role staff_r and range s0\-TopSecret
|
||||
# semanage user \-a \-R "staff_r" \-rs0\-TopSecret topsecret_u
|
||||
|
||||
.SH "SEE ALSO"
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From 52da97653bd64bcc603ab7e0b5c08cb687b833ab Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 4 May 2023 14:04:50 +0200
|
||||
Subject: [PATCH] python/audit2allow: Remove unused "debug" option
|
||||
Content-type: text/plain
|
||||
|
||||
The option is not referenced anywhere in the code and I couldn't figure
|
||||
out its purpose from the description.
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
---
|
||||
python/audit2allow/audit2allow | 2 --
|
||||
1 file changed, 2 deletions(-)
|
||||
|
||||
diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow
|
||||
index eafeea88aa21..5587a2dbb006 100644
|
||||
--- a/python/audit2allow/audit2allow
|
||||
+++ b/python/audit2allow/audit2allow
|
||||
@@ -88,8 +88,6 @@ class AuditToPolicy:
|
||||
parser.add_option("--interface-info", dest="interface_info", help="file name of interface information")
|
||||
parser.add_option("-x", "--xperms", action="store_true", dest="xperms",
|
||||
default=False, help="generate extended permission rules")
|
||||
- parser.add_option("--debug", dest="debug", action="store_true", default=False,
|
||||
- help="leave generated modules for -M")
|
||||
parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0]) == "audit2why"),
|
||||
help="Translates SELinux audit messages into a description of why the access was denied")
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,309 +0,0 @@
|
||||
From b580a630378623df1c87c5fab1ffd63a41b3501e Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 1 Jun 2023 16:39:11 +0200
|
||||
Subject: [PATCH] policycoreutils: Add examples to man pages
|
||||
Content-type: text/plain
|
||||
|
||||
While at it, remove trailing whitespaces.
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
policycoreutils/scripts/fixfiles.8 | 34 +++++++++++++--------
|
||||
policycoreutils/secon/secon.1 | 12 ++++++--
|
||||
policycoreutils/semodule/semodule.8 | 14 ++++-----
|
||||
policycoreutils/setfiles/restorecon.8 | 9 ++++++
|
||||
policycoreutils/setfiles/restorecon_xattr.8 | 7 +++++
|
||||
policycoreutils/setfiles/setfiles.8 | 9 ++++++
|
||||
policycoreutils/setsebool/setsebool.8 | 16 +++++++---
|
||||
7 files changed, 74 insertions(+), 27 deletions(-)
|
||||
|
||||
diff --git a/policycoreutils/scripts/fixfiles.8 b/policycoreutils/scripts/fixfiles.8
|
||||
index 9a317d9181e2..928b82004b1a 100644
|
||||
--- a/policycoreutils/scripts/fixfiles.8
|
||||
+++ b/policycoreutils/scripts/fixfiles.8
|
||||
@@ -14,7 +14,7 @@ fixfiles \- fix file SELinux security contexts.
|
||||
.B fixfiles
|
||||
.I [\-v] [\-F] [\-B | \-N time ] [\-T nthreads] { check | restore | verify }
|
||||
|
||||
-.B fixfiles
|
||||
+.B fixfiles
|
||||
.I [\-v] [\-F] [\-T nthreads] \-R rpmpackagename[,rpmpackagename...] { check | restore | verify }
|
||||
|
||||
.B fixfiles
|
||||
@@ -31,7 +31,7 @@ This manual page describes the
|
||||
script.
|
||||
.P
|
||||
This script is primarily used to correct the security context
|
||||
-database (extended attributes) on filesystems.
|
||||
+database (extended attributes) on filesystems.
|
||||
.P
|
||||
It can also be run at any time to relabel when adding support for
|
||||
new policy, or just check whether the file contexts are all
|
||||
@@ -41,29 +41,29 @@ option. You can use the \-R flag to use rpmpackages as an alternative.
|
||||
The file /etc/selinux/fixfiles_exclude_dirs can contain a list of directories
|
||||
excluded from relabeling.
|
||||
.P
|
||||
-.B fixfiles onboot
|
||||
+.B fixfiles onboot
|
||||
will setup the machine to relabel on the next reboot.
|
||||
|
||||
.SH "OPTIONS"
|
||||
-.TP
|
||||
+.TP
|
||||
.B \-B
|
||||
If specified with onboot, this fixfiles will record the current date in the /.autorelabel file, so that it can be used later to speed up labeling. If used with restore, the restore will only affect files that were modified today.
|
||||
.TP
|
||||
.B \-F
|
||||
Force reset of context to match file_context for customizable files
|
||||
|
||||
-.TP
|
||||
+.TP
|
||||
.B \-f
|
||||
Clear /tmp directory with out prompt for removal.
|
||||
|
||||
-.TP
|
||||
+.TP
|
||||
.B \-R rpmpackagename[,rpmpackagename...]
|
||||
Use the rpm database to discover all files within the specified packages and restore the file contexts.
|
||||
.TP
|
||||
.B \-C PREVIOUS_FILECONTEXT
|
||||
Run a diff on the PREVIOUS_FILECONTEXT file to the currently installed one, and restore the context of all affected files.
|
||||
|
||||
-.TP
|
||||
+.TP
|
||||
.B \-N time
|
||||
Only act on files created after the specified date. Date must be specified in
|
||||
"YYYY\-MM\-DD HH:MM" format. Date field will be passed to find \-\-newermt command.
|
||||
@@ -83,19 +83,28 @@ Use parallel relabeling, see
|
||||
|
||||
.SH "ARGUMENTS"
|
||||
One of:
|
||||
-.TP
|
||||
+.TP
|
||||
.B check | verify
|
||||
print any incorrect file context labels, showing old and new context, but do not change them.
|
||||
-.TP
|
||||
+.TP
|
||||
.B restore
|
||||
change any incorrect file context labels.
|
||||
-.TP
|
||||
+.TP
|
||||
.B relabel
|
||||
Prompt for removal of contents of /tmp directory and then change any incorrect file context labels to match the install file_contexts file.
|
||||
-.TP
|
||||
-.B [[dir/file] ... ]
|
||||
+.TP
|
||||
+.B [[dir/file] ... ]
|
||||
List of files or directories trees that you wish to check file context on.
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Relabel the whole filesystem, except paths listed in /etc/selinux/fixfiles_exclude_dirs
|
||||
+# fixfiles relabel
|
||||
+Schedule the machine to relabel on the next boot and force relabeling of customizable types
|
||||
+# fixfiles -F onboot
|
||||
+Check labeling of all files from the samba package (while not changing any labels)
|
||||
+# fixfiles -R samba check
|
||||
+
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Richard Hally <rhally@mindspring.com>.
|
||||
The script was written by Dan Walsh <dwalsh@redhat.com>
|
||||
@@ -103,4 +112,3 @@ The script was written by Dan Walsh <dwalsh@redhat.com>
|
||||
.SH "SEE ALSO"
|
||||
.BR setfiles (8),
|
||||
.BR restorecon (8)
|
||||
-
|
||||
diff --git a/policycoreutils/secon/secon.1 b/policycoreutils/secon/secon.1
|
||||
index 501b5cb8c410..c0e8b05a6b66 100644
|
||||
--- a/policycoreutils/secon/secon.1
|
||||
+++ b/policycoreutils/secon/secon.1
|
||||
@@ -107,16 +107,24 @@ then the context will be read from stdin.
|
||||
.br
|
||||
If there is no argument,
|
||||
.B secon
|
||||
-will try reading a context from stdin, if that is not a tty, otherwise
|
||||
+will try reading a context from stdin, if that is not a tty, otherwise
|
||||
.B secon
|
||||
will act as though \fB\-\-self\fR had been passed.
|
||||
.PP
|
||||
If none of \fB\-\-user\fR, \fB\-\-role\fR, \fB\-\-type\fR, \fB\-\-level\fR or
|
||||
\fB\-\-mls\-range\fR is passed.
|
||||
Then all of them will be output.
|
||||
+
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Show SElinux context of the init process
|
||||
+# secon --pid 1
|
||||
+Parse the type portion of given security context
|
||||
+# secon -t system_u:object_r:httpd_sys_rw_content_t:s0
|
||||
+
|
||||
.PP
|
||||
.SH SEE ALSO
|
||||
.BR chcon (1)
|
||||
.SH AUTHORS
|
||||
.nf
|
||||
-James Antill (james.antill@redhat.com)
|
||||
+James Antill (james.antill@redhat.com)
|
||||
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8
|
||||
index c56e580f27b8..01757b005e4a 100644
|
||||
--- a/policycoreutils/semodule/semodule.8
|
||||
+++ b/policycoreutils/semodule/semodule.8
|
||||
@@ -1,5 +1,5 @@
|
||||
.TH SEMODULE "8" "Nov 2005" "Security Enhanced Linux" NSA
|
||||
-.SH NAME
|
||||
+.SH NAME
|
||||
semodule \- Manage SELinux policy modules.
|
||||
|
||||
.SH SYNOPSIS
|
||||
@@ -8,7 +8,7 @@ semodule \- Manage SELinux policy modules.
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
semodule is the tool used to manage SELinux policy modules,
|
||||
-including installing, upgrading, listing and removing modules.
|
||||
+including installing, upgrading, listing and removing modules.
|
||||
semodule may also be used to force a rebuild of policy from the
|
||||
module store and/or to force a reload of policy without performing
|
||||
any other transaction. semodule acts on module packages created
|
||||
@@ -39,7 +39,7 @@ install/replace a module package
|
||||
.B \-u,\-\-upgrade=MODULE_PKG
|
||||
deprecated, alias for --install
|
||||
.TP
|
||||
-.B \-b,\-\-base=MODULE_PKG
|
||||
+.B \-b,\-\-base=MODULE_PKG
|
||||
deprecated, alias for --install
|
||||
.TP
|
||||
.B \-r,\-\-remove=MODULE_NAME
|
||||
@@ -77,7 +77,7 @@ name of the store to operate on
|
||||
.B \-n,\-\-noreload,\-N
|
||||
do not reload policy after commit
|
||||
.TP
|
||||
-.B \-h,\-\-help
|
||||
+.B \-h,\-\-help
|
||||
prints help message and quit
|
||||
.TP
|
||||
.B \-P,\-\-preserve_tunables
|
||||
@@ -92,7 +92,7 @@ Use an alternate path for the policy root
|
||||
.B \-S,\-\-store-path
|
||||
Use an alternate path for the policy store root
|
||||
.TP
|
||||
-.B \-v,\-\-verbose
|
||||
+.B \-v,\-\-verbose
|
||||
be verbose
|
||||
.TP
|
||||
.B \-c,\-\-cil
|
||||
@@ -131,8 +131,6 @@ $ semodule \-B
|
||||
$ semodule \-d alsa
|
||||
# Install a module at a specific priority.
|
||||
$ semodule \-X 100 \-i alsa.pp
|
||||
-# List all modules.
|
||||
-$ semodule \-\-list=full
|
||||
# Set an alternate path for the policy root
|
||||
$ semodule \-B \-p "/tmp"
|
||||
# Set an alternate path for the policy store root
|
||||
@@ -143,6 +141,8 @@ $ semodule \-X 400 \-\-hll \-E puppet \-\-cil \-E wireshark
|
||||
# Check whether a module in "localmodule.pp" file is same as installed module "localmodule"
|
||||
$ /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
|
||||
$ semodule -l -m | grep localmodule
|
||||
+# Translate binary module file into CIL (useful for debugging installation errors)
|
||||
+$ /usr/libexec/selinux/hll/pp alsa.pp > alsa.cil
|
||||
.fi
|
||||
|
||||
.SH SEE ALSO
|
||||
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
|
||||
index dbd55ce7c512..6160aced5922 100644
|
||||
--- a/policycoreutils/setfiles/restorecon.8
|
||||
+++ b/policycoreutils/setfiles/restorecon.8
|
||||
@@ -224,6 +224,15 @@ and provided the
|
||||
option is NOT set and recursive mode is set, files will be relabeled as
|
||||
required with the digests then being updated provided there are no errors.
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Fix labeling of /var/www/ including all sub-directories and list all context changes
|
||||
+# restorecon -rv /var/www/
|
||||
+List mislabeled files in user home directory and what the correct label should be
|
||||
+# restorecon -nvr ~
|
||||
+Fix labeling of files listed in file_list file, ignoring any that do not exist
|
||||
+# restorecon -vif file_list
|
||||
+
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
Some of the content of this man page was taken from the setfiles
|
||||
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
|
||||
index 4b1ce304d995..09bfd8c40ab4 100644
|
||||
--- a/policycoreutils/setfiles/restorecon_xattr.8
|
||||
+++ b/policycoreutils/setfiles/restorecon_xattr.8
|
||||
@@ -112,6 +112,13 @@ If the option is not specified, then the default file_contexts will be used.
|
||||
.br
|
||||
the pathname of the directory tree to be searched.
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+List all paths that where assigned a checksum by "restorecon/setfiles -D"
|
||||
+# restorecon_xattr -r /
|
||||
+Remove all non-matching checksums
|
||||
+# restorecon_xattr -rd /
|
||||
+
|
||||
.SH "SEE ALSO"
|
||||
.BR restorecon (8),
|
||||
.BR setfiles (8)
|
||||
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
|
||||
index 36fe6b369548..6071d9ba3d38 100644
|
||||
--- a/policycoreutils/setfiles/setfiles.8
|
||||
+++ b/policycoreutils/setfiles/setfiles.8
|
||||
@@ -289,6 +289,15 @@ and provided the
|
||||
option is NOT set, files will be relabeled as required with the digests then
|
||||
being updated provided there are no errors.
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Fix labeling of /var/www/ including all sub-directories, using targeted policy file context definitions and list all context changes
|
||||
+# setfiles -v /etc/selinux/targeted/contexts/files/file_contexts /var/www/
|
||||
+List mislabeled files in user home directory and what the label should be based on targeted policy file context definitions
|
||||
+# setfiles -nv /etc/selinux/targeted/contexts/files/file_contexts ~
|
||||
+Fix labeling of files listed in file_list file, ignoring any that do not exist
|
||||
+# setfiles -vif file_list /etc/selinux/targeted/contexts/files/file_contexts
|
||||
+
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Russell Coker <russell@coker.com.au>.
|
||||
The program was written by Stephen Smalley <sds@tycho.nsa.gov>
|
||||
diff --git a/policycoreutils/setsebool/setsebool.8 b/policycoreutils/setsebool/setsebool.8
|
||||
index 52936f5a0ffb..f54664fb5c2a 100644
|
||||
--- a/policycoreutils/setsebool/setsebool.8
|
||||
+++ b/policycoreutils/setsebool/setsebool.8
|
||||
@@ -7,13 +7,13 @@ setsebool \- set SELinux boolean value
|
||||
.I "[ \-PNV ] boolean value | bool1=val1 bool2=val2 ..."
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-.B setsebool
|
||||
-sets the current state of a particular SELinux boolean or a list of booleans
|
||||
-to a given value. The value may be 1 or true or on to enable the boolean, or 0 or false or off to disable it.
|
||||
+.B setsebool
|
||||
+sets the current state of a particular SELinux boolean or a list of booleans
|
||||
+to a given value. The value may be 1 or true or on to enable the boolean, or 0 or false or off to disable it.
|
||||
|
||||
Without the \-P option, only the current boolean value is
|
||||
-affected; the boot-time default settings
|
||||
-are not changed.
|
||||
+affected; the boot-time default settings
|
||||
+are not changed.
|
||||
|
||||
If the \-P option is given, all pending values are written to
|
||||
the policy file on disk. So they will be persistent across reboots.
|
||||
@@ -22,6 +22,12 @@ If the \-N option is given, the policy on disk is not reloaded into the kernel.
|
||||
|
||||
If the \-V option is given, verbose error messages will be printed from semanage libraries.
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Enable container_use_devices boolean (will return to persistent value after reboot)
|
||||
+# setsebool container_use_devices 1
|
||||
+Persistently enable samba_create_home_dirs and samba_enable_home_dirs booleans
|
||||
+# setsebool -P samba_create_home_dirs=on samba_enable_home_dirs=on
|
||||
|
||||
.SH AUTHOR
|
||||
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,391 +0,0 @@
|
||||
From 72420ec0eb2ca8cf4cc9099dcd495695eeab308b Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 1 Jun 2023 16:39:12 +0200
|
||||
Subject: [PATCH] python/sepolicy: Improve man pages
|
||||
Content-type: text/plain
|
||||
|
||||
- Add missing options
|
||||
- Add examples
|
||||
- Emphasize keywords
|
||||
- Remove trailing whitespaces
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
python/sepolicy/sepolicy-booleans.8 | 15 +++++++++---
|
||||
python/sepolicy/sepolicy-communicate.8 | 14 ++++++++---
|
||||
python/sepolicy/sepolicy-generate.8 | 34 ++++++++++++--------------
|
||||
python/sepolicy/sepolicy-gui.8 | 4 +--
|
||||
python/sepolicy/sepolicy-interface.8 | 18 +++++++++++---
|
||||
python/sepolicy/sepolicy-manpage.8 | 25 ++++++++++++++-----
|
||||
python/sepolicy/sepolicy-network.8 | 17 ++++++-------
|
||||
python/sepolicy/sepolicy-transition.8 | 19 +++++++++-----
|
||||
8 files changed, 96 insertions(+), 50 deletions(-)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy-booleans.8 b/python/sepolicy/sepolicy-booleans.8
|
||||
index f8d8b56d5d4d..7f4b18e75ac8 100644
|
||||
--- a/python/sepolicy/sepolicy-booleans.8
|
||||
+++ b/python/sepolicy/sepolicy-booleans.8
|
||||
@@ -8,12 +8,16 @@ sepolicy-booleans \- Query SELinux Policy to see description of booleans
|
||||
.B sepolicy booleans [\-h] [ \-a | \-b booleanname ... ]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-sepolicy booleans will show all booleans and their descriptions, or you can
|
||||
-choose individual booleans to display
|
||||
+.B sepolicy booleans
|
||||
+will show all booleans and their descriptions, or you can
|
||||
+choose individual booleans to display.
|
||||
+Please make sure that selinux-policy-devel is present in your system since it contains boolean descriptions extracted from the policy source code. Otherwise
|
||||
+.B sepolicy booleans
|
||||
+will only show descriptions generated based on boolean names.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
-.I \-h, \-\-help
|
||||
+.I \-h, \-\-help
|
||||
Display help message
|
||||
.TP
|
||||
.I \-a, \-\-all
|
||||
@@ -22,6 +26,11 @@ Display all boolean descriptions
|
||||
.I \-b, \-\-boolean
|
||||
boolean to get description
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+List descriptions of samba_create_home_dirs and samba_enable_home_dirs booleans
|
||||
+# sepolicy booleans -b samba_create_home_dirs samba_enable_home_dirs
|
||||
+
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy-communicate.8 b/python/sepolicy/sepolicy-communicate.8
|
||||
index 050aa475eef1..5ecf6eff0f6b 100644
|
||||
--- a/python/sepolicy/sepolicy-communicate.8
|
||||
+++ b/python/sepolicy/sepolicy-communicate.8
|
||||
@@ -8,7 +8,9 @@ sepolicy-communicate \- Generate a report showing if two SELinux Policy Domains
|
||||
.B sepolicy communicate [\-h] \-s SOURCE \-t TARGET [\-c TCLASS] [\-S SOURCEACCESS] [\-T TARGETACCESS]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-Use sepolicy communicate to examine SELinux Policy to if a source SELinux Domain can communicate with a target SELinux Domain.
|
||||
+Use
|
||||
+.B sepolicy communicate
|
||||
+to examine SELinux Policy and determine if a source SELinux Domain can communicate with a target SELinux Domain.
|
||||
The default command looks to see if there are any file types that the source domain can write, which the target domain can read.
|
||||
|
||||
.SH "OPTIONS"
|
||||
@@ -16,7 +18,7 @@ The default command looks to see if there are any file types that the source dom
|
||||
.I \-c, \-\-class
|
||||
Specify the SELinux class which the source domain will attempt to communicate with the target domain. (Default file)
|
||||
.TP
|
||||
-.I \-h, \-\-help
|
||||
+.I \-h, \-\-help
|
||||
Display help message
|
||||
.TP
|
||||
.I \-s, \-\-source
|
||||
@@ -31,9 +33,15 @@ Specify the target SELinux domain type.
|
||||
.I \-T, \-\-targetaccess
|
||||
Specify the list of accesses used by the target SELinux domain type to receive communications from the source domain. Default Open, Read.
|
||||
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+List types that can be used to communicate between samba daemon and apache server
|
||||
+# sepolicy communicate -s httpd_t -t smbd_t
|
||||
+Consider a type to be accessible by the source domain when it can be opened and appended to (as opposed to opened and written to)
|
||||
+# sepolicy communicate -s httpd_t -t smbd_t -S open,append
|
||||
+
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
|
||||
.SH "SEE ALSO"
|
||||
sepolicy(8), selinux(8)
|
||||
-
|
||||
diff --git a/python/sepolicy/sepolicy-generate.8 b/python/sepolicy/sepolicy-generate.8
|
||||
index 0c5f998f5412..72d0e8e41b6e 100644
|
||||
--- a/python/sepolicy/sepolicy-generate.8
|
||||
+++ b/python/sepolicy/sepolicy-generate.8
|
||||
@@ -57,32 +57,29 @@ path. \fBsepolicy generate\fP will use the rpm payload of the
|
||||
application along with \fBnm \-D APPLICATION\fP to help it generate
|
||||
types and policy rules for your policy files.
|
||||
|
||||
-.B Type Enforcing File NAME.te
|
||||
+.B NAME.te
|
||||
.br
|
||||
-This file can be used to define all the types rules for a particular domain.
|
||||
+This file can be used to define all the types enforcement rules for a particular domain.
|
||||
|
||||
.I Note:
|
||||
-Policy generated by \fBsepolicy generate\fP will automatically add a permissive DOMAIN to your te file. When you are satisfied that your policy works, you need to remove the permissive line from the te file to run your domain in enforcing mode.
|
||||
+Policy generated by \fBsepolicy generate\fP will automatically add a \fIpermissive DOMAIN\fP to your \fB.te\fP file. When you are satisfied that your policy works, you need to remove the permissive line from the \fB.te\fP file to run your domain in enforcing mode.
|
||||
|
||||
-.B Interface File NAME.if
|
||||
+.B NAME.if
|
||||
.br
|
||||
-This file defines the interfaces for the types generated in the te file, which can be used by other policy domains.
|
||||
+This file defines the interfaces for the types generated in the \fB.te\fP file, which can be used by other policy domains.
|
||||
|
||||
-.B File Context NAME.fc
|
||||
+.B NAME.fc
|
||||
.br
|
||||
-This file defines the default file context for the system, it takes the file types created in the te file and associates
|
||||
+This file defines the default file context for the system, it takes the file types created in the \fB.te\fP file and associates
|
||||
file paths to the types. Tools like restorecon and RPM will use these paths to put down labels.
|
||||
|
||||
-.B RPM Spec File NAME_selinux.spec
|
||||
+.B NAME_selinux.spec
|
||||
.br
|
||||
-This file is an RPM SPEC file that can be used to install the SELinux policy on to machines and setup the labeling. The spec file also installs the interface file and a man page describing the policy. You can use \fBsepolicy manpage \-d NAME\fP to generate the man page.
|
||||
+This file is an RPM SPEC file that can be used to install the SELinux policy on to machines and setup the labeling. The spec file also installs the interface file and a man page describing the policy. You can use \fBsepolicy manpage \-d NAME\fP to generate the man page.
|
||||
|
||||
-.B Shell File NAME.sh
|
||||
+.B NAME.sh
|
||||
.br
|
||||
-This is a helper shell script to compile, install and fix the labeling on your test system. It will also generate a man page based on the installed policy, and
|
||||
-compile and build an RPM suitable to be installed on other machines
|
||||
-
|
||||
-If a generate is possible, this tool will print out all generate paths from the source domain to the target domain
|
||||
+This is a helper shell script to compile, install and fix the labeling on your test system. It will also generate a man page based on the installed policy, and compile and build an RPM suitable to be installed on other machines.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
@@ -97,10 +94,11 @@ Specify alternate name of policy. The policy will default to the executable or n
|
||||
.TP
|
||||
.I \-p, \-\-path
|
||||
Specify the directory to store the created policy files. (Default to current working directory )
|
||||
+.TP
|
||||
optional arguments:
|
||||
.TP
|
||||
.I \-r, \-\-role
|
||||
-Enter role(s) to which this admin user will transition.
|
||||
+Enter role(s) to which this admin user will transition
|
||||
.TP
|
||||
.I \-t, \-\-type
|
||||
Enter type(s) for which you will generate new definition and rule(s)
|
||||
@@ -109,12 +107,12 @@ Enter type(s) for which you will generate new definition and rule(s)
|
||||
SELinux user(s) which will transition to this domain
|
||||
.TP
|
||||
.I \-w, \-\-writepath
|
||||
-Path(s) which the confined processes need to write
|
||||
+Path(s) which the confined processes need to write to
|
||||
.TP
|
||||
.I \-a, \-\-admin
|
||||
Domain(s) which the confined admin will administrate
|
||||
.TP
|
||||
-.I \-\-admin_user
|
||||
+.I \-\-admin_user
|
||||
Generate Policy for Administrator Login User Role
|
||||
.TP
|
||||
.I \-\-application
|
||||
@@ -142,7 +140,7 @@ Generate Policy for Internet Services Daemon
|
||||
Generate Policy for Standard Init Daemon (Default)
|
||||
.TP
|
||||
.I \-\-newtype
|
||||
-Generate new policy for new types to add to an existing policy.
|
||||
+Generate new policy for new types to add to an existing policy
|
||||
.TP
|
||||
.I \-\-sandbox
|
||||
Generate Policy for Sandbox
|
||||
diff --git a/python/sepolicy/sepolicy-gui.8 b/python/sepolicy/sepolicy-gui.8
|
||||
index ed744cdb914e..65b69faba144 100644
|
||||
--- a/python/sepolicy/sepolicy-gui.8
|
||||
+++ b/python/sepolicy/sepolicy-gui.8
|
||||
@@ -11,7 +11,7 @@ Common options
|
||||
.br
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-Use \fBsepolicy gui\fP to run a the graphical user interface, which
|
||||
+Use \fBsepolicy gui\fP to run the graphical user interface, which
|
||||
allows you to explore how SELinux confines different process domains.
|
||||
|
||||
.SH "OPTIONS"
|
||||
@@ -20,7 +20,7 @@ allows you to explore how SELinux confines different process domains.
|
||||
Display help message
|
||||
.TP
|
||||
.I \-d, \-\-domain
|
||||
-Initialize gui to the selected domain.
|
||||
+Initialize gui to the selected domain
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
diff --git a/python/sepolicy/sepolicy-interface.8 b/python/sepolicy/sepolicy-interface.8
|
||||
index 3e74ea627a79..a70a930629ea 100644
|
||||
--- a/python/sepolicy/sepolicy-interface.8
|
||||
+++ b/python/sepolicy/sepolicy-interface.8
|
||||
@@ -5,10 +5,10 @@ sepolicy-interface \- Print interface information based on the installed SELinux
|
||||
.SH "SYNOPSIS"
|
||||
|
||||
.br
|
||||
-.B sepolicy interface [\-h] [\-c] [\-v] [\-a | \-u | \-l | \-i INTERFACE [INTERFACE ... ]]
|
||||
+.B sepolicy interface [\-h] [\-c] [\-v] [\-f FILE] [\-a | \-u | \-l | \-i INTERFACE [INTERFACE ... ]]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-Use sepolicy interface to print interfaces information based on SELinux Policy.
|
||||
+Use \fBsepolicy interface\fP to print interface information based on SELinux Policy.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
@@ -18,7 +18,7 @@ List all domains with admin interface
|
||||
.I \-c, \-\-compile
|
||||
Test compile of interfaces
|
||||
.TP
|
||||
-.I \-h, \-\-help
|
||||
+.I \-h, \-\-help
|
||||
Display help message
|
||||
.TP
|
||||
.I \-i, \-\-interface
|
||||
@@ -32,6 +32,18 @@ List all domains with SELinux user role interface
|
||||
.TP
|
||||
.I \-v, \-\-verbose
|
||||
Display extended information about the interface including parameters and description if available.
|
||||
+.TP
|
||||
+.I \-f, \-\-file
|
||||
+Interface file to be explored
|
||||
+
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Show description of given interface
|
||||
+# sepolicy interface -vi samba_rw_config
|
||||
+List interfaces in given interface file and show their description
|
||||
+# sepolicy interface -f my_policy.if -lv
|
||||
+Run compile test for all interfaces in given file
|
||||
+# sepolicy interface -f my_policy.if -lc
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
diff --git a/python/sepolicy/sepolicy-manpage.8 b/python/sepolicy/sepolicy-manpage.8
|
||||
index c05c94305633..4991f645ba38 100644
|
||||
--- a/python/sepolicy/sepolicy-manpage.8
|
||||
+++ b/python/sepolicy/sepolicy-manpage.8
|
||||
@@ -8,27 +8,40 @@ sepolicy-manpage \- Generate a man page based on the installed SELinux Policy
|
||||
.B sepolicy manpage [\-w] [\-h] [\-p PATH ] [\-r ROOTDIR ] [\-a | \-d ]
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-Use sepolicy manpage to generate manpages based on SELinux Policy.
|
||||
+Use \fBsepolicy manpage\fP to generate manpages based on SELinux Policy.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
-.I \-a, \-\-all
|
||||
+.I \-a, \-\-all
|
||||
Generate Man Pages for All Domains
|
||||
.TP
|
||||
-.I \-d, \-\-domain
|
||||
+.I \-d, \-\-domain
|
||||
Generate a Man Page for the specified domain. (Supports multiple commands)
|
||||
.TP
|
||||
-.I \-h, \-\-help
|
||||
+.I \-h, \-\-help
|
||||
Display help message
|
||||
.TP
|
||||
+.I \-o, \-\-os
|
||||
+Specify the name of the OS to be used in the man page (only affects HTML man pages)
|
||||
+.TP
|
||||
.I \-p, \-\-path
|
||||
Specify the directory to store the created man pages. (Default to /tmp)
|
||||
.TP
|
||||
.I \-r, \-\-root
|
||||
-Specify alternate root directory to generate man pages from. (Default to /)
|
||||
+Specify alternative root directory to generate man pages from. (Default to /)
|
||||
+.TP
|
||||
+.I \-\-source_files
|
||||
+Use file_contexts and policy.xml files from the specified root directory (the alternative root needs to include both files)
|
||||
.TP
|
||||
.I \-w, \-\-web
|
||||
-Generate an additional HTML man pages for the specified domain(s).
|
||||
+Generate an additional HTML man pages for the specified domain(s)
|
||||
+
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+Generate man pages for all available domains
|
||||
+# sepolicy manpage -a
|
||||
+Generate an HTML man page for domain alsa_t, setting the OS name to "My_distro"
|
||||
+# sepolicy manpage -o My_distro -d alsa_t -w
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
diff --git a/python/sepolicy/sepolicy-network.8 b/python/sepolicy/sepolicy-network.8
|
||||
index dcddec756774..6faf60ab7a44 100644
|
||||
--- a/python/sepolicy/sepolicy-network.8
|
||||
+++ b/python/sepolicy/sepolicy-network.8
|
||||
@@ -8,27 +8,27 @@ sepolicy-network \- Examine the SELinux Policy and generate a network report
|
||||
.B sepolicy network [\-h] (\-l | \-a application [application ...] | \-p PORT [PORT ...] | \-t TYPE [TYPE ...] | \-d DOMAIN [DOMAIN ...])
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-Use sepolicy network to examine SELinux Policy and generate network reports.
|
||||
+Use \fBsepolicy network\fP to examine SELinux Policy and generate network reports.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
.I \-a, \-\-application
|
||||
-Generate a report listing the ports to which the specified init application is allowed to connect and or bind.
|
||||
+Generate a report listing the ports to which the specified init application is allowed to connect and or bind
|
||||
.TP
|
||||
-.I \-d, \-\-domain
|
||||
-Generate a report listing the ports to which the specified domain is allowed to connect and or bind.
|
||||
+.I \-d, \-\-domain
|
||||
+Generate a report listing the ports to which the specified domain is allowed to connect and or bind
|
||||
.TP
|
||||
-.I \-l, \-\-list
|
||||
+.I \-l, \-\-list
|
||||
List all Network Port Types defined in SELinux Policy
|
||||
.TP
|
||||
-.I \-h, \-\-help
|
||||
+.I \-h, \-\-help
|
||||
Display help message
|
||||
.TP
|
||||
.I \-t, \-\-type
|
||||
-Generate a report listing the port numbers associate with the specified SELinux port type.
|
||||
+Generate a report listing the port numbers associate with the specified SELinux port type
|
||||
.TP
|
||||
.I \-p, \-\-port
|
||||
-Generate a report listing the SELinux port types associate with the specified port number.
|
||||
+Generate a report listing the SELinux port types associate with the specified port number
|
||||
|
||||
.SH "EXAMPLES"
|
||||
|
||||
@@ -88,4 +88,3 @@ This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
|
||||
.SH "SEE ALSO"
|
||||
sepolicy(8), selinux(8), semanage(8)
|
||||
-
|
||||
diff --git a/python/sepolicy/sepolicy-transition.8 b/python/sepolicy/sepolicy-transition.8
|
||||
index 897f0c4c418e..9f9ff5a52165 100644
|
||||
--- a/python/sepolicy/sepolicy-transition.8
|
||||
+++ b/python/sepolicy/sepolicy-transition.8
|
||||
@@ -11,21 +11,28 @@ sepolicy-transition \- Examine the SELinux Policy and generate a process transit
|
||||
.B sepolicy transition [\-h] \-s SOURCE \-t TARGET
|
||||
|
||||
.SH "DESCRIPTION"
|
||||
-sepolicy transition will show all domains that a give SELinux source domain can transition to, including the entrypoint.
|
||||
+\fBsepolicy transition\fP will show all domains that a given SELinux source domain can transition to, including the entrypoint.
|
||||
|
||||
-If a target domain is given, sepolicy transition will examine policy for all transition paths from the source domain to the target domain, and will list the
|
||||
-paths. If a transition is possible, this tool will print out all transition paths from the source domain to the target domain
|
||||
+If a target domain is given, sepolicy transition will examine policy for all transition paths from the source domain to the target domain, and will list the
|
||||
+paths.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
-.I \-h, \-\-help
|
||||
+.I \-h, \-\-help
|
||||
Display help message
|
||||
.TP
|
||||
.I \-s, \-\-source
|
||||
-Specify the source SELinux domain type.
|
||||
+Specify the source SELinux domain type
|
||||
.TP
|
||||
.I \-t, \-\-target
|
||||
-Specify the target SELinux domain type.
|
||||
+Specify the target SELinux domain type
|
||||
+
|
||||
+.SH EXAMPLE
|
||||
+.nf
|
||||
+List all domain transition paths from init_t to httpd_t
|
||||
+# sepolicy transition -s init_t -t httpd_t
|
||||
+List all transitions available from samba domain, including entry points and booleans controlling each transition
|
||||
+# sepolicy transition -s smbd_t
|
||||
|
||||
.SH "AUTHOR"
|
||||
This man page was written by Daniel Walsh <dwalsh@redhat.com>
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,94 +0,0 @@
|
||||
From cf06052cc5fece8ec1ae655aecf941420385bf4d Mon Sep 17 00:00:00 2001
|
||||
From: Vit Mojzis <vmojzis@redhat.com>
|
||||
Date: Thu, 1 Jun 2023 18:34:30 +0200
|
||||
Subject: [PATCH] python/sepolicy: Fix template for confined user policy
|
||||
modules
|
||||
Content-type: text/plain
|
||||
|
||||
The following commit
|
||||
https://github.com/SELinuxProject/refpolicy/commit/330b0fc3331d3b836691464734c96f3da3044490
|
||||
changed the userdom_base_user_template, which now requires a role
|
||||
corresponding to the user being created to be defined outside of the
|
||||
template.
|
||||
Similar change was also done to fedora-selinux/selinux-policy
|
||||
https://github.com/fedora-selinux/selinux-policy/commit/e1e216b25df1bdb4eb7dbb8f73f32927ad6f3d1f
|
||||
|
||||
Although I believe the template should define the role (just as it
|
||||
defines the new user), that will require extensive changes to refpolicy.
|
||||
In the meantime the role needs to be defined separately.
|
||||
|
||||
Fixes:
|
||||
# sepolicy generate --term_user -n newuser
|
||||
Created the following files:
|
||||
/root/a/test/newuser.te # Type Enforcement file
|
||||
/root/a/test/newuser.if # Interface file
|
||||
/root/a/test/newuser.fc # File Contexts file
|
||||
/root/a/test/newuser_selinux.spec # Spec file
|
||||
/root/a/test/newuser.sh # Setup Script
|
||||
|
||||
# ./newuser.sh
|
||||
Building and Loading Policy
|
||||
+ make -f /usr/share/selinux/devel/Makefile newuser.pp
|
||||
Compiling targeted newuser module
|
||||
Creating targeted newuser.pp policy package
|
||||
rm tmp/newuser.mod tmp/newuser.mod.fc
|
||||
+ /usr/sbin/semodule -i newuser.pp
|
||||
Failed to resolve roleattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/newuser/cil:8
|
||||
Failed to resolve AST
|
||||
/usr/sbin/semodule: Failed!
|
||||
|
||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||
Acked-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
python/sepolicy/sepolicy/templates/user.py | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/python/sepolicy/sepolicy/templates/user.py b/python/sepolicy/sepolicy/templates/user.py
|
||||
index 1ff9d2ce8e75..7081fbaec496 100644
|
||||
--- a/python/sepolicy/sepolicy/templates/user.py
|
||||
+++ b/python/sepolicy/sepolicy/templates/user.py
|
||||
@@ -28,6 +28,8 @@ policy_module(TEMPLATETYPE, 1.0.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
+role TEMPLATETYPE_r;
|
||||
+
|
||||
userdom_unpriv_user_template(TEMPLATETYPE)
|
||||
"""
|
||||
|
||||
@@ -38,6 +40,8 @@ policy_module(TEMPLATETYPE, 1.0.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
+role TEMPLATETYPE_r;
|
||||
+
|
||||
userdom_admin_user_template(TEMPLATETYPE)
|
||||
"""
|
||||
|
||||
@@ -48,6 +52,7 @@ policy_module(TEMPLATETYPE, 1.0.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
+role TEMPLATETYPE_r;
|
||||
|
||||
userdom_restricted_user_template(TEMPLATETYPE)
|
||||
"""
|
||||
@@ -59,6 +64,7 @@ policy_module(TEMPLATETYPE, 1.0.0)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
+role TEMPLATETYPE_r;
|
||||
|
||||
userdom_restricted_xwindows_user_template(TEMPLATETYPE)
|
||||
"""
|
||||
@@ -89,6 +95,7 @@ gen_tunable(TEMPLATETYPE_manage_user_files, false)
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
+role TEMPLATETYPE_r;
|
||||
|
||||
userdom_base_user_template(TEMPLATETYPE)
|
||||
"""
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,455 +0,0 @@
|
||||
From 9bef6943871822d82a3428dda13a871e1848acad Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||
Date: Tue, 16 May 2023 15:45:05 +0200
|
||||
Subject: [PATCH] python: improve format strings for proper localization
|
||||
Content-type: text/plain
|
||||
|
||||
If a string contains more than one unnamed argument it's hard for
|
||||
translators to proper localize as they don't know which value is
|
||||
represented by a unnamed argument. It also blocks them to use a
|
||||
different order of arguments which would make better sense in other
|
||||
languages.
|
||||
|
||||
Fixes:
|
||||
|
||||
$ xgettext --default-domain=python -L Python --keyword=_ --keyword=N_ ../audit2allow/audit2allow ../chcat/chcat ../semanage/semanage ../semanage/seobject.py ../sepolgen/src/sepolgen/interfaces.py ../sepolicy/sepolicy/generate.py ../sepolicy/sepolicy/gui.py ../sepolicy/sepolicy/__init__.py ../sepolicy/sepolicy/interface.py ../sepolicy/sepolicy.py
|
||||
../chcat/chcat:220: warning: 'msgid' format string with unnamed arguments cannot be properly localized:
|
||||
The translator cannot reorder the arguments.
|
||||
Please consider using a format string with named arguments,
|
||||
and a mapping instead of a tuple for the arguments.
|
||||
../semanage/seobject.py:1178: warning: 'msgid' format string with unnamed arguments cannot be properly localized:
|
||||
The translator cannot reorder the arguments.
|
||||
Please consider using a format string with named arguments,
|
||||
and a mapping instead of a tuple for the arguments.
|
||||
...
|
||||
|
||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
python/chcat/chcat | 6 +-
|
||||
python/semanage/seobject.py | 130 ++++++++++++++++++------------------
|
||||
2 files changed, 68 insertions(+), 68 deletions(-)
|
||||
|
||||
diff --git a/python/chcat/chcat b/python/chcat/chcat
|
||||
index 68718ec5f102..c4f592291821 100755
|
||||
--- a/python/chcat/chcat
|
||||
+++ b/python/chcat/chcat
|
||||
@@ -125,7 +125,7 @@ def chcat_add(orig, newcat, objects, login_ind):
|
||||
|
||||
if len(clist) > 1:
|
||||
if cat in clist[1:]:
|
||||
- print(_("%s is already in %s") % (f, orig))
|
||||
+ print(_("{target} is already in {category}").format(target=f, category=orig))
|
||||
continue
|
||||
clist.append(cat)
|
||||
cats = clist[1:]
|
||||
@@ -207,7 +207,7 @@ def chcat_remove(orig, newcat, objects, login_ind):
|
||||
|
||||
if len(clist) > 1:
|
||||
if cat not in clist[1:]:
|
||||
- print(_("%s is not in %s") % (f, orig))
|
||||
+ print(_("{target} is not in {category}").format(target=f, category=orig))
|
||||
continue
|
||||
clist.remove(cat)
|
||||
if len(clist) > 1:
|
||||
@@ -217,7 +217,7 @@ def chcat_remove(orig, newcat, objects, login_ind):
|
||||
else:
|
||||
cat = ""
|
||||
else:
|
||||
- print(_("%s is not in %s") % (f, orig))
|
||||
+ print(_("{target} is not in {category}").format(target=f, category=orig))
|
||||
continue
|
||||
|
||||
if len(cat) == 0:
|
||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||
index d82da4942987..2b1eb44ce8a3 100644
|
||||
--- a/python/semanage/seobject.py
|
||||
+++ b/python/semanage/seobject.py
|
||||
@@ -843,7 +843,7 @@ class seluserRecords(semanageRecords):
|
||||
for r in roles:
|
||||
rc = semanage_user_add_role(self.sh, u, r)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not add role %s for %s") % (r, name))
|
||||
+ raise ValueError(_("Could not add role {role} for {name}").format(role=r, name=name))
|
||||
|
||||
if is_mls_enabled == 1:
|
||||
rc = semanage_user_set_mlsrange(self.sh, u, serange)
|
||||
@@ -855,7 +855,7 @@ class seluserRecords(semanageRecords):
|
||||
raise ValueError(_("Could not set MLS level for %s") % name)
|
||||
rc = semanage_user_set_prefix(self.sh, u, prefix)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not add prefix %s for %s") % (r, prefix))
|
||||
+ raise ValueError(_("Could not add prefix {prefix} for {role}").format(role=r, prefix=prefix))
|
||||
(rc, key) = semanage_user_key_extract(self.sh, u)
|
||||
if rc < 0:
|
||||
raise ValueError(_("Could not extract key for %s") % name)
|
||||
@@ -1088,7 +1088,7 @@ class portRecords(semanageRecords):
|
||||
|
||||
(rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create a key for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not create a key for {proto}/{port}").format(proto=proto, port=port))
|
||||
return (k, proto_d, low, high)
|
||||
|
||||
def __add(self, port, proto, serange, type):
|
||||
@@ -1110,44 +1110,44 @@ class portRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_port_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
||||
+ raise ValueError(_("Could not check if port {proto}/{port} is defined").format(proto=proto, port=port))
|
||||
if exists:
|
||||
- raise ValueError(_("Port %s/%s already defined") % (proto, port))
|
||||
+ raise ValueError(_("Port {proto}/{port} already defined").format(proto=proto, port=port))
|
||||
|
||||
(rc, p) = semanage_port_create(self.sh)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create port for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not create port for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
semanage_port_set_proto(p, proto_d)
|
||||
semanage_port_set_range(p, low, high)
|
||||
(rc, con) = semanage_context_create(self.sh)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create context for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not create context for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
rc = semanage_context_set_user(self.sh, con, "system_u")
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set user in port context for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not set user in port context for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
rc = semanage_context_set_role(self.sh, con, "object_r")
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set role in port context for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not set role in port context for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
rc = semanage_context_set_type(self.sh, con, type)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set type in port context for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not set type in port context for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
if (is_mls_enabled == 1) and (serange != ""):
|
||||
rc = semanage_context_set_mls(self.sh, con, serange)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set mls fields in port context for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not set mls fields in port context for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
rc = semanage_port_set_con(self.sh, p, con)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set port context for %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not set port context for {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
rc = semanage_port_modify_local(self.sh, k, p)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not add port %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not add port {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
semanage_context_free(con)
|
||||
semanage_port_key_free(k)
|
||||
@@ -1175,13 +1175,13 @@ class portRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_port_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
||||
+ raise ValueError(_("Could not check if port {proto}/{port} is defined").format(proto=proto, port=port))
|
||||
if not exists:
|
||||
- raise ValueError(_("Port %s/%s is not defined") % (proto, port))
|
||||
+ raise ValueError(_("Port {proto}/{port} is not defined").format(proto=proto, port=port))
|
||||
|
||||
(rc, p) = semanage_port_query(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not query port %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not query port {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
con = semanage_port_get_con(p)
|
||||
|
||||
@@ -1195,7 +1195,7 @@ class portRecords(semanageRecords):
|
||||
|
||||
rc = semanage_port_modify_local(self.sh, k, p)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not modify port %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not modify port {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
semanage_port_key_free(k)
|
||||
semanage_port_free(p)
|
||||
@@ -1241,19 +1241,19 @@ class portRecords(semanageRecords):
|
||||
(k, proto_d, low, high) = self.__genkey(port, proto)
|
||||
(rc, exists) = semanage_port_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
||||
+ raise ValueError(_("Could not check if port {proto}/{port} is defined").format(proto=proto, port=port))
|
||||
if not exists:
|
||||
- raise ValueError(_("Port %s/%s is not defined") % (proto, port))
|
||||
+ raise ValueError(_("Port {proto}/{port} is not defined").format(proto=proto, port=port))
|
||||
|
||||
(rc, exists) = semanage_port_exists_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if port %s/%s is defined") % (proto, port))
|
||||
+ raise ValueError(_("Could not check if port {proto}/{port} is defined").format(proto=proto, port=port))
|
||||
if not exists:
|
||||
- raise ValueError(_("Port %s/%s is defined in policy, cannot be deleted") % (proto, port))
|
||||
+ raise ValueError(_("Port {proto}/{port} is defined in policy, cannot be deleted").format(proto=proto, port=port))
|
||||
|
||||
rc = semanage_port_del_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not delete port %s/%s") % (proto, port))
|
||||
+ raise ValueError(_("Could not delete port {proto}/{port}").format(proto=proto, port=port))
|
||||
|
||||
semanage_port_key_free(k)
|
||||
|
||||
@@ -1362,7 +1362,7 @@ class ibpkeyRecords(semanageRecords):
|
||||
|
||||
(rc, k) = semanage_ibpkey_key_create(self.sh, subnet_prefix, low, high)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create a key for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not create a key for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
return (k, subnet_prefix, low, high)
|
||||
|
||||
def __add(self, pkey, subnet_prefix, serange, type):
|
||||
@@ -1384,44 +1384,44 @@ class ibpkeyRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_ibpkey_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibpkey %s/%s is defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not check if ibpkey {subnet_prefix}/{pkey} is defined").formnat(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
if exists:
|
||||
- raise ValueError(_("ibpkey %s/%s already defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("ibpkey {subnet_prefix}/{pkey} already defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
(rc, p) = semanage_ibpkey_create(self.sh)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create ibpkey for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not create ibpkey for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
semanage_ibpkey_set_subnet_prefix(self.sh, p, subnet_prefix)
|
||||
semanage_ibpkey_set_range(p, low, high)
|
||||
(rc, con) = semanage_context_create(self.sh)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create context for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not create context for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
rc = semanage_context_set_user(self.sh, con, "system_u")
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set user in ibpkey context for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not set user in ibpkey context for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
rc = semanage_context_set_role(self.sh, con, "object_r")
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set role in ibpkey context for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not set role in ibpkey context for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
rc = semanage_context_set_type(self.sh, con, type)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set type in ibpkey context for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not set type in ibpkey context for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
if (is_mls_enabled == 1) and (serange != ""):
|
||||
rc = semanage_context_set_mls(self.sh, con, serange)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set mls fields in ibpkey context for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not set mls fields in ibpkey context for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
rc = semanage_ibpkey_set_con(self.sh, p, con)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set ibpkey context for %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not set ibpkey context for {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
rc = semanage_ibpkey_modify_local(self.sh, k, p)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not add ibpkey %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not add ibpkey {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
semanage_context_free(con)
|
||||
semanage_ibpkey_key_free(k)
|
||||
@@ -1448,13 +1448,13 @@ class ibpkeyRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_ibpkey_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibpkey %s/%s is defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not check if ibpkey {subnet_prefix}/{pkey} is defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
if not exists:
|
||||
- raise ValueError(_("ibpkey %s/%s is not defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("ibpkey {subnet_prefix}/{pkey} is not defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
(rc, p) = semanage_ibpkey_query(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not query ibpkey %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not query ibpkey {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
con = semanage_ibpkey_get_con(p)
|
||||
|
||||
@@ -1465,7 +1465,7 @@ class ibpkeyRecords(semanageRecords):
|
||||
|
||||
rc = semanage_ibpkey_modify_local(self.sh, k, p)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not modify ibpkey %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not modify ibpkey {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
semanage_ibpkey_key_free(k)
|
||||
semanage_ibpkey_free(p)
|
||||
@@ -1502,19 +1502,19 @@ class ibpkeyRecords(semanageRecords):
|
||||
(k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix)
|
||||
(rc, exists) = semanage_ibpkey_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibpkey %s/%s is defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not check if ibpkey {subnet_prefix}/{pkey} is defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
if not exists:
|
||||
- raise ValueError(_("ibpkey %s/%s is not defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("ibpkey {subnet_prefix}/{pkey} is not defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
(rc, exists) = semanage_ibpkey_exists_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibpkey %s/%s is defined") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not check if ibpkey {subnet_prefix}/{pkey} is defined").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
if not exists:
|
||||
- raise ValueError(_("ibpkey %s/%s is defined in policy, cannot be deleted") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("ibpkey {subnet_prefix}/{pkey} is defined in policy, cannot be deleted").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
rc = semanage_ibpkey_del_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not delete ibpkey %s/%s") % (subnet_prefix, pkey))
|
||||
+ raise ValueError(_("Could not delete ibpkey {subnet_prefix}/{pkey}").format(subnet_prefix=subnet_prefix, pkey=pkey))
|
||||
|
||||
semanage_ibpkey_key_free(k)
|
||||
|
||||
@@ -1617,7 +1617,7 @@ class ibendportRecords(semanageRecords):
|
||||
|
||||
(rc, k) = semanage_ibendport_key_create(self.sh, ibdev_name, port)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create a key for ibendport %s/%s") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not create a key for ibendport {ibdev_name}/{ibendport}").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
return (k, ibdev_name, port)
|
||||
|
||||
def __add(self, ibendport, ibdev_name, serange, type):
|
||||
@@ -1638,44 +1638,44 @@ class ibendportRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_ibendport_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibendport %s/%s is defined") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not check if ibendport {ibdev_name}/{port} is defined").format(ibdev_name=ibdev_name, port=port))
|
||||
if exists:
|
||||
- raise ValueError(_("ibendport %s/%s already defined") % (ibdev_name, port))
|
||||
+ raise ValueError(_("ibendport {ibdev_name}/{port} already defined").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
(rc, p) = semanage_ibendport_create(self.sh)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create ibendport for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not create ibendport for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
semanage_ibendport_set_ibdev_name(self.sh, p, ibdev_name)
|
||||
semanage_ibendport_set_port(p, port)
|
||||
(rc, con) = semanage_context_create(self.sh)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create context for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not create context for {ibendport}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
rc = semanage_context_set_user(self.sh, con, "system_u")
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set user in ibendport context for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not set user in ibendport context for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
rc = semanage_context_set_role(self.sh, con, "object_r")
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set role in ibendport context for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not set role in ibendport context for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
rc = semanage_context_set_type(self.sh, con, type)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set type in ibendport context for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not set type in ibendport context for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
if (is_mls_enabled == 1) and (serange != ""):
|
||||
rc = semanage_context_set_mls(self.sh, con, serange)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set mls fields in ibendport context for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not set mls fields in ibendport context for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
rc = semanage_ibendport_set_con(self.sh, p, con)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not set ibendport context for %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not set ibendport context for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
rc = semanage_ibendport_modify_local(self.sh, k, p)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not add ibendport %s/%s") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not add ibendport {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
semanage_context_free(con)
|
||||
semanage_ibendport_key_free(k)
|
||||
@@ -1702,13 +1702,13 @@ class ibendportRecords(semanageRecords):
|
||||
|
||||
(rc, exists) = semanage_ibendport_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibendport %s/%s is defined") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not check if ibendport {ibdev_name}/{ibendport} is defined").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
if not exists:
|
||||
- raise ValueError(_("ibendport %s/%s is not defined") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("ibendport {ibdev_name}/{ibendport} is not defined").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
|
||||
(rc, p) = semanage_ibendport_query(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not query ibendport %s/%s") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not query ibendport {ibdev_name}/{ibendport}").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
|
||||
con = semanage_ibendport_get_con(p)
|
||||
|
||||
@@ -1719,7 +1719,7 @@ class ibendportRecords(semanageRecords):
|
||||
|
||||
rc = semanage_ibendport_modify_local(self.sh, k, p)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not modify ibendport %s/%s") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not modify ibendport {ibdev_name}/{ibendport}").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
|
||||
semanage_ibendport_key_free(k)
|
||||
semanage_ibendport_free(p)
|
||||
@@ -1741,11 +1741,11 @@ class ibendportRecords(semanageRecords):
|
||||
port = semanage_ibendport_get_port(ibendport)
|
||||
(k, ibdev_name, port) = self.__genkey(str(port), ibdev_name)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not create a key for %s/%d") % (ibdevname, port))
|
||||
+ raise ValueError(_("Could not create a key for {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
|
||||
rc = semanage_ibendport_del_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not delete the ibendport %s/%d") % (ibdev_name, port))
|
||||
+ raise ValueError(_("Could not delete the ibendport {ibdev_name}/{port}").format(ibdev_name=ibdev_name, port=port))
|
||||
semanage_ibendport_key_free(k)
|
||||
|
||||
self.commit()
|
||||
@@ -1754,19 +1754,19 @@ class ibendportRecords(semanageRecords):
|
||||
(k, ibdev_name, port) = self.__genkey(ibendport, ibdev_name)
|
||||
(rc, exists) = semanage_ibendport_exists(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibendport %s/%s is defined") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not check if ibendport {ibdev_name}/{ibendport} is defined").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
if not exists:
|
||||
- raise ValueError(_("ibendport %s/%s is not defined") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("ibendport {ibdev_name}/{ibendport} is not defined").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
|
||||
(rc, exists) = semanage_ibendport_exists_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not check if ibendport %s/%s is defined") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not check if ibendport {ibdev_name}/{ibendport} is defined").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
if not exists:
|
||||
- raise ValueError(_("ibendport %s/%s is defined in policy, cannot be deleted") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("ibendport {ibdev_name}/{ibendport} is defined in policy, cannot be deleted").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
|
||||
rc = semanage_ibendport_del_local(self.sh, k)
|
||||
if rc < 0:
|
||||
- raise ValueError(_("Could not delete ibendport %s/%s") % (ibdev_name, ibendport))
|
||||
+ raise ValueError(_("Could not delete ibendport {ibdev_name}/{ibendport}").format(ibdev_name=ibdev_name, ibendport=ibendport))
|
||||
|
||||
semanage_ibendport_key_free(k)
|
||||
|
||||
@@ -2765,7 +2765,7 @@ class booleanRecords(semanageRecords):
|
||||
try:
|
||||
boolname, val = b.split("=")
|
||||
except ValueError:
|
||||
- raise ValueError(_("Bad format %s: Record %s" % (name, b)))
|
||||
+ raise ValueError(_("Bad format {filename}: Record {record}").format(filename=name, record=b))
|
||||
self.__mod(boolname.strip(), val.strip())
|
||||
fd.close()
|
||||
else:
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,148 +0,0 @@
|
||||
From 9001fe7d0d4007b5dac28422f46a9a605efefc0a Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||
Date: Wed, 17 May 2023 12:18:54 +0200
|
||||
Subject: [PATCH] python: Drop hard formating from localized strings
|
||||
Content-type: text/plain
|
||||
|
||||
It confuses translators and new lines are dropped by parser module anyway.
|
||||
|
||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
python/audit2allow/audit2allow | 14 ++++++--
|
||||
python/semanage/semanage | 60 +++++++++++++---------------------
|
||||
2 files changed, 34 insertions(+), 40 deletions(-)
|
||||
|
||||
diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow
|
||||
index 5587a2dbb006..35b0b151ac86 100644
|
||||
--- a/python/audit2allow/audit2allow
|
||||
+++ b/python/audit2allow/audit2allow
|
||||
@@ -234,9 +234,17 @@ class AuditToPolicy:
|
||||
print(e)
|
||||
sys.exit(1)
|
||||
|
||||
- sys.stdout.write(_("******************** IMPORTANT ***********************\n"))
|
||||
- sys.stdout.write((_("To make this policy package active, execute:" +
|
||||
- "\n\nsemodule -i %s\n\n") % packagename))
|
||||
+ sys.stdout.write(
|
||||
+"""******************** {important} ***********************
|
||||
+{text}
|
||||
+
|
||||
+semodule -i {packagename}
|
||||
+
|
||||
+""".format(
|
||||
+ important=_("IMPORTANT"),
|
||||
+ text=_("To make this policy package active, execute:"),
|
||||
+ packagename=packagename
|
||||
+))
|
||||
|
||||
def __output_audit2why(self):
|
||||
import selinux
|
||||
diff --git a/python/semanage/semanage b/python/semanage/semanage
|
||||
index e0bd98a95c77..4fdb490f7df4 100644
|
||||
--- a/python/semanage/semanage
|
||||
+++ b/python/semanage/semanage
|
||||
@@ -238,30 +238,22 @@ def parser_add_level(parser, name):
|
||||
|
||||
|
||||
def parser_add_range(parser, name):
|
||||
- parser.add_argument('-r', '--range', default='',
|
||||
- help=_('''
|
||||
-MLS/MCS Security Range (MLS/MCS Systems only)
|
||||
-SELinux Range for SELinux login mapping
|
||||
-defaults to the SELinux user record range.
|
||||
-SELinux Range for SELinux user defaults to s0.
|
||||
-'''))
|
||||
+ parser.add_argument('-r', '--range', default='', help=_(
|
||||
+ "MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. \
|
||||
+SELinux Range for SELinux user defaults to s0."
|
||||
+ ))
|
||||
|
||||
|
||||
def parser_add_proto(parser, name):
|
||||
- parser.add_argument('-p', '--proto', help=_('''
|
||||
- Protocol for the specified port (tcp|udp|dccp|sctp) or internet protocol
|
||||
- version for the specified node (ipv4|ipv6).
|
||||
-'''))
|
||||
+ parser.add_argument('-p', '--proto', help=_(
|
||||
+ "Protocol for the specified port (tcp|udp|dccp|sctp) or internet protocol version for the specified node (ipv4|ipv6)."
|
||||
+ ))
|
||||
|
||||
def parser_add_subnet_prefix(parser, name):
|
||||
- parser.add_argument('-x', '--subnet_prefix', help=_('''
|
||||
- Subnet prefix for the specified infiniband ibpkey.
|
||||
-'''))
|
||||
+ parser.add_argument('-x', '--subnet_prefix', help=_('Subnet prefix for the specified infiniband ibpkey.'))
|
||||
|
||||
def parser_add_ibdev_name(parser, name):
|
||||
- parser.add_argument('-z', '--ibdev_name', help=_('''
|
||||
- Name for the specified infiniband end port.
|
||||
-'''))
|
||||
+ parser.add_argument('-z', '--ibdev_name', help=_("Name for the specified infiniband end port."))
|
||||
|
||||
def parser_add_modify(parser, name):
|
||||
parser.add_argument('-m', '--modify', dest='action', action='store_const', const='modify', help=_("Modify a record of the %s object type") % name)
|
||||
@@ -348,15 +340,6 @@ def handleFcontext(args):
|
||||
|
||||
|
||||
def setupFcontextParser(subparsers):
|
||||
- ftype_help = '''
|
||||
-File Type. This is used with fcontext. Requires a file type
|
||||
-as shown in the mode field by ls, e.g. use d to match only
|
||||
-directories or f to match only regular files. The following
|
||||
-file type options can be passed:
|
||||
-f (regular file),d (directory),c (character device),
|
||||
-b (block device),s (socket),l (symbolic link),p (named pipe)
|
||||
-If you do not specify a file type, the file type will default to "all files".
|
||||
-'''
|
||||
generate_usage = generate_custom_usage(usage_fcontext, usage_fcontext_dict)
|
||||
fcontextParser = subparsers.add_parser('fcontext', usage=generate_usage, help=_("Manage file context mapping definitions"))
|
||||
parser_add_locallist(fcontextParser, "fcontext")
|
||||
@@ -372,11 +355,16 @@ If you do not specify a file type, the file type will default to "all files".
|
||||
parser_add_extract(fcontext_action, "fcontext")
|
||||
parser_add_deleteall(fcontext_action, "fcontext")
|
||||
|
||||
- fcontextParser.add_argument('-e', '--equal', help=_('''Substitute target path with sourcepath when generating default
|
||||
- label. This is used with fcontext. Requires source and target
|
||||
- path arguments. The context labeling for the target subtree is
|
||||
- made equivalent to that defined for the source.'''))
|
||||
- fcontextParser.add_argument('-f', '--ftype', default="", choices=["a", "f", "d", "c", "b", "s", "l", "p"], help=_(ftype_help))
|
||||
+ fcontextParser.add_argument('-e', '--equal', help=_(
|
||||
+ 'Substitute target path with sourcepath when generating default label. This is used with fcontext. Requires source and target \
|
||||
+path arguments. The context labeling for the target subtree is made equivalent to that defined for the source.'
|
||||
+ ))
|
||||
+ fcontextParser.add_argument('-f', '--ftype', default="", choices=["a", "f", "d", "c", "b", "s", "l", "p"], help=_(
|
||||
+ 'File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use d to match only \
|
||||
+directories or f to match only regular files. The following file type options can be passed: f (regular file), d (directory), \
|
||||
+c (character device), b (block device), s (socket), l (symbolic link), p (named pipe). \
|
||||
+If you do not specify a file type, the file type will default to "all files".'
|
||||
+ ))
|
||||
parser_add_seuser(fcontextParser, "fcontext")
|
||||
parser_add_type(fcontextParser, "fcontext")
|
||||
parser_add_range(fcontextParser, "fcontext")
|
||||
@@ -426,9 +414,7 @@ def setupUserParser(subparsers):
|
||||
parser_add_range(userParser, "user")
|
||||
userParser.add_argument('-R', '--roles', default=[],
|
||||
action=CheckRole,
|
||||
- help=_('''
|
||||
-SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times.
|
||||
-'''))
|
||||
+ help=_("SELinux Roles. You must enclose multiple roles within quotes, separate by spaces. Or specify -R multiple times."))
|
||||
userParser.add_argument('-P', '--prefix', default="user", help=argparse.SUPPRESS)
|
||||
userParser.add_argument('selinux_name', nargs='?', default=None, help=_('selinux_name'))
|
||||
userParser.set_defaults(func=handleUser)
|
||||
@@ -901,9 +887,9 @@ def setupImportParser(subparsers):
|
||||
def createCommandParser():
|
||||
commandParser = seParser(prog='semanage',
|
||||
formatter_class=argparse.ArgumentDefaultsHelpFormatter,
|
||||
- description='''semanage is used to configure certain elements
|
||||
- of SELinux policy with-out requiring modification
|
||||
- to or recompilation from policy source.''')
|
||||
+ description=_(
|
||||
+ "semanage is used to configure certain elements of SELinux policy with-out requiring modification or recompilation from policy source."
|
||||
+ ))
|
||||
|
||||
#To add a new subcommand define the parser for it in a function above and call it here.
|
||||
subparsers = commandParser.add_subparsers(dest='subcommand')
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,32 +0,0 @@
|
||||
From 0387db55278c10e04a7a507d2e1a6d028d5de0bf Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||
Date: Wed, 17 May 2023 13:09:58 +0200
|
||||
Subject: [PATCH] semanage: Drop unnecessary import from seobject
|
||||
Content-type: text/plain
|
||||
|
||||
sepolgen.module is not used for permissive domains
|
||||
|
||||
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||
---
|
||||
python/semanage/seobject.py | 5 -----
|
||||
1 file changed, 5 deletions(-)
|
||||
|
||||
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
|
||||
index 2b1eb44ce8a3..361205d11c10 100644
|
||||
--- a/python/semanage/seobject.py
|
||||
+++ b/python/semanage/seobject.py
|
||||
@@ -504,11 +504,6 @@ class permissiveRecords(semanageRecords):
|
||||
print(t)
|
||||
|
||||
def add(self, type):
|
||||
- try:
|
||||
- import sepolgen.module as module
|
||||
- except ImportError:
|
||||
- raise ValueError(_("The sepolgen python module is required to setup permissive domains.\nIn some distributions it is included in the policycoreutils-devel package.\n# yum install policycoreutils-devel\nOr similar for your distro."))
|
||||
-
|
||||
name = "permissive_%s" % type
|
||||
modtxt = "(typepermissive %s)" % type
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,321 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBE97JQcBEAC/aeBxbuToAJokMiVxtMVFoUMgCbcVQDB21YhMq4i5a/HDzFno
|
||||
qVPhQjGViGTKXQYR7SnT8CCfC3ggG7hqU0oaWKN3D003V6e/ivTJwMKrQRFqf5/A
|
||||
vN7ELulXFxEt/ZjYmvTukpW5Li2AU7JBD0aO243Ld9jYdZOZn2zdfA8IpnE9Bmm3
|
||||
K/LO1Xb2F9ujF9faI5/IlJvdUFk3uiCKTSvM8kGwOmAwBI921Z5x/CYvy5kKEazU
|
||||
lUxMqECl+Tu2YS6NDhWYNkifAIZ7lsUvGjW3/wfh7AvmAQyt/CxOXu9LL2nGzFhw
|
||||
CIS4jVIxy5bDswNfHcaMX7B5WEyqTPtjzPAEMiLL4yHJZrHDPd26QHSaqtilVA4K
|
||||
AeTYbME8iZIdacquFEq02PO9qAM21O48OknCTSolF7z6nBkk6l26W3EL+Gz5I2Et
|
||||
3S9pab3FMjiiKVavM6UA5D0DQkNxxDn9blDXZyhX4HFrk+NnoETcGYFymPbbijgi
|
||||
kFC4339/Z1aK31aJLkxiana5mqLthD4jCeg3B8Cp5IurqPr8QEh3FH8ZZhtdx2fX
|
||||
TXHTmGQF/lXG4tg1eH5cb6wWGU93wD+5mf6czJlUZTY+kdevKtZCQnA0/2ENCOFW
|
||||
Jdm/oMTUw6ozPd474ctzWKeO78e8yMvZst/Zp3Gq6SD9kcoPgiuMQ+BOkwARAQAB
|
||||
tCRQZXRyIExhdXRyYmFjaCA8cGxhdXRyYmFAcmVkaGF0LmNvbT6JAjgEEwECACIF
|
||||
Ak97JQcCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGOorUuYLENzy1MP
|
||||
/2c4fH8eXWbqoot/vLE+hJ14k0leYOQhVSo4lNlxRlbKNd5MQSX/QjkQgJNECbB3
|
||||
LM0KxE/zwVOZ+umvmxLxNskOxjubE6NzoF7Sm9ydoqjwzenIpR9BVtg71mfjBOoL
|
||||
PNrst7tHRE5btSnnnOS9ddt/y9JOIvQpkjtBTI2TfVcp2b4Domg7i4qU/hJ7hu45
|
||||
5oAi6rPPkr0pcGiDKTqi46l7+9orsj9Mxs1XTmrTMMB/eV6PCU7Fo4WJNXS8SXd3
|
||||
sEVxXvpyYjUTTnDuewjT1q8NL7anrsckS16WYSVGKzRhqtP1Vudt1F/D5cWKVqQp
|
||||
vQl/XW/uQS2IsgEWsbRmIAEZIUOy4TnuF494C/A+1BbJBdUr4Nl9zPH2bjrJeqYk
|
||||
TsvGQr1icgO4pUg5oC456htkqCxCuPRqqrGDAZBx54TldgPwvCo31+aPQJlOlWvI
|
||||
uWD/depp0De3oTK9FDnHh3swE0vyn4Ht96+vM+KNnDYgJ1FEaw1efYePFACobvEB
|
||||
o2ZpLbnDyqAT4MzfHpHSbwzUOk52ZOnkl/KrUIOxhXtf4dxRS6J70Rzb+HWS3rY/
|
||||
LgaMO5Q0BJfbvknguKmE8dO8jx0pTlVER9ujqp+bVPXmFMha1j8vyGhJ3eLJZaRL
|
||||
k3jgfRjiUUb4lNp+hXpvBwIYeFWl5kFVKg2aPywgnnFWiEYEExECAAYFAlBq4WgA
|
||||
CgkQ4J/vJdlkhKxmjQCfevlawFaGTx58nDFN+4j/2U6uaGcAn2g1sZcTUrEEYHdL
|
||||
byAyw1GNLksOiF4EEBEIAAYFAk99mCMACgkQ/2iSBAM3HxDivAD+Lu8U54iGgL5+
|
||||
h9KpeV+ZlHgIpj4cD+BVL85L6AQ3GP0A/1TwZ1tS6Ag3ut2G6AL2wewR3v9Mgu68
|
||||
E0M5esz5of4oiQEcBBMBAgAGBQJPh9ZuAAoJEBliWhMliBCHMSUH/30V/E930OTT
|
||||
oWeq+QKkTJuMF0lrA5NaAy+xWtrynMKoiAuM0KFNGPfrPehkoxR4D+MKXH+xh0j2
|
||||
bHl6fXOHJCKZLhCtsC/o8j7kkjIJjixBlwYMul21rxecke7Zt4XpxHARJx4208Lk
|
||||
ztpzOd7ZnDP6KYav3itpxK8Eyj4g8N2omoTQ2Dcd+sCa0jgRkyskpPxdt0fK0D04
|
||||
XW7b1LZkxwzwrAGSpjAZVzpKBXANcSmUQDAaIhGvYSKoiwVe2eaE5lUmvAaJQaTr
|
||||
Ud/LCIwFofTLSaBRX8fEOe+UwvW36VtynPyETyROeTMp//Cm5e2CQVPoDv79soyi
|
||||
E/oUW9DFDhCJARwEEwECAAYFAk+Oe6EACgkQlGXZM5TcxIlIRwf/VjfbN3eVf648
|
||||
vXvDctsXfucl37i6Yue2COJiGYuZOrN7wYxVvH2to8P3V53YV9OqDpJl2NXUro1V
|
||||
iUjFHuIKp23VbtyBAYsrLeTMmHLjnXlaUPSr6JUDHUQhCF34BTk17e9y7tXlEshF
|
||||
YVyPlGum7JhyarHB2rRdjQk8kyTqmQ4yHjw/nP/HlvVxdgb+mTmudTPVBafOT1R9
|
||||
MJ/SN2x4bclT4cQ0hjNEy/TsFzVduQj8yNOMFG9r6p1Vb+u1wn3BTANIh55R9aDh
|
||||
3JFFIV/jBTkxukxR5iyGQiR53nl0e0qnQFxpfhFGclh0RktjrHZ3DBAzcuYXp540
|
||||
Vu9aq9QuPIkCHAQQAQIABgUCT4bdRgAKCRDCPZG7HYJE34FtEACfqPwWSItk1lNX
|
||||
E0HOM1YuHXFfMGURF1AotskJatwtjGy9oDUQkjfsPROnWjgH9s0xD2UmlTrjJfWi
|
||||
BdH0kTLiExVUOmvnM9VFMRhYxQZMwiHecm4FZ5IWUz4e05oGCkHFbMswXEoEG+qq
|
||||
btOfLNpX67yy/JM6We+8PiXV/c2vaErpH5S8YChb5wD9lEWNM2aPBOUmbzONM1/f
|
||||
EFd8AF6fUVYN7htuyG1n5zTv+oowmO2c0terJRGmMgVuLugIEnKKhaQ+H1K6bdZJ
|
||||
7mX4xxx5izEyYeYhi9DhBHSwCLhWR+Yilqkc5U0nrF+3Z+Cb9THHppi071OIQ7pX
|
||||
rGsQSpDzGRXCw0nKEBm0Li13re8cOoHMlPD0RHWZEIRZGSYX1YKBtVuv4kpSq8GN
|
||||
85lZSDKGRNtbJBS7Qj4vyOlOrBO1eyyd4lepQCe2Ri3gU97rek52tOM+fAIibz7V
|
||||
b4a0qbbphrz6PVMbDGiBxM92+YpdDyZGyL7wJ4g6DhRRcEUQahlZ1n7y+YQ60ETs
|
||||
zt7+kD08Zi2BoJpiMHsFfoas2pot7VePFxGutwvq0p+OHSVlwkLgOaORPHumLA8u
|
||||
J3BGlJTHsErUB2EEgdc/Tv1vsZzEI3Zi+hqw1gcbke21Ii8aDfshbeKW9hYJAhnW
|
||||
m8VdF3n80UX5Eg56iybrLCjEyiAEYYkCHAQQAQIABgUCT7yYRAAKCRBOBfZjp6Qb
|
||||
nnyTD/4gVbq8H5ka7fVdSAnX65/kFn5xkqGzbpCkjcqe/5uI2CvdYtjeQ4K6sm7I
|
||||
5RLoyu/EE/JPbCRHiucsEak42WAZSRte/Wn2yTQpIb0mQ0wXJvuM+Hx7DSx2R12P
|
||||
9rIZ4mGo/rEtdG7Y9Vog9M/XGx7w5IqSw2DF2yiYQJXsOzHjphfYB8JfoqjW/73k
|
||||
n4E2IRJtCuWhfiJZJ+GEGceSBIredH3o01ThtbAeh/gzPRF3FU1361zyA1sXtmGe
|
||||
qwnhNL1spHRlpub3cvAXQ8RSYrNdiFZB5zohNt+iL+qzVWaUJo+vYZal1Co5/roI
|
||||
HN5nJef8kp1ngaYKvf1hIVvsdQsilVQIXKFWMd47aU6W8gPr1W2+U4yw+q+OXari
|
||||
eo7gpH7/OvMSe/3wOhGVD8KJrMwAVnr3M4wo2CM6zlwxPGdltQI+IxDD8NTGTmNT
|
||||
rRARYRQaFQyqd1SrVt4sSkeoegrpOG4oWXya/v4SeXHD4vt8vvvX3A4szB73a355
|
||||
IfbyRXDER3EfFfW5c+BnR3bxhfATTE6T0AKz1Gq30Xm2ycTGYCAZ2yBKewaegTpx
|
||||
3O/E6APTXUnVWTIPQay8T4iVUiLFs7W1UFMY/RvmIvKKFIQWcm5O0L+27PJK+YSx
|
||||
Uoo1Ivt1pclTuetbRbN8VnR3K9Pp5uZ4KLz6ZkffmJg2sOSu74kCHAQSAQgABgUC
|
||||
WWMlagAKCRAyfirUINN1OOtFD/4jW0ZMGigpruCnvY0nr47rA12X6dJ6+KIBE+XB
|
||||
QxuaQRjM5u44geksDwrqZ0nXrNvsa4SVwAhKVOrgMJVdzvUa1m2yeNCFHOTjln6Q
|
||||
GjZ5f3a6aj6n/X5tlPptdklUr9ucEwXVd5fFMpWAiwaqZt38I2u0Pi+/qHDt0kLy
|
||||
RSukmRPzRuS/kO1ugGO4aoO+sanVDl2Pq6LIwubL1Unk2HUerg8VCAyQrxYtZtHc
|
||||
coyhmBTlAb+EmZnUVbQZ3Uy3eA89OuNTBhJWCk8vqROFm257MiH6gvG/V8CTrJfz
|
||||
lpE+s9E6kxXhXpQWZUwtwWObq7vrJVkJhRwBsO9N2erxe+biBauFErYQPw3bg6xL
|
||||
1BJLxDWnKUlMWs5o+h7lyjp+1B/gbnnlrUIlpW8IKVZRHwRUPGRN07SbbEO1lDk5
|
||||
uJDMk+r2KrOUNVYCEp794P014xodkLvB8X7ml6tcABE4V9d4uVDX3SsktOLMvtWg
|
||||
nL6xWMoBYiVOXi3Rsm8vESBOb8JFQL/ItciUyAioM4Zjq5eqotVq90HMBO9kqcjC
|
||||
YsYEs6RACRmyE+TNmzGoucIPTwPEi5Ib4gj+LG6iPOBprk5DSjD7F0/wnQPoq8PY
|
||||
HIufb4+PgOXKf/ROQXDRLeD6eZBtPcDUJOgW19m7QcXZ8fvo6B91COe9jTF/H/i3
|
||||
A7NjR4kCHAQTAQgABgUCUQZ8hwAKCRDZsFd72T6Y/MoUD/9xxmXbPL2Zto6qECXs
|
||||
Q1GFuydiYlURxDsVUiuc1tSgEoDb8XcXl37l/IKX1QmcpvHMPzeT0g8sNwIXSnL6
|
||||
BNCnFcfrd0tEz8uBPxVnzMiGwaHP1kB6Vs6sNV31+CJcTz8BHHbOdXZnhHqXSb02
|
||||
SonqAYeWVSlE08Ejvq0HIWRn6NIGdGqv6icBExryJjS3ZChRFpvgAJwsVO5f6BKH
|
||||
oZnEn79uQR4XPHwuxRbm4hf6iYEbOhE7Hod6kTzS9vYIhyuTFTz5Kz/YxlMoZX/j
|
||||
TIYsX0nZ3r+Tshur8iUXJhKvvXVlGyrGO2HXfEuIpJqEx4/qM9jUNP0EE7aPzZ6f
|
||||
BP7Xq49Dx9lnZuSQ1jeXxEEpO+AND2xmnjCHr3EfgYZrrhCSxMQhvJh7wypkzu30
|
||||
D41BHPOPSotmM7WLceHWmYui0Wuq9X2hom5jq11XwACEtmNiP/odXjF0ovfK0d8l
|
||||
j/kivgrXAZdN/ONJapVSLkRMS71S6eln+urR9HfswEfM7IPt0cRwN1oNIhXmK14+
|
||||
XBWvvwvalfuxG2UfxD8K0JXMwARlpGlV8lXpuzDV8EcrvLipKpqiQWaJer64kaQb
|
||||
8qHEtT6+JNoGkymohrfeVagxKmPzDWR4v1a9lgZwY1FTRHNVPM0P8LWlN9q0CrYc
|
||||
poBwkhTMV1YJ1OBSrkM9IM2vsokCMwQTAQgAHRYhBGMZHOlBgwmGicq4237xN+yT
|
||||
Ww6vBQJjLRkzAAoJEH7xN+yTWw6vZSYP/36Bt4QhRtIh6HPWbHraFSl4omnuISu6
|
||||
lTHsqhik81nbIUiLZ5e/KN6ONSgD2jfMVQOLiPTQFOoxVZvOjaHmHvMuF7BCbr90
|
||||
Afh1qXW9txuPbVkhtC6hqIMn87b8UHEnt1l5MiafQnPHhoociqaqwfls/iu0nJGu
|
||||
Jf5eVMXpdeWRk+ckGkqP+tXp/0G933jibSdYqwG1Tsw9D98xnGV3a/+zIqRtJflp
|
||||
HPEjHPT6rVKAZxk7gkYSSsv6ONBwZHqwe9W1I+U4t6OPkGo5kNbMPBORB6/7B2Qo
|
||||
LHx3+KYZs1j6glI+F/8IX2+JSFs07saMnsDhE7w5FzmwWV2JcUt42RSf8DVub438
|
||||
jgA/Ht5yPROEJ87de78aD/t/gPq/Gm3bnUz1BW0jxBidjqg1qPOMYjC7n4dH8X0N
|
||||
cRfX6tWOdSXmDBbPg/vQi6CEIhsGVisKlnrgYi1wDZExU6UVMnBNvllUu9PXye+7
|
||||
51cIbrb+fwAWiwmu+AsL0qsjxZYo+9ozOLh9wLUhxOY5MZM82alN/mlUGzEiXN3R
|
||||
i7D3rDrNFHdI4LGGLbO2hjPYrG4hdNHS+6WbU6qYcpBEhrqBtnUjoVqIKP2boBLR
|
||||
ara7hHqVO120s8kgGtf/AoYpggD0H4qqUy4EFNjVdcL5T08w6ldQIYo7CEa1iHFt
|
||||
ML4bsPcJh8lciQIzBBIBCAAdFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAmMsvIwA
|
||||
CgkQVeRaWujKfIqNXA//fjCpyIPPd6RnJhagWH8XCp5NB4cCT+LqAIR5yZfz1QE8
|
||||
Qbzpoobz9ysgXZ5XjLp/lbVffGyg986j0wUtSW1+g3kJcYXBUKjSWoBwwmZgyZky
|
||||
95U+uklY8CdPjSeuzr2I5X/LogHNH1378d9aEmQXBfX1uW5g4Aqgnl0OOgkCVzgs
|
||||
FFOO2o1j6svrrDVG52/mwXhNRm0yYK/hFB8T3PO2IvMQGDGJLHl6N5Kl7P2jtkyF
|
||||
Isi4AEzJeop/2GJYXQ+VkUTSNRKQj8oOS5qe9/0RkF9uqeamoc81n2But8MZN2fv
|
||||
R7ug2EuG2LHp9/pwu5ekohXmY8EtMbVbU7TYKgduK0FMBaK36jXN4Bapakfxr1z5
|
||||
pwdDjN4QiqUefBQlG1CJ6fGrqbdAupzRRDqN974rs5HafnbxioYRYjoo4H0zC8XN
|
||||
UwgmA2wrwIIY/cyNCSnUuT8yVAnroPiFgmMoL8RM7C5pHQYh0u3fXPfvNBswjXmR
|
||||
pJ6mhTqG6SS4qIaPhqoZqA1iyA6+Ua3YLBDT5wqvuqNMnfLtLUvMuridmlj97cRc
|
||||
srQIr022NdpafDQVAiVhZO0CRyFd/++XT35iiDoiv20+LewC0VVza466AE1fkAme
|
||||
rKlurlET8U/+U0JB6IP77ErjMgCzotV8e1DJkp/M37nMeNzazAb//ovsdkNM6P6J
|
||||
AjMEEwEIAB0WIQRFaBEoRJtl+IDGF5c6hKlGtLpirgUCYy3RvAAKCRA6hKlGtLpi
|
||||
rvhHD/99Lvgf+CjbhwC87CoKX84MyAyBlYACCSuySQBnEsVigz8sCVyTYDx52h1h
|
||||
/SEj7XfTylAfIl1CjUedH4w3hk+7IN4scmhf5eeEMvQd8q+Q/hWQcXIUpwgKOcVD
|
||||
NbUgYcbakJAPtilK1CeQvDdBD+aYoMsJTsII/f7FJzwjPM1XGf5EoODUC8BtQf/W
|
||||
KAVoESwwAUwN6Y5XeYSwMqu1s7IHs3yNYLV8C6A7EQPVaVVlORqI+33rKyqAhK5X
|
||||
ErNvAREQPYJMfRnQlIW7alSORwdG0JBgVLgV+jvoFo4a1AQImHDDtKxs2X5BCVG1
|
||||
I687uYDBy5Assl/VxRMIUpx5+zWvXyDZX/6nlL7AMokTlyosgP4iiifBS+5KMhan
|
||||
phMgnDXYIJE10V46Bdw2tjd7wMKey6BcKgfbZSvU5z+SuVnQXCyl3/blRML54I5o
|
||||
EomXPg6lgVxSb6BBnaJXzx4JKgLer5uom1OGsLgPMqEHRoO3bucr2xFdtq1Zegw4
|
||||
9S3qDhQ3bn8pg9JlYwmAAhBd3Xy5cPv01mV6ompOQ38SlMCJzcAGASdMw5scaxUl
|
||||
7MloV2Nl32HIzPjK47bF7aVOFX7Tz+rEFLmJCchqmUSdxi42rJyHKVRqiAlNfZ9S
|
||||
9FeaEfU+vBxOHsLNqVO7ErvrTafT5fjphZqvUTqZGCUiJUjPnYkCMwQTAQgAHRYh
|
||||
BOJeJUyO5NMDVUv1r+xwGh2klMXrBQJjL1NOAAoJEOxwGh2klMXrYaIP/ifHM9eU
|
||||
UT6JD0m6Oa3P3T161NhOvNqr71LDSztClsWo3XX0+ZK3wpjoC6vKqgx0Cc8OL1S2
|
||||
GqwCaxb5JqWpsoqR3NW6bTqTTUGREj/e0JHDeBzv57OEUTe4ea7qzqjhCX6iyzHa
|
||||
qDP9fiAogMQ7uT2oCghDV5yo4JUrG5brw8GkMLEvRSs2BEv7xFAySRaGwNj+oziZ
|
||||
VzL7sBzp1bCr5cwNZVYxoo3VAv6FUcExp1TydxzPVB8/VvxOa4zrht+hFTn6mjUi
|
||||
NHBc7DYECgh4jlDR6TnAdvpg0FsujTXiN6A0obOUl9jGz2uFmdY+2ojlVtzqKXoP
|
||||
+PDz8o2zMrRoQYkni9VyIc536E4OFIhfO6CrThMjJjPNn22Tq+fzRYkWTrlJom9b
|
||||
nOldQ1BdUXQt2QNigdzqjhZTIgF5OEOTERh80dvwIbZ+7vN00BOsuncR5GUBQerU
|
||||
F6+SksVRAaOg2lyoDdxUQ+Z28RU8R/n7VjMV8ctFkQvHHLBqKkpET8LRh0C/jSNh
|
||||
gB8zLPc3Oa4wTf2xZWO58S18esbYMr74vRYrsACbmwxH5Tz+L6Br70Fmcz608+IQ
|
||||
ESKW3657gemZgFud3AGokzKG5AuWykSinydiZbK8MRGLsdfPUojaVIgXFqnWKtkH
|
||||
At9gkD8YbqGYzuVwBnljBNRdTUMk0ClgV6pjuQINBFom2R0BEAC9k1Ky6AIe9sPP
|
||||
xrgsrXRe0dyYcoHufzeU3jFssl3+S4cRuvYCzdZfRfdjfHa4n+CxTaOd7xkefwJg
|
||||
GpaR9KJbu8dqHm61GIiS5ZbMCRU8FAW6ohVeDqEwFrPAzZjtO41OTpeXCrPu5H5A
|
||||
Tg/kDnabzlD2H8JWAqr0DYRRhFtJUihXUey9zK03wSjUi5E1+YHUC/fOpbS+msNN
|
||||
945CeQNBN4Ljap9Q183Fkh0Wm4Q8C0OS1WN8a0XtqSALRCGAZ+EV6UrmQVP9PCC4
|
||||
/J0hoKQPv2bfpBAsrUGAO3Fnsw7804i2TY7O3JA8gGDYX6fwOVJMUXdD7FX7LM2P
|
||||
pESqAdPrjqmPqHT8cPfq27GYgqHv3N4hP9Rjt9wxmHYFbJT0YCHw2ZMiAO/VcvvN
|
||||
miGr590ZFiQEb1MJN1r+h5UDE1CtF6nTieirSXi9oMilHlo2NY5nAItv/T9PKk4X
|
||||
+kaH3UoicMxrkT34tACGwxi4VIRYWL+ZquxE+bwXqAvbGJ0p3XbyREURCaO96J/2
|
||||
w951EvZErpFRQu4zzClmoMiNbwkQ8QdesSaqjMirlHyFI8T9BZrXbPazdVNUwfyR
|
||||
LFil1q/kgXjXeJDoje73UiyGhqhlVOlEbunGzCwEBzrtQdPTDeFQr476/4pe0v4u
|
||||
gdNYkL/gY8Izodn47d1XH68AuRSrzwARAQABiQI2BBgBCgAgFiEE6FPBhIsBhc9C
|
||||
hk3zY6itS5gsQ3MFAlom2R0CGyAACgkQY6itS5gsQ3PQSA/8CZGTxQDbD2oLkGb6
|
||||
tyECIs5A1RsfwJ9aj0R/HuEO39ki8yM88fwi8F5AfzNcmYwp0rxyYDDYM0itObSv
|
||||
A9WBB8YFZ2PKT1YHrwTzWbne+spmQYDRdFt+0Kx0JLvgv7SYvQ1jNdCazixH1SAM
|
||||
9O+Tn5oFybVHjRavWsQYHp1CvXY5kOHOEDHhz37pGwFvyVyFdSYS5PWT0+0XU/g6
|
||||
Uq2HeFCurhUGuDXJ6WA6Ipvmu0vbi8GpyeiWCRoG76sqbBfQ7dd0oDMUHitewWGq
|
||||
LP1Kioke9hu5p9CbkjYwGZjJWZEV6WHxOmICfFcBRPeIJyO8Kfa/vVBfQZj9fhqs
|
||||
3sHSfAGIdKIB3tX0qKhMRdu/QoM14YQ1yK80JTUUOcrKLDt6QJinF1UQ/OcYQqGB
|
||||
CXaRk1OKGFuuij16QudnX56+aYbNPltf7cLs1O7aodQcRxmMSgxSE/2ckthPYBsX
|
||||
PWuDMYZCb3e6JMWsdnCI7iPpoPFAJmId7SWJebXZxntoX6YwZ7Tx58/QMLEqxMfE
|
||||
ExQTAFg8/owvxCG12KaharLr4GpLx0aU39QEJenG1LqGLwiQh9Vxsejw+MkebZJE
|
||||
6zhs7XBpenrd5c9OFOtb/Goxwal/6UXz7a62jZ7wDNpJw9xOfC3/eX/56+6dLVef
|
||||
RFj/LOIu9reM4boTiY2dmGj1QC25Ag0EWibSSgEQAMhQB2Q329FSozPk7V6dYBO+
|
||||
jDBMr1jHWvNMCR/2DkwXfDAKK3haSWSqr51/wua9skFRezQvc9PhgvOIJi1jsxRf
|
||||
xNoM82a2OpYJdj16FG5RVQ/ApojiywNvp1YPJbmq4DfXSuUA6q+OephsFLrx2cPY
|
||||
nyDQaI6mrqTBecET4cdQTZK0nKKUPj3U2bI96zTBIYK8Kr7GMKXm8R1eV8bktwHT
|
||||
HyDjI7hN5EjZViYqZYDQ3jt2vC1Aj6XpFw5K7Sv6f0l91zyjfcu6Llsfo8xtRhAl
|
||||
lub8EBuO6ljJ5uWqDgjqTOkDXcIAUkhUCg8ztweR15zgJQQ/On0XDcHLtyi7zuQd
|
||||
xNaKYKkD3oROTqce+YbNN3qnP4bV0qa0JLlTOrE/0/zmif7Q1zYOidcmMgGeF6Gp
|
||||
pGQkkxY4gSKet8kD8h4AZXGlpFu4e9sue1ENDRmgWaqSzIWudMRZ3z0/s9EGNNiW
|
||||
60nwJ1NBoySeQEmnwMzAHXneRM9pRGQ1S3/CKttq/0eWEH3Y/Td9xi4DNvTXcvgJ
|
||||
uUUwoclWP2PCPg3zE+EQ1q/Kt2oYrT8NcemM9EO8btNzJ/Y1wSDLFAFNikHwYjTM
|
||||
86jWoeGhSM3fD9HJjfqoB41gDKvNIVlhQavhe6df4+AoCo/mGosLYAPFaHHdkmqn
|
||||
eT0Y0BnTRIS9yLcO8CBVABEBAAGJBGwEGAEIACAWIQToU8GEiwGFz0KGTfNjqK1L
|
||||
mCxDcwUCWibSSgIbAgJACRBjqK1LmCxDc8F0IAQZAQgAHRYhBNalthyaVTQWgpLb
|
||||
Z74iCR4+9iJ1BQJaJtJKAAoJEL4iCR4+9iJ1D2AP/1VMC8KOmzPYyiFY+1xHu2rv
|
||||
siB0f80GH1jXwDSM/IKvsH1axCD0hMV5sSi52epCov37czSlR3MpQjo0xK32wJB9
|
||||
26AgbzJYZO48qulDUXUhPWJ9bxiyIcxI/3KEspY1RMoWv8AfYA/qSma1cSdT4IMo
|
||||
SGJzPh3RyrUpeFP5QT02oGa5TuSQPiJwy/b9u+RVOi1SSqzHMJdKzZehGays65Pd
|
||||
jC8Xtf4ipdYRBr6mIyUISOB+FBkY2MttFzNDUBdDrOepyjStQLZ1vUXnYKIiSRHX
|
||||
o3XTW/W8fh72o26zeDbQcALywQMZqnwtrZluzKHZxF07whKmXvw9pUHXX6hbJDvm
|
||||
GVMxnB/F6grPNi/V+Bv75sKOdImgnJBUp1Jz7288SPbNQwrqFKV2ZD3f0PFmolFj
|
||||
Cz/Oc+UUk+swfnsT3pV6LClTThsOH8WlKJYxZLneX75HuVx4CmT+qv6GlFQuixjc
|
||||
H0LtsbbSjAx7J2LRNVtfI+2DfMcIi8KJxe69MAKGqqxDyDPSWeFrs0MHmyD6/6m+
|
||||
GTovgUT5jOZbR6GVKelW054bmby0zQevWnRieANVeFoFsnwclJnqKIRzQiGod1p1
|
||||
b8HhSCw4nOeOQSifaOf3zcnFhYyByDMOtl3/AqGoLp/61u3Bk9h+BP4VPR3RUWzc
|
||||
ggjmxJM0MrLzjaSXSedjzuQQAIq9g35FGpnaB8d/EjufED1TVSOkvNK/qJ+dD4Xz
|
||||
f5RvnbprofMnzfEyy8jJ1Vqc3QZQU3IDQt/Un2ZywX0OboKGAIn/gyfwdkpnxJ0j
|
||||
JoxRBuMplNpfNBw+oe0nFuozO9idFozKM+SWoE051/jvGHp1FqEPLnAAGeSbWB0L
|
||||
RlAsnMjc5u6+SKHeFGRKYg7U0sO7ZKbVIT4ZmRnsQLDakHwbAgfcIakh9Whj0Ou5
|
||||
r78Cs+DcM3XAdtZ04d81jV5TsveR8/Cn473c6dvPIfnA2P4uClTCaCDv+jXG2f9a
|
||||
FIuJhYCO+TdYs7qjAsXWngJUebRFiHbfSuYDw92/eqLdKD1Hoff4MnW5YOtDpp6E
|
||||
sdCDuINeRtUtnidw2vIPezX+xdmycXIq9Fb+GvKrIDsKu0VO8HObVviLa/RE11ds
|
||||
EHYlrarj4mqzS2MhvmU79Bazg9rDDB4WVs502n3uJaf6Sod/+ke1c3ff7AUPox2n
|
||||
pjH/bVmkZJsOq5EqcvlH3m2FZUHSFWS/yTR1rPuJoHBMHVc4OPlTuSqT3qmKL2vb
|
||||
vD1l3D4zHZs1paRLddYXiaex4qPU/0YpP61XU070MmFGYE8Z43TbMPHu/6LYBpw9
|
||||
p5Vj3VZwn2edNl4LGx+05hIABzM23I7JoQ44uPoTbohmYXF/DUGJ6h2LYdp81AVC
|
||||
lSFWuQINBE97JQcBEACpbBqvDl8J65jEhPjOWczcDVB+WfG7GBHB7T6RxSNFIahy
|
||||
mDqzx73zZD6n4NnZogPDPopYdRJ56u5AfF0bDZlgebl8+VEgPHGoay74Gf6k0B+c
|
||||
pEkp5PaWQHHEqXINotVg29hTsf1u0sb+yjgcc+9WHw3MtpChsgk8Rc5N8Xvr1FJc
|
||||
L+xynSvUCcLIwfgvLHYPPBYGIRpvz4ek/zgHvaGftDfnyMwrMbgi8kadrSb7PQgc
|
||||
eWeTL7CQN1B88TPJFqKt/QxMdXaPy+Cr3P4XVy5V3/QEVFUizrtCCqJgxHMAeCP5
|
||||
QxwYEWmA2zxUzGA/t/QUDFbccKt2BdpdKBFtHLliE+yn9FHw98JayjhAJxxeCkrp
|
||||
MED9N2aGHI1q44sbmeLKQ8EuIbCamfq7fqLXgkEy8jgivv2J9YfXejjjEobGLkss
|
||||
Jlxaq9JeQgFEVl6f0jJ0PgkYPd11RxTcVLy4RB417cxc9LHcoKdAtcgBTcZXPPYO
|
||||
L+eM9S7rTvFTna9IdF4bbnJFNjHDMhb/9XomxxBsekpTUXEm2DGoTpO2W/jwWcZY
|
||||
LVrdhikkkF8b88EdWk94fUTcFA90I+Ch0YbS8XGM/WIklrMGa0JpA4OQW5oMhKDn
|
||||
gqAcV7gxRYt6ylBPVh94/AIMz++wmfqBxETFP8HMgTVEApLBLjwru9B/4lRStwAR
|
||||
AQABiQIfBBgBAgAJBQJPeyUHAhsMAAoJEGOorUuYLENzegsQAL6NuhGuzQf2GELc
|
||||
O5J8/BW2yF9sxHWDLrw0Pntq8D35kgGfZLB52tN3DI4NwL0vE931bXC7ovi4kHPS
|
||||
sazv+WPUckYfJ7qskWVD1yDtHsADduwudJpAflfZ4VIvMJqJ7FUw5Fy9ennw/Idp
|
||||
H7LC+ubn6XT6Kh9oKvVmp+BQEOsdisjVw848Thik+gS08WvAjK9m+g7++FFwKy08
|
||||
5iXuuqZpvi94eU1QPvzxzzRZz6M4gQaz+pCq/5yf6I+Hu8G+5nq2foFN+G7FRkx7
|
||||
KJmJ3SAEsG3M23V9MKWON49ZbhTe5xW+1at/TKKoNGzNIYs07jApR2/E4J57yMWj
|
||||
zsAqg77hTDRiV0jhHl0DJw3RHFi3z+SrK+6ie6mrq8WEPj62q9qdM8dFs+y5X3UT
|
||||
x0nxly7GjOxxhi+Nt83PAG2wVFpqmhVLuyPnruvxzyrVFc8Dvx46DiKCzt4PPK/Y
|
||||
+jnVIQ7Jr2Jm2ZCpzZZT5QNJuDp46mKHlNBkvSy3q3+pM6cM8vKSuCFd9+dw3dX/
|
||||
GptLebMrPOvLVDl4Bm9hSmG7rLpJy8U8Ns8pYSS1zaxHM8KqMaPuS/Zlx1SRIj/E
|
||||
afefnHd5fIlmsH9C2O5fb18SFjmD14FCLcVTG7bwh3ZfbGo9sOJSShPxppPW2OoT
|
||||
jwfANmj1cSg/VFr1d4HAEc83jFgumQINBGNZjyYBEACk7biPgvCVldNWq1CwVoJa
|
||||
/Fvc4T49tqxcc/sY4uVlGo6oSi4fQcXE9XKPPBuRLmvpmMWvODQLzPxJMWUfJq6L
|
||||
yYFmX2U9VRTcyITdmJs8itkEaDwq8BtXkeQfUDAVSFy6V6/uvVmNWD7pGXqJE1Gx
|
||||
uV44Ihlh6v2YyqSzDG/rZur771hke8VZmlKMVMs1RSeOBA3nUmvZQ58+uqkhJNYq
|
||||
OeQhxGIxDOHo7QhzTG+SlX+uQq6mzACKygVJJl33toaUwVAX5R02a0u67A5wC0wh
|
||||
AoLSHInc3P7ayivWV/iESAz+gMIkuvJWns/Ak14J7MTGgjD6rle7PNMsPDCCwQSc
|
||||
qA8F0x4OChCixbZGZn6Mr0u8+01VCEe2IjJwVUfFI/G4n1FZ1RAdqjkHfZJeD20L
|
||||
GHSbjJLcnqLLFx3LDpI5dAxo5K2kFvz0VowrB58aHoofW8/g8yZygGQ4Zpw4JnpU
|
||||
maPnMTiD5yvnFzEihM5L9DuaWqSK3sb9qzoaXABYRYI7OmX4B5nmMzFteHHq0tMt
|
||||
aKWf0HkAsCP0BLJcS9Oc1/0I0+gC4oKLRD8a4+kaEpNr6BXvWnj7Y1h0Zr/CZS6+
|
||||
gi34CxWMl2Q34OSqtS37mzzBu+UZxffPR0aV2RXcEpc0c5HW550Thq1NF9EmFOoy
|
||||
eG4J2ox9JRANZXLh/i7mNwARAQABtCVQZXRyIExhdXRyYmFjaCA8bGF1dHJiYWNo
|
||||
QHJlZGhhdC5jb20+iQJXBBMBCABBFiEEuGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZ
|
||||
jyYCGwMFCQPCZwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQvDkF8jUX
|
||||
nPGeAA//ScQ3kJMqI6FRULXo0aF7CpafPXVWdvj+mfQMlZzuGwXXTmM42T0DXnXR
|
||||
BSjstWkmOXP/UqkN7bNeXH/S3D3GCJ2l0qx8Qp6fP0FloJIbemyxNtzl7yvAE7kW
|
||||
vuBuLvUdm23cntv49gAzj+ElDqCxtT6A6qaqM6r7DLUvw+G+r6gkeu1hNQbtRpEK
|
||||
9Dt8tHriQyI410qFRMbi3QxU+iTJ79HXwrXiYpX7V7T+ugiU9lgIiC/hWJCo6SY4
|
||||
knt9E6zhegUWN6zErl2HY8FBM2P9eHOTqToEOAhKeM1fXZvxe3m49fGq/spmRM1R
|
||||
UUl1V9WFEaMiLg/Z2rmbD8LX9YtfYlQCbEwyX2nkIP1QIcr/DEfcmCA2MXCQCgsq
|
||||
I/2XS3BTLPyjuqAYnXxrk+T/Cydcg4W3ZBYI/wT56GH02TQzB/wJsn0cW6EMG46V
|
||||
SDY/mZ2/gwi54G/Pqb2R3ZC9I7wQ6/FFxuu8myI/QVmEiTlvTxBoyOdNlliBQxCk
|
||||
Dczs1rxd/o8Wfjo1vwRHW84jZrCP3xr7xPJWuzsrmPU8kFHTgepGoY+4b/h3jGwl
|
||||
V103RpRUK4JidwHsmYDVk6pgeUH69hf0iVcbFfKiViFTR+DwjbAOxTdsFgsYYn+7
|
||||
hBj2l+pV/uzeA0akL2dkgfJc9pAf6ItRUnGC+RlntZ0Pf2NbwIS5Ag0EY1mPJgEQ
|
||||
AMRQDbNHBQ376nDF8miBZOAV1txpmbHc5D/X63PNapP0P1/I7SfcJU9D3wX8c4vm
|
||||
xkjEYtH23s4lmT1VLsU7PisS3MacRemm9pL2bD53hs9XQEuU9OtJsZn1ZJ+Ynh6i
|
||||
5sfW1bG3OiV/TWgYXW66GwE1hn9PuP8arodUmhEft+64G2u8Xtxr5yqlQJEUThV6
|
||||
280OJrxVbduaMi5C6UNeeGE5wuhfrQ0TNYZiwQ4KYbU3QhlWhHVjJlJ5hCLiktwF
|
||||
DyR24P+wlTIziWA407mo2enQT+mz3bO7Paf4mBionGsJMoADqBThf4B69BxjJ7Yg
|
||||
7oQVIZ7560YIRRmNo4tk5Mhep11OtQgZjZJR6MhWDaUO17w1qScrOPRj6G1IXP1R
|
||||
5NarydJpLyAVb/5WFZ5jxUGMGtq3mYn4nKbbHUg2WzvCJvPctDE6EV2vaiRy5N1f
|
||||
QjsHgSa29F2feh14p4ngFCmHjpdbcdjfv6rWL8tgkSpQlDdeHRRd1q03TKAg/byP
|
||||
auAHKzvV+iWlmw1f6KBWjeTn0fofmk9eeQ+P1j0a3/XTxMOjB34SzqPRWzmLPLF6
|
||||
YmujBK2gymM+JLirJFFzao1i4lgmxqkDhQoNYHXmVYEd7w+/qUYbfKwO9eJOWzuU
|
||||
WajxvJ1Vgv6z4CPy9if0gwfhrx0OOcIpBE/xZU+SwQQpABEBAAGJAjwEGAEIACYW
|
||||
IQS4aChHdk32DfUtmSy8OQXyNRec8QUCY1mPJgIbDAUJA8JnAAAKCRC8OQXyNRec
|
||||
8a+qD/4whGQ9J+td1iLFMpNRAqvuGtTnM6shZJNnC5CB56Cu7ElIpr74sk0R98Ia
|
||||
1pJlBcLALbYSrqwluZaLiRVDPdub6tGSRVssqQdZcKThz33waTru9IfLhCrRSNd0
|
||||
ZMHJaOG1ErU0noWw2d4ifVJK+vvuvMeEyNm4H5pZOYzYeikqVUYzS143cSzMEwtv
|
||||
PSdP5JkTQi4WNF09khH1D+QpJoXEgVEQla7Sr955Zdt3q5OlpYxxw+X62vslZ2OM
|
||||
iKZ14kWVSRbVQ+WdnjtRYS4vivB6ko9QL770jZ131hKhC/BcWpEYSjfPpVua2oKb
|
||||
ccKHXheIFEJ06kGkMeeoQPxmzPRBYIw/E+d5sZp7YXDyBGOAxBeiOaOnZ8vLBzy7
|
||||
2HFng3oB3hkVGTTHq+PsHdSSaRME3QrNpDsaGeSjw62FG3I4zK985GtrXAHEzN/F
|
||||
fd17srl4mcRQ+8QM/a+XbF/8ugjE/RHhhFf8sWVAPutYzVE8lF+uqcduPuq/rTcU
|
||||
BuzSVjnSRfXWqCokjh+ypUpHNUO8fZDzkTLuE5rwMG1xpPueDBTzvoGDQRqc2eoX
|
||||
pJnDBmdlz83zHsoR2gIHcdqyc/hCV+fTvR8E0v9ZG3Jr6RFgWdD008PsGxUevIDg
|
||||
MAYFwasZSTofEnzg49/WeIFU1rGB5HZVlmOJKZnKRuBiTakEP7kCDQRjWY9xARAA
|
||||
rEkjlUH4hoSQAkVJCWWk+nF+daAP5IszrGEQH7TyOVwXbRZndSPFSUqKU2kEgHbM
|
||||
m+wFYoZe95h9tjDh2sLCs338pVu5Chhz3dNseTF7/rbckw2rCU+JbalEiwck7tKL
|
||||
qobvbh77jnrbQnkrZNc+nMeHHLrYyc5gHW6cSn4UlU42MKmTlSeOG4Ly9wXhgaKC
|
||||
heIXNX3U/D682Tffl7Gopcm7pPZF92dwY4nIpCxU2ATimkSyulbhzk2CjZ1JYUJ1
|
||||
LHctMHm9F0LEGtc1GxDShzVZP8dOWpDs9BBwZDLXxCzC4rvZ+z5BJCDFbuNTKZQ5
|
||||
JEoW2sM8yP1LLZGXz44hsab1aPrvB3vcdS5ETP6bqT5267ZiotdhUifU/pTV5ze4
|
||||
7wNuaZenQtGd9olyh2dAqOk2DQrcBQFA0gRp55b4U62hLTYXxT+7jEbSVAxeXDPR
|
||||
qPvqh/4kVn86llYjV6dAoASN1wWz423QH3u4ZK+S6g8HZ0HrY2+NBYgqthb6H/X6
|
||||
FiF5VcHWstkk967g4Xt0PgN/rlCtpXh4WK9sScX/CFdOURsHlb78ZN2LexaYaVBq
|
||||
QuqvfHaAPJaIElXqMheZ8aYrO6Df4yzJ+6eTs3s4PqM6EMir5waFonx5Gh50X4xL
|
||||
9p7IVqgNPhQsU8Z5U5hGYbmUH766GtENv4CI1upFA1cAEQEAAYkCPAQYAQgAJhYh
|
||||
BLhoKEd2TfYN9S2ZLLw5BfI1F5zxBQJjWY9xAhsgBQkDwmcAAAoJELw5BfI1F5zx
|
||||
4cMP+wbjKu2xCr63oyn+lo7NqMDLBYl4zHunYTZhG/egDakVWp5Ikj5/k3i+hVSY
|
||||
fUyUhqQ/b/H096ropB7GA6EzS44GS+hLMdQOJOmEbjvAP/9dJDX2FQnYZzaA2f/e
|
||||
Ikgaw283oOLnmYz0x7YAW/oxlnPn+7Sg7DGGqqn3nKofDUUrowfX0tQGwkGmJJqQ
|
||||
gOH/ZfU4t51UCKzF6hWRbberBI8ezp24vYngA2kGef1fCUC+EIFhoYcdHHCtC1Ti
|
||||
KmOUaeB9ZMiVXkP60fmCLKObwcKTyYpAFPqM05xgsMPFaXN+fQ7YVAGpCdthk53N
|
||||
5Go+QqehwLoJk77CHZxIWJIf43p3UiuH1FsuXF7OdExzIhUSiUum6MoCI8BpVwn9
|
||||
uSKfXKLOdGDR6IJI8jqdC9LYoXqxZtDhpcqD70hFWJwJzZg+U2SvxZyhOqwtKXtD
|
||||
TDtee3yGzPacSAJD7mFURc/DRi62UBMiFcqO1YW/5LgC4yjtzo7MTQPkaGbQLduH
|
||||
IlCKa8pHWPqaLFdMawwqNrTNHWXCD4XxijJYwdAue3NUG/utekNm82mqnbbWw/AX
|
||||
URIzefQsbyqiNYMztudJ9hAS8yCdkfb9SKVIvWYPQ77tHltOZF7K/NzOGeJaJr8l
|
||||
vqZCfXpWmOduTpWaD2kIvU2Kx7gB4jXdMa2ai9N+/Hdr3lLouQINBGNZj8YBEADg
|
||||
Y6HOawiThxQVI+0uvAAU9yisew1SSVO6mAsQtZM7s7BpLA3RGPj3UGojZIeejA+k
|
||||
fq7A+PVLBhz/kSBTtw9/s3o4rlqNzz7SLaix6XKWCpHOBs84n3/LF6u9KMMVk9vT
|
||||
sjKz8iDF9mBR2bmCfLvEk0HDiMyApv5SbOsZMB8k5PWyK8HYPyMI5umEaOsaC3tA
|
||||
eihO3nzAxEf3oZl53J1pIw+ecdrQLbWbH0aqKngfCddD8Q0oMr/Iwly3W49+5eqJ
|
||||
oelR9/dut/dg0a3Nn1wIGYRzC62CCsF5IZwKdyPh7nilEUFpA5Vlz+HfIFch2LfR
|
||||
F3Q/GZD8fKzKxhjDIdgyaWSTsMbityKxX2G/pcjshyMsZT7I3Hx7SwQfFro58s2D
|
||||
FsFLEZgBhJv+nW/HckeedaveXmXdHKjtsa8+rvGADti4wohOl+N5tbpYW3/zR3AY
|
||||
qlh47hG0ikUJ8Tusnu865j3Z5mE+KqS68ypRVBMRrdJl2lGPDCnXGhl2720VPNMC
|
||||
/jB2Mgm/L1mvQM1jPfdC3KgokDAH5NMzKvav6A71aLSUJli3UdkGHkX5d5urs3k3
|
||||
WmCt7XeTb30MBvNzBcSYTbw2UGIRE8G0CFc3wtiWWiQKPeFXYhn0+COCoW/EXpIC
|
||||
VaAuMPMgcsldM13bKGyGo3NngsNEdopNFfr0KKW5XwARAQABiQRyBBgBCAAmFiEE
|
||||
uGgoR3ZN9g31LZksvDkF8jUXnPEFAmNZj8YCGwIFCQPCZwACQAkQvDkF8jUXnPHB
|
||||
dCAEGQEIAB0WIQQb4sD/CJSWIxAv0lZGlYgcJUUI0QUCY1mPxgAKCRBGlYgcJUUI
|
||||
0ZkHD/9TlRvAaZETf+pv4/IceeL3KHwj5lrC/gojXxN0AjhAXljLSRCu0EyICxZy
|
||||
3158h4k0vwjdv8699yHEN97PdF84m81mqxOz+juKBRHFK/EwAAgOdSlzGnUYgNkm
|
||||
mCROFWtjeneNWaFdEnq9MItx1OascPeyxnWMjq7LLYMSESP4tgUV5KdlaVAXR6q/
|
||||
833u27/NodkDcNH2UK+IyT+Kt/uCOoIIL4ttxo/PvZTphzV8n6s0sJJE3/BrRxgv
|
||||
CTkVU6zosyJsyau8/vayQYGPuBuEQVs4Tr+vZ42izbkHgElcZv9oYjJsxaqZqqMz
|
||||
fWPte7m6Pl/pvtmlhPmpZ+ej7y8SRysBV+3aHNXaE1J3sIOmYxighlgZapSjHl/A
|
||||
9N/KXdoLAjIZtBAOQ2ZFyRz/c2+VUqJgwiwdxoaFaYn2eUM+HSTbZfdGXBS/yyZL
|
||||
YsM+L4M2aizQvDIRXzy8vG0vpHQEvPlXL0Gg0gyk0fox0OsAP5CfXmHC/AvYOHM8
|
||||
y81X2QqDf33Au1RIgog4cLqq2wpXEARWbAj0BAMIeJoCDCu9Mz2juK1ui2wr8AZ0
|
||||
42PCUgZK6CdUI18AsvApUhPsNunF7ZOc5mFMuaEGjjWJvrTG3qyrCY73ySBiGXWo
|
||||
92ZB7FXu2MzgujPBEigByqeF6IV2x0EBHw/VrcxXq6Slgmik6G0SD/48l5mGCxM0
|
||||
Wr91raB9zQlwDbtD3PCbjA6DtkMrRyAq+81g75N6uiztGPCVw9n1HoGOSjN1hAhe
|
||||
SgQQlcXbDLpzfdPFowDEHclFFfUODCIOuF+FgmxlAz5Exr9JkJdozBFqRZ4iF/tf
|
||||
E5sHB0rzeUcY3J6VjTsjULjE4GSg5trsOc8GHUnFn9wwwkf9nR/Mr1RYcX0GkTcy
|
||||
iUskw+AoRz6svOfAWIDJY450wgD0MHZK08IfUUsYTGecoXcvWf/hITtv/Af5MpQA
|
||||
wuGEDltVDeu9EAu65SZlMkkMuQD1h3KOQjUJ6nY4a4M2CQ51ggs/c+vsemxsuYlG
|
||||
vSuhrfXt6HGD3dhsOEeyEvIcjjpP1Ku5mqrPhqXFli1swfohhYGGVO+fM7G3l7wF
|
||||
kAIi0B1szn0K13qRqBIwjnWL+orP1KLzvczCH6yD0FZY90CDdMtM0VB6AqT4BFh6
|
||||
5+ygjA4YiA7fFYBm8510ybUcNfzU3gUIJ5pF8MdGizO54tCPSK6U+iVRY4qfCFdu
|
||||
IiOZ7FUUn78VIxQUMYMrozy7kn/0PQZa7KKRbXJ8sg0sgrQapwpgUjdMwuYZPGGv
|
||||
1Jw5/+WUGWMbGxmlpHcEOmsPZpITH557M/kHyk9Ud0iKwciBI2mGLxiafCuLrUY4
|
||||
TknzOqbZgjdllcUG4cDBEQuBO/GSj1LUfg==
|
||||
=I8Dr
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCAAdFiEEG+LA/wiUliMQL9JWRpWIHCVFCNEFAmZ9iuEACgkQRpWIHCVF
|
||||
CNER6A/9Fh2zHvfY0E11VufqyTKuW/XAyUVzVVZQT4RP4Xq324k+FIQC5tepFppI
|
||||
xfoHL0XyklceHxnNGQfq+LqXi25HKG/+8ozvX5gqB7liGgnxWg30oFRGBHHuzF6b
|
||||
aHLUNPVvWrgeLPOhSmbPmm29zlbIT+2Fpam8jhNfKe7ISqFQFE7JTh7KIwSmmreq
|
||||
IniEh0DUChZ/3jlxwWTg3XfVBCWuE11845Jmz09EZyE3vNCvsBCZIgojkpAsi73B
|
||||
CS9Ia1KQFxap0cmMkvwYEQyHmF0KjUecUINb4gqHstJaXua17yqbU8EqOFrUo6C6
|
||||
GJ262L+jflnDCx9XKbeMJ8sFzFLsqCnDZwoWBPlYoi2+661D8cI64eBHz+9SAEz4
|
||||
LikVBhXYVq8iuKiXgNo5s090F4yk1LHDIKufD26jAngiXXX59SrLhjvMHp+bJ4T/
|
||||
tC/wRkDOh/UAwfPSXGGu5fR2JlCeXxRgo+125xAQF92dlCwelN5IST0I5Y3i7Asx
|
||||
WiK+ocN0LFKDqv7JN+2B5PKsZBSmkxfGrjFxEm0JFPwA1Qlv1+MXCBrRxcr+BXxK
|
||||
lv9NsWv7NFSrAv/cLNEB/7OrbV41K9l/bp71RK+VqhM94SKbUtm4thoYqlZS36nW
|
||||
rtHqpVao4pv5Ab9QLGhCfZWqL97qmCnu/MseYWSTRKxSSduld5o=
|
||||
=AOSm
|
||||
-----END PGP SIGNATURE-----
|
||||
Loading…
Reference in new issue