Commit Graph

593 Commits

Author SHA1 Message Date
Petr Lautrbach
e58e944835 libselinux-2.5-0.1.rc1
Update to upstream rc1 release 2016-01-07
2016-02-21 14:35:44 +01:00
Dennis Gilmore
dfc8a0a1f2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 03:54:00 +00:00
Vít Ondruch
ab78d06d07 Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.3 2016-01-12 12:54:04 +01:00
Petr Lautrbach
bc2c12a08f libselinux-2.4-6
- Build libselinux without rpm_execcon() (#1284019)
2015-12-10 18:48:10 +01:00
Petr Lautrbach
81637499f8 Revert "Revert "Build libselinux without rpm_execcon() (#1284019)""
This reverts commit 512abbae50.
2015-12-10 17:55:10 +01:00
Petr Lautrbach
512abbae50 Revert "Build libselinux without rpm_execcon() (#1284019)"
This reverts commit 61d99cd009.
2015-11-27 12:12:18 +01:00
Petr Lautrbach
61d99cd009 Build libselinux without rpm_execcon() (#1284019) 2015-11-27 09:23:11 +01:00
Robert Kuska
7e4832fa5f Rebuilt for Python3.5 rebuild 2015-10-15 10:02:28 +02:00
Petr Lautrbach
fd198b3dc4 libselinux-2.4-4
- Flush the class/perm string mapping cache on policy reload (#1264051)
- Fix restorecon when path has no context
2015-09-30 17:09:02 +02:00
Petr Lautrbach
8db7ce6b64 libselinux-2.4-3
- Simplify procattr cache (#1257157,#1232371)
2015-09-02 14:25:07 +02:00
Adam Jackson
b7e1bdd317 Export ldflags into the build so hardening works 2015-08-14 14:51:07 -04:00
Petr Lautrbach
137759fab5 We need to conflict with selinux-policy-base
Conflict with selinux-policy causes deadlocks in buildroots when
there's no selinux-policy available. selinux-policy-base is provided by
targeted, mls and minimum subpackages which are not installed to
buildroots.

conflicts
2015-07-21 10:50:08 +02:00
Petr Lautrbach
c9ef5a0dab Update to 2.4 release 2015-07-16 22:18:48 +02:00
Dennis Gilmore
bc829685aa - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 17:14:56 +00:00
Petr Lautrbach
065dd13f09 libselinux-2.3-10 2015-05-12 18:58:11 +02:00
Petr Lautrbach
07d81e8685 Update libselinux-rhat.patch from abdc02a720
-  is_selinux_enabled: Add /etc/selinux/config test (#1219045)
 -  matchpathcon/selabel_file: Fix man pages (#1219718)
2015-05-12 18:54:53 +02:00
Petr Lautrbach
ce749c90b4 * Thu Apr 23 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-9
- revert support for policy compressed with xv (#1185266)
2015-04-23 10:49:33 +02:00
Petr Lautrbach
51344661b0 Recreate libselinux-rhat.patch from 4395ef2b8b 2015-04-23 10:48:12 +02:00
Petr Lautrbach
fc7694d2b9 * Tue Apr 21 2015 Petr Lautrbach <plautrba@redhat.com> 2.3-8
- selinux.py - use os.walk() instead of os.path.walk() (#1195004)
- is_selinux_enabled(): drop no-policy-loaded test (#1195074)
- fix -Wformat errors and remove deprecated mudflap option
2015-04-21 17:37:16 +02:00
Petr Lautrbach
eb63890f58 Recreate libselinux-rhat.patch from https://github.com/fedora-selinux/selinux/commit/986cbec51cf3777202a90a680f86e389af6 2015-04-21 17:32:02 +02:00
Petr Lautrbach
baa2bfaada add make-rhat-patches.sh script which recreates libselinux-rhat.patch
from https://github.com/fedora-selinux/selinux/
2015-04-21 14:41:10 +02:00
Petr Lautrbach
e0682defe3 use upstream released tarball from https://github.com/SELinuxProject/selinux/wiki/Releases 2015-04-21 14:38:05 +02:00
Than Ngo
c11f149daf - bump release and rebuild so that koji-shadow can rebuild it
against new gcc on secondary arch
2015-03-16 22:30:24 +01:00
Vít Ondruch
013b6729cd Use ruby_vendorarchdir provided by ruby-devel. (#923649) 2015-02-06 19:37:34 +01:00
Petr Lautrbach
e4fb3f8a7a change the project Url to https://github.com/SELinuxProject/selinux/wiki (#1190231) 2015-02-06 19:07:01 +01:00
Vít Ondruch
a2d9f2d465 Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.2 2015-01-19 12:36:49 +01:00
Miroslav Grepl
a139be8c7e libselinux-rhat.patch was regenerated and we also needed to fix how to apply it 2014-10-07 15:05:25 +02:00
Miroslav Grepl
aa0f5b6e33 - Compiled file context files and the original should have the same permissions from dwalsh@redhat.com
- Add selinux_openssh_contexts_path() to get a path to /contexts/openssh_contexts
2014-08-21 08:59:15 +02:00
Peter Robinson
bb1c9d8005 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 05:55:44 +00:00
Dennis Gilmore
51d7114f1e - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 00:23:56 -05:00
Kalev Lember
aea6b4ae6d Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 2014-05-28 12:12:27 +02:00
Dan Walsh
13a8a0f727 Update to upstream
* Get rid of security_context_t and fix const declarations.
	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
2014-05-17 07:02:12 -04:00
Dan Walsh
ed9898ef4c Update to upstream
* Get rid of security_context_t and fix const declarations.
	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
2014-05-06 14:28:19 -04:00
Miroslav Grepl
05fcafd63b * Tue May 6 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.2.2-8
- Add selinux_openssh_contexts_path()
2014-05-06 15:08:30 +02:00
Vít Ondruch
32b42e1dd7 Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 2014-04-24 13:57:46 +02:00
Dan Walsh
6339985477 Fix spelling mistake in man page 2014-02-24 16:30:52 -05:00
Dan Walsh
820aece678 More go bindings
-   restorecon, getpidcon, setexeccon
2014-02-20 17:21:25 -05:00
Dan Walsh
2492943f41 Add additional go bindings for get*con calls
- Add go bindings test command
- Modify man pages of set*con calls to mention that they are thread specific
2014-02-14 09:21:36 -05:00
Dan Walsh
ee8c867b33 Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go
- Add Int_to_mcs function to generate MCS labels from integers.
2014-01-24 11:10:54 -05:00
Dan Walsh
0aa8cbe3ec Add ghost flag for /var/run/setrans 2014-01-14 17:28:48 -05:00
Dan Walsh
d6e8b72a30 Update to upstream
* Fix userspace AVC handling of per-domain permissive mode.
- Verify context is not null when passed into *setfilecon_raw
2014-01-06 10:20:47 -05:00
Dan Walsh
7e1165a3eb revert unexplained change to rhat.patch which broke SELinux disablement 2014-01-06 10:15:40 -05:00
Adam Williamson
9ba3cdd05f revert unexplained change to rhat.patch which broke SELinux disablement 2013-12-27 13:07:13 -08:00
Dan Walsh
e61de3d8f0 Verify context is not null when passed into lsetfilecon_raw 2013-12-23 09:53:25 -05:00
Dan Walsh
f4752d0882 Mv selinux.go to /usr/share/gocode/src/selinux 2013-12-18 14:40:49 -05:00
Dan Walsh
e79a10d304 Add golang support to selinux. 2013-12-17 11:21:42 -05:00
Dan Walsh
15fa31b994 Add golang support to libselinux 2013-12-17 11:07:44 -05:00
Dan Walsh
0662ba4d16 Remove togglesebool man page 2013-12-05 15:44:38 -05:00
Dan Walsh
d6f11ce40d Update to upstream
* Remove -lpthread from pkg-config file; it is not required.
- Add support for policy compressed with xv
2013-11-25 15:49:35 -05:00
Dan Walsh
5f9e3146a2 Update to upstream
* Remove -lpthread from pkg-config file; it is not required.
2013-11-25 15:24:16 -05:00
Dan Walsh
bb6f29def0 Update to upstream
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
	* Support overriding Makefile RANLIB from Sven Vermeulen.
	* Update pkgconfig definition from Sven Vermeulen.
	* Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.
	* Fix man pages from Laurent Bigonville.
	* Support overriding PATH  and LIBBASE in Makefiles from Laurent Bigonville.
	* Fix LDFLAGS usage from Laurent Bigonville
	* Avoid shadowing stat in load_mmap from Joe MacDonald.
	* Support building on older PCRE libraries from Joe MacDonald.
	* Fix handling of temporary file in sefcontext_compile from Dan Walsh.
	* Fix procattr cache from Dan Walsh.
	* Define python constants for getenforce result from Dan Walsh.
	* Fix label substitution handling of / from Dan Walsh.
	* Add selinux_current_policy_path from Dan Walsh.
	* Change get_context_list to only return good matches from Dan Walsh.
	* Support udev-197 and higher from Sven Vermeulen and Dan Walsh.
	* Add support for local substitutions from Dan Walsh.
	* Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh.
	* Python wrapper leak fixes from Dan Walsh.
	* Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh.
	* Add selinux_systemd_contexts_path from Dan Walsh.
	* Add selinux_set_policy_root from Dan Walsh.
	* Add man page for sefcontext_compile from Dan Walsh.
2013-10-31 09:29:10 -04:00
Dan Walsh
82deec5e5b Add systemd_contexts support
- Do substitutions on a local sub followed by a dist sub
2013-10-04 10:16:56 -04:00
Dan Walsh
0695b75fac Eliminate requirement on pthread library, by applying patch for Jakub Jelinek
Resolves #1013801
2013-10-03 12:36:44 -04:00
Dan Walsh
763f66c192 Fix handling of libselinux getconlist with only one entry 2013-09-23 09:58:31 -04:00
Dennis Gilmore
aa9384564f - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 01:57:40 -05:00
Dan Walsh
876a4a8ad9 Add sefcontext_compile.8 man page
- Add Russell Coker  patch to fix man pages
- Add patches from Laurent Bigonville to fix Makefiles for debian.
- modify spec file to use %{_prefix}/lib
2013-06-28 06:10:55 -04:00
Dan Walsh
4720ddb09f Fix patch that Handles substitutions for / 2013-05-06 09:43:03 -04:00
Dan Walsh
def2153558 Handle substitutions for /
- semanage fcontext -a -e  / /opt/rh/devtoolset-2/root
2013-04-17 18:07:46 -04:00
Dan Walsh
1961617545 Add Eric Paris patch to fix procattr calls after a fork. 2013-04-09 16:53:50 -04:00
Dan Walsh
4ab41c347b Move secolor.conf.5 into mcstrans package and out of libselinux 2013-03-26 13:04:11 -04:00
Dan Walsh
70712b9211 Fix python bindings for selinux_check_access 2013-03-20 13:34:37 -04:00
Dan Walsh
58f9722469 Fix reseting the policy root in matchpathcon 2013-03-19 21:38:02 -04:00
Dan Walsh
cc9c7ddcf7 Cleanup setfcontext_compile atomic patch
- Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root
- Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS
2013-03-08 12:23:30 -05:00
Dan Walsh
8047eef070 Make setfcontext_compile atomic 2013-03-06 13:51:35 -05:00
Dan Walsh
9df78f0c3b Fix memory leak in set*con calls. 2013-03-06 12:18:42 -05:00
Dan Walsh
afe87e85a1 Move matchpathcon to -utils package 2013-02-28 10:27:35 -05:00
Dan Walsh
e27f80642e Fix selinux man page to reflect what current selinux policy is. 2013-02-21 18:28:18 +01:00
Dan Walsh
0781a5c3ae Add new constant SETRANS_DIR which points to the directory where mstransd can find the socket and libvirt can write its translations files. 2013-02-15 15:13:59 -05:00
Dan Walsh
ade34f3e98 Bring back selinux_current_policy_path 2013-02-15 11:02:20 -05:00
Dan Walsh
5e85dc35bb Revert some changes which are causing the wrong policy version file to be created 2013-02-14 07:59:56 -05:00
Dan Walsh
c1553db668 Update to upstream
* audit2why: make sure path is nul terminated
        * utils: new file context regex compiler
        * label_file: use precompiled filecontext when possible
        * do not leak mmapfd
        * sefcontontext_compile: Add error handling to help debug problems in libsemanage.
        * man: make selinux.8 mention service man pages
        * audit2why: Fix segfault if finish() called twice
        * audit2why: do not leak on multiple init() calls
        * mode_to_security_class: interface to translate a mode_t in to a security class
        * audit2why: Cleanup audit2why analysys function
        * man: Fix program synopsis and function prototypes in man pages
        * man: Fix man pages formatting
        * man: Fix typo in man page
        * man: Add references and man page links to _raw function variants
        * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
        * man: context_new(3): fix the return value description
        * selinux_status_open: handle error from sysconf
        * selinux_status_open: do not leak statusfd on exec
        * Fix errors found by coverity
        * Change boooleans.subs to booleans.subs_dist.
        * optimize set*con functions
        * pkg-config do not specifc ruby version
        * unmap file contexts on selabel_close()
        * do not leak file contexts with mmap'd backend
        * sefcontext_compile: do not leak fd on error
        * matchmediacon: do not leak fd
        * src/label_android_property: do not leak fd on error
2013-02-07 12:33:50 -05:00
Dan Walsh
01e3787363 Update to latest patches from eparis/Upstream 2013-01-27 20:07:56 -05:00
Dan Walsh
976da17c28 Update to latest patches from eparis/Upstream 2013-01-25 09:35:30 -05:00
Dan Walsh
0a9b6f58d0 Try procatt speedup patch again 2013-01-23 14:26:18 -05:00
Dan Walsh
f297425de0 Roll back procattr speedups since it seems to be screwing up systemd labeling. 2013-01-23 06:39:46 -05:00
Dan Walsh
775a744b5d Fix tid handling for setfscreatecon, old patch still broken in libvirt 2013-01-22 17:23:19 -05:00
Dan Walsh
f0a059565a Fix tid handling for setfscreatecon, old patch still broken in libvirt 2013-01-18 10:01:45 -06:00
Dan Walsh
7a71cdb44d setfscreatecon after fork was broken by the Set*con patch.
- We needed to reset the thread variables after a fork.
2013-01-14 16:19:46 -05:00
Dan Walsh
a9a8a9f55f Fix setfscreatecon call to handle failure mode, which was breaking udev 2013-01-10 16:06:03 -05:00
Dan Walsh
0974ef2348 Ondrej Oprala patch to optimize set*con functions
-    Set*con now caches the security context and only re-sets it if it changes.
2013-01-09 10:18:51 -05:00
Dan Walsh
3fdab66ec0 Update to latest patches from eparis/Upstream
-    Fix errors found by coverity
-    set the sepol_compute_av_reason_buffer flag to 0.  This means calculate denials only?
-    audit2why: remove a useless policy vers variable
-    audit2why: use the new constraint information
2013-01-04 17:27:39 -05:00
Dan Walsh
e7604b157b Rebuild with latest libsepol 2012-11-19 15:17:16 -05:00
Dan Walsh
edd5aaafc0 Return EPERM if login program can not reach default label for user
- Attempt to return container info from audit2why
2012-11-16 16:49:57 -05:00
rhatdan
5a7e010f07 Apply patch from eparis to fix leaked file descriptor in new labeling code 2012-11-01 15:53:47 -04:00
rhatdan
e1c914df47 Add new function mode_to_security_class which takes mode instead of a string.
- Possibly will be used with coreutils.
2012-10-25 16:27:52 -04:00
rhatdan
166aec5994 Update to upstream
* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page
2012-09-14 06:21:17 -04:00
rhatdan
2b3728456a Update to upstream
* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page
2012-09-14 06:03:06 -04:00
rhatdan
9fac486ba3 Update to upstream
* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page
2012-09-14 06:02:36 -04:00
rhatdan
01a1f705b5 Update to upstream
* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page
2012-09-14 05:59:45 -04:00
David Malcolm
ebb7fce3b2 rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 2012-08-03 21:17:14 -04:00
David Malcolm
7ca2991d38 2.1.11-5: make with_python3 be conditional on fedora 2012-08-01 16:34:26 -04:00
Dan Walsh
4eed7a5379 Ensure that we only close the selinux netlink socket once.
- Taken from our Android libselinux tree. From Stephen Smalley
2012-07-31 10:14:59 -04:00
Dennis Gilmore
dc57424bd3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-19 16:09:21 -05:00
Dan Walsh
6b51ca9aaf Move the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d 2012-07-16 17:13:48 -04:00
Dan Walsh
852ea731d6 Revert Eric Paris Patch for selinux_binary_policy_path 2012-07-13 15:38:11 -04:00
Dan Walsh
cd092e1338 Update to upstream
* Fortify source now requires all code to be compiled with -O flag
	* asprintf return code must be checked
	* avc_netlink_recieve handle EINTR
	* audit2why: silence -Wmissing-prototypes warning
	* libsemanage: remove build warning when build swig c files
	* matchpathcon: bad handling of symlinks in /
	* seusers: remove unused lineno
	* seusers: getseuser: gracefully handle NULL service
	* New Android property labeling backend
	* label_android_property whitespace cleanups
	* additional makefile support for rubywrap
2012-07-04 07:31:12 -04:00
Dan Walsh
d9f6251b10 Fix booleans.subs name, change function name to selinux_boolean_sub,
add man page, minor fixes to the function
2012-06-11 13:31:23 -04:00
Dan Walsh
f9135bb77c Fix to compile with Fortify source
* Add -O compiler flag
      * Check return code from asprintf
- Fix handling of symbolic links in / by realpath_not_final
2012-05-25 07:20:38 -04:00
Dan Walsh
40eaa6c970 Add support for lxc contexts file 2012-04-19 16:34:27 -04:00
Dan Walsh
884d86db59 Update to upstream
* Fix dead links to www.nsa.gov/selinux
	* Remove jump over variable declaration
	* Fix old style function definitions
	* Fix const-correctness
	* Remove unused flush_class_cache method
	* Add prototype decl for destructor
	* Add more printf format annotations
	* Add printf format attribute annotation to die() method
	* Fix const-ness of parameters & make usage() methods static
	* Enable many more gcc warnings for libselinux/src/ builds
	* utils: Enable many more gcc warnings for libselinux/utils builds
	* Change annotation on include/selinux/avc.h to avoid upsetting SWIG
	* Ensure there is a prototype for 'matchpathcon_lib_destructor'
	* Update Makefiles to handle /usrmove
	* utils: Stop separating out matchpathcon as something special
	* pkg-config to figure out where ruby include files are located
	* build with either ruby 1.9 or ruby 1.8
	* assert if avc_init() not called
	* take security_deny_unknown into account
	* security_compute_create_name(3)
	* Do not link against python library, this is considered
	* bad practice in debian
	* Hide unnecessarily-exported library destructors
2012-03-29 14:43:23 -04:00