df4486c793- Change other updates to be non-fatal
Daniel J Walsh
2006-08-11 03:20:13 +0000
6ba7395041- Change netfilter stuff to be non-fatal so update can proceed.
Daniel J Walsh
2006-08-09 19:08:44 +0000
1b2c2ff0fd- Upgrade to latest from NSA Merged netfilter contexts support from Chris PeBenito.
Daniel J Walsh
2006-08-06 00:00:19 +0000
c102f8109e- Upgrade to latest from NSA Merged netfilter contexts support from Chris PeBenito.
Daniel J Walsh
2006-08-04 22:56:25 +0000
af95fdb790- Rebuild for new gcc
Daniel J Walsh
2006-07-17 13:12:48 +0000
b4bff1fcc6- Upgrade to latest from NSA Merged support for read operations on read-only fs from Caleb Case (Tresys Technology).
Daniel J Walsh
2006-07-12 02:53:48 +0000
43f2cfdf4d- Upgrade to latest from NSA Lindent. Merged setfiles location check patch from Dan Walsh.
Daniel J Walsh
2006-07-07 11:08:01 +0000
1c63c08c2f- Upgrade to latest from NSA dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache: clear fp to avoid double fclose semanage_fc_sort: destroy temp on error paths
Daniel J Walsh
2006-06-16 19:14:07 +0000
64aa562bf6- Handle setfiles being in /sbin or /usr/sbin
Daniel J Walsh
2006-06-16 17:56:42 +0000
770201a9dd- Handle setfiles being in /sbin or /usr/sbin
Daniel J Walsh
2006-06-16 17:53:27 +0000
786f3e5787- Handle setfiles being in /sbin or /usr/sbin
Daniel J Walsh
2006-06-16 17:38:35 +0000
25b23d0cd3- Upgrade to latest from NSA [setfiles] path = /path/to/setfiles args = -q -c $@ $< [end]
Daniel J Walsh
2006-06-06 18:50:33 +0000
ce7274d07b- Upgrade to latest from NSA Merged fix warnings patch from Karl MacMillan.
Daniel J Walsh
2006-05-08 18:34:45 +0000
5b53b9a393- Upgrade to latest from NSA Merged fix warnings patch from Karl MacMillan.
Daniel J Walsh
2006-05-08 18:16:04 +0000
96b801b260- Upgrade to latest from NSA Merged updated file context sorting patch from Christopher Ashworth, with bug fix for escaped character flag. Merged file context sorting code from Christopher Ashworth (Tresys Technology), based on fc_sort.c code in refpolicy. Merged python binding t_output_helper removal patch from Dan Walsh. Regenerated swig files.
Daniel J Walsh
2006-04-14 15:14:48 +0000
9b0bb205bf- Upgrade to latest from NSA Merged file context sorting code from Christopher Ashworth (Tresys Technology), based on fc_sort.c code in refpolicy. Merged python binding t_output_helper removal patch from Dan Walsh. Regenerated swig files.
Daniel J Walsh
2006-04-14 11:37:57 +0000
3db0ea01ca- Fix leaky descriptor
Daniel J Walsh
2006-04-03 22:19:54 +0000
1b2534e1d4- Fix leaky descriptor
Daniel J Walsh
2006-04-03 22:15:37 +0000
e970cd9667- Fix leaky descriptor
Daniel J Walsh
2006-04-03 21:51:23 +0000
07a3ad638e- Fix leaky descriptor
Daniel J Walsh
2006-04-03 21:26:44 +0000
a247f456ee- Fix leaky descriptor
Daniel J Walsh
2006-04-03 20:49:58 +0000
6b31c1bb12- Upgrade to latest from NSA Merged Makefile PYLIBVER definition patch from Dan Walsh. Merged man page reorganization from Ivan Gyurdiev.
Daniel J Walsh
2006-03-21 15:45:58 +0000
60ab106466- Upgrade to latest from NSA Merged Makefile PYLIBVER definition patch from Dan Walsh. Merged man page reorganization from Ivan Gyurdiev.
Daniel J Walsh
2006-03-21 15:45:45 +0000
aa0c632103- Make work on RHEL4 - Upgrade to latest from NSA Merged abort early on merge errors patch from Ivan Gyurdiev. Cleaned up error handling in semanage_split_fc based on a patch by Serge Hallyn (IBM) and suggestions by Ivan Gyurdiev. Merged MLS handling fixes from Ivan Gyurdiev.
Daniel J Walsh
2006-03-17 20:25:31 +0000
5a4115f50c- Upgrade to latest from NSA Merged bug fix for fcontext validate handler from Ivan Gyurdiev. Merged base_merge_components changes from Ivan Gyurdiev.
Daniel J Walsh
2006-02-17 20:00:24 +0000
95d8014c0f- Upgrade to latest from NSA Merged paths array patch from Ivan Gyurdiev. Merged bug fix patch from Ivan Gyurdiev. Merged improve bindings patch from Ivan Gyurdiev. Merged use PyList patch from Ivan Gyurdiev. Merged memory leak fix patch from Ivan Gyurdiev. Merged nodecon support patch from Ivan Gyurdiev. Merged cleanups patch from Ivan Gyurdiev. Merged split swig patch from Ivan Gyurdiev.
Daniel J Walsh
2006-02-16 18:44:02 +0000
5cdd750209- Upgrade to latest from NSA Merged optionals in base patch from Joshua Brindle. Merged treat seusers/users_extra as optional sections patch from Ivan Gyurdiev. Merged parse_optional fixes from Ivan Gyurdiev.
Daniel J Walsh
2006-02-13 19:31:17 +0000
bdc5c5031fbump for bug in double-long on ppc(64)
Jesse Keating
2006-02-11 04:12:41 +0000
437a1672f8- Fix handling of seusers and users_map file
Daniel J Walsh
2006-02-10 16:42:07 +0000
b40694835e- Upgrade to latest from NSA Merged seuser/user_extra support patch from Joshua Brindle. Merged remote system dbase patch from Ivan Gyurdiev.
Daniel J Walsh
2006-02-07 15:30:09 +0000
7e12efe662bump for new gcc/glibc
Jesse Keating
2006-02-07 12:43:51 +0000
eddd487028- Upgrade to latest from NSA Clarified error messages from parse_module_headers and parse_base_headers for base/module mismatches. Merged string and file optimization patch from Russell Coker. Merged swig header reordering patch from Ivan Gyurdiev. Merged toggle modify on add patch from Ivan Gyurdiev. Merged ports parser bugfix patch from Ivan Gyurdiev. Merged fcontext swig patch from Ivan Gyurdiev. Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. Merged man pages for dbase functions patch from Ivan Gyurdiev. Merged pywrap tests patch from Ivan Gyurdiev.
Daniel J Walsh
2006-01-05 16:21:25 +0000
9a5688a1ca- Upgrade to latest from NSA Clarified error messages from parse_module_headers and parse_base_headers for base/module mismatches. Merged string and file optimization patch from Russell Coker. Merged swig header reordering patch from Ivan Gyurdiev. Merged toggle modify on add patch from Ivan Gyurdiev. Merged ports parser bugfix patch from Ivan Gyurdiev. Merged fcontext swig patch from Ivan Gyurdiev. Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. Merged man pages for dbase functions patch from Ivan Gyurdiev. Merged pywrap tests patch from Ivan Gyurdiev.
Daniel J Walsh
2006-01-05 16:15:55 +0000
bcfb02bfc0- Upgrade to latest from NSA Clarified error messages from parse_module_headers and parse_base_headers for base/module mismatches. Merged string and file optimization patch from Russell Coker. Merged swig header reordering patch from Ivan Gyurdiev. Merged toggle modify on add patch from Ivan Gyurdiev. Merged ports parser bugfix patch from Ivan Gyurdiev. Merged fcontext swig patch from Ivan Gyurdiev. Merged remove add/modify/delete for active booleans patch from Ivan Gyurdiev. Merged man pages for dbase functions patch from Ivan Gyurdiev. Merged pywrap tests patch from Ivan Gyurdiev.
Daniel J Walsh
2006-01-05 16:10:57 +0000
5361ff6e72- Upgrade to latest from NSA - separate file rw code from linked list - annotate objects - fold together internal headers - support ordering of records in compare function - add active dbase backend, active booleans - return commit numbers for ro database calls - use modified flags to skip rebuild whenever possible - enable port interfaces - update swig interfaces and typemaps - add an API for file_contexts.local and file_contexts - flip the traversal order in iterate/list - reorganize sandbox_expand - add seusers MLS validation - improve dbase spec/documentation - clone record on set/add/modify
Daniel J Walsh
2006-01-04 18:39:06 +0000
112859cb56- Upgrade to latest from NSA - separate file rw code from linked list - annotate objects - fold together internal headers - support ordering of records in compare function - add active dbase backend, active booleans - return commit numbers for ro database calls - use modified flags to skip rebuild whenever possible - enable port interfaces - update swig interfaces and typemaps - add an API for file_contexts.local and file_contexts - flip the traversal order in iterate/list - reorganize sandbox_expand - add seusers MLS validation - improve dbase spec/documentation - clone record on set/add/modify
Daniel J Walsh
2006-01-04 18:13:08 +0000
23614f87e1- Add Ivans patch to turn on ports
Daniel J Walsh
2006-01-02 12:56:28 +0000
a151f78a70- Remove patch since upstream does the right thing
Daniel J Walsh
2005-12-14 21:32:33 +0000
c2b1e26fcc- Upgrade to latest from NSA Merged further header cleanups from Ivan Gyurdiev. Merged toggle modified flag in policydb_modify, fix memory leak in clear_obsolete, polymorphism vs headers fix, and include guards for internal headers patches from Ivan Gyurdiev.
Daniel J Walsh
2005-12-14 19:51:34 +0000
9993e32e21- Upgrade to latest from NSA Merged toggle modified flag in policydb_modify, fix memory leak in clear_obsolete, polymorphism vs headers fix, and include guards for internal headers patches from Ivan Gyurdiev.
Daniel J Walsh
2005-12-13 16:22:20 +0000
2b5b2a62e8- Upgrade to latest from NSA Added file-mode= setting to semanage.conf, default to 0644. Changed semanage_copy_file and callers to use this mode when installing policy files to runtime locations.
Daniel J Walsh
2005-12-13 04:54:54 +0000
0b5bec9a8e- Fix mode of output seusers file
Daniel J Walsh
2005-12-08 04:59:32 +0000
c96070d38c- Fix mode of output seusers file
Daniel J Walsh
2005-12-07 17:35:15 +0000
97de529789- Update version for release
Daniel J Walsh
2005-12-07 17:32:18 +0000
d6123fe3c1- Upgrade to latest from NSA Changed semanage_handle_create() to set do_reload based on is_selinux_enabled(). This prevents improper attempts to load policy on a non-SELinux system.
Daniel J Walsh
2005-12-06 18:41:48 +0000
ff57ee576b- Upgrade to latest from NSA Merged Makefile python definitions patch from Dan Walsh. Removed is_selinux_mls_enabled() conditionals in seusers and users file parsers.
Daniel J Walsh
2005-11-29 19:07:13 +0000
066e239ed5- Add additional swig objects Merged wrap char*** for user_get_roles patch from Joshua Brindle. Merged remove defrole from sepol patch from Ivan Gyurdiev. Merged swig wrappers for modifying users and seusers from Joshua Brindle.
Daniel J Walsh
2005-11-29 03:16:02 +0000
72ad6cf1ae- Upgrade to latest from NSA Fixed free->key_free bug. Merged clear obsolete patch from Ivan Gyurdiev. Merged modified swigify patch from Dan Walsh (original patch from Joshua Brindle). Merged move genhomedircon call patch from Chad Sellers.
Daniel J Walsh
2005-11-17 02:31:54 +0000
ffe4d2bde5- Upgrade to latest from NSA Fixed free->key_free bug. Merged clear obsolete patch from Ivan Gyurdiev. Merged modified swigify patch from Dan Walsh (original patch from Joshua Brindle). Merged move genhomedircon call patch from Chad Sellers.
Daniel J Walsh
2005-11-17 02:26:00 +0000
ab22837824- Add genhomedircon patch from Joshua Brindle
Daniel J Walsh
2005-11-14 22:09:06 +0000
a7114403d6- Add swigify patch from Joshua Brindle
Daniel J Walsh
2005-11-11 18:53:06 +0000
bb7c4a72ee- Upgrade to latest from NSA Merged move seuser validation patch from Ivan Gyurdiev. Merged hidden declaration fixes from Ivan Gyurdiev, with minor corrections.
Daniel J Walsh
2005-11-11 16:16:26 +0000
0e20be8ff2- Upgrade to latest from NSA Merged cleanup patch from Ivan Gyurdiev. This renames semanage_module_conn to semanage_direct_handle, and moves sepol handle create/destroy into semanage handle create/destroy to allow use even when disconnected (for the record interfaces).
Daniel J Walsh
2005-11-10 02:42:34 +0000
32ce50944b- Upgrade to latest from NSA Clear modules modified flag upon disconnect and commit. Added tracking of module modifications and use it to determine whether expand-time checks should be applied on commit. Reverted semanage_set_reload_bools() interface.
Daniel J Walsh
2005-11-09 01:50:21 +0000
ef65cfdd37- Upgrade to latest from NSA Disabled calls to port dbase for merge and commit and stubbed out calls to sepol_port interfaces since they are not exported. Merged rename instead of copy patch from Joshua Brindle (Tresys). Added hidden_def/hidden_proto for exported symbols used within libsemanage to eliminate relocations. Wrapped type definitions in exported headers as needed to avoid conflicts. Added src/context_internal.h and src/iface_internal.h. Added semanage_is_managed() interface to allow detection of whether the policy is managed via libsemanage. This enables proper handling in setsebool for non-managed systems. Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, to enable runtime control over preserving active boolean values versus reloading their saved settings upon commit.
Daniel J Walsh
2005-11-08 23:54:11 +0000
bfd9450f27- Upgrade to latest from NSA Merged seuser parser resync, dbase tracking and cleanup, strtol bug, copyright, and assert space patches from Ivan Gyurdiev. Added src/*_internal.h in preparation for other changes. Added hidden/hidden_proto/hidden_def to src/debug.[hc] and src/seusers.[hc].
Daniel J Walsh
2005-11-07 15:36:10 +0000
f2d442c343- Upgrade to latest from NSA Merged interface parse/print, context_to_string interface change, move assert_noeof, and order preserving patches from Ivan Gyurdiev. Added src/dso.h in preparation for other changes. Merged install seusers, handle/error messages, MLS parsing, and seusers validation patches from Ivan Gyurdiev.
Daniel J Walsh
2005-11-03 18:29:35 +0000
62754d6a4b- Upgrade to latest from NSA Merged record interface, dbase flush, common database code, and record bugfix patches from Ivan Gyurdiev.
Daniel J Walsh
2005-10-31 20:58:26 +0000
24d63641d4- Upgrade to latest from NSA Merged dbase policydb list and count change from Ivan Gyurdiev. Merged enable dbase and set relay patches from Ivan Gyurdiev.
Daniel J Walsh
2005-10-28 14:18:25 +0000
76b34ef1bc- Update from NSA Merged resync to sepol changes and booleans fixes/improvements patches from Ivan Gyurdiev. Merged support for genhomedircon/homedir template, store selection, explicit policy reload, and semanage.conf relocation from Joshua Brindle.
Daniel J Walsh
2005-10-25 19:52:13 +0000
c824ae3efd- Update from NSA Merged resync to sepol changes and booleans fixes/improvements patches from Ivan Gyurdiev. Merged support for genhomedircon/homedir template, store selection, explicit policy reload, and semanage.conf relocation from Joshua Brindle.
Daniel J Walsh
2005-10-25 19:41:01 +0000
35380af3f2- Update from NSA Merged resync to sepol changes and booleans fixes/improvements patches from Ivan Gyurdiev. Merged support for genhomedircon/homedir template, store selection, explicit policy reload, and semanage.conf relocation from Joshua Brindle.
Daniel J Walsh
2005-10-25 19:17:16 +0000
ac43226a5b- Update from NSA Merged resync to sepol changes and transaction fix patches from Ivan Gyurdiev. Merged reorganize users patch from Ivan Gyurdiev. Merged remove unused relay functions patch from Ivan Gyurdiev.
Daniel J Walsh
2005-10-24 17:55:28 +0000
4810185611- Update from NSA Fixed policy file leaks in semanage_load_module and semanage_write_module. Merged further database work from Ivan Gyurdiev. Fixed bug in semanage_direct_disconnect.
Daniel J Walsh
2005-10-21 18:45:39 +0000
bed7f30855- Update from NSA Fixed policy file leaks in semanage_load_module and semanage_write_module. Merged further database work from Ivan Gyurdiev. Fixed bug in semanage_direct_disconnect.
Daniel J Walsh
2005-10-21 14:24:09 +0000
e4a5671bb5- Update from NSA Merged interface renaming patch from Ivan Gyurdiev. Merged policy component patch from Ivan Gyurdiev. Renamed 'check=' configuration value to 'expand-check=' for clarity. Changed semanage_commit_sandbox to check for and report errors on rename(2) calls performed during rollback. Added optional check= configuration value to semanage.conf and updated call to sepol_expand_module to pass its value to control assertion and hierarchy checking on module expansion. Merged fixes for make DESTDIR= builds from Joshua Brindle.
Daniel J Walsh
2005-10-20 20:34:00 +0000
31d65000f6- Update from NSA Merged default database from Ivan Gyurdiev. Merged removal of connect requirement in policydb backend from Ivan Gyurdiev. Merged commit locking fix and lock rename from Joshua Brindle. Merged transaction rollback in lock patch from Joshua Brindle. Changed default args for load_policy to be null, as it no longer takes a pathname argument and we want to preserve booleans. Merged move local dbase initialization patch from Ivan Gyurdiev. Merged acquire/release read lock in databases patch from Ivan Gyurdiev. Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. Added calls to sepol_policy_file_set_handle interface prior to invoking sepol operations on policy files. Updated call to sepol_policydb_from_image to pass the handle.
Daniel J Walsh
2005-10-19 20:59:28 +0000
aac0cfd92e- Update from NSA Changed default args for load_policy to be null, as it no longer takes a pathname argument and we want to preserve booleans. Merged move local dbase initialization patch from Ivan Gyurdiev. Merged acquire/release read lock in databases patch from Ivan Gyurdiev. Merged rename direct -> policydb as appropriate patch from Ivan Gyurdiev. Added calls to sepol_policy_file_set_handle interface prior to invoking sepol operations on policy files. Updated call to sepol_policydb_from_image to pass the handle.
Daniel J Walsh
2005-10-18 17:58:12 +0000
b18ef05931- Update from NSA Merged user and port APIs - policy database patch from Ivan Gyurdiev. Converted calls to sepol link_packages and expand_module interfaces from using buffers to using sepol handles for error reporting, and changed direct_connect/disconnect to create/destroy sepol handles.
Daniel J Walsh
2005-10-18 13:47:26 +0000
830a30016b- Update from NSA Merged bugfix patch from Ivan Gyurdiev. Merged seuser database patch from Ivan Gyurdiev. Merged direct user/port databases to the handle from Ivan Gyurdiev. Removed obsolete include/semanage/commit_api.h (leftover). Merged seuser record patch from Ivan Gyurdiev. Merged boolean and interface databases from Ivan Gyurdiev.
Daniel J Walsh
2005-10-15 12:27:49 +0000
43db24251e- Update from NSA Updated to use get interfaces for hidden sepol_module_package type. Changed semanage_expand_sandbox and semanage_install_active to generate/install the latest policy version supported by libsepol by default (unless overridden by semanage.conf), since libselinux will now downgrade automatically for load_policy. Merged new callback-based error reporting system and ongoing database work from Ivan Gyurdiev.
Daniel J Walsh
2005-10-14 12:32:19 +0000
e479f60948- Update from NSA Fixed semanage_install_active() to use the same logic for selecting a policy version as semanage_expand_sandbox(). Dropped dead code from semanage_install_sandbox().
Daniel J Walsh
2005-10-12 19:35:45 +0000
3b901573e9- Update from NSA Updated for changes to libsepol, and to only use types and interfaces provided by the shared libsepol.
Daniel J Walsh
2005-10-10 13:04:43 +0000
6366247bd9- Update from NSA Merged further database work from Ivan Gyurdiev.
Daniel J Walsh
2005-10-07 14:20:41 +0000
278e64a9eb- Update from NSA Merged further database work from Ivan Gyurdiev.
Daniel J Walsh
2005-10-07 14:14:34 +0000
8b0a28a044- Update from NSA Merged iterate, redistribute, and dbase split patches from Ivan Gyurdiev.
Daniel J Walsh
2005-10-04 18:04:52 +0000
b2247ee18e- Update from NSA Merged patch series from Ivan Gyurdiev. (pointer typedef elimination, file renames, dbase work, backend separation) Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. Separated handle create from connect interface. Added a constructor for initialization. Moved up src/include/*.h to src. Created a symbol map file; dropped dso.h and hidden markings.
Daniel J Walsh
2005-10-03 13:10:57 +0000
5223b3065c- Update from NSA Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. Separated handle create from connect interface. Added a constructor for initialization. Moved up src/include/*.h to src. Created a symbol map file; dropped dso.h and hidden markings.
Daniel J Walsh
2005-09-29 01:27:17 +0000
faf9fb1893- Update from NSA Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. Separated handle create from connect interface. Added a constructor for initialization. Moved up src/include/*.h to src. Created a symbol map file; dropped dso.h and hidden markings.
Daniel J Walsh
2005-09-29 01:20:46 +0000
9e67036aba- Update from NSA Split interfaces from semanage.[hc] into handle.[hc], modules.[hc]. Separated handle create from connect interface. Added a constructor for initialization. Moved up src/include/*.h to src. Created a symbol map file; dropped dso.h and hidden markings.
Daniel J Walsh
2005-09-29 01:13:28 +0000
f23f477b44- Update from NSA Merged dbase redesign patch from Ivan Gyurdiev.
Daniel J Walsh
2005-09-23 20:06:10 +0000
Daniel J Walsh
Jesse Keating