Navigation

← Previous Changeset
Next Changeset →

Changeset 178

Timestamp:

01/11/07 13:02:22 (2 years ago)

Author:

ccase

Message:

merged with upstream 07-01-11

Files:

upstream/selinux/libselinux/ChangeLog (modified) (1 diff)
upstream/selinux/libselinux/VERSION (modified) (1 diff)
upstream/selinux/libselinux/include/selinux/selinux.h (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/selinux_binary_policy_path.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/selinux_check_securetty_context.3 (added)
upstream/selinux/libselinux/man/man3/selinux_securetty_types_path.3 (added)
upstream/selinux/libselinux/src/file_path_suffixes.h (modified) (1 diff)
upstream/selinux/libselinux/src/selinux_check_securetty_context.c (added)
upstream/selinux/libselinux/src/selinux_config.c (modified) (2 diffs)
upstream/selinux/libselinux/src/selinux_internal.h (modified) (2 diffs)
upstream/selinux/libselinux/utils/matchpathcon.c (modified) (3 diffs)
upstream/selinux/libselinux/utils/selinux_check_securetty_context.c (added)
upstream/selinux/libsemanage/ChangeLog (modified) (2 diffs)
upstream/selinux/libsemanage/VERSION (modified) (1 diff)
upstream/selinux/libsemanage/src/conf-parse.y (modified) (5 diffs)
upstream/selinux/libsemanage/src/conf-scan.l (modified) (1 diff)
upstream/selinux/libsemanage/src/direct_api.c (modified) (11 diffs)
upstream/selinux/libsemanage/src/semanage_conf.h (modified) (1 diff)
upstream/selinux/libsemanage/src/semanage_store.c (modified) (1 diff)
upstream/selinux/policycoreutils/ChangeLog (modified) (1 diff)
upstream/selinux/policycoreutils/VERSION (modified) (1 diff)
upstream/selinux/policycoreutils/newrole/newrole.c (modified) (2 diffs)
upstream/selinux/policycoreutils/po/kn.po (modified) (6 diffs)
upstream/selinux/policycoreutils/scripts/fixfiles (modified) (1 diff)
upstream/selinux/policycoreutils/semanage/seobject.py (modified) (7 diffs)
upstream/selinux/policycoreutils/semodule/semodule.8 (modified) (1 diff)
upstream/selinux/policycoreutils/semodule/semodule.c (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

upstream/selinux/libselinux/ChangeLog

r159	r178
	1	1.33.4 2006-01-11
	2	* Merged selinux_check_securetty_context() and support from Dan Walsh.
	3
1	4	1.33.3 2007-01-04
2	5	* Merged patch for matchpathcon utility to use file mode information

upstream/selinux/libselinux/VERSION

r159 r178

1 1.33.3
1 1.33.4

upstream/selinux/libselinux/include/selinux/selinux.h

r10	r178
407	407	extern const char *selinux_media_context_path(void);
408	408	extern const char *selinux_contexts_path(void);
	409	extern const char *selinux_securetty_types_path(void);
409	410	extern const char *selinux_booleans_path(void);
410	411	extern const char *selinux_customizable_types_path(void);
…	…
419	420	extern int selinux_check_passwd_access(access_vector_t requested);
420	421	extern int checkPasswdAccess(access_vector_t requested);
	422
	423	/* Check if the tty_context is defined as a securetty
	424	Return 0 if secure, < 0 otherwise. */
	425	extern int selinux_check_securetty_context(security_context_t
	426	tty_context);
421	427
422	428	/* Set the path to the selinuxfs mount point explicitly.

upstream/selinux/libselinux/man/man3/selinux_binary_policy_path.3

r10	r178
27	27	.br
28	28	extern const char *selinux_media_context_path(void);
	29	.br
	30	extern const char *selinux_securetty_types_path(void);
29	31	.br
30	32	extern const char *selinux_contexts_path(void);
…	…
57	59	selinux_contexts_path() - directory containing all of the context configuration files
58	60	.sp
	61	selinux_securetty_types_path() - defines tty types for newrole securettys
	62	.sp
59	63	selinux_booleans_path() - initial policy boolean settings
60	64

upstream/selinux/libselinux/src/file_path_suffixes.h

r10	r178
8	8	S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
9	9	S_(DEFAULT_TYPE, "/contexts/default_type")
	10	S_(SECURETTY_TYPES, "/contexts/securetty_types")
10	11	S_(BOOLEANS, "/booleans")
11	12	S_(MEDIA_CONTEXTS, "/contexts/files/media")

upstream/selinux/libselinux/src/selinux_config.c

r10	r178
39	39	#define FILE_CONTEXTS_HOMEDIR 16
40	40	#define FILE_CONTEXTS_LOCAL 17
41		#define NEL 18
	41	#define SECURETTY_TYPES 18
	42	#define NEL 19
42	43
43	44	/* New layout is relative to SELINUXDIR/policytype. */
…	…
300	301	hidden_def(selinux_default_context_path)
301	302
	303	const char *selinux_securetty_types_path()
	304	{
	305	return get_path(SECURETTY_TYPES);
	306	}
	307
	308	hidden_def(selinux_securetty_types_path)
	309
302	310	const char *selinux_failsafe_context_path()
303	311	{

upstream/selinux/libselinux/src/selinux_internal.h

r10	r178
54	54	hidden_proto(selinux_binary_policy_path)
55	55	hidden_proto(selinux_default_context_path)
	56	hidden_proto(selinux_securetty_types_path)
56	57	hidden_proto(selinux_failsafe_context_path)
57	58	hidden_proto(selinux_removable_context_path)
…	…
67	68	hidden_proto(selinux_path)
68	69	hidden_proto(selinux_check_passwd_access)
	70	hidden_proto(selinux_check_securetty_context)
69	71	hidden_proto(matchpathcon_init_prefix)
70	72	hidden_proto(selinux_users_path)

upstream/selinux/libselinux/utils/matchpathcon.c

r159	r178
96	96	}
97	97	for (i = optind; i < argc; i++) {
98		int mode=0;
	98	int mode = 0;
99	99	struct stat buf;
100	100	if (lstat(argv[i], &buf) == 0)
…	…
115	115	printf("%s has context %s, should be ",
116	116	argv[i], con);
117		error += printmatchpathcon(argv[i], 0, mode);
	117	error +=
	118	printmatchpathcon(argv[i], 0, mode);
118	119	freecon(con);
119	120	} else {
…	…
121	122	("actual context unknown: %s, should be ",
122	123	strerror(errno));
123		error += printmatchpathcon(argv[i], 0,mode);
	124	error +=
	125	printmatchpathcon(argv[i], 0, mode);
124	126	}
125	127	}

upstream/selinux/libsemanage/ChangeLog

r159	r178
	1	1.9.2 2007-01-08
	2	* Merged patch to optionally reduce disk usage by removing
	3	the backup module store and linked policy from Karl MacMillan
	4	* Merged patch to correctly propagate return values in libsemanage
	5
1	6	1.9.1 2006-11-27
2	7	* Merged patch to compile wit -fPIC instead of -fpic from
…	…
4	9	limit. Patch changed to include libselinux and libsemanage in
5	10	addition to libsepol.
	11
6	12	1.8 2006-10-17
7	13	* Updated version for release.

upstream/selinux/libsemanage/VERSION

r159 r178

1 1.9.1
1 1.9.2

upstream/selinux/libsemanage/src/conf-parse.y

r28	r178
57	57	}
58	58
59		%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE
	59	%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED
60	60	%token LOAD_POLICY_START SETFILES_START GENHOMEDIRCON_START
61	61	%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
…	…
79	79	\| expand_check
80	80	\| file_mode
	81	\| save_previous
	82	\| save_linked
81	83	;
82	84
…	…
113	115	;
114	116
	117	save_previous: SAVE_PREVIOUS '=' ARG {
	118	if (strcasecmp($3, "true") == 0)
	119	current_conf->save_previous = 1;
	120	else if (strcasecmp($3, "false") == 0)
	121	current_conf->save_previous = 0;
	122	else {
	123	yyerror("save-previous can only be 'true' or 'false'");
	124	}
	125	}
	126	;
	127
	128
	129	save_linked: SAVE_LINKED '=' ARG {
	130	if (strcasecmp($3, "true") == 0)
	131	current_conf->save_linked = 1;
	132	else if (strcasecmp($3, "false") == 0)
	133	current_conf->save_linked = 0;
	134	else {
	135	yyerror("save-linked can only be 'true' or 'false'");
	136	}
	137	}
	138	;
	139
	140
115	141	command_block:
116	142	command_start external_opts BLOCK_END {
…	…
187	213	conf->expand_check = 1;
188	214	conf->file_mode = 0644;
	215
	216	conf->save_previous = 0;
	217	conf->save_linked = 0;
189	218
190	219	if ((conf->load_policy =
…	…
285	314	int semanage_error(char *msg)
286	315	{
	316	fprintf(stderr, "error parsing semanage configuration file: %s\n", msg);
287	317	parse_errors++;
288	318	return 0;

upstream/selinux/libsemanage/src/conf-scan.l

r28	r178
43	43	expand-check return EXPAND_CHECK;
44	44	file-mode return FILE_MODE;
	45	save-previous return SAVE_PREVIOUS;
	46	save-linked return SAVE_LINKED;
45	47	"[load_policy]" return LOAD_POLICY_START;
46	48	"[setfiles]" return SETFILES_START;

upstream/selinux/libsemanage/src/direct_api.c

r28	r178
468	468	/* Before we do anything else, flush the join to its component parts.
469	469	* This does not flush to disk automatically */
470		if (users->dtable->is_modified(users->dbase) &&
471		users->dtable->flush(sh, users->dbase) < 0)
472		goto cleanup;
	470	if (users->dtable->is_modified(users->dbase)) {
	471	retval = users->dtable->flush(sh, users->dbase);
	472	if (retval < 0)
	473	goto cleanup;
	474	}
473	475
474	476	/* Decide if anything was modified */
…	…
498	500
499	501	/* link all modules in the sandbox to the base module */
500		if (semanage_get_modules_names
501		(sh, &mod_filenames, &num_modfiles) != 0
502		\|\| semanage_verify_modules(sh, mod_filenames,
503		num_modfiles) == -1
504		\|\| semanage_link_sandbox(sh, &base) < 0) {
505		goto cleanup;
506		}
507
508		/* write the linked base */
509		if ((linked_filename =
510		semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED)) == NULL
511		\|\| semanage_write_module(sh, linked_filename, base) == -1
512		\|\| semanage_verify_linked(sh) != 0) {
513		goto cleanup;
	502	retval = semanage_get_modules_names(sh, &mod_filenames, &num_modfiles);
	503	if (retval < 0)
	504	goto cleanup;
	505	retval = semanage_verify_modules(sh, mod_filenames, num_modfiles);
	506	if (retval < 0)
	507	goto cleanup;
	508	retval = semanage_link_sandbox(sh, &base);
	509	if (retval < 0)
	510	goto cleanup;
	511
	512	/* write the linked base if we want to save or we have a
	513	* verification program that wants it. */
	514	linked_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_LINKED);
	515	if (linked_filename == NULL) {
	516	retval = -1;
	517	goto cleanup;
	518	}
	519	if (sh->conf->save_linked \|\| sh->conf->linked_prog) {
	520	retval = semanage_write_module(sh, linked_filename, base);
	521	if (retval < 0)
	522	goto cleanup;
	523	retval = semanage_verify_linked(sh);
	524	if (retval < 0)
	525	goto cleanup;
	526	/* remove the linked policy if we only wrote it for the
	527	* verification program. */
	528	if (!sh->conf->save_linked) {
	529	retval = unlink(linked_filename);
	530	if (retval < 0) {
	531	ERR(sh, "could not remove linked base %s",
	532	linked_filename);
	533	goto cleanup;
	534	}
	535	}
	536	} else {
	537	/* Try to delete the linked copy - this is needed if
	538	* the save_link option has changed to prevent the
	539	* old linked copy from being copied forever. No error
	540	* checking is done because this is likely to fail because
	541	* the file does not exist - which is not an error. */
	542	unlink(linked_filename);
514	543	}
515	544
…	…
518	547	/* File Contexts */
519	548	/* Sort the file contexts. */
520		if (semanage_fc_sort
521		(sh, sepol_module_package_get_file_contexts(base),
522		sepol_module_package_get_file_contexts_len(base),
523		&sorted_fc_buffer, &sorted_fc_buffer_len) == -1) {
524		goto cleanup;
525		}
	549	retval = semanage_fc_sort(sh, sepol_module_package_get_file_contexts(base),
	550	sepol_module_package_get_file_contexts_len(base),
	551	&sorted_fc_buffer, &sorted_fc_buffer_len);
	552	if (retval < 0)
	553	goto cleanup;
526	554
527	555	/* Write the contexts (including template contexts) to a single file.
528	556	* The buffer returned by the sort function has a trailing \0 character,
529	557	* which we do NOT want to write out to disk, so we pass sorted_fc_buffer_len-1. */
530		if ((ofilename =
531		semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL)) == NULL
532		\|\| write_file(sh, ofilename, sorted_fc_buffer,
533		sorted_fc_buffer_len - 1) == -1) {
534		goto cleanup;
535		}
	558	ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL);
	559	if (ofilename == NULL) {
	560	retval = -1;
	561	goto cleanup;
	562	}
	563	retval = write_file(sh, ofilename, sorted_fc_buffer,
	564	sorted_fc_buffer_len - 1);
	565	if (retval < 0)
	566	goto cleanup;
536	567
537	568	/* Split complete and template file contexts into their separate files. */
538		if (semanage_split_fc(sh))
	569	retval = semanage_split_fc(sh);
	570	if (retval < 0)
539	571	goto cleanup;
540	572
…	…
543	575	/* Seusers */
544	576	if (sepol_module_package_get_seusers_len(base)) {
545		if ((ofilename =
546		semanage_path(SEMANAGE_TMP,
547		SEMANAGE_SEUSERS)) == NULL
548		\|\| write_file(sh, ofilename,
549		sepol_module_package_get_seusers
550		(base),
551		sepol_module_package_get_seusers_len
552		(base)) == -1) {
	577	ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS);
	578	if (ofilename == NULL) {
	579	retval = -1;
553	580	goto cleanup;
554	581	}
	582	retval = write_file(sh, ofilename,
	583	sepol_module_package_get_seusers(base),
	584	sepol_module_package_get_seusers_len(base));
	585	if (retval < 0)
	586	goto cleanup;
	587
555	588	pseusers->dtable->drop_cache(pseusers->dbase);
556	589
557	590	} else {
558		if (pseusers->dtable->clear(sh, pseusers->dbase) < 0)
	591	retval = pseusers->dtable->clear(sh, pseusers->dbase);
	592	if (retval < 0)
559	593	goto cleanup;
560	594	}
…	…
562	596	/* Users_extra */
563	597	if (sepol_module_package_get_user_extra_len(base)) {
564		if ((ofilename =
565		semanage_path(SEMANAGE_TMP,
566		SEMANAGE_USERS_EXTRA)) == NULL
567		\|\| write_file(sh, ofilename,
568		sepol_module_package_get_user_extra
569		(base),
570		sepol_module_package_get_user_extra_len
571		(base)) == -1) {
	598	ofilename = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA);
	599	if (ofilename == NULL) {
	600	retval = -1;
572	601	goto cleanup;
573	602	}
	603	retval = write_file(sh, ofilename,
	604	sepol_module_package_get_user_extra(base),
	605	sepol_module_package_get_user_extra_len(base));
	606	if (retval < 0)
	607	goto cleanup;
574	608	pusers_extra->dtable->drop_cache(pusers_extra->dbase);
575	609
576	610	} else {
577		~~if (pusers_extra->dtable->~~
578		~~clear(sh, pusers_extra->dbase)~~ < 0)
	611	retval = pusers_extra->dtable->clear(sh, pusers_extra->dbase);
	612	if (retval < 0)
579	613	goto cleanup;
580	614	}
…	…
604	638	/* Create new policy object, then attach to policy databases
605	639	* that work with a policydb */
606		if (semanage_expand_sandbox(sh, base, &out) < 0)
	640	retval = semanage_expand_sandbox(sh, base, &out);
	641	if (retval < 0)
607	642	goto cleanup;
608	643
…	…
616	651	/* ============= Apply changes, and verify =============== */
617	652
618		if (semanage_base_merge_components(sh) < 0)
619		goto cleanup;
620
621		if (semanage_write_policydb(sh, out) < 0)
622		goto cleanup;
623
624		if (semanage_verify_kernel(sh) != 0)
	653	retval = semanage_base_merge_components(sh);
	654	if (retval < 0)
	655	goto cleanup;
	656
	657	retval = semanage_write_policydb(sh, out);
	658	if (retval < 0)
	659	goto cleanup;
	660
	661	retval = semanage_verify_kernel(sh);
	662	if (retval < 0)
625	663	goto cleanup;
626	664	}
…	…
636	674	* large file_contexts - checked at compile time */
637	675	if (sh->do_rebuild \|\| modified \|\| fcontexts_modified) {
638		if (semanage_fcontext_validate_local(sh, out) < 0)
	676	retval = semanage_fcontext_validate_local(sh, out);
	677	if (retval < 0)
639	678	goto cleanup;
640	679	}
…	…
642	681	/* Validate local seusers against policy */
643	682	if (sh->do_rebuild \|\| modified \|\| seusers_modified) {
644		if (semanage_seuser_validate_local(sh, out) < 0)
	683	retval = semanage_seuser_validate_local(sh, out);
	684	if (retval < 0)
645	685	goto cleanup;
646	686	}
…	…
648	688	/* Validate local ports for overlap */
649	689	if (sh->do_rebuild \|\| ports_modified) {
650		if (semanage_port_validate_local(sh) < 0)
	690	retval = semanage_port_validate_local(sh);
	691	if (retval < 0)
651	692	goto cleanup;
652	693	}
…	…
655	696
656	697	/* Commit changes to components */
657		if (semanage_commit_components(sh) < 0)
	698	retval = semanage_commit_components(sh);
	699	if (retval < 0)
658	700	goto cleanup;
659	701

upstream/selinux/libsemanage/src/semanage_conf.h

r10	r178
36	36	int policyvers; /* version for server generated policies */
37	37	int expand_check;
	38	int save_previous;
	39	int save_linked;
38	40	mode_t file_mode;
39	41	struct external_prog *load_policy;

upstream/selinux/libsemanage/src/semanage_store.c

r28	r178
1225	1225	}
1226	1226
	1227	if (!sh->conf->save_previous) {
	1228	retval = semanage_remove_directory(backup);
	1229	if (retval < 0) {
	1230	ERR(sh, "Could not delete previous directory %s.", backup);
	1231	goto cleanup;
	1232	}
	1233	}
	1234
1227	1235	cleanup:
1228	1236	semanage_release_active_lock(sh);

upstream/selinux/policycoreutils/ChangeLog

r159	r178
	1	1.33.12 2007-01-11
	2	* Merged newrole securetty check from Dan Walsh.
	3	* Merged semodule patch to generalize list support from Karl MacMillan.
	4
	5	1.33.11 2007-01-09
	6	* Merged fixfiles and seobject fixes from Dan Walsh.
	7	* Merged semodule support for list of modules after -i from Karl MacMillan.
	8
	9	1.33.10 2007-01-08
	10	* Merged patch to correctly handle a failure during semanage handle
	11	creation from Karl MacMillan.
	12
	13	1.33.9 2007-01-05
	14	* Merged patch to fix seobject role modification from Dan Walsh.
	15
1	16	1.33.8 2007-01-04
2	17	* Merged patches from Dan Walsh to:

upstream/selinux/policycoreutils/VERSION

r159 r178

1 1.33.8
1 1.33.12

upstream/selinux/policycoreutils/newrole/newrole.c

r159	r178
742	742	char *range_ptr = NULL;
743	743	security_context_t new_con = NULL;
	744	security_context_t tty_con = NULL;
744	745	context_t context = NULL; /* manipulatable form of new_context */
745	746	const struct option long_options[] = {
…	…
794	795	return -1;
795	796	}
	797	if (fgetfilecon(0,&tty_con) >= 0) {
	798	if (selinux_check_securetty_context(tty_con) < 0) {
	799	fprintf(stderr, _("Error: you are not allowed to change levels on a non secure terminal\n"));
	800	freecon(tty_con);
	801	return -1;
	802	}
	803	freecon(tty_con);
	804	}
	805
796	806	level_s = optarg;
797	807	break;

upstream/selinux/policycoreutils/po/kn.po

r141	r178
9	9	"Project-Id-Version: PACKAGE VERSION\n"
10	10	"Report-Msgid-Bugs-To: \n"
11		"POT-Creation-Date: 200~~6-10-20 09:14-04~~00\n"
	11	"POT-Creation-Date: 2007-01-11 12:24-0500\n"
12	12	"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
13	13	"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
…	…
27	27	msgstr ""
28	28
29		#: ../newrole/newrole.c:98
	29	#: ../newrole/newrole.c:188
	30	#, c-format
	31	msgid "failed to set PAM_TTY\n"
	32	msgstr ""
	33
	34	#: ../newrole/newrole.c:218 ../run_init/run_init.c:162
	35	msgid "Password:"
	36	msgstr ""
	37
	38	#: ../newrole/newrole.c:243 ../run_init/run_init.c:197
	39	#, c-format
	40	msgid "Cannot find your entry in the shadow passwd file.\n"
	41	msgstr ""
	42
	43	#: ../newrole/newrole.c:250 ../run_init/run_init.c:203
	44	#, c-format
	45	msgid "getpass cannot open /dev/tty\n"
	46	msgstr ""
	47
	48	#: ../newrole/newrole.c:316
	49	#, c-format
	50	msgid "cannot find valid entry in the passwd file.\n"
	51	msgstr ""
	52
	53	#: ../newrole/newrole.c:327
30	54	#, c-format
31	55	msgid "Out of memory!\n"
32	56	msgstr ""
33	57
34		#: ../newrole/newrole.c:200 ../run_init/run_init.c:126
	58	#: ../newrole/newrole.c:332
	59	#, c-format
	60	msgid "Error! Shell is not valid.\n"
	61	msgstr ""
	62
	63	#: ../newrole/newrole.c:389
	64	#, c-format
	65	msgid "Unable to clear environment\n"
	66	msgstr ""
	67
	68	#: ../newrole/newrole.c:436 ../newrole/newrole.c:513
	69	#, c-format
	70	msgid "Error initing capabilities, aborting.\n"
	71	msgstr ""
	72
	73	#: ../newrole/newrole.c:444 ../newrole/newrole.c:519
	74	#, c-format
	75	msgid "Error setting capabilities, aborting\n"
	76	msgstr ""
	77
	78	#: ../newrole/newrole.c:450
	79	#, c-format
	80	msgid "Error setting KEEPCAPS, aborting\n"
	81	msgstr ""
	82
	83	#: ../newrole/newrole.c:458 ../newrole/newrole.c:531
	84	#, c-format
	85	msgid "Error dropping capabilities, aborting\n"
	86	msgstr ""
	87
	88	#: ../newrole/newrole.c:464 ../newrole/newrole.c:562
	89	#, c-format
	90	msgid "Error changing uid, aborting.\n"
	91	msgstr ""
	92
	93	#: ../newrole/newrole.c:470 ../newrole/newrole.c:525 ../newrole/newrole.c:557
	94	#, c-format
	95	msgid "Error resetting KEEPCAPS, aborting\n"
	96	msgstr ""
	97
	98	#: ../newrole/newrole.c:477
	99	#, c-format
	100	msgid "Error dropping SETUID capability, aborting\n"
	101	msgstr ""
	102
	103	#: ../newrole/newrole.c:482 ../newrole/newrole.c:536
	104	#, c-format
	105	msgid "Error freeing caps\n"
	106	msgstr ""
	107
	108	#: ../newrole/newrole.c:580
	109	#, c-format
	110	msgid "Error connecting to audit system.\n"
	111	msgstr ""
	112
	113	#: ../newrole/newrole.c:586
	114	#, c-format
	115	msgid "Error allocating memory.\n"
	116	msgstr ""
	117
	118	#: ../newrole/newrole.c:593
	119	#, c-format
	120	msgid "Error sending audit message.\n"
	121	msgstr ""
	122
	123	#: ../newrole/newrole.c:634 ../newrole/newrole.c:988
	124	#, c-format
	125	msgid "Could not determine enforcing mode.\n"
	126	msgstr ""
	127
	128	#: ../newrole/newrole.c:641
	129	#, c-format
	130	msgid "Error! Could not open %s.\n"
	131	msgstr ""
	132
	133	#: ../newrole/newrole.c:646
	134	#, c-format
	135	msgid "%s! Could not get current context for %s, not relabeling tty.\n"
	136	msgstr ""
	137
	138	#: ../newrole/newrole.c:656
	139	#, c-format
	140	msgid "%s! Could not get new context for %s, not relabeling tty.\n"
	141	msgstr ""
	142
	143	#: ../newrole/newrole.c:666
	144	#, c-format
	145	msgid "%s! Could not set new context for %s\n"
	146	msgstr ""
	147
	148	#: ../newrole/newrole.c:710
	149	#, c-format
	150	msgid "%s changed labels.\n"
	151	msgstr ""
	152
	153	#: ../newrole/newrole.c:716
	154	#, c-format
	155	msgid "Warning! Could not restore context for %s\n"
	156	msgstr ""
	157
	158	#: ../newrole/newrole.c:773
	159	#, c-format
	160	msgid "Error: multiple roles specified\n"
	161	msgstr ""
	162
	163	#: ../newrole/newrole.c:781
	164	#, c-format
	165	msgid "Error: multiple types specified\n"
	166	msgstr ""
	167
	168	#: ../newrole/newrole.c:788
	169	#, c-format
	170	msgid "Sorry, -l may be used with SELinux MLS support.\n"
	171	msgstr ""
	172
	173	#: ../newrole/newrole.c:793
	174	#, c-format
	175	msgid "Error: multiple levels specified\n"
	176	msgstr ""
	177
	178	#: ../newrole/newrole.c:799
	179	#, c-format
	180	msgid "Error: you are not allowed to change levels on a non secure terminal\n"
	181	msgstr ""
	182
	183	#: ../newrole/newrole.c:824
	184	#, c-format
	185	msgid "Couldn't get default type.\n"
	186	msgstr ""
	187
	188	#: ../newrole/newrole.c:834
	189	#, c-format
	190	msgid "failed to get new context.\n"
	191	msgstr ""
	192
	193	#: ../newrole/newrole.c:841
	194	#, c-format
	195	msgid "failed to set new role %s\n"
	196	msgstr ""
	197
	198	#: ../newrole/newrole.c:848
	199	#, c-format
	200	msgid "failed to set new type %s\n"
	201	msgstr ""
	202
	203	#: ../newrole/newrole.c:857
	204	#, c-format
	205	msgid "failed to build new range with level %s\n"
	206	msgstr ""
	207
	208	#: ../newrole/newrole.c:862
	209	#, c-format
	210	msgid "failed to set new range %s\n"
	211	msgstr ""
	212
	213	#: ../newrole/newrole.c:870
	214	#, c-format
	215	msgid "failed to convert new context to string\n"
	216	msgstr ""
	217
	218	#: ../newrole/newrole.c:875
	219	#, c-format
	220	msgid "%s is not a valid context\n"
	221	msgstr ""
	222
	223	#: ../newrole/newrole.c:882
	224	#, c-format
	225	msgid "Unable to allocate memory for new_context"
	226	msgstr ""
	227
	228	#: ../newrole/newrole.c:908
	229	#, c-format
	230	msgid "Unable to obtain empty signal set\n"
	231	msgstr ""
	232
	233	#: ../newrole/newrole.c:916
	234	#, c-format
	235	msgid "Unable to set SIGHUP handler\n"
	236	msgstr ""
	237
	238	#: ../newrole/newrole.c:982
	239	#, c-format
	240	msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
	241	msgstr ""
	242
	243	#: ../newrole/newrole.c:999
	244	#, c-format
	245	msgid "failed to get old_context.\n"
	246	msgstr ""
	247
	248	#: ../newrole/newrole.c:1006
	249	#, c-format
	250	msgid "Error! Could not retrieve tty information.\n"
	251	msgstr ""
	252
	253	#: ../newrole/newrole.c:1025
	254	#, c-format
	255	msgid "Authenticating %s.\n"
	256	msgstr ""
	257
	258	#: ../newrole/newrole.c:1030 ../run_init/run_init.c:126
35	259	#, c-format
36	260	msgid "failed to initialize PAM\n"
37	261	msgstr ""
38	262
39		#: ../newrole/newrole.c:211
40		#, c-format
41		msgid "failed to set PAM_TTY\n"
42		msgstr ""
43
44		#: ../newrole/newrole.c:247 ../run_init/run_init.c:154
45		msgid "Password:"
46		msgstr ""
47
48		#: ../newrole/newrole.c:282 ../run_init/run_init.c:189
49		#, c-format
50		msgid "Cannot find your entry in the shadow passwd file.\n"
51		msgstr ""
52
53		#: ../newrole/newrole.c:288 ../run_init/run_init.c:195
54		#, c-format
55		msgid "getpass cannot open /dev/tty\n"
56		msgstr ""
57
58		#: ../newrole/newrole.c:355
59		#, c-format
60		msgid "Error initing capabilities, aborting.\n"
61		msgstr ""
62
63		#: ../newrole/newrole.c:369
64		#, c-format
65		msgid "Error dropping capabilities, aborting\n"
66		msgstr ""
67
68		#: ../newrole/newrole.c:376
69		#, c-format
70		msgid "Error changing uid, aborting.\n"
71		msgstr ""
72
73		#: ../newrole/newrole.c:383
74		#, c-format
75		msgid "Error resetting KEEPCAPS, aborting\n"
76		msgstr ""
77
78		#: ../newrole/newrole.c:391
79		#, c-format
80		msgid "Error dropping SETUID capability, aborting\n"
81		msgstr ""
82
83		#: ../newrole/newrole.c:410
84		#, c-format
85		msgid "Error connecting to audit system.\n"
86		msgstr ""
87
88		#: ../newrole/newrole.c:416
89		#, c-format
90		msgid "Error allocating memory.\n"
91		msgstr ""
92
93		#: ../newrole/newrole.c:423
94		#, c-format
95		msgid "Error sending audit message.\n"
96		msgstr ""
97
98		#: ../newrole/newrole.c:511
99		#, c-format
100		msgid "Sorry, newrole may be used only on a SELinux kernel.\n"
101		msgstr ""
102
103		#: ../newrole/newrole.c:516
104		#, c-format
105		msgid "Could not determine enforcing mode.\n"
106		msgstr ""
107
108		#: ../newrole/newrole.c:536
109		#, c-format
110		msgid "Error: multiple roles specified\n"
111		msgstr ""
112
113		#: ../newrole/newrole.c:546
114		#, c-format
115		msgid "Error: multiple types specified\n"
116		msgstr ""
117
118		#: ../newrole/newrole.c:556
119		#, c-format
120		msgid "Sorry, -l may be used with SELinux MLS support.\n"
121		msgstr ""
122
123		#: ../newrole/newrole.c:563
124		#, c-format
125		msgid "Error: multiple levels specified\n"
126		msgstr ""
127
128		#: ../newrole/newrole.c:585
129		#, c-format
130		msgid "Couldn't get default type.\n"
131		msgstr ""
132
133		#: ../newrole/newrole.c:608
134		#, c-format
135		msgid "failed to get old_context.\n"
136	<