Commit Graph

288 Commits

Author SHA1 Message Date
Dan Walsh
7959ef108b Update to upstream
* Fix setenforce man page to refer to selinux man page
	* Cleanup Man pages
	* merge freecon with getcon man page
2011-12-21 18:09:52 +00:00
Dan Walsh
0c717c5b8c Add patch from Richard Haines
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.
Fix setenforce manage page.
2011-12-19 14:48:33 -05:00
Dan Walsh
e9493af009 Fix setenforce man page, from Miroslav Grepl 2011-12-06 10:43:58 -05:00
Dan Walsh
de1ce20f11 Upgrade to upstream
* selinuxswig_python.i: don't make syscall if it won't change anything
	* Remove assert in security_get_boolean_names(3)
	* Mapped compute functions now obey deny_unknown flag
	* get_default_type now sets EINVAL if no entry.
	* return EINVAL if invalid role selected
	* Updated selabel_file(5) man page
	* Updated selabel_db(5) man page
	* Updated selabel_media(5) man page
	* Updated selabel_x(5) man page
	* Add man/man5 man pages
	* Add man/man5 man pages
	* Add man/man5 man pages
	* use -W and -Werror in utils
2011-12-06 08:55:52 -05:00
Dan Walsh
0921286973 Change python binding for restorecon to check if the context matches.
If it does do not reset
2011-11-29 09:47:57 -05:00
Dan Walsh
5cb2893d59 * Makefiles: syntax, convert all ${VAR} to $(VAR)
* load_policy: handle selinux=0 and /sys/fs/selinux not exist
	* regenerate .pc on VERSION change
	* label: cosmetic cleanups
	* simple interface for access checks
	* Don't reinitialize avc_init if it has been called previously
	* seusers: fix to handle large sets of groups
	* audit2why: close fd on enomem
	* rename and export symlink_realpath
	* label_file: style changes to make Eric happy.
2011-11-04 09:13:56 -04:00
Dan Walsh
8075466849 Apply libselinux patch to handle large groups in seusers. 2011-10-24 14:30:05 -04:00
Dan Walsh
9328ed5d59 Add selinux_check_access function. Needed for passwd, chfn, chsh 2011-10-20 16:50:40 -04:00
Dan Walsh
a8fa8756a9 Add selinux_check_access function. Needed for passwd, chfn, chsh 2011-10-20 15:44:39 -04:00
Dan Walsh
3f542ebbed Handle situation where selinux=0 passed to the kernel and both /selinux and 2011-09-22 09:38:06 -04:00
Dan Walsh
aa09b7d954 Update to upstream
* utils: matchpathcon: remove duplicate declaration
	* src: matchpathcon: use myprintf not fprintf
	* src: matchpathcon: make sure resolved path starts
	* put libselinux.so.1 in /lib not /usr/lib
	* tree: default make target to all not
2011-09-19 06:52:45 -04:00
Dan Walsh
5113c7563a Switch to use ":" as prefix separator rather then ";" 2011-09-14 22:01:30 -04:00
Dan Walsh
c03bd38197 Fix handling of subset labeling that is causing segfault in restorecon 2011-09-06 09:46:57 -04:00
Dan Walsh
10e77a8370 Change matchpathcon_init_prefix and selabel_open to allow multiple initial
prefixes.  Now you can specify a ";" separated list of prefixes and the
labeling system will only load regular expressions that match these prefixes.
2011-09-02 08:58:11 -04:00
Dan Walsh
495b754734 Change matchpatcon to use proper myprintf
Fix symlink_realpath to always include "/"
Update to upstream
	* selinux_file_context_verify function returns wrong value.
	* move realpath helper to matchpathcon library
	* python wrapper makefile changes
2011-08-30 11:08:49 -04:00
Dan Walsh
4eca5fc79f Move to new Makefile that can build with or without PYTHON being set 2011-08-22 11:04:32 -04:00
Dan Walsh
00e063e5f5 Update to upstream
2.1.4 2011-0817
	* mapping fix for invalid class/perms after selinux_set_mapping
	* audit2why: work around python bug not defining
	* resolv symlinks and dot directories before matching
2011-08-18 07:09:51 -04:00
Dan Walsh
076f35f59b Only call dups check within selabel/matchpathcon if you are validating the
context
This seems to speed the loading of labels by 4 times.
2011-06-13 11:29:06 -04:00
Dan Walsh
2c3aaeae1e Move /selinux to /sys/fs/selinux
Add selinuxexeccon
Add realpath to matchpathcon to handle matchpathcon * type queries.
2011-05-25 14:25:56 -04:00
Dan Walsh
73bed069d2 Fix restorecon python binding to accept relative paths 2011-04-13 16:51:22 -04:00
Dan Walsh
6db4df3c24 Update to upstream
* Give correct names to mount points in load_policy by Dan Walsh.
	* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-04-12 10:09:47 -04:00
Dan Walsh
3d499ceb03 Clean up patch to make handling of constructor cleanup more portable 2011-04-06 11:19:19 -04:00
Dan Walsh
8723500e16 Add file_context.subs_dist to subs paths 2011-04-05 14:03:07 -04:00
Dan Walsh
4b2caaad18 Add patch from dbhole@redhat.com to initialize thread keys to -1
Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.
2011-04-05 12:10:57 -04:00
Dan Walsh
9ac8a9964b Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data 2011-04-05 11:37:30 -04:00
Dan Walsh
0cd375f839 Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data 2011-04-05 11:25:39 -04:00
Dan Walsh
1fefea1eb1 Update to upstream
* Turn off default user handling when computing user contexts by Dan Walsh
2011-03-30 14:42:17 -04:00
Dan Walsh
c49c04df3b - Fixup selinux man page 2011-02-01 17:40:11 -05:00
Dan Walsh
3c1b814b3d - Fix Makefile to use pkg-config --cflags python3 to discover include paths 2011-01-18 10:08:15 -05:00
Dan Walsh
ca9cea7698 - Update to upstream
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
2010-12-21 16:29:19 -05:00
Daniel J Walsh
159f7d2174 - Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list 2010-07-27 17:50:51 +00:00
Daniel J Walsh
4235807de2 - Turn off messages in audit2why 2010-06-25 21:05:56 +00:00
Daniel J Walsh
5abec270e9 - Update to upstream
Add const qualifiers to public API where appropriate by KaiGai Kohei.
2010-06-16 13:23:15 +00:00
Daniel J Walsh
982ffdc3f5 - Update to upstream
Fix from Eric Paris to fix leak on non-selinux systems.
regenerate swig wrappers
pkgconfig fix to respect LIBDIR from Dan Walsh.
2010-03-08 13:14:35 +00:00
Daniel J Walsh
68c8d967fd - Update to upstream
Change the AVC to only audit the permissions specified by the policy,
    excluding any permissions specified via dontaudit or not specified via
    auditallow.
Fix compilation of label_file.c with latest glibc headers.
2010-02-24 19:12:12 +00:00
Daniel J Walsh
de078cb3d5 - Fix man page for selinuxdefcon 2010-01-18 21:59:45 +00:00
Daniel J Walsh
995afc05f3 - Fix man page for selinuxdefcon 2010-01-18 21:44:50 +00:00
Daniel J Walsh
1f46a5f18f Mon Jam 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-2
- Free memory on disabled selinux boxes
2010-01-04 22:17:33 +00:00
Daniel J Walsh
4ed79e3521 - Fix selinuxdefcon man page 2009-11-23 18:32:48 +00:00
Daniel J Walsh
510eba6977 - Update to upstream
Add exception handling in libselinux from Dan Walsh. This uses a shell
    script called exception.sh to generate a swig interface file.
make swigify
Make matchpathcon print <<none>> if path not found in fcontext file.
2009-09-28 20:33:26 +00:00
Daniel J Walsh
d3cc14428b - Eliminate -pthread switch in Makefile 2009-09-15 19:24:22 +00:00
Daniel J Walsh
fa621852dc - Update to upstream
Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread
    dependency.
Removed fini_context_translations() altogether.
Merged lazy init patch from Stephen Smalley based on original patch by
    Steve Grubb.
2009-07-14 15:29:55 +00:00
Daniel J Walsh
23660c5dba - Update to upstream
Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
    Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
2009-07-07 16:26:11 +00:00
Daniel J Walsh
a66522107b - Update to upstream
Fix improper use of thread local storage from Tomas Mraz
    <tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
2009-06-23 19:54:03 +00:00
Daniel J Walsh
d6966f294b - Update to upstream
Fix improper use of thread local storage from Tomas Mraz
    <tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
2009-06-23 19:40:42 +00:00
Daniel J Walsh
403bfa5085 - Update to upstream
Trim / from the end of input paths to matchpathcon from Dan Walsh.
Fix leak in process_line in label_file.c from Hiroshi Shinji.
Move matchpathcon to /sbin, add matchpathcon to clean target from Dan
    Walsh.
getdefaultcon to print just the correct match and add verbose option from
    Dan Walsh.
2009-05-18 18:22:22 +00:00
Daniel J Walsh
2f2316f496 - Fix Memory Leak 2009-04-03 14:05:22 +00:00
Daniel J Walsh
d6eb0cea47 - Fix Memory Leak 2009-04-03 12:58:07 +00:00
Daniel J Walsh
261c72abdb - Fix crash in python 2009-04-02 13:36:47 +00:00
Daniel J Walsh
f6ba4d34de - Add back in additional interfaces 2009-03-29 15:18:28 +00:00
Daniel J Walsh
55f4c91ff1 - Add back in av_decision to python swig 2009-03-27 20:39:31 +00:00
Daniel J Walsh
974a6e4ad2 - Add back in av_decision to python swig 2009-03-27 18:25:16 +00:00
Daniel J Walsh
c86e2e8d59 - Update to upstream
Netlink socket handoff patch from Adam Jackson.
AVC caching of compute_create results by Eric Paris.
2009-03-12 12:57:57 +00:00
Daniel J Walsh
3da9d84fdc - Add substitute pattern
- matchpathcon output <<none>> on ENOENT
2009-03-06 21:31:10 +00:00
Daniel J Walsh
07ae258133 - Update to upstream
Fix incorrect conversion in discover_class code.
2009-03-02 18:21:46 +00:00
Daniel J Walsh
19dec57f82 - Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
2009-02-18 19:45:23 +00:00
Daniel J Walsh
6396f115b4 - Add
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
2009-02-18 18:29:42 +00:00
Daniel J Walsh
b5b41bc929 - Throw exeptions in python swig bindings on failures 2009-01-27 20:00:47 +00:00
Daniel J Walsh
c1e059f764 - Fix restorecon python code 2009-01-06 15:44:49 +00:00
Daniel J Walsh
49eae3b63b - Update to upstream 2009-01-06 14:31:47 +00:00
Daniel J Walsh
e672e99f9d - Strip trailing / for matchpathcon 2008-12-19 20:17:53 +00:00
Daniel J Walsh
0c692a5a64 - Fix segfault if seusers file does not work 2008-12-16 14:38:49 +00:00
Daniel J Walsh
d9847be233 - Add new function getseuser which will take username and service and
return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
2008-12-12 16:15:27 +00:00
Daniel J Walsh
cd000f17c0 - Add new function getseuser which will take username and service and
return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
2008-12-12 15:21:10 +00:00
Daniel J Walsh
4d61602917 - Update to Upstream
Allow shell-style wildcards in x_contexts file.
2008-11-22 21:01:27 +00:00
Luke Macken
8222e32ca0 Fix a typo in the restorecon method, and import the stat module. 2008-11-18 21:25:09 +00:00
Luke Macken
f4a6eb5feb The restorecon method needs the stat module as well 2008-11-17 20:26:34 +00:00
Luke Macken
896e46d7d4 Fix a typo in the restorecon method of the libselinux-rhat patch 2008-11-17 20:23:52 +00:00
Daniel J Walsh
41931f8d57 - Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
- Add Restorecon/Install python functions from Luke Macken
2008-11-17 15:27:48 +00:00
Daniel J Walsh
d3b013d124 - Update to Upstream
Correct message types in AVC log messages.
Make matchpathcon -V pass mode from Dan Walsh.
Add man page for selinux_file_context_cmp from Dan Walsh.
2008-11-07 14:08:36 +00:00
Daniel J Walsh
3898d8da39 - Update to Upstream
New man pages from Dan Walsh.
Update flask headers from refpolicy trunk from Dan Walsh.
2008-09-30 13:30:18 +00:00
Daniel J Walsh
263ee4f1ec - Fix matchpathcon -V call 2008-09-26 14:22:14 +00:00
Daniel J Walsh
63093bd540 - Fix matchpathcon -V call 2008-09-26 13:59:44 +00:00
Daniel J Walsh
3578778806 - Add flask definitions for open, X and nlmsg_tty_audit 2008-09-22 17:52:30 +00:00
Daniel J Walsh
15c5a627bc - Add missing get/setkeycreatecon man pages 2008-09-09 20:24:22 +00:00
Daniel J Walsh
ac4e772e3d - Add missing man page links for [lf]getfilecon 2008-09-09 18:45:26 +00:00
Daniel J Walsh
7a7d4171f1 Fix patch 2008-08-05 14:30:33 +00:00
Daniel J Walsh
7918b2858e - Update to Upstream
Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
2008-08-05 14:05:15 +00:00
Daniel J Walsh
86ce8d44b1 - Update to Upstream
Merge ruby bindings from Dan Walsh.
- Add support for Linux groups to getseuserbyname
2008-08-01 10:56:37 +00:00
Daniel J Walsh
0397b472b7 - Update to Upstream
Handle duplicate file context regexes as a fatal error from Stephen
    Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 18:37:01 +00:00
Daniel J Walsh
d0a06b2c34 - Update to Upstream
Handle duplicate file context regexes as a fatal error from Stephen
    Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 13:22:45 +00:00
Daniel J Walsh
ee778682f8 - Add ruby support for puppet 2008-07-09 20:57:21 +00:00
Daniel J Walsh
ea56feab06 - Add Karel Zak patch for freecon man page 2008-06-29 12:31:00 +00:00
Daniel J Walsh
6359e2ad79 - Update to Upstream
New and revised AVC, label, and mapping man pages from Eamon Walsh.
Add swig python bindings for avc interfaces from Dan Walsh.
2008-06-22 13:48:37 +00:00
Daniel J Walsh
792921f4eb - Add sedefaultcon and setconlist commands to dump login context 2008-05-07 17:34:12 +00:00
Daniel J Walsh
1209c857ab - Update to Upstream
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
    libsepol-supported version when no manipulation of the binary policy is
    needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
2008-04-22 20:59:01 +00:00
Daniel J Walsh
d87adcfe95 - Add avc.h to swig code 2008-04-14 18:54:09 +00:00
Daniel J Walsh
eb8e2a0d36 - Fix matchpathcon memory leak 2008-03-13 23:45:19 +00:00
Daniel J Walsh
0984abe5d8 - Update to Upstream
Merged reset_selinux_config() for load policy from Dan Walsh.
2008-02-28 21:06:47 +00:00
Daniel J Walsh
baab9d46ea - Reload library on loading of policy to handle chroot 2008-02-28 16:58:02 +00:00
Daniel J Walsh
3cb08a5330 - Update to Upstream
Regenerated Flask headers from refpolicy flask definitions.
2008-02-22 17:41:12 +00:00
Daniel J Walsh
8f9ecf5890 - Update to Upstream
Merged fix for audit2why from Dan Walsh.
2008-01-29 13:29:32 +00:00
Daniel J Walsh
213643620c - Fix audit2why to grab latest policy versus the one selected by the kernel 2008-01-25 16:11:42 +00:00
Daniel J Walsh
e4623197a5 Merged audit2why python binding from Dan Walsh. 2008-01-23 21:52:01 +00:00
Daniel J Walsh
c633d69a56 Merged updated swig bindings from Dan Walsh, including typemap for pid_t. 2008-01-23 19:40:26 +00:00
Daniel J Walsh
45460445ad - Put back libselinux.a 2008-01-15 13:49:29 +00:00
Daniel J Walsh
2f233dfd7a - Fix memory references in audit2why and change to use tuples
- Update to Upstream
granted null message bug from Stephen Smalley.
2008-01-11 15:55:35 +00:00
Daniel J Walsh
88cc8f8805 - Fix __init__.py specification 2008-01-11 13:48:43 +00:00
Daniel J Walsh
831e63b413 - Add audit2why python bindings 2008-01-10 19:01:20 +00:00
Daniel J Walsh
625a8fb5a8 - Add pid_t typemap for swig bindings 2008-01-08 11:07:27 +00:00