Commit Graph

218 Commits

Author SHA1 Message Date
Petr Lautrbach
e0682defe3 use upstream released tarball from https://github.com/SELinuxProject/selinux/wiki/Releases 2015-04-21 14:38:05 +02:00
Dan Walsh
ed9898ef4c Update to upstream
* Get rid of security_context_t and fix const declarations.
	* Refactor rpm_execcon() into a new setexecfilecon() from Guillem Jover.
2014-05-06 14:28:19 -04:00
Dan Walsh
7e1165a3eb revert unexplained change to rhat.patch which broke SELinux disablement 2014-01-06 10:15:40 -05:00
Dan Walsh
0f5adbd52b Mv selinux.go to /usr/share/gocode/src/selinux 2013-12-20 09:04:20 -05:00
Dan Walsh
c1553db668 Update to upstream
* audit2why: make sure path is nul terminated
        * utils: new file context regex compiler
        * label_file: use precompiled filecontext when possible
        * do not leak mmapfd
        * sefcontontext_compile: Add error handling to help debug problems in libsemanage.
        * man: make selinux.8 mention service man pages
        * audit2why: Fix segfault if finish() called twice
        * audit2why: do not leak on multiple init() calls
        * mode_to_security_class: interface to translate a mode_t in to a security class
        * audit2why: Cleanup audit2why analysys function
        * man: Fix program synopsis and function prototypes in man pages
        * man: Fix man pages formatting
        * man: Fix typo in man page
        * man: Add references and man page links to _raw function variants
        * Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
        * man: context_new(3): fix the return value description
        * selinux_status_open: handle error from sysconf
        * selinux_status_open: do not leak statusfd on exec
        * Fix errors found by coverity
        * Change boooleans.subs to booleans.subs_dist.
        * optimize set*con functions
        * pkg-config do not specifc ruby version
        * unmap file contexts on selabel_close()
        * do not leak file contexts with mmap'd backend
        * sefcontext_compile: do not leak fd on error
        * matchmediacon: do not leak fd
        * src/label_android_property: do not leak fd on error
2013-02-07 12:33:50 -05:00
rhatdan
01a1f705b5 Update to upstream
* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page
2012-09-14 05:59:45 -04:00
Dan Walsh
cd092e1338 Update to upstream
* Fortify source now requires all code to be compiled with -O flag
	* asprintf return code must be checked
	* avc_netlink_recieve handle EINTR
	* audit2why: silence -Wmissing-prototypes warning
	* libsemanage: remove build warning when build swig c files
	* matchpathcon: bad handling of symlinks in /
	* seusers: remove unused lineno
	* seusers: getseuser: gracefully handle NULL service
	* New Android property labeling backend
	* label_android_property whitespace cleanups
	* additional makefile support for rubywrap
2012-07-04 07:31:12 -04:00
Dan Walsh
ce3cc634eb Update to upstream
* Fix dead links to www.nsa.gov/selinux
	* Remove jump over variable declaration
	* Fix old style function definitions
	* Fix const-correctness
	* Remove unused flush_class_cache method
	* Add prototype decl for destructor
	* Add more printf format annotations
	* Add printf format attribute annotation to die() method
	* Fix const-ness of parameters & make usage() methods static
	* Enable many more gcc warnings for libselinux/src/ builds
	* utils: Enable many more gcc warnings for libselinux/utils builds
	* Change annotation on include/selinux/avc.h to avoid upsetting SWIG
	* Ensure there is a prototype for 'matchpathcon_lib_destructor'
	* Update Makefiles to handle /usrmove
	* utils: Stop separating out matchpathcon as something special
	* pkg-config to figure out where ruby include files are located
	* build with either ruby 1.9 or ruby 1.8
	* assert if avc_init() not called
	* take security_deny_unknown into account
	* security_compute_create_name(3)
	* Do not link against python library, this is considered
	* bad practice in debian
	* Hide unnecessarily-exported library destructors
2012-03-29 14:39:18 -04:00
Dan Walsh
2390d5be83 Update to upstream
* Fix setenforce man page to refer to selinux man page
	* Cleanup Man pages
	* merge freecon with getcon man page
2011-12-21 18:02:29 +00:00
Dan Walsh
3ae845067c Update to upstream
* Fix setenforce man page to refer to selinux man page
	* Cleanup Man pages
	* merge freecon with getcon man page
2011-12-21 18:01:55 +00:00
Dan Walsh
de1ce20f11 Upgrade to upstream
* selinuxswig_python.i: don't make syscall if it won't change anything
	* Remove assert in security_get_boolean_names(3)
	* Mapped compute functions now obey deny_unknown flag
	* get_default_type now sets EINVAL if no entry.
	* return EINVAL if invalid role selected
	* Updated selabel_file(5) man page
	* Updated selabel_db(5) man page
	* Updated selabel_media(5) man page
	* Updated selabel_x(5) man page
	* Add man/man5 man pages
	* Add man/man5 man pages
	* Add man/man5 man pages
	* use -W and -Werror in utils
2011-12-06 08:55:52 -05:00
Dan Walsh
5cb2893d59 * Makefiles: syntax, convert all ${VAR} to $(VAR)
* load_policy: handle selinux=0 and /sys/fs/selinux not exist
	* regenerate .pc on VERSION change
	* label: cosmetic cleanups
	* simple interface for access checks
	* Don't reinitialize avc_init if it has been called previously
	* seusers: fix to handle large sets of groups
	* audit2why: close fd on enomem
	* rename and export symlink_realpath
	* label_file: style changes to make Eric happy.
2011-11-04 09:13:56 -04:00
Dan Walsh
aa09b7d954 Update to upstream
* utils: matchpathcon: remove duplicate declaration
	* src: matchpathcon: use myprintf not fprintf
	* src: matchpathcon: make sure resolved path starts
	* put libselinux.so.1 in /lib not /usr/lib
	* tree: default make target to all not
2011-09-19 06:52:45 -04:00
Dan Walsh
44cb708314 Change matchpatcon to use proper myprintf
Fix symlink_realpath to always include "/"
Update to upstream
	* selinux_file_context_verify function returns wrong value.
	* move realpath helper to matchpathcon library
	* python wrapper makefile changes
2011-08-30 11:14:36 -04:00
Dan Walsh
00e063e5f5 Update to upstream
2.1.4 2011-0817
	* mapping fix for invalid class/perms after selinux_set_mapping
	* audit2why: work around python bug not defining
	* resolv symlinks and dot directories before matching
2011-08-18 07:09:51 -04:00
Dan Walsh
125b5b107c Update to upstream
* Release, minor version bump
	* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-07-28 11:58:12 -04:00
Dan Walsh
982b2e517d Update to upstream
* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-04-12 10:08:26 -04:00
Dan Walsh
d455eb5e43 Clean up patch to make handling of constructor cleanup more portable
* db_language object class support for selabel_lookup from KaiGai Kohei.
* Library destructors for thread local storage keys from Eamon Walsh.
2011-04-06 16:46:47 -04:00
Dan Walsh
1fefea1eb1 Update to upstream
* Turn off default user handling when computing user contexts by Dan Walsh
2011-03-30 14:42:17 -04:00
Dan Walsh
ca9cea7698 - Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
2010-12-21 16:29:19 -05:00
Dan Walsh
2542902e06 - Update to upstream
* Thread local storage fixes from Eamon Walsh.
2010-12-06 15:10:20 -05:00
Daniel J Walsh
5abec270e9 - Update to upstream
Add const qualifiers to public API where appropriate by KaiGai Kohei.
2010-06-16 13:23:15 +00:00
Daniel J Walsh
982ffdc3f5 - Update to upstream
Fix from Eric Paris to fix leak on non-selinux systems.
regenerate swig wrappers
pkgconfig fix to respect LIBDIR from Dan Walsh.
2010-03-08 13:14:35 +00:00
Daniel J Walsh
68c8d967fd - Update to upstream
Change the AVC to only audit the permissions specified by the policy,
    excluding any permissions specified via dontaudit or not specified via
    auditallow.
Fix compilation of label_file.c with latest glibc headers.
2010-02-24 19:12:12 +00:00
Daniel J Walsh
76ecedb2d0 - Update to upstream
add/reformat man pages by Guido Trentalancia <guido@trentalancia.com>.
Change exception.sh to be called with bash by Manoj Srivastava
    <srivasta@debian.org>
2009-12-01 21:18:45 +00:00
Daniel J Walsh
ac492a22d6 - Update to upstream
Add pkgconfig file from Eamon Walsh.
2009-11-02 18:11:50 +00:00
Daniel J Walsh
8a570f443e - Update to upstream
Rename and export selinux_reset_config()
2009-10-29 19:36:32 +00:00
Daniel J Walsh
510eba6977 - Update to upstream
Add exception handling in libselinux from Dan Walsh. This uses a shell
    script called exception.sh to generate a swig interface file.
make swigify
Make matchpathcon print <<none>> if path not found in fcontext file.
2009-09-28 20:33:26 +00:00
Daniel J Walsh
9afde8153b - Update to upstream
Removal of reference counting on userspace AVC SID's.
2009-09-08 13:09:19 +00:00
Daniel J Walsh
fa621852dc - Update to upstream
Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread
    dependency.
Removed fini_context_translations() altogether.
Merged lazy init patch from Stephen Smalley based on original patch by
    Steve Grubb.
2009-07-14 15:29:55 +00:00
Daniel J Walsh
23660c5dba - Update to upstream
Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
    Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
2009-07-07 16:26:11 +00:00
Daniel J Walsh
a66522107b - Update to upstream
Fix improper use of thread local storage from Tomas Mraz
    <tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
2009-06-23 19:54:03 +00:00
Daniel J Walsh
403bfa5085 - Update to upstream
Trim / from the end of input paths to matchpathcon from Dan Walsh.
Fix leak in process_line in label_file.c from Hiroshi Shinji.
Move matchpathcon to /sbin, add matchpathcon to clean target from Dan
    Walsh.
getdefaultcon to print just the correct match and add verbose option from
    Dan Walsh.
2009-05-18 18:22:22 +00:00
Daniel J Walsh
c1ed6edd9a - Update to upstream
deny_unknown wrapper function from KaiGai Kohei.
security_compute_av_flags API from KaiGai Kohei.
Netlink socket management and callbacks from KaiGai Kohei.
2009-04-08 13:08:53 +00:00
Daniel J Walsh
c86e2e8d59 - Update to upstream
Netlink socket handoff patch from Adam Jackson.
AVC caching of compute_create results by Eric Paris.
2009-03-12 12:57:57 +00:00
Daniel J Walsh
07ae258133 - Update to upstream
Fix incorrect conversion in discover_class code.
2009-03-02 18:21:46 +00:00
Daniel J Walsh
b5b41bc929 - Throw exeptions in python swig bindings on failures 2009-01-27 20:00:47 +00:00
Daniel J Walsh
49eae3b63b - Update to upstream 2009-01-06 14:31:47 +00:00
Daniel J Walsh
f53982306d - Update to Upstream
Allow shell-style wildcards in x_contexts file.
2008-11-21 21:06:11 +00:00
Daniel J Walsh
d3b013d124 - Update to Upstream
Correct message types in AVC log messages.
Make matchpathcon -V pass mode from Dan Walsh.
Add man page for selinux_file_context_cmp from Dan Walsh.
2008-11-07 14:08:36 +00:00
Daniel J Walsh
3898d8da39 - Update to Upstream
New man pages from Dan Walsh.
Update flask headers from refpolicy trunk from Dan Walsh.
2008-09-30 13:30:18 +00:00
Daniel J Walsh
7918b2858e - Update to Upstream
Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
2008-08-05 14:05:15 +00:00
Daniel J Walsh
86ce8d44b1 - Update to Upstream
Merge ruby bindings from Dan Walsh.
- Add support for Linux groups to getseuserbyname
2008-08-01 10:56:37 +00:00
Daniel J Walsh
d0a06b2c34 - Update to Upstream
Handle duplicate file context regexes as a fatal error from Stephen
    Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 13:22:45 +00:00
Daniel J Walsh
6359e2ad79 - Update to Upstream
New and revised AVC, label, and mapping man pages from Eamon Walsh.
Add swig python bindings for avc interfaces from Dan Walsh.
2008-06-22 13:48:37 +00:00
Daniel J Walsh
bff583b68b - Update to Upstream
Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call
    matchpathcon_init_prefix if not already initialized.
Add -q qualifier for -V option of matchpathcon and change it to indicate
    whether verification succeeded or failed via exit status.
2008-05-28 14:15:30 +00:00
Daniel J Walsh
1209c857ab - Update to Upstream
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
    libsepol-supported version when no manipulation of the binary policy is
    needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
2008-04-22 20:59:01 +00:00
Daniel J Walsh
9d13c9cd97 - Update to Upstream
Man page typo fix from Jim Meyering.
2008-04-01 04:16:52 +00:00
Daniel J Walsh
7384c1ecca Changed selinux_init_load_policy() to not warn about a failed mount of
selinuxfs if selinux was disabled in the kernel.
2008-03-23 11:32:37 +00:00
Daniel J Walsh
4594aed06b - Update to Upstream
Merged new X label "poly_selection" namespace from Eamon Walsh.
2008-02-29 20:24:11 +00:00