Commit Graph

492 Commits

Author SHA1 Message Date
Dan Walsh
a6c6ce4ff0 avc_netlink_recieve should continue to poll if it receinves an EINTR rather 2012-02-03 10:33:11 -05:00
Dan Walsh
76fb5c8e65 avc_netlink_recieve should continue to poll if it receinves an EINTR rather 2012-02-03 10:31:53 -05:00
Kay Sievers
82dfd09743 Update release 2012-01-29 19:47:44 +01:00
Kay Sievers
de370ba771 Use /sbin/ldconfig, glibc does not provide /usr/sbin/ldconfig for now 2012-01-29 19:41:31 +01:00
Dan Walsh
86fcde8ff1 Rebuild with cleaned up upstream to work in /usr 2012-01-27 14:50:47 -05:00
Harald Hoyer
cca484b26b install everything in /usr
This patch is needed for the /usr-move feature
https://fedoraproject.org/wiki/Features/UsrMove

This package requires now 'filesystem' >= 3, which is only installable
on a system which has /bin, /sbin, /lib, /lib64 as symlinks to /usr and
not regular directories. The 'filesystem' package acts as a guard, to
prevent *this* package to be installed on old unconverted systems.

New installations will have the 'filesystem' >=3 layout right away, old
installations need to be converted with anaconda or dracut first; only
after that, the 'filesystem' package, and also *this* package can be
installed.

Packages *should* not install files in /bin, /sbin, /lib, /lib64, but
only in the corresponding directories in /usr. Packages *must* not
install conflicting files with the same names in the corresponding
directories in / and /usr. Especially compatibility symlinks must not be
installed.

Feel free to modify any of the changes to the spec file, but keep the
above in mind.
2012-01-25 20:33:26 +01:00
Dan Walsh
3b242a5830 Add Dan Berrange code cleanup patches. 2012-01-23 11:30:40 -05:00
Dan Walsh
ad8477f7a1 Fix selabal_open man page to refer to proper selinux_opt structure 2012-01-04 11:03:19 -05:00
Dan Walsh
3ae845067c Update to upstream
* Fix setenforce man page to refer to selinux man page
	* Cleanup Man pages
	* merge freecon with getcon man page
2011-12-21 18:01:55 +00:00
Dan Walsh
0c717c5b8c Add patch from Richard Haines
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.
Fix setenforce manage page.
2011-12-19 14:48:33 -05:00
Dan Walsh
3e52a1517d Rebuild with new libsepol 2011-12-16 06:22:49 -05:00
Dan Walsh
7a677c0c11 Rebuild with new libsepol 2011-12-15 16:50:07 -05:00
Dan Walsh
e9493af009 Fix setenforce man page, from Miroslav Grepl 2011-12-06 10:43:58 -05:00
Dan Walsh
de1ce20f11 Upgrade to upstream
* selinuxswig_python.i: don't make syscall if it won't change anything
	* Remove assert in security_get_boolean_names(3)
	* Mapped compute functions now obey deny_unknown flag
	* get_default_type now sets EINVAL if no entry.
	* return EINVAL if invalid role selected
	* Updated selabel_file(5) man page
	* Updated selabel_db(5) man page
	* Updated selabel_media(5) man page
	* Updated selabel_x(5) man page
	* Add man/man5 man pages
	* Add man/man5 man pages
	* Add man/man5 man pages
	* use -W and -Werror in utils
2011-12-06 08:55:52 -05:00
Dan Walsh
0921286973 Change python binding for restorecon to check if the context matches.
If it does do not reset
2011-11-29 09:47:57 -05:00
Dan Walsh
5cb2893d59 * Makefiles: syntax, convert all ${VAR} to $(VAR)
* load_policy: handle selinux=0 and /sys/fs/selinux not exist
	* regenerate .pc on VERSION change
	* label: cosmetic cleanups
	* simple interface for access checks
	* Don't reinitialize avc_init if it has been called previously
	* seusers: fix to handle large sets of groups
	* audit2why: close fd on enomem
	* rename and export symlink_realpath
	* label_file: style changes to make Eric happy.
2011-11-04 09:13:56 -04:00
Dan Walsh
8075466849 Apply libselinux patch to handle large groups in seusers. 2011-10-24 14:30:05 -04:00
Dan Walsh
a8fa8756a9 Add selinux_check_access function. Needed for passwd, chfn, chsh 2011-10-20 15:44:39 -04:00
Dan Walsh
3f542ebbed Handle situation where selinux=0 passed to the kernel and both /selinux and 2011-09-22 09:38:06 -04:00
Dan Walsh
942b6cd466 Update to upstream
* utils: matchpathcon: remove duplicate declaration
	* src: matchpathcon: use myprintf not fprintf
	* src: matchpathcon: make sure resolved path starts
	* put libselinux.so.1 in /lib not /usr/lib
	* tree: default make target to all not
2011-09-19 06:53:35 -04:00
Dan Walsh
aa09b7d954 Update to upstream
* utils: matchpathcon: remove duplicate declaration
	* src: matchpathcon: use myprintf not fprintf
	* src: matchpathcon: make sure resolved path starts
	* put libselinux.so.1 in /lib not /usr/lib
	* tree: default make target to all not
2011-09-19 06:52:45 -04:00
Dan Walsh
5113c7563a Switch to use ":" as prefix separator rather then ";" 2011-09-14 22:01:30 -04:00
Dan Walsh
09b67080b4 Avoid unnecessary shell invocation in %post. 2011-09-08 15:26:30 -04:00
Dan Walsh
c03bd38197 Fix handling of subset labeling that is causing segfault in restorecon 2011-09-06 09:46:57 -04:00
Dan Walsh
10e77a8370 Change matchpathcon_init_prefix and selabel_open to allow multiple initial
prefixes.  Now you can specify a ";" separated list of prefixes and the
labeling system will only load regular expressions that match these prefixes.
2011-09-02 08:58:11 -04:00
Dan Walsh
495b754734 Change matchpatcon to use proper myprintf
Fix symlink_realpath to always include "/"
Update to upstream
	* selinux_file_context_verify function returns wrong value.
	* move realpath helper to matchpathcon library
	* python wrapper makefile changes
2011-08-30 11:08:49 -04:00
Dan Walsh
4eca5fc79f Move to new Makefile that can build with or without PYTHON being set 2011-08-22 11:04:32 -04:00
Dan Walsh
00e063e5f5 Update to upstream
2.1.4 2011-0817
	* mapping fix for invalid class/perms after selinux_set_mapping
	* audit2why: work around python bug not defining
	* resolv symlinks and dot directories before matching
2011-08-18 07:09:51 -04:00
Dan Walsh
125b5b107c Update to upstream
* Release, minor version bump
	* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-07-28 11:58:12 -04:00
Dan Walsh
076f35f59b Only call dups check within selabel/matchpathcon if you are validating the
context
This seems to speed the loading of labels by 4 times.
2011-06-13 11:29:06 -04:00
Dan Walsh
2c3aaeae1e Move /selinux to /sys/fs/selinux
Add selinuxexeccon
Add realpath to matchpathcon to handle matchpathcon * type queries.
2011-05-25 14:25:56 -04:00
Dan Walsh
71e7978d45 Update for latest libsepol 2011-04-21 12:02:22 -04:00
Dan Walsh
f0ee56705a Update for latest libsepol 2011-04-18 09:33:23 -04:00
Dan Walsh
73bed069d2 Fix restorecon python binding to accept relative paths 2011-04-13 16:51:22 -04:00
Dan Walsh
982b2e517d Update to upstream
* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-04-12 10:08:26 -04:00
Dan Walsh
d455eb5e43 Clean up patch to make handling of constructor cleanup more portable
* db_language object class support for selabel_lookup from KaiGai Kohei.
* Library destructors for thread local storage keys from Eamon Walsh.
2011-04-06 16:46:47 -04:00
Dan Walsh
3d499ceb03 Clean up patch to make handling of constructor cleanup more portable 2011-04-06 11:19:19 -04:00
Dan Walsh
8723500e16 Add file_context.subs_dist to subs paths 2011-04-05 14:03:07 -04:00
Dan Walsh
4b2caaad18 Add patch from dbhole@redhat.com to initialize thread keys to -1
Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.
2011-04-05 12:10:57 -04:00
Dan Walsh
0cd375f839 Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data 2011-04-05 11:25:39 -04:00
Dan Walsh
1fefea1eb1 Update to upstream
* Turn off default user handling when computing user contexts by Dan Walsh
2011-03-30 14:42:17 -04:00
Dennis Gilmore
148fda2b16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 05:19:56 -06:00
Dan Walsh
c49c04df3b - Fixup selinux man page 2011-02-01 17:40:11 -05:00
Dan Walsh
3c1b814b3d - Fix Makefile to use pkg-config --cflags python3 to discover include paths 2011-01-18 10:08:15 -05:00
Dan Walsh
ca9cea7698 - Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
2010-12-21 16:29:19 -05:00
Dan Walsh
2542902e06 - Update to upstream
* Thread local storage fixes from Eamon Walsh.
2010-12-06 15:10:20 -05:00
Dan Walsh
8b8064a26e - Add /etc/tmpfiles.d support for /var/run/setrans 2010-12-02 15:19:26 -05:00
Dan Walsh
3dcd5c3eb3 - Ghost /var/run/setrans 2010-11-24 08:47:07 -05:00
Jesse Keating
2f8093690a - Rebuilt for gcc bug 634757 2010-09-29 14:41:56 -07:00
Adam Tkac
ae5808aa95 Rebuild via updated swig (#624674).
Signed-off-by: Adam Tkac <atkac@redhat.com>
2010-09-16 16:01:09 +02:00
Dan Walsh
7c0da10653 - Update for python 3.2a1 2010-08-22 06:41:49 -04:00
Daniel J Walsh
159f7d2174 - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list 2010-07-27 17:50:51 +00:00
dmalcolm
9eca71ac71 - Rebuilt for
https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
2010-07-22 02:19:39 +00:00
Daniel J Walsh
4235807de2 - Turn off messages in audit2why 2010-06-25 21:05:56 +00:00
Daniel J Walsh
5abec270e9 - Update to upstream
Add const qualifiers to public API where appropriate by KaiGai Kohei.
2010-06-16 13:23:15 +00:00
Daniel J Walsh
982ffdc3f5 - Update to upstream
Fix from Eric Paris to fix leak on non-selinux systems.
regenerate swig wrappers
pkgconfig fix to respect LIBDIR from Dan Walsh.
2010-03-08 13:14:35 +00:00
Daniel J Walsh
68c8d967fd - Update to upstream
Change the AVC to only audit the permissions specified by the policy,
    excluding any permissions specified via dontaudit or not specified via
    auditallow.
Fix compilation of label_file.c with latest glibc headers.
2010-02-24 19:12:12 +00:00
Daniel J Walsh
de078cb3d5 - Fix man page for selinuxdefcon 2010-01-18 21:59:45 +00:00
Daniel J Walsh
1f46a5f18f Mon Jam 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-2
- Free memory on disabled selinux boxes
2010-01-04 22:17:33 +00:00
Daniel J Walsh
76ecedb2d0 - Update to upstream
add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
Change exception.sh to be called with bash by Manoj Srivastava
    <srivasta@debian.org>
2009-12-01 21:18:45 +00:00
Daniel J Walsh
4ed79e3521 - Fix selinuxdefcon man page 2009-11-23 18:32:48 +00:00
Daniel J Walsh
ac492a22d6 - Update to upstream
Add pkgconfig file from Eamon Walsh.
2009-11-02 18:11:50 +00:00
Daniel J Walsh
a69064eb95 - Update to upstream
Add pkgconfig file from Eamon Walsh.
2009-11-02 18:01:05 +00:00
Daniel J Walsh
8a570f443e - Update to upstream
Rename and export selinux_reset_config()
2009-10-29 19:36:32 +00:00
Daniel J Walsh
510eba6977 - Update to upstream
Add exception handling in libselinux from Dan Walsh. This uses a shell
    script called exception.sh to generate a swig interface file.
make swigify
Make matchpathcon print <<none>> if path not found in fcontext file.
2009-09-28 20:33:26 +00:00
Daniel J Walsh
d3cc14428b - Eliminate -pthread switch in Makefile 2009-09-15 19:24:22 +00:00
Daniel J Walsh
9afde8153b - Update to upstream
Removal of reference counting on userspace AVC SID's.
2009-09-08 13:09:19 +00:00
Jesse Keating
0762b6438c - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 08:35:31 +00:00
Daniel J Walsh
fa621852dc - Update to upstream
Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread
    dependency.
Removed fini_context_translations() altogether.
Merged lazy init patch from Stephen Smalley based on original patch by
    Steve Grubb.
2009-07-14 15:29:55 +00:00
Daniel J Walsh
23660c5dba - Update to upstream
Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
    Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
2009-07-07 16:26:11 +00:00
Daniel J Walsh
94187eeda7 - Add provices ruby(selinux) 2009-06-24 21:37:23 +00:00
Daniel J Walsh
a66522107b - Update to upstream
Fix improper use of thread local storage from Tomas Mraz
    <tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
2009-06-23 19:54:03 +00:00
Daniel J Walsh
403bfa5085 - Update to upstream
Trim / from the end of input paths to matchpathcon from Dan Walsh.
Fix leak in process_line in label_file.c from Hiroshi Shinji.
Move matchpathcon to /sbin, add matchpathcon to clean target from Dan
    Walsh.
getdefaultcon to print just the correct match and add verbose option from
    Dan Walsh.
2009-05-18 18:22:22 +00:00
Daniel J Walsh
c1ed6edd9a - Update to upstream
deny_unknown wrapper function from KaiGai Kohei.
security_compute_av_flags API from KaiGai Kohei.
Netlink socket management and callbacks from KaiGai Kohei.
2009-04-08 13:08:53 +00:00
Daniel J Walsh
d6eb0cea47 - Fix Memory Leak 2009-04-03 12:58:07 +00:00
Daniel J Walsh
261c72abdb - Fix crash in python 2009-04-02 13:36:47 +00:00
Daniel J Walsh
f6ba4d34de - Add back in additional interfaces 2009-03-29 15:18:28 +00:00
Daniel J Walsh
55f4c91ff1 - Add back in av_decision to python swig 2009-03-27 20:39:31 +00:00
Daniel J Walsh
974a6e4ad2 - Add back in av_decision to python swig 2009-03-27 18:25:16 +00:00
Daniel J Walsh
c86e2e8d59 - Update to upstream
Netlink socket handoff patch from Adam Jackson.
AVC caching of compute_create results by Eric Paris.
2009-03-12 12:57:57 +00:00
Daniel J Walsh
ada6d88f6b - Add eparis patch to accellerate Xwindows performance 2009-03-09 15:52:25 +00:00
Daniel J Walsh
79bb8b19a2 - Fix URL 2009-03-09 14:03:12 +00:00
Daniel J Walsh
3da9d84fdc - Add substitute pattern
- matchpathcon output <<none>> on ENOENT
2009-03-06 21:31:10 +00:00
Daniel J Walsh
07ae258133 - Update to upstream
Fix incorrect conversion in discover_class code.
2009-03-02 18:21:46 +00:00
Jesse Keating
5b3b3ee4ad - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 18:01:00 +00:00
Daniel J Walsh
19dec57f82 - Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
2009-02-18 19:45:23 +00:00
Daniel J Walsh
6396f115b4 - Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
2009-02-18 18:29:42 +00:00
Daniel J Walsh
b5b41bc929 - Throw exeptions in python swig bindings on failures 2009-01-27 20:00:47 +00:00
Daniel J Walsh
c1e059f764 - Fix restorecon python code 2009-01-06 15:44:49 +00:00
Daniel J Walsh
49eae3b63b - Update to upstream 2009-01-06 14:31:47 +00:00
Daniel J Walsh
e672e99f9d - Strip trailing / for matchpathcon 2008-12-19 20:17:53 +00:00
Daniel J Walsh
0c692a5a64 - Fix segfault if seusers file does not work 2008-12-16 14:38:49 +00:00
Daniel J Walsh
d9847be233 - Add new function getseuser which will take username and service and
return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
2008-12-12 16:15:27 +00:00
Daniel J Walsh
cd000f17c0 - Add new function getseuser which will take username and service and
return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
2008-12-12 15:21:10 +00:00
Ignacio Vazquez-Abrams
fdb97bc4bb Rebuild for Python 2.6 2008-11-29 16:48:05 +00:00
Daniel J Walsh
f53982306d - Update to Upstream
Allow shell-style wildcards in x_contexts file.
2008-11-21 21:06:11 +00:00
Daniel J Walsh
41931f8d57 - Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
- Add Restorecon/Install python functions from Luke Macken
2008-11-17 15:27:48 +00:00
Daniel J Walsh
d3b013d124 - Update to Upstream
Correct message types in AVC log messages.
Make matchpathcon -V pass mode from Dan Walsh.
Add man page for selinux_file_context_cmp from Dan Walsh.
2008-11-07 14:08:36 +00:00
Daniel J Walsh
3898d8da39 - Update to Upstream
New man pages from Dan Walsh.
Update flask headers from refpolicy trunk from Dan Walsh.
2008-09-30 13:30:18 +00:00
Daniel J Walsh
263ee4f1ec - Fix matchpathcon -V call 2008-09-26 14:22:14 +00:00