- Clarify is_selinux_mls_enabled() description
- Explain how to free policy type from selinux_getpolicytype()
- Compare absolute pathname in matchpathcon -V
- Add selinux_snapperd_contexts_path()
There was a change in swig-3.10 to use importlib instead of imp. While
the implementation with imp looked for _selinux.so also in the directory
where __init__.py was, importlib search only standard paths. It means that we
need to move _selinux.so from $(PYLIBDIR)/site-packages/selinux/
to $(PYLIBDIR)/site-packages/
Fixes:
>>> import selinux
Traceback (most recent call last):
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 18, in swig_import_helper
return importlib.import_module(mname)
File "/usr/lib64/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 986, in _gcd_import
File "<frozen importlib._bootstrap>", line 969, in _find_and_load
File "<frozen importlib._bootstrap>", line 956, in _find_and_load_unlocked
ImportError: No module named '_selinux'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 21, in <module>
_selinux = swig_import_helper()
File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 20, in swig_import_helper
return importlib.import_module('_selinux')
File "/usr/lib64/python3.5/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
ImportError: No module named '_selinux'
* Thu Jun 23 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-7
- Modify audit2why analyze function to use loaded policy
- Sort object files for deterministic linking order
- Respect CC and PKG_CONFIG environment variable
- Avoid mounting /proc outside of selinux_init_load_policy()
- Fix location of selinuxfs mount point
- Only mount /proc if necessary
- procattr: return einval for <= 0 pid args
- procattr: return error on invalid pid_t input
Conflict with selinux-policy causes deadlocks in buildroots when
there's no selinux-policy available. selinux-policy-base is provided by
targeted, mls and minimum subpackages which are not installed to
buildroots.
conflicts
- selinux.py - use os.walk() instead of os.path.walk() (#1195004)
- is_selinux_enabled(): drop no-policy-loaded test (#1195074)
- fix -Wformat errors and remove deprecated mudflap option
* Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
* Support overriding Makefile RANLIB from Sven Vermeulen.
* Update pkgconfig definition from Sven Vermeulen.
* Mount sysfs before trying to mount selinuxfs from Sven Vermeulen.
* Fix man pages from Laurent Bigonville.
* Support overriding PATH and LIBBASE in Makefiles from Laurent Bigonville.
* Fix LDFLAGS usage from Laurent Bigonville
* Avoid shadowing stat in load_mmap from Joe MacDonald.
* Support building on older PCRE libraries from Joe MacDonald.
* Fix handling of temporary file in sefcontext_compile from Dan Walsh.
* Fix procattr cache from Dan Walsh.
* Define python constants for getenforce result from Dan Walsh.
* Fix label substitution handling of / from Dan Walsh.
* Add selinux_current_policy_path from Dan Walsh.
* Change get_context_list to only return good matches from Dan Walsh.
* Support udev-197 and higher from Sven Vermeulen and Dan Walsh.
* Add support for local substitutions from Dan Walsh.
* Change setfilecon to not return ENOSUP if context is already correct from Dan Walsh.
* Python wrapper leak fixes from Dan Walsh.
* Export SELINUX_TRANS_DIR definition in selinux.h from Dan Walsh.
* Add selinux_systemd_contexts_path from Dan Walsh.
* Add selinux_set_policy_root from Dan Walsh.
* Add man page for sefcontext_compile from Dan Walsh.
- Add matchpathcon -P /etc/selinux/mls support by allowing users to set alternate root
- Make sure we set exit codes from selinux_label calls to ENOENT or SUCCESS
* audit2why: make sure path is nul terminated
* utils: new file context regex compiler
* label_file: use precompiled filecontext when possible
* do not leak mmapfd
* sefcontontext_compile: Add error handling to help debug problems in libsemanage.
* man: make selinux.8 mention service man pages
* audit2why: Fix segfault if finish() called twice
* audit2why: do not leak on multiple init() calls
* mode_to_security_class: interface to translate a mode_t in to a security class
* audit2why: Cleanup audit2why analysys function
* man: Fix program synopsis and function prototypes in man pages
* man: Fix man pages formatting
* man: Fix typo in man page
* man: Add references and man page links to _raw function variants
* Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
* man: context_new(3): fix the return value description
* selinux_status_open: handle error from sysconf
* selinux_status_open: do not leak statusfd on exec
* Fix errors found by coverity
* Change boooleans.subs to booleans.subs_dist.
* optimize set*con functions
* pkg-config do not specifc ruby version
* unmap file contexts on selabel_close()
* do not leak file contexts with mmap'd backend
* sefcontext_compile: do not leak fd on error
* matchmediacon: do not leak fd
* src/label_android_property: do not leak fd on error
- Fix errors found by coverity
- set the sepol_compute_av_reason_buffer flag to 0. This means calculate denials only?
- audit2why: remove a useless policy vers variable
- audit2why: use the new constraint information
* Add support for lxc_contexts_path
* utils: add service to getdefaultcon
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* boolean name equivalency
* getsebool: support boolean name substitution
* Add man page for new selinux_boolean_sub function.
* expose selinux_boolean_sub
* matchpathcon: add -m option to force file type check
* utils: avcstat: clear sa_mask set
* seusers: Check for strchr failure
* booleans: initialize pointer to silence coveriety
* stop messages when SELinux disabled
* label_file: use PCRE instead of glibc regex functions
* label_file: remove all typedefs
* label_file: move definitions to include file
* label_file: do string to mode_t conversion in a helper function
* label_file: move error reporting back into caller
* label_file: move stem/spec handling to header
* label_file: drop useless ncomp field from label_file data
* label_file: move spec_hasMetaChars to header
* label_file: fix potential read past buffer in spec_hasMetaChars
* label_file: move regex sorting to the header
* label_file: add accessors for the pcre extra data
* label_file: only run regex files one time
* label_file: new process_file function
* label_file: break up find_stem_from_spec
* label_file: struct reorg
* label_file: only run array once when sorting
* Ensure that we only close the selinux netlink socket once.
* improve the file_contexts.5 manual page
