Summary: A graphical interface for modifying the system security level Summary(ja): システムのセキュリティレベルを変更するグラフィカルインタフェース Name: system-config-securitylevel Version: 1.6.29.1 Release: 7%{?_dist_release} URL: http://fedora.redhat.com/projects/config-tools/ License: GPL ExclusiveOS: Linux Group: System Environment/Base Source0: %{name}-%{version}.tar.bz2 Patch0: system-config-securitylevel-1.6.29.1-gu_IN.patch Patch1: system-config-securitylevel-1.6.29.1-insecure.patch Patch2: system-config-securitylevel-1.6.29.1-honour_exit_code.patch Patch3: system-config-securitylevel-1.6.29.1-dialog_center.patch Patch4: system-config-securitylevel-1.6.29.1-expand.patch Patch5: system-config-securitylevel-1.6.29.1-port_check.patch Patch6: system-config-securitylevel-1.6.29.1-nfs4.patch Patch10: system-config-securitylevel-1.6.29.1-vine.patch Patch11: system-config-securitylevel-1.6.29.1-enable-start.patch Patch12: system-config-securitylevel-1.6.29.1-lokkit-noselinux.patch Patch13: system-config-securitylevel-1.6.29.1-use-conntrack.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Obsoletes: gnome-lokkit BuildRequires: desktop-file-utils newt-devel slang-devel popt-devel BuildRequires: gettext BuildRequires: intltool Obsoletes: redhat-config-securitylevel Requires: pygtk2 Requires: python Requires: usermode Requires: rhpl Requires: system-config-securitylevel-tui Requires: hicolor-icon-theme Requires: pygtk2-libglade Requires: libxml2-python Requires(post): gtk2 >= 2.6 Requires(postun): gtk2 >= 2.6 %description system-config-securitylevel is a graphical user interface for setting basic firewall rules. %package tui Summary: A text interface for modifying the system security level Summary(ja): システムのセキュリティレベルを変更するテキストインタフェース Group: System Environment/Base Obsoletes: lokkit Obsoletes: redhat-config-securitylevel-tui Requires: iptables #Requires: iptables-ipv6 %description tui system-config-securitylevel-tui is a text and commandline user interface for setting basic firewall rules. %prep %setup -q %patch0 -p1 -b .gu_IN %patch1 -p1 -b .insecure %patch2 -p1 -b .honour_exit_code %patch3 -p1 -b .dialog_center %patch4 -p1 -b .expand %patch5 -p1 -b .port_check %patch6 -p1 -b .nfs4_udp %patch10 -p1 -b .vine %patch11 -p1 -b .start %patch12 -p1 -b .no_selinux %patch13 -p1 -b .use-conntrack perl -pi -e 's|/usr/bin/python2.2|/usr/bin/python|g, \ s|/usr/bin/python2|/usr/bin/python|g' src/system-config-securitylevel* %build make %install make INSTROOT=$RPM_BUILD_ROOT install desktop-file-install --vendor system --delete-original \ --dir $RPM_BUILD_ROOT%{_datadir}/applications \ --add-category System \ --add-category Settings \ --remove-category Applications \ --remove-category SystemSetup \ $RPM_BUILD_ROOT%{_datadir}/applications/system-config-securitylevel.desktop %find_lang %name %clean rm -rf $RPM_BUILD_ROOT %post touch --no-create %{_datadir}/icons/hicolor if [ -x /usr/bin/gtk-update-icon-cache ]; then gtk-update-icon-cache -q %{_datadir}/icons/hicolor fi %postun touch --no-create %{_datadir}/icons/hicolor if [ -x /usr/bin/gtk-update-icon-cache ]; then gtk-update-icon-cache -q %{_datadir}/icons/hicolor fi %files -f %{name}.lang %defattr(-,root,root) %doc COPYING %{_bindir}/system-config-securitylevel %dir %{_datadir}/system-config-securitylevel %{_datadir}/system-config-securitylevel/* %dir %{_datadir}/firstboot/ %dir %{_datadir}/firstboot/modules %{_datadir}/firstboot/modules/firstboot_selinux.py* %{_datadir}/firstboot/modules/securitylevel.py* %attr(0644,root,root) %{_datadir}/applications/system-config-securitylevel.desktop %attr(0644,root,root) %{_datadir}/icons/hicolor/48x48/apps/system-config-securitylevel.png %attr(0644,root,root) %config %{_sysconfdir}/security/console.apps/system-config-securitylevel %attr(0644,root,root) %config %{_sysconfdir}/pam.d/system-config-securitylevel %attr(0644,root,root) %config %{_sysconfdir}/sysconfig/system-config-securitylevel %files -f %{name}.lang tui %defattr(-,root,root) %doc COPYING-lokkit %{_sbindir}/lokkit %{_bindir}/system-config-securitylevel-tui %changelog * Mon Nov 19 2012 Daisuke SUZUKI 1.6.29.1-7 - use conntrack instead of state match * Sun Feb 19 2012 Yoji TOYODA 1.6.29.1-6 - rebuild with python-2.7.2 * Thu Apr 21 2011 Daisuke SUZUKI 1.6.29.1-5 - merge with tomop-san's change - modified BR: from popt to popt-devel. - replaced "Prereq:" with "Requires(post): and Requires:(postun):". - use macros in %%files * Sat Apr 09 2011 Daisuke SUZUKI 1.6.29.1-4 - rebuild for Vine 6 * Sun Aug 23 2009 Daisuke SUZUKI 1.6.29.1-3 - rebuilt to sign package * Sun Aug 23 2009 Kazutaka HARADA 1.6.29.1-2 - add Patch6: open udp port for nfs4 (rhbz#250916) - add Patch11: start iptables after enabled () - add Patch12: don't show selinux items for tui * Tue Sep 30 2008 Daisuke SUZUKI 1.6.29.1-1 - new upstream release - import patch[0-5] from upstream * Fri Aug 29 2008 MATSUBAYASHI Kohji - 1.6.23-3 - sorry my fault - rebuilt once more on all archs * Thu Aug 28 2008 MATSUBAYASHI Kohji - 1.6.23-2 - rebuilt again with new newt on ppc * Sun Aug 24 2008 Daisuke SUZUKI 1.6.23-1 - rebuild with new newt - new versioning policy * Thu Aug 24 2006 Daisuke SUZUKI 1.6.23-0vl1 - initial build for Vine Linux - disable/hide SELinux tab * Thu Jul 20 2006 Chris Lumens 1.6.23-1 - Add NFSv4 as a trusted service (#138138). * Mon Jul 17 2006 Chris Lumens 1.6.22-2 - Don't remove .pyc files (#198950). - Pick up new translations. * Tue Jul 11 2006 Chris Lumens 1.6.22-1 - Tweak regular expression used to distinguish ranges from words. * Mon Jul 10 2006 Chris Lumens 1.6.21-1 - Correctly mark messages for translation (#195013). - Remove /etc/sysconfig/ip6tables when firewall is disabled (#195786). * Mon Jun 05 2006 Chris Lumens 1.6.20-1 - Be more careful when determining if something is a range or service with a dash in it (#192933). * Thu May 11 2006 Chris Lumens 1.6.19-2 - Require iptables-ipv6. * Tue May 02 2006 Chris Lumens 1.6.19-1 - Add a patch to support writing out a default IPv6 firewall (Brad Smith, #140305). * Tue May 02 2006 Chris Lumens 1.6.18-2 - Require glade (#190440). * Wed Apr 19 2006 Dan Walsh 1.6.18-1 - Update booleand/tunable descriptions * Fri Mar 31 2006 Chris Lumens 1.6.17-1 - Be smarter about if strings are valid ports (#183964). - Fix typo in firstboot (#186110). - Disable SELinux page if there's no policy installed (#186554). * Tue Feb 28 2006 Chris Lumens 1.6.16-1 - Add requirement for scriptlets (#182876, #182877). - Add glade UI strings to translations (#182181). - Reorder service checkboxes to make the screen fit for Italian (#182447). * Fri Feb 10 2006 Jesse Keating - 1.6.15-1.1 - bump again for double-long bug on ppc(64) * Tue Feb 07 2006 Chris Lumens 1.6.15-1 - Fix firstboot warnings. - Make other services box look better. - Force reboot if SELinux is changed from enabled to disabled in firstboot (#177639). * Tue Feb 07 2006 Jesse Keating - 1.6.14-1.1 - rebuilt for new gcc4.1 snapshot and glibc changes * Fri Jan 27 2006 Chris Lumens 1.6.14-1 - Fix sorting on trusted services list. * Wed Jan 25 2006 Chris Lumens 1.6.13-1 - Sort trusted services by service name (#178467). - Use a combo box for the other services list instead of just a text entry (#178108). * Fri Dec 09 2005 Jesse Keating - rebuilt * Thu Dec 08 2005 Chris Lumens 1.6.12-1 - Write out selinux config file (#174104). * Fri Dec 02 2005 Chris Lumens 1.6.11-1 - Support port ranges (#164187, #174281). - Restore longer description of https (#174249). * Tue Nov 29 2005 Dan Walsh 1.6.10-1 - Change getsebool to work with on as well as active * Wed Nov 23 2005 Chris Lumens 1.6.9-2 - Rebuild for new slang. * Fri Nov 08 2005 Chris Lumens 1.6.9-1 - Open the tcp IPP port as well (#90946). - SELinux policy directory grab fix (dwalsh). * Fri Nov 04 2005 Chris Lumens 1.6.8-1 - Always load the ip_conntrack_netbios_ns module in lokkit (#113918). * Mon Nov 01 2005 Chris Lumens 1.6.7-1 - Let lokkit load iptables modules (#113918, #145242). * Thu Oct 27 2005 Chris Lumens 1.6.6-1 - Add explanatory text to firewall and SELinux firstboot modules (#171022). - Fix a grammar error in lokkit help text (#152273). - Mark name in .desktop file for translation (#171819). - Remove support for modifying tunables since policy source will be disappearing in the future (#160896). * Fri Oct 14 2005 Chris Lumens 1.6.5-1 - Remove the SELinux policy type combo box if there's only one policy installed. - Use a new pam configuration (#170644). - Don't pop up relabel warning during firstboot if the user did something like disabled->enabled->disabled before clicking next (#170549, #170550). * Tue Sep 27 2005 Petr Rockai - 1.6.4-3 - rebuild against newt 0.52.0 * Tue Aug 23 2005 Chris Lumens 1.6.4-1 - Fix checking for the -f flag in lokkit (markmc, #166568). - Sync up order of enable/disable options between UI and what gets written to the file (#166390). * Mon Aug 22 2005 Dan Walsh 1.6.3-1 - Move location of the setdirty flag in selinuxPage * Wed Aug 17 2005 Dan Walsh 1.6.2-1 - Fix setenforce call (Currently turning off if enabled * Tue Aug 02 2005 Chris Lumens 1.6.1-2 - Fix packaging. * Tue Aug 02 2005 Chris Lumens 1.6.1-1 - Fix a typo in SELinux booleans (#164889). - Remove trusted devices section from firewall page. - Simplify choices on SELinux page (#164701). - Split firewall and SELinux into separate firstboot pages. - Require reboot after firstboot is done if SELinux options were changed. * Tue Jul 26 2005 Chris Lumens 1.6.0-1 - Convert UI to using glade instead of handwritten code. - Lots of updated translations. * Mon Jul 11 2005 Dan Walsh 1.5.11-1 - Add additional booleans * Sat Jun 18 2005 Dan Walsh 1.5.10-1 - Add additional booleans * Thu Jun 09 2005 Chris Lumens 1.5.9-1 - Handle ports that are not listed in /etc/services (#157620). - Add an option to allow Samba browsing - enables several ports, so use with care (#133478). - Mark updated menu option and comment for translation (#156800). - Rebuilt .pot file. * Wed May 18 2005 Chris Lumens 1.5.8-1 - Revert .desktop file changes since they weren't properly marked for translation. * Wed Apr 27 2005 Jeremy Katz - 1.5.7-2 - silence %%post * Thu Apr 14 2005 Dan Walsh 1.5.7-1 - Handle relabeling better. * Tue Apr 12 2005 Dan Walsh 1.5.6-1 - Add additional booleans * Mon Apr 4 2005 Dan Walsh 1.5.5-1 - Add relabel button to selinux system-config-securitylevel - More booleans * Tue Mar 29 2005 Chris Lumens 1.5.4-1 - Add HTTPS as a separate option instead of implying it with HTTP. (#145628). - Have the menu option and comment mention firewalling (#124266). - When reading in the config, use service names instead of port numbers in the other ports field (#128541). - Rebuild .pot file for string changes. * Mon Mar 28 2005 Christopher Aillon 1.5.3-3 - rebuilt * Fri Mar 25 2005 Christopher Aillon 1.5.3-2 - Update the GTK+ theme icon cache on (un)install * Thu Mar 24 2005 Chris Lumens 1.5.3-1 - Rebuild .pot file. - Return translatable strings for SELinux page (Ronny Buchmann, #152059). - Fix GTK deprecation warnings. * Tue Mar 15 2005 Dan Walsh 1.5.2-1 - Update booleand/tunable descriptions * Fri Mar 04 2005 Chris Lumens 1.5.0-2 - Rebuilt for gcc4. - Fixed a msgid typo (#150193), rebuilt .pot file. * Thu Feb 10 2005 Chris Lumens 1.5.0-1 - Added a patch to easily configure connection sharing via trusted interfaces (#83704). * Wed Jan 26 2005 Dan Walsh 1.4.22-1 - Update booleand/tunable descriptions * Mon Jan 03 2005 Chris Lumens 1.4.21-1 - Fixed import of scs_checklist module (#143776). * Thu Dec 23 2004 Chris Lumens 1.4.20-1 - Fixed a UI initialization bug on the selinux screen. * Tue Dec 21 2004 Chris Lumens 1.4.19-1 - Fixed namespace conflict with a firstboot module (#143260). * Sat Nov 13 2004 Dan Walsh 1.4.18-1 - Fix to match libselinux-1.19.1 * Thu Nov 04 2004 Dan Walsh 1.4.17-1 - Call setsebool properly, change location of selinux stuff to /usr/sbin * Thu Nov 04 2004 Dan Walsh 1.4.16-1 - Fix boolean descriptions * Tue Oct 26 2004 Dan Walsh 1.4.15-1 - Fix many labels and add a couple of booleans * Mon Oct 25 2004 Dan Walsh 1.4.14-1 - Fix creation of /.autorelabel * Wed Oct 20 2004 Dan Walsh 1.4.13-1 - Add description for httpd_unified * Fri Oct 15 2004 Dan Walsh 1.4.12-1 - Fix lokkit to handle config file that is missing params * Thu Oct 14 2004 Paul Nasrat 1.4.11-1 - GTK deprecation messages * Wed Oct 13 2004 Bill Nottingham 1.4.10-1 - fix cups browsing line (#131745) * Tue Oct 12 2004 Dan Walsh 1.4.9-1 - Don't apply if selinux not installed * Fri Oct 08 2004 Paul Nasrat 1.4.8-1 - Firstboot bug fix * Fri Oct 01 2004 Paul Nasrat 1.4.7-1 - mDNS - Translations * Wed Sep 29 2004 Dan Walsh 1.4.6-1 - Fix handling of booleans * Thu Sep 23 2004 Dan Walsh 1.4.5-1 - Fix for missing /etc/selinux * Tue Sep 21 2004 Dan Walsh 1.4.4-1 - Fix for bad /etc/selinux/config * Tue Sep 07 2004 Paul Nasrat 1.4.3-1 - Translatable desktop * Thu Aug 12 2004 Dan Walsh 1.4.2-2 - Bug fix Boolean support * Fri Jul 30 2004 Dan Walsh 1.4.2-1 - Add Boolean support * Tue Jul 27 2004 Dan Walsh 1.4.1-4 - Fix so only changes made if gui activated. - Save backup copies of configs * Tue Jul 27 2004 Dan Walsh 1.4.1-3 - Fix several problems including Tunables being reported incorrectly. - Allow tool to reload policy if tunables change - Allow tool to change enforcing mode * Fri Jul 16 2004 Dan Walsh 1.3.14-2 - Remove checkbox from toplevel menu of tunables * Thu Jul 15 2004 Dan Walsh 1.3.14-1 - Turn on SELinux support * Thu May 27 2004 Dan Walsh 1.3.13-2 - Change lokkit to support new SELinux mode * Fri May 21 2004 Bill Nottingham 1.3.13-1 - fix typo (#122907) * Fri Apr 30 2004 Brent Fox 1.3.12-1 - turn off SELinux widgets for FC2 (bug #122046) * Thu Apr 15 2004 Brent Fox 1.3.11-1 - comment out SELinux tunable widgets for now * Thu Apr 15 2004 Brent Fox 1.3.10-6 - test if self.doc is None in read_tunable_file, not read_selinux_file * Tue Apr 13 2004 Brent Fox 1.3.10-5 - don't write out xml file if it doesn't exist * Tue Apr 13 2004 Brent Fox 1.3.10-4 - don't try to write tunable.xml if the file doesn't exist * Mon Apr 12 2004 Brent Fox 1.3.10-3 - fix icon path (bug #120183) * Mon Apr 5 2004 Brent Fox 1.3.10-2 - more work on SELinux code * Thu Apr 1 2004 Brent Fox 1.3.10-1 - add SELinux widgets and restructure UI accordingly * Thu Mar 25 2004 Brent Fox 1.3.9-1 - replace the other ports widgets (bug #111930) * Wed Mar 24 2004 Bill Nottingham 1.3.8-1 - fix writing of config file if neither of --disabled or --enabled are passed (#118667, redux) * Fri Mar 19 2004 Bill Nottingham 1.3.7-1 - prefer commandline arguments to config file arguments (#118667) * Tue Mar 16 2004 Jeremy Katz 1.3.6-1 - fix segfault in config reading if config files don't exist - don't flush iptables chains if run with --nostart * Thu Mar 11 2004 Bill Nottingham 1.3.5-1 - read in old config in the TUI (#25510) - have https tag along with http (#61958) - fix segfault (#88533) * Fri Mar 5 2004 Brent Fox 1.3.4-1 - don't do strlen() on random pointer (bug #117183) * Thu Mar 4 2004 Brent Fox 1.3.3-1 - fix tab ordering bug (bug #116913) * Tue Feb 3 2004 Brent Fox 1.3.2-1 - F12 functionality fixed * Mon Jan 12 2004 Brent Fox 1.3.1-1 - break up really long strings (bug #102455) * Tue Nov 18 2003 Brent Fox 1.3.0-1 - rename to system-config-securitylevel - obsoletes redhat-config-securitylevel - convert to Python2.3 * Thu Oct 16 2003 Brent Fox 1.2.11-1 - require iptables >=1.2.8 (bug #104777) * Fri Oct 3 2003 Bill Nottingham 1.2.10-1 - minor code cleanup * Fri Oct 3 2003 Bill Nottingham 1.2.9-1 - fix interactive disabling of firewall in TUI (#106243) * Wed Sep 17 2003 Bill Nottingham 1.2.8-2 - rebuild * Wed Sep 17 2003 Bill Nottingham 1.2.8-1 - allow ICMP in general (#104561) * Mon Sep 15 2003 Brent Fox 1.2.7-2 - bump release number * Mon Sep 15 2003 Brent Fox 1.2.7-1 - add Requires for rhpl * Thu Aug 14 2003 Brent Fox 1.2.6-1 - fix typo (bug #101802) * Thu Aug 14 2003 Brent Fox 1.2.5-1 - tag on every build * Tue Aug 12 2003 Brent Fox 1.2.3-2 - bump relnum and rebuild * Tue Aug 12 2003 Brent Fox 1.2.3-1 - some string changes * Mon Aug 11 2003 Brent Fox 1.2.2-2 - bump relnum and rebuild * Mon Aug 11 2003 Brent Fox 1.2.2-1 - reorder some UI elements * Thu Aug 7 2003 Bill Nottingham 1.2.1-1 - fix rules (#101841) * Tue Aug 5 2003 Bill Nottingham 1.2.0-2 - woops, RPM 101 (#101708) * Mon Aug 4 2003 Bill Nottingham 1.2.0-1 - add patch for stateful firewalling (#87585, ) - tweak tools appropriately (katzj@redhat.com), obsolete lokkit/gnome-lokkit * Wed Jul 2 2003 Brent Fox 1.1.3-2 - bump relnum and rebuild * Wed Jul 2 2003 Brent Fox 1.1.3-1 - use rhpl translation module * Tue May 27 2003 Brent Fox 1.1.2-1 - bump rev and rebuild * Tue Feb 4 2003 Brent Fox 1.1.1-3 - fix return codes for firstboot reconfig mode - read config file in launch mode * Thu Jan 30 2003 Brent Fox 1.1.1-1 - bump and build * Mon Jan 27 2003 Brent Fox 1.1.0-4 - remove typo * Wed Jan 22 2003 Jeremy Katz 1.1.0-3 - match dhcp handling of anaconda and lokkit * Tue Dec 10 2002 Brent Fox 1.1.0-2 - fix bug 74913 * Tue Dec 10 2002 Brent Fox 1.1.0-1 - save configuration in a config file in /etc/sysconfig/ so we remember settings * Mon Nov 18 2002 Brent Fox - add a Requires for gnome-lokkit (bug #78057) * Tue Nov 12 2002 Brent Fox 1.0.1-4 - Latest translations * Thu Oct 10 2002 Brent Fox 1.0.1-3 - Mark the word Mail for translation. Fixes bug 75592 * Wed Aug 28 2002 Brent Fox 1.0.1-1 - Convert to noarch * Wed Aug 28 2002 Brent Fox 1.0.0-3 - pull in latest German translations * Tue Aug 27 2002 Brent Fox 1.0.0-2 - Rebuild for translations * Mon Aug 26 2002 Brent Fox 1.0.0-1 - connect window to destroy signal * Tue Aug 13 2002 Brent Fox 0.9.9-4 - pull translations into desktop file * Mon Aug 12 2002 Tammy Fox 0.9.9-3 - replace System with SystemSetup in desktop file categories * Sun Aug 11 2002 Brent Fox 0.9.9-2 - fix bug 71187 * Tue Aug 06 2002 Brent Fox - Mark strings for translation * Mon Aug 05 2002 Brent Fox 0.9.9-1 - convert combo widget into an OptionMenu * Fri Aug 02 2002 Brent Fox 0.9.8-1 - Make changes for new pam timestamp policy * Wed Jul 24 2002 Brent Fox 0.9.6-3 - fix Makefiles and spec files so that translations get installed * Wed Jul 24 2002 Brent Fox 0.9.6-2 - update spec file for public beta 2 * Wed Jul 24 2002 Tammy Fox 0.9.4-3 - Fix desktop file (bug #69484) * Tue Jul 16 2002 Brent Fox 0.9.4-2 - bump rev num and rebuild * Thu Jul 11 2002 Brent Fox 0.9.3-2 - Update changelogs and rebuild * Thu Jul 11 2002 Brent Fox 0.9.3-1 - Update changelogs and rebuild * Mon Jul 01 2002 Brent Fox 0.9.2-1 - Bump rev number * Thu Jun 27 2002 Brent Fox 0.9.1-2 - Changed window title * Wed Jun 26 2002 Brent Fox 0.9.1-1 - Fixed description * Tue Jun 25 2002 Brent Fox 0.9.0-5 - Create pot file * Mon Jun 24 2002 Brent Fox 0.9.0-4 - Fix spec file * Fri Jun 21 2002 Brent Fox 0.9.0-3 - init doDebug - reverse ok/cancel buttons * Thu Jun 20 2002 Brent Fox 0.9.0-2 - Pass doDebug into launch, not init - Add snapsrc to Makefile * Sun May 26 2002 Brent Fox 0.1.0-7 - Add debug flag * Tue Nov 27 2001 Brent Fox - initial coding and packaging