Commit Graph

533 Commits

Author SHA1 Message Date
Daniel J Walsh
25aea25d22 - Upgrade to upstream 2006-11-28 14:25:28 +00:00
Daniel J Walsh
2bcf9654c5 - Add James Antill patch for login verification of MLS Levels
- MLS ragnes need to be checked, Eg. login/cron. This patch adds
    infrastructure.
2006-11-03 22:14:51 +00:00
Daniel J Walsh
c27fc16cad - Upgrade to latest from NSA
Merged updated flask definitions from Darrel Goeddel. This adds the context
    security class, and also adds the string definitions for setsockcreate
    and polmatch.
2006-10-25 02:52:18 +00:00
Daniel J Walsh
e24dd65a42 - Upgrade to latest from NSA
Updated version for release.
2006-10-17 17:05:47 +00:00
Jesse Keating
9fcaa3e1fa bump for gcc bug 2006-10-01 20:19:56 +00:00
Daniel J Walsh
2a0f9c5cfa - Upgrade to latest from NSA
Merged av_permissions.h update from Steve Grubb, adding setsockcreate and
    polmatch definitions.
2006-09-29 18:12:11 +00:00
Daniel J Walsh
de746cb12c - Upgrade to latest from NSA
Merged av_permissions.h update from Steve Grubb, adding setsockcreate and
    polmatch definitions.
2006-09-29 15:56:32 +00:00
Daniel J Walsh
f6df692173 - Upgrade to latest from NSA
Merged av_permissions.h update from Steve Grubb, adding setsockcreate and
    polmatch definitions.
2006-09-29 15:56:14 +00:00
Jeremy Katz
95053689d2 - really make -devel depend on libsepol-devel 2006-09-28 01:51:37 +00:00
Daniel J Walsh
cfd1d1337d - Add sgrubb patch for polmatch 2006-09-25 14:19:06 +00:00
Daniel J Walsh
ab45727649 - Upgrade to latest from NSA
Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
2006-09-13 17:39:35 +00:00
Jeremy Katz
8a855c559b - have -devel require libsepol-devel 2006-09-05 19:44:37 +00:00
Daniel J Walsh
7bdc604160 - Upgrade to latest from NSA
Merged patch to not log avc stats upon a reset from Steve Grubb.
Applied patch to revert compat_net setting upon policy load.
Merged file context homedir and local path functions from Chris PeBenito.
2006-08-24 18:37:18 +00:00
Jesse Keating
88e5d3a474 rebuilt with latest binutils 2006-08-18 20:14:02 +00:00
Daniel J Walsh
77a0d2cc39 - Upgrade to latest from NSA
Merged file context homedir and local path functions from Chris PeBenito.
Rework functions that access /proc/pid/attr to access the per-thread nodes,
    and unify the code to simplify maintenance.
2006-08-12 11:21:11 +00:00
Daniel J Walsh
243c6756b4 - Upgrade to latest from NSA
Merged return value fix for *getfilecon() from Dan Walsh.
Merged sockcreate interfaces from Eric Paris.
2006-08-11 10:45:34 +00:00
Daniel J Walsh
b7bdc631f1 - Fix translation return codes to return size of buffer 2006-08-10 15:34:47 +00:00
Daniel J Walsh
ef26b847fa - Upgrade to latest from NSA
Merged no-tls-direct-seg-refs patch from Jeremy Katz.
Merged netfilter_contexts support patch from Chris PeBenito.
2006-08-04 22:49:48 +00:00
Daniel J Walsh
61ba667985 - Upgrade to latest from NSA
Merged context_*_set errno patch from Jim Meyering.
2006-08-02 21:05:42 +00:00
Jeremy Katz
75675c7d50 - only build non-fpic objects with -mno-tls-direct-seg-refs 2006-08-01 18:38:57 +00:00
Jeremy Katz
be0d45133a - build with -mno-tls-direct-seg-refs on x86 to avoid triggering segfaults
with xen (#200783)
2006-08-01 18:26:09 +00:00
Daniel J Walsh
6b84a37b8f - Rebuild for new gcc 2006-07-17 13:12:11 +00:00
Daniel J Walsh
5a5a289fc8 - Rebuild for new gcc 2006-07-17 13:11:16 +00:00
Daniel J Walsh
1e7c365c44 - Fix libselinux to not telinit during installs 2006-07-11 19:26:08 +00:00
Daniel J Walsh
aa27b6bf81 - Upgrade to latest from NSA
Lindent.
Merged {get,set}procattrcon patch set from Eric Paris.
Merged re-base of keycreate patch originally by Michael LeMay from Eric
    Paris.
Regenerated Flask headers from refpolicy.
- Added selinux_file_context_{cmp,verify}.
- Added selinux_lsetfilecon_default.
- Delay translation of contexts in matchpathcon.
2006-07-05 10:42:47 +00:00
Daniel J Walsh
799720edd4 - Yet another change to matchpathcon 2006-06-21 20:16:13 +00:00
Daniel J Walsh
f4b45ddd03 - Turn off error printing in library. Need to compile with DEBUG to get it
back
2006-06-21 18:33:13 +00:00
Daniel J Walsh
2d9b36b51e - Fix error reporting of matchpathcon 2006-06-21 13:12:11 +00:00
Daniel J Walsh
645f93a8a5 - Add function to compare file context on disk versus contexts in
file_contexts file.
2006-06-20 20:30:59 +00:00
Daniel J Walsh
e60c844fba - Upgrade to latest from NSA
Added selinux_getpolicytype() function.
Modified setrans code to skip processing if !mls_enabled.
Set errno in the !selinux_mnt case.
Allocate large buffers from the heap, not on stack. Affects
    is_context_customizable, selinux_init_load_policy, and
    selinux_getenforcemode.
2006-06-16 19:16:03 +00:00
Daniel J Walsh
8389437eda - Add selinux_getpolicytype() 2006-06-09 19:43:52 +00:00
Daniel J Walsh
af1839bde5 - Upgrade to latest from NSA
Merged !selinux_mnt checks from Ian Kent.
2006-06-05 18:52:19 +00:00
Daniel J Walsh
f3cb9dc26b - Check for selinux_mnt == NULL 2006-06-01 17:25:22 +00:00
Daniel J Walsh
9cf72ebb65 Merged matchmediacon and trans_to_raw_context fixes from Serge Hallyn. 2006-05-31 10:36:45 +00:00
Daniel J Walsh
cd024ca945 - Remove getseuser 2006-05-30 12:44:31 +00:00
Daniel J Walsh
d1291eceea - Bump requires to grab latest libsepol 2006-05-25 19:30:29 +00:00
Daniel J Walsh
389a79998b - Add BuildRequires for swig 2006-05-24 03:50:03 +00:00
Daniel J Walsh
c2de2ffa71 - Upgrade to latest from NSA
Merged simple setrans client cache from Dan Walsh. Merged avcstat patch
    from Russell Coker.
Modified selinux_mkload_policy() to also set /selinux/compat_net
    appropriately for the loaded policy.
2006-05-23 10:39:18 +00:00
Daniel J Walsh
96ed369e9d - Upgrade to latest from NSA
Merged simple setrans client cache from Dan Walsh. Merged avcstat patch
    from Russell Coker.
Modified selinux_mkload_policy() to also set /selinux/compat_net
    appropriately for the loaded policy.
2006-05-23 10:26:55 +00:00
Daniel J Walsh
8f927c4a9f - More fixes for translation cache
- Upgrade to latest from NSA
Added matchpathcon_fini() function to free memory allocated by
    matchpathcon_init().
2006-05-18 16:15:35 +00:00
Daniel J Walsh
b71bf0b207 - Upgrade to latest from NSA
Merged setrans client cleanup patch from Steve Grubb.
2006-05-17 00:49:24 +00:00
Daniel J Walsh
069461a7d8 - Add Russell's AVC patch to handle large numbers 2006-05-09 19:13:08 +00:00
Daniel J Walsh
20222fb072 - Upgrade to latest from NSA
Merged getfscreatecon man page fix from Dan Walsh.
Updated booleans(8) man page to drop references to the old booleans file
    and to note that setsebool can be used to set the boot-time defaults
    via -P.
2006-05-08 15:04:16 +00:00
Daniel J Walsh
98a597a060 Merged fix warnings patch from Karl MacMillan.
Merged setrans client support from Dan Walsh. This removes use of
    libsetrans.
Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
Merged swig typemap fixes from Glauber de Oliveira Costa.
2006-05-08 14:08:21 +00:00
Daniel J Walsh
a925159382 - Add selinuxswig fixes
- Stop using PAGE_SIZE and start using sysconf(_SC_PAGE_SIZE)
2006-05-02 18:49:41 +00:00
Daniel J Walsh
e0ab958383 - Add selinuxswig fixes
- Stop using PAGE_SIZE and start using sysconfig(_SC_PAGE_SIZE)
2006-05-02 18:23:25 +00:00
Daniel J Walsh
75c50e4988 - Add selinuxswig fixes 2006-05-02 17:09:39 +00:00
Daniel J Walsh
ea8c625b8c - Upgrade to latest from NSA
Added distclean target to Makefile.
Regenerated swig files.
Changed matchpathcon_init to verify that the spec file is a regular file.
Merged python binding t_output_helper removal patch from Dan Walsh.
2006-04-14 11:31:14 +00:00
Daniel J Walsh
fed1ce5b77 - Fix python bindings for matchpathcon
- Fix booleans man page
2006-04-11 19:03:13 +00:00
Daniel J Walsh
c8030dcf96 Merged Makefile PYLIBVER definition patch from Dan Walsh. 2006-04-11 18:25:46 +00:00
Daniel J Walsh
55f0304445 - Make some fixes so it will build on RHEL4
- Upgrade to latest from NSA
Updated version for release.
Altered rpm_execcon fallback logic for permissive mode to also handle case
    where /selinux/enforce is not available.
2006-03-17 18:33:18 +00:00
Daniel J Walsh
d27dc97404 - Make some fixes so it will build on RHEL4
- Upgrade to latest from NSA
Updated version for release.
Altered rpm_execcon fallback logic for permissive mode to also handle case
    where /selinux/enforce is not available.
2006-03-17 17:20:57 +00:00
Jesse Keating
b531c7552a bump for bug in double-long on ppc(64) 2006-02-11 04:12:30 +00:00
Jesse Keating
79e8955796 bump for new gcc/glibc 2006-02-07 12:43:42 +00:00
Daniel J Walsh
6a494f5394 - Upgrade to latest from NSA
Merged install-pywrap Makefile patch from Joshua Brindle.
2006-01-20 16:17:43 +00:00
Daniel J Walsh
9ecb57d018 - Upgrade to latest from NSA
Merged pywrap Makefile patch from Dan Walsh.
2006-01-18 16:16:30 +00:00
Daniel J Walsh
fd8295b044 - Upgrade to latest from NSA
Merged pywrap Makefile patch from Dan Walsh.
2006-01-18 16:14:55 +00:00
Daniel J Walsh
f4d57a9014 - Split out pywrap in Makefile 2006-01-14 05:05:19 +00:00
Daniel J Walsh
ee0a60b0f5 - Upgrade to latest from NSA
Added getseuser test program.
2006-01-13 22:14:28 +00:00
Daniel J Walsh
9ad8aa5f09 - Upgrade to latest from NSA
Added format attribute to myprintf in matchpathcon.c and removed obsoleted
    rootlen variable in init_selinux_config().
2006-01-06 15:47:03 +00:00
Daniel J Walsh
fb1f51806c - Build with new libsepol 2006-01-04 18:34:57 +00:00
Daniel J Walsh
dab5a2cb5a - Upgrade to latest from NSA
- corrected use of getline
- further calls to __fsetlocking for local files
- use of strdupa and asprintf
- proper handling of dirent in booleans code
- use of -z relro
- several other optimizations
Merged getpidcon python wrapper from Dan Walsh (Red Hat).
2006-01-04 15:40:59 +00:00
Daniel J Walsh
cac4888385 - Add build requires line for libsepol-devel 2005-12-24 13:03:59 +00:00
Daniel J Walsh
407234b39f - Fix swig call for getpidcon 2005-12-20 14:44:43 +00:00
Daniel J Walsh
41b7ee2ce3 - Move libselinux.so to base package 2005-12-19 14:35:26 +00:00
Daniel J Walsh
0b65dc6081 - Upgrade to latest from NSA
Merged call to finish_context_translations from Dan Walsh. This eliminates
    a memory leak from failing to release memory allocated by libsetrans.
2005-12-14 19:22:10 +00:00
Daniel J Walsh
6c4b73afbd - Upgrade to latest from NSA
Merged call to finish_context_translations from Dan Walsh. This eliminates
    a memory leak from failing to release memory allocated by libsetrans.
2005-12-14 19:19:29 +00:00
Daniel J Walsh
3371166078 - update to latest libsetrans
- Fix potential memory leak
2005-12-13 20:44:36 +00:00
Daniel J Walsh
d21de0e9f0 - update to latest libsetrans 2005-12-11 17:26:58 +00:00
Jesse Keating
16eca654b0 gcc update bump 2005-12-09 22:41:41 +00:00
Daniel J Walsh
2774b7d0d8 - Update to never version
Merged patch for swig interfaces from Dan Walsh.
2005-12-08 18:04:22 +00:00
Daniel J Walsh
a73f673890 - Update to never version 2005-12-08 04:36:24 +00:00
Daniel J Walsh
710322bbd4 - Update to never version 2005-12-08 04:35:07 +00:00
Daniel J Walsh
0e39b77de1 - Fix some of the python swig objects 2005-12-07 15:53:55 +00:00
Daniel J Walsh
38b50da3f8 - Update to latest from NSA
Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and modified
    matchpathcon implementation to make context validation/
    canonicalization optional at matchpathcon_init time, deferring it to a
    successful matchpathcon by default unless the new flag is set by the
    caller.
Added matchpathcon_init_prefix() interface, and reworked matchpathcon
    implementation to support selective loading of file contexts entries
    based on prefix matching between the pathname regex stems and the
    specified path prefix (stem must be a prefix of the specified path
    prefix).
2005-12-01 19:20:49 +00:00
Daniel J Walsh
827fc8369b - Update to latest from NSA
Change getsebool to return on/off instead of active/inactive
2005-11-30 20:10:18 +00:00
Daniel J Walsh
56d326bb01 - Change getsebool to return on/off instead of active/inactive 2005-11-29 19:21:03 +00:00
Daniel J Walsh
116a5b0c09 - Update to latest from NSA
Added -f file_contexts option to matchpathcon util. Fixed warning message
    in matchpathcon_init().
Merged Makefile python definitions patch from Dan Walsh.
2005-11-29 18:47:52 +00:00
Daniel J Walsh
998386142a Merged swigify patch from Dan Walsh. 2005-11-29 03:04:19 +00:00
Daniel J Walsh
86e0b5f76e - Separate out libselinux-python bindings into separate rpm 2005-11-29 03:02:30 +00:00
Daniel J Walsh
4bb08c52c4 - Separate out libselinux-python bindings into separate rpm 2005-11-28 22:02:25 +00:00
Daniel J Walsh
555b9174f8 - Readd libsetrans requirement 2005-11-22 17:53:13 +00:00
Daniel J Walsh
ae85aab0af - Add python bindings 2005-11-17 17:13:50 +00:00
Daniel J Walsh
ac2f72cc37 - Update to latest from NSA
Merged make failure in rpm_execcon non-fatal in permissive mode patch from
    Ivan Gyurdiev.
2005-11-17 02:41:51 +00:00
Daniel J Walsh
f0d8402adc - Remove requirement for libsetrans 2005-11-16 02:10:36 +00:00
Daniel J Walsh
67ec76fa36 - Update to latest from NSA
Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() and modified
    matchpathcon_init() to skip context translation if it is set by the
    caller.
2005-11-09 01:39:32 +00:00
Daniel J Walsh
848a7fab72 - Update to latest from NSA
Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() and modified
    matchpathcon_init() to skip context translation if it is set by the
    caller.
2005-11-09 01:36:44 +00:00
Daniel J Walsh
e6236defe6 - Update to latest from NSA
Added security_canonicalize_context() interface and
    set_matchpathcon_canoncon() interface for obtaining canonical contexts.
    Changed matchpathcon internals to obtain canonical contexts by default.
    Provided fallback for kernels that lack extended selinuxfs context
    interface.
- Patch to not translate mls when calling setfiles
2005-11-08 23:41:10 +00:00
Daniel J Walsh
70810f17e4 - Patch to not translate mls when calling setfiles 2005-11-08 19:18:13 +00:00
Daniel J Walsh
69e4fdee5a fix spec 2005-11-08 19:11:58 +00:00
Daniel J Walsh
37bc4557e3 - Don't strip mls context if selinux is not enabled. 2005-11-08 19:09:28 +00:00
Daniel J Walsh
8f768f0ce7 - Update to latest from NSA
Merged seusers parser changes from Ivan Gyurdiev.
Merged setsebool to libsemanage patch from Ivan Gyurdiev.
Changed seusers parser to reject empty fields.
2005-11-07 14:50:45 +00:00
Daniel J Walsh
e559debc39 Merged seusers empty level handling patch from Jonathan Kim (TCS). 2005-11-04 14:49:42 +00:00
Daniel J Walsh
da7a013c49 - Rebuild for latest libsepol 2005-11-03 20:04:43 +00:00
Daniel J Walsh
93060b5d12 - Rebuild for latest libsepol 2005-11-03 15:46:44 +00:00
Daniel J Walsh
597ff86a91 - Rebuild for latest libsepol 2005-10-31 20:31:40 +00:00
Daniel J Walsh
08d2242291 - Change default to __default__ 2005-10-27 17:57:25 +00:00
Daniel J Walsh
9f412a6358 - Change default to __default__ 2005-10-26 20:32:58 +00:00
Daniel J Walsh
54939fac9a - Add selinux_translations_path 2005-10-25 22:03:43 +00:00
Daniel J Walsh
2300981c61 - Update to latest from NSA
Merged selinux_path() and selinux_homedir_context_path() functions from
    Joshua Brindle.
2005-10-25 19:17:22 +00:00
Daniel J Walsh
8ab39e56ae - Need to check for /sbin/telinit 2005-10-21 16:26:20 +00:00
Daniel J Walsh
f6b11f6673 - Need to check for /sbin/telinit 2005-10-21 14:51:35 +00:00
Daniel J Walsh
3ef1de9af9 - Update to latest from NSA
Merged fixes for make DESTDIR= builds from Joshua Brindle.
2005-10-20 20:34:28 +00:00
Daniel J Walsh
78dc042098 - Update to latest from NSA
Merged get_default_context_with_rolelevel and man pages from Dan Walsh (Red
    Hat).
Updated call to sepol_policydb_to_image for sepol changes.
Changed getseuserbyname to ignore empty lines and to handle no matching
    entry in the same manner as no seusers file.
2005-10-18 18:27:41 +00:00
Daniel J Walsh
61427961fc - 2005-10-17 18:19:07 +00:00
Daniel J Walsh
d5c6e72c48 - Tell init to reexec itself in post script 2005-10-14 16:11:08 +00:00
Daniel J Walsh
c521275b65 - Update to latest from NSA
Changed selinux_mkload_policy to try downgrading the latest policy version
    available to the kernel-supported version.
Changed selinux_mkload_policy to fall back to the maximum policy version
    supported by libsepol if the kernel policy version falls outside of the
    supported range.
2005-10-14 12:34:19 +00:00
Daniel J Walsh
555e97b002 - Update to latest from NSA
Changed getseuserbyname to fall back to the Linux username and NULL level
    if seusers config file doesn't exist unless REQUIRESEUSERS=1 is set in
    /etc/selinux/config.
Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
2005-10-13 13:12:23 +00:00
Daniel J Walsh
b19e5c854f - Update to latest from NSA
Changed getseuserbyname to fall back to the Linux username and NULL level
    if seusers config file doesn't exist unless REQUIRESEUSERS=1 is set in
    /etc/selinux/config.
Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
2005-10-07 14:09:21 +00:00
Daniel J Walsh
33b55398a2 - Update to latest from NSA
Added selinux_init_load_policy() function as an even higher level interface
    for the initial policy load by /sbin/init. This obsoletes the
    load_policy() function in the sysvinit-selinux.patch.
Added selinux_mkload_policy() function as a higher level interface for
    loading policy than the security_load_policy() interface.
2005-10-06 19:03:52 +00:00
Daniel J Walsh
90c2814893 - Update to latest from NSA
Merged fix for matchpathcon (regcomp error checking) from Johan Fischer.
    Also added use of regerror to obtain the error string for inclusion in
    the error message.
2005-10-06 13:21:54 +00:00
Daniel J Walsh
f76369a096 - Update to latest from NSA
Changed getseuserbyname to not require (and ignore if present) the MLS
    level in seusers.conf if MLS is disabled, setting *level to NULL in
    this case.
2005-10-04 15:43:00 +00:00
Daniel J Walsh
1cfd4dc1a6 - Update to latest from NSA
Merged getseuserbyname patch from Dan Walsh.
2005-10-03 13:14:47 +00:00
Daniel J Walsh
4dc4d104e7 - Fix patch to satisfy upstream 2005-09-29 21:35:43 +00:00
Daniel J Walsh
bebb529bd5 - Update to latest from NSA
- Add getseuserbyname
2005-09-29 02:12:47 +00:00
Daniel J Walsh
e8346fc44d - Fix patch call 2005-09-19 17:36:11 +00:00
Daniel J Walsh
fedf8202cb - Fix patch call 2005-09-16 19:53:29 +00:00
Daniel J Walsh
b86cfc3a43 - Fix strip_con call 2005-09-16 18:42:27 +00:00
Daniel J Walsh
c2b28e3158 - Go back to original libsetrans code 2005-09-13 21:21:50 +00:00
Daniel J Walsh
bc0a935c8c - Eliminate forth param from mls context when mls is not enabled. 2005-09-13 16:48:16 +00:00
Daniel J Walsh
017ea0e76c - Update from NSA
Merged modified form of patch to avoid dlopen/dlclose by the static
    libselinux from Dan Walsh. Users of the static libselinux will not have
    any context translation by default.
2005-09-12 15:52:30 +00:00
Daniel J Walsh
99ddec8d69 - Update from NSA
Merged modified form of patch to avoid dlopen/dlclose by the static
    libselinux from Dan Walsh. Users of the static libselinux will not have
    any context translation by default.
2005-09-06 16:41:47 +00:00
Daniel J Walsh
59d6552e7d - Update from NSA
Added public functions to export context translation to users of libselinux
    (selinux_trans_to_raw_context, selinux_raw_to_trans_context).
2005-09-01 15:23:17 +00:00
Daniel J Walsh
eb500fb164 - Update from NSA
Remove special definition for context_range_set; use common code.
2005-08-29 11:59:41 +00:00
Daniel J Walsh
d3d9f9e7f8 - Update from NSA
Hid translation-related symbols entirely and ensured that raw functions
    have hidden definitions for internal use.
Allowed setting NULL via context_set* functions.
Allowed whitespace in MLS component of context.
Changed rpm_execcon to use translated functions to workaround lack of MLS
    level on upgraded systems.
2005-08-25 20:21:14 +00:00
Daniel J Walsh
e7e35da33b Merged context translation patch, originally by TCS, with modifications by
Dan Walsh (Red Hat).
2005-08-24 13:15:02 +00:00
Daniel J Walsh
1f935e2ec7 - Update from NSA
Merged several fixes for error handling paths in the AVC sidtab,
    matchpathcon, booleans, context, and get_context_list code from Serge
    Hallyn (IBM). Bugs found by Coverity.
Removed setupns; migrated to pam.
Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original
    symbol is temporarily retained for compatibility until all callers are
    updated.
2005-08-12 02:46:49 +00:00
Daniel J Walsh
856cdc49d0 - Update makefiles 2005-07-21 15:58:45 +00:00
Daniel J Walsh
44200d6b78 - Update makefiles 2005-07-18 19:15:29 +00:00
Daniel J Walsh
67d0acbf49 - Update from NSA
Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page
2005-06-29 20:04:50 +00:00
Daniel J Walsh
661867eccf - Update from NSA
Merged avcstat and selinux man page from Dan Walsh.
Changed security_load_booleans to process booleans.local even if booleans
    file doesn't exist.
Fri Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
- Fix avcstat to clear totals
2005-05-20 17:18:49 +00:00
Daniel J Walsh
8456bc124a - Fix avcstat to clear totals 2005-05-11 15:00:11 +00:00
Daniel J Walsh
8f3fa78bf6 - Add info to man page 2005-04-29 19:03:45 +00:00
Daniel J Walsh
d3be4d7a20 - Update from NSA
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
    allow variable MLS fields.
2005-04-29 19:01:28 +00:00
Daniel J Walsh
3127b94941 - Update from NSA
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
    allow variable MLS fields.
2005-04-29 18:11:40 +00:00
Daniel J Walsh
d7bbd88ea0 - Update from NSA 2005-04-26 16:25:57 +00:00
Daniel J Walsh
4ff3f08454 - Add backin matchpathcon 2005-04-21 14:20:57 +00:00
Daniel J Walsh
ce82f572f7 - Fix selinux_policy_root man page 2005-04-13 19:12:02 +00:00
Daniel J Walsh
b83512ff2c - Change assert(selinux_mnt) to if (!selinux_mnt) return -1; 2005-04-13 15:42:02 +00:00
Daniel J Walsh
e39f335d11 - Update from NSA
Fixed bug in matchpathcon_filespec_destroy.
2005-04-11 20:11:29 +00:00
Daniel J Walsh
5b866cc468 - Update from NSA
Fixed bug in rpm_execcon error handling path.
2005-04-06 11:06:40 +00:00
Daniel J Walsh
03a50e15ab - Update from NSA
Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
Merged fix for getconlist utility from Andreas Steinmetz.
2005-04-04 20:17:21 +00:00
Daniel J Walsh
fbe330170e - Update from NSA 2005-03-30 03:12:14 +00:00
Daniel J Walsh
c74c56d735 - Update from NSA 2005-03-30 03:02:38 +00:00
Daniel J Walsh
07da577db2 - Better handling of booleans 2005-03-29 15:33:55 +00:00
Daniel J Walsh
e037587aca - Update from NSA
Merged destructors patch from Tomas Mraz.
2005-03-17 20:01:37 +00:00
Daniel J Walsh
d432883eeb - Update from NSA
Added set_matchpathcon_flags() function for setting flags controlling
    operation of matchpathcon. MATCHPATHCON_BASEONLY means only process the
    base file_contexts file, not file_contexts.homedirs or
    file_contexts.local, and is for use by setfiles -c.
Updated matchpathcon.3 man page.
2005-03-17 15:39:58 +00:00
Daniel J Walsh
8e67581eb8 - Update from NSA 2005-03-10 14:44:02 +00:00
Daniel J Walsh
adbca5042d - Update from NSA
Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
2005-03-08 20:15:20 +00:00
Daniel J Walsh
d4111cf41f - Update from NSA
Changed matchpathcon_common to ignore any non-format bits in the mode.
2005-03-02 04:04:04 +00:00
Daniel J Walsh
1ec9b46064 - Update from NSA
Merged several fixes from Ulrich Drepper.
2005-02-22 22:12:25 +00:00
Daniel J Walsh
4cc1ca9316 - Update from NSA
Merged several fixes from Ulrich Drepper.
2005-02-22 21:38:09 +00:00
Daniel J Walsh
e7c97c5559 - Fix matchpathcon on eof. 2005-02-21 14:25:51 +00:00
Daniel J Walsh
31e19c1580 - Fix matchpathcon on eof. 2005-02-21 14:10:27 +00:00
Daniel J Walsh
8e994c6484 - Update from NSA
Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
Added selinux_users_path() for path to directory containing system.users
    and local.users.
2005-02-17 19:27:56 +00:00
Daniel J Walsh
03d51ea8f7 - Process file_context.homedir 2005-02-11 01:38:47 +00:00
Daniel J Walsh
34474bcbb4 - Update from NSA
Changed relabel Makefile target to use restorecon.
2005-02-10 13:48:34 +00:00
Daniel J Walsh
e508830eca - Update from NSA
Regenerated av_permissions.h.
2005-02-08 21:20:55 +00:00
Daniel J Walsh
3fbeee478d - Update from NSA
Modified avc_dump_av to explicitly check for any permissions that cannot be
    mapped to string names and display them as a hex value.
Regenerated av_permissions.h.
2005-02-02 23:18:13 +00:00
Daniel J Walsh
8851687ce1 - Update from NSA
Generalized matchpathcon internals, exported more interfaces, and moved
    additional code from setfiles into libselinux so that setfiles can
    directly use matchpathcon.
2005-01-31 18:51:58 +00:00
Daniel J Walsh
1d69704875 - Update from NSA
Prevent overflow of spec array in matchpathcon.
Fixed several uses of internal functions to avoid relocations.
Changed rpm_execcon to check is_selinux_enabled() and fallback to a regular
    execve if not enabled (or unable to determine due to a lack of /proc,
    e.g. chroot'd environment).
2005-01-28 17:19:20 +00:00
Daniel J Walsh
cc65d5b546 - Update from NSA
Merged minor fix for avcstat from Dan Walsh.
2005-01-26 16:36:33 +00:00
Daniel J Walsh
e0a30a3da4 - rpmexeccon should not fail in permissive mode. 2005-01-24 20:46:24 +00:00
Daniel J Walsh
ca41c6e4bb - fix printf in avcstat 2005-01-21 20:57:55 +00:00
Daniel J Walsh
e1e9d62ce4 - Update from NSA 2005-01-20 13:58:18 +00:00
Daniel J Walsh
958b6d4982 - Modify matchpathcon to also process file_contexts.local if it exists 2005-01-18 22:27:57 +00:00
Daniel J Walsh
ae6f77c9ad - Add is_customizable_types function call 2005-01-12 14:37:21 +00:00
Daniel J Walsh
dffd9eaafd - Update to latest from upstream
Just changing version number to match upstream
2005-01-07 14:48:24 +00:00
Daniel J Walsh
c88fca683f - Update to latest from upstream
Changed matchpathcon to return -1 with errno ENOENT for <<none>> entries,
    and also for an empty file_contexts configuration.
2004-12-29 17:08:58 +00:00
Daniel J Walsh
7aa4e97275 - Fix link devel libraries 2004-12-28 15:40:26 +00:00
Daniel J Walsh
4f73d76fa3 - Fix unitialized variable in avcstat.c 2004-12-27 11:53:31 +00:00
Daniel J Walsh
e836ab9afb fix spec file 2004-12-20 14:25:06 +00:00
Daniel J Walsh
8ecfe2db4e - Upgrade to upstream
Removed some trivial utils that were not useful or redundant.
Changed BINDIR default to /usr/sbin to match change in Fedora.
Added security_compute_member.
Added man page for setcon.
2004-12-03 19:41:58 +00:00
Daniel J Walsh
cc63ca70ad - Upgrade to upstream 2004-12-01 01:31:34 +00:00
Daniel J Walsh
5d71053bd0 - Add avcstat program 2004-11-18 21:30:11 +00:00
Daniel J Walsh
6864134300 - Add avcstat program 2004-11-18 21:29:18 +00:00
Daniel J Walsh
2a0f8bbed9 - Add lots of missing man pages 2004-11-15 20:13:52 +00:00
Daniel J Walsh
4962db3e56 - Add lots of missing man pages 2004-11-15 20:05:55 +00:00
Daniel J Walsh
437c89fe9f - Fix output of getsebool. 2004-11-12 13:03:50 +00:00
Daniel J Walsh
38be80f2c3 - Update from upstream, fix setsebool -P segfault 2004-11-09 14:24:39 +00:00
Steve Grubb
37dbcb478d added patch from upstream 2004-11-05 22:26:36 +00:00
Daniel J Walsh
407b1fe335 - More fixes from sgrubb, better syslog 2004-11-04 18:25:37 +00:00
Steve Grubb
aed8abc66c spec file correction. 2004-11-04 17:30:03 +00:00
Daniel J Walsh
efa62ac4a5 - Have sesebool log to syslog 2004-11-04 15:50:24 +00:00
Daniel J Walsh
35c4f2492c fix spec file 2004-11-03 20:55:44 +00:00
Steve Grubb
71b3b1c0e0 Add patch to make setsebool update bool on disk. Make togglesebool have a
rollback capability in case it blows up inflight.
2004-11-03 20:50:26 +00:00
Daniel J Walsh
cfb1f307ae - Upgrade to latest from NSA 2004-11-02 19:47:54 +00:00
Steve Grubb
1d320842ce Updated 2 previous patches to output Usage before checking if selinux is
enabled. Apply a patch that fixes signed/unsigned issues and a memory
    leak.
2004-11-01 18:56:08 +00:00
Steve Grubb
76a08583da Move utilities to /usr/sbin 2004-10-28 21:25:27 +00:00
Steve Grubb
4af2226534 Adding patches for specfile 2004-10-27 20:53:11 +00:00
Daniel J Walsh
b2c3e1fca2 add -g to build and update with rpmexec 2004-10-15 13:42:33 +00:00
Daniel J Walsh
224faef153 update to NSA version 2004-10-06 14:03:28 +00:00
Daniel J Walsh
828726ceed change setenforce to accept Enforcing. permissive 2004-10-01 18:56:25 +00:00
Daniel J Walsh
72ef06e71f add alpha patch 2004-09-22 12:06:18 +00:00
Daniel J Walsh
228dd64e4f latest from NSA 2004-09-20 19:50:16 +00:00
Daniel J Walsh
dfa5fafe1b add removable_context path 2004-09-16 14:47:36 +00:00
Daniel J Walsh
0474ff5fef NSA Cleanup 2004-09-15 14:14:10 +00:00
Daniel J Walsh
39b34ebda7 latest from NSA 2004-09-14 13:43:57 +00:00
Daniel J Walsh
791a651339 add nscd perms 2004-09-14 13:39:22 +00:00
Daniel J Walsh
dcf4ba68c9 latest from NSA 2004-09-10 18:40:42 +00:00
Daniel J Walsh
9a368c5f7b add matchmediacon 2004-09-10 17:27:19 +00:00
cvsdist
aca62f6df6 auto-import changelog data from libselinux-1.17.9-1.src.rpm
Wed Sep 08 2004 Dan Walsh <dwalsh@redhat.com> 1.17.9-1
- Update from NSA
Added get_default_context_with_role.
2004-09-09 07:46:10 +00:00
cvsdist
1591c8d77a auto-import libselinux-1.17.8-2 from libselinux-1.17.8-2.src.rpm 2004-09-09 07:45:58 +00:00
cvsdist
f453bd1f3d auto-import changelog data from libselinux-1.17.8-1.src.rpm
Thu Sep 02 2004 Dan Walsh <dwalsh@redhat.com> 1.17.8-1
- Update from NSA
Added set_matchpathcon_printf.
Wed Sep 01 2004 Dan Walsh <dwalsh@redhat.com> 1.17.7-1
- Update from NSA
Reworked av_inherit.h to allow easier re-use by kernel.
2004-09-09 07:45:53 +00:00
cvsdist
b320ff19bb auto-import libselinux-1.17.7-1 from libselinux-1.17.7-1.src.rpm 2004-09-09 07:45:43 +00:00
cvsdist
e34dcc2219 auto-import changelog data from libselinux-1.17.6-1.src.rpm
Tue Aug 31 2004 Dan Walsh <dwalsh@redhat.com> 1.17.6-1
- Add strcasecmp in selinux_config
- Update from NSA
Changed avc_has_perm_noaudit to not fail on netlink errors.
Changed avc netlink code to check pid based on patch by Steve Grubb.
Merged second optimization patch from Ulrich Drepper.
Changed matchpathcon to skip invalid file_contexts entries.
Made string tables private to libselinux.
Merged strcat->stpcpy patch from Ulrich Drepper.
Merged matchpathcon man page from Dan Walsh.
Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
2004-09-09 07:45:35 +00:00
cvsdist
4b578fd4a9 auto-import libselinux-1.17.5-1 from libselinux-1.17.5-1.src.rpm 2004-09-09 07:45:27 +00:00
cvsdist
052a62dd21 auto-import changelog data from libselinux-1.17.4-1.src.rpm
Mon Aug 30 2004 Dan Walsh <dwalsh@redhat.com> 1.17.4-1
- Update from NSA
- Add optflags
2004-09-09 07:45:21 +00:00
cvsdist
f991fab43a auto-import libselinux-1.17.3-1 from libselinux-1.17.3-1.src.rpm 2004-09-09 07:45:16 +00:00
cvsdist
6df57245c3 auto-import changelog data from libselinux-1.17.2-1.src.rpm
Thu Aug 26 2004 Dan Walsh <dwalsh@redhat.com> 1.17.2-1
- Add matchpathcon man page
- Latest from NSA
Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
2004-09-09 07:45:13 +00:00
cvsdist
569258dd79 auto-import changelog data from libselinux-1.17.1-1.src.rpm
Tue Aug 24 2004 Dan Walsh <dwalsh@redhat.com> 1.17.1-1
- Latest from NSA
Autobind netlink socket.
Dropped compatibility code from security_compute_user.
Merged fix for context_range_set from Chad Hanson.
Merged allocation failure checking patch from Chad Hanson.
Merged avc netlink error message patch from Colin Walters.
2004-09-09 07:45:06 +00:00
cvsdist
c722471fde auto-import changelog data from libselinux-1.16.1-1.src.rpm
Sun Aug 22 2004 Dan Walsh <dwalsh@redhat.com> 1.16.1-1
- Latest from NSA
2004-09-09 07:44:55 +00:00
cvsdist
1e259b6254 auto-import changelog data from libselinux-1.16-1.src.rpm
Thu Aug 19 2004 Colin Walters <walters@redhat.com> 1.16-1
- New upstream version
2004-09-09 07:44:50 +00:00
cvsdist
998a860c58 auto-import changelog data from libselinux-1.15.7-1.src.rpm
Tue Aug 17 2004 Dan Walsh <dwalsh@redhat.com> 1.15.7-1
- Latest from Upstream
2004-09-09 07:44:47 +00:00
cvsdist
d4d9fd7e66 auto-import libselinux-1.15.6-1 from libselinux-1.15.6-1.src.rpm 2004-09-09 07:44:43 +00:00
cvsdist
431f96de8c auto-import changelog data from libselinux-1.15.5-1.src.rpm
Mon Aug 16 2004 Dan Walsh <dwalsh@redhat.com> 1.15.5-1
- Latest from Upstream
2004-09-09 07:44:40 +00:00
cvsdist
a23f3d806f auto-import changelog data from libselinux-1.15.4-1.src.rpm
Fri Aug 13 2004 Dan Walsh <dwalsh@redhat.com> 1.15.4-1
- Latest from Upstream
2004-09-09 07:44:23 +00:00
cvsdist
26188d788e auto-import changelog data from libselinux-1.15.3-2.src.rpm
Thu Aug 12 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-2
- Add man page for boolean functions and SELinux
2004-09-09 07:44:20 +00:00
cvsdist
6edaf310fa auto-import changelog data from libselinux-1.15.3-1.src.rpm
Sun Aug 08 2004 Dan Walsh <dwalsh@redhat.com> 1.15.3-1
- Latest from NSA
2004-09-09 07:44:11 +00:00
cvsdist
bb1a93f6eb auto-import libselinux-1.15.2-1 from libselinux-1.15.2-1.src.rpm 2004-09-09 07:43:48 +00:00
cvsdist
f55e3951ca auto-import changelog data from libselinux-1.15.1-3.src.rpm
Mon Jul 19 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-3
- uppercase getenforce returns, to make them match
    system-config-securitylevel
Thu Jul 15 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-2
- Remove old path patch
2004-09-09 07:43:46 +00:00
cvsdist
c391d58b0b auto-import changelog data from libselinux-1.15.1-1.src.rpm
Thu Jul 08 2004 Dan Walsh <dwalsh@redhat.com> 1.15.1-1
- Update to latest from NSA
- Add fix to only get old path if file_context file exists in old location
2004-09-09 07:43:41 +00:00
cvsdist
df7994567e auto-import changelog data from libselinux-1.14.1-1.src.rpm
Wed Jun 30 2004 Dan Walsh <dwalsh@redhat.com> 1.14.1-1
- Update to latest from NSA
2004-09-09 07:43:37 +00:00
cvsdist
eaa3e6ecb8 auto-import changelog data from libselinux-1.13.4-1.src.rpm
Wed Jun 16 2004 Dan Walsh <dwalsh@redhat.com> 1.13.4-1
- add nlclass patch
- Update to latest from NSA
2004-09-09 07:43:32 +00:00
cvsdist
b832765bf4 auto-import changelog data from libselinux-1.13.3-3.src.rpm
Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
2004-09-09 07:43:27 +00:00
cvsdist
2eea259b1c auto-import changelog data from libselinux-1.13.3-2.src.rpm
Sun Jun 13 2004 Dan Walsh <dwalsh@redhat.com> 1.13.3-2
- Fix selinux_config to break once it finds SELINUXTYPE.
2004-09-09 07:43:22 +00:00
cvsdist
fdbc02588c auto-import libselinux-1.13.3-1 from libselinux-1.13.3-1.src.rpm 2004-09-09 07:43:01 +00:00
cvsdist
6644b137d5 auto-import changelog data from libselinux-1.13.2-1.src.rpm
Fri May 28 2004 Dan Walsh <dwalsh@redhat.com> 1.13.2-1
-Update with latest from NSA
2004-09-09 07:42:52 +00:00
cvsdist
cca6a80b71 auto-import changelog data from libselinux-1.13.1-1.src.rpm
Thu May 27 2004 Dan Walsh <dwalsh@redhat.com> 1.13.1-1
- Change to use new policy mechanism
2004-09-09 07:42:50 +00:00
cvsdist
f9343ddbdd auto-import changelog data from libselinux-1.13-1.src.rpm
Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
- add man patch
Fri May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update with latest from NSA
2004-09-09 07:42:46 +00:00
cvsdist
adad8e9a40 auto-import changelog data from libselinux-1.11.4-1.src.rpm
Wed May 05 2004 Dan Walsh <dwalsh@redhat.com> 1.11.4-1
- Update with latest from NSA
Thu Apr 22 2004 Dan Walsh <dwalsh@redhat.com> 1.11.3-1
- Add changes for relaxed policy
- Update to match NSA
Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11.2-1
- Add relaxed policy changes
Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-4
- Sync with NSA
Thu Apr 15 2004 Dan Walsh <dwalsh@redhat.com> 1.11-3
- Remove requires glibc>2.3.4
Wed Apr 14 2004 Dan Walsh <dwalsh@redhat.com> 1.11-2
- Fix selinuxenabled man page.
Wed Apr 07 2004 Dan Walsh <dwalsh@redhat.com> 1.11-1
- Upgrade to 1.11
Wed Apr 07 2004 Dan Walsh <dwalsh@redhat.com> 1.10-2
- Add memleaks patch
Wed Apr 07 2004 Dan Walsh <dwalsh@redhat.com> 1.10-1
- Upgrade to latest from NSA and add more man pages
Thu Apr 01 2004 Dan Walsh <dwalsh@redhat.com> 1.9-1
- Update to match NSA
- Cleanup some man pages
Tue Mar 30 2004 Dan Walsh <dwalsh@redhat.com> 1.8-1
- Upgrade to latest from NSA
Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-6
- Add Russell's Man pages
Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-5
- Change getenforce to also check is_selinux_enabled
Thu Mar 25 2004 Dan Walsh <dwalsh@redhat.com> 1.6-4
- Add ownership to /usr/include/selinux
2004-09-09 07:42:26 +00:00
cvsdist
e9e2eaa1a2 auto-import changelog data from libselinux-1.6-3.src.rpm
Wed Mar 10 2004 Dan Walsh <dwalsh@redhat.com> 1.6-3
- fix location of file_contexts file.
Wed Mar 10 2004 Dan Walsh <dwalsh@redhat.com> 1.6-2
- Fix matchpathcon to use BUFSIZ
Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
Mon Feb 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-11
- add matchpathcon
Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
2004-09-09 07:41:46 +00:00
cvsdist
9f53563498 auto-import changelog data from libselinux-1.4-9.src.rpm
Fri Jan 23 2004 Dan Walsh <dwalsh@redhat.com> 1.4-9
- Add rootok patch
Wed Jan 14 2004 Dan Walsh <dwalsh@redhat.com> 1.4-8
- Updated getpeernam patch
Tue Jan 13 2004 Dan Walsh <dwalsh@redhat.com> 1.4-7
- Add getpeernam patch
Thu Dec 18 2003 Dan Walsh <dwalsh@redhat.com> 1.4-6
- Add getpeercon patch
Thu Dec 18 2003 Dan Walsh <dwalsh@redhat.com> 1.4-5
- Put mntpoint patch, because found fix for SysVinit
Wed Dec 17 2003 Dan Walsh <dwalsh@redhat.com> 1.4-4
- Add remove mntpoint patch, because it breaks SysVinit
Wed Dec 17 2003 Dan Walsh <dwalsh@redhat.com> 1.4-3
- Add mntpoint patch for SysVinit
Fri Dec 12 2003 Dan Walsh <dwalsh@redhat.com> 1.4-2
- Add -r -u -t to getcon
Sat Dec 06 2003 Dan Walsh <dwalsh@redhat.com> 1.4-1
- Upgrade to latest from NSA
Mon Oct 27 2003 Dan Walsh <dwalsh@redhat.com> 1.3-2
- Fix x86_64 build
Tue Oct 21 2003 Dan Walsh <dwalsh@redhat.com> 1.3-1
- Latest tarball from NSA.
Tue Oct 21 2003 Dan Walsh <dwalsh@redhat.com> 1.2-9
- Update with latest changes from NSA
Mon Oct 20 2003 Dan Walsh <dwalsh@redhat.com> 1.2-8
- Change location of .so file
Wed Oct 08 2003 Dan Walsh <dwalsh@redhat.com> 1.2-7
- Break out into development library
Wed Oct 08 2003 Dan Walsh <dwalsh@redhat.com> 1.2-6
- Move location of libselinux.so to /lib
Fri Oct 03 2003 Dan Walsh <dwalsh@redhat.com> 1.2-5
- Add selinuxenabled patch
Wed Oct 01 2003 Dan Walsh <dwalsh@redhat.com> 1.2-4
- Update with final NSA 1.2 sources.
Fri Sep 12 2003 Dan Walsh <dwalsh@redhat.com> 1.2-3
- Update with latest from NSA.
Thu Aug 28 2003 Dan Walsh <dwalsh@redhat.com> 1.2-2
- Fix to build on x86_64
Thu Aug 21 2003 Dan Walsh <dwalsh@redhat.com> 1.2-1
- update for version 1.2
Tue May 27 2003 Dan Walsh <dwalsh@redhat.com> 1.0-1
- Initial version
2004-09-09 07:41:25 +00:00