rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
829 Commits 7 Branches 49 Tags 66 MiB
2d6eafee19
Commit Graph

522 Commits

Author SHA1 Message Date
Dan Walsh
2d6eafee19 Add back lockdown wizard for booleans using pywebkitgtk 2011-09-08 09:47:43 -04:00
Dan Walsh
78175de296 Maintain the LANG environment Variable into the sandbox 
Change restorecon/setfiles to only change type part of the context unless
f qualifier is given
 2011-09-07 14:23:19 -04:00
Dan Walsh
04b2851781 Allow setfiles and restorecon to use labeledprefix to speed up processing 
and limit memory.
 2011-09-02 09:24:40 -04:00
Dan Walsh
42466e2b7e Update to upstream 
* policycoreutils
	* setfiles: Fix process_glob to handle error situations
	* sandbox: Allow seunshare to run as root
	* sandbox: trap sigterm to make sure sandbox
	* sandbox: pass DPI from the desktop
	* sandbox: seunshare: introduce helper spawn_command
	* sandbox: seunshare: introduce new filesystem helpers
	* sandbox: add -C option to not drop
	* sandbox: split seunshare caps dropping
	* sandbox: use dbus-launch
	* sandbox: numerous simple updates to sandbox
	* sandbox: do not require selinux context
	* sandbox: Makefile: new man pages
	* sandbox: rename dir to srcdir
	* sandbox: allow users specify sandbox window size
	* sandbox: check for paths up front
	* sandbox: use defined values for paths rather
	* sandbox: move seunshare globals to the top
	* sandbox: whitespace fix
	* semodule_package: Add semodule_unpackage executable
	* setfiles: get rid of some stupid globals
	* setfiles: move exclude_non_seclabel_mounts to a generic location
* sepolgen
	* refparser: include open among valid permissions
	* refparser: add support for filename_trans rules
 2011-08-30 16:32:33 -04:00
Dan Walsh
8b0727dc56 Fix bug in glob handling for restorecon 2011-08-23 17:13:19 -04:00
Dan Walsh
831d6fd46c Update to upstream 
2.1.4 2011-08-17
	* run_init: clarification of the usage in the
	* semanage: fix usage header around booleans
	* semanage: remove useless empty lines
	* semanage: update man page with new examples
	* semanage: update usage text
	* semanage: introduce file context equivalencies
	* semanage: enable and disable modules
	* semanage: output all local modifications
	* semanage: introduce extraction of local configuration
	* semanage: cleanup error on invalid operation
	* semanage: handle being called with no arguments
	* semanage: return sooner to save CPU time
	* semanage: surround getopt with try/except
	* semanage: use define/raise instead of lots of
	* semanage: some options are only valid for
	* semanage: introduce better deleteall support
	* semanage: do not allow spaces in file
	* semanage: distinguish between builtin and local permissive
	* semanage: centralized ip node handling
	* setfiles: make the restore function exclude() non-static
	* setfiles: use glob to handle ~ and
	* fixfiles: do not hard code types
	* fixfiles: stop trying to be smart about
	* fixfiles: use new kernel seclabel option
	* fixfiles: pipe everything to cat before sending
	* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
	* semodule: support for alternative root paths
 2011-08-18 07:23:59 -04:00
Dan Walsh
a648c6f239 Change seunshare to send kill signals to the childs session. 
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
 2011-07-07 14:53:37 -04:00
Dan Walsh
af0f4926da Change seunshare to send kill signals to the childs session. 
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
 2011-07-07 14:37:24 -04:00
Dan Walsh
8dbd4d49f6 dd new restorecond service 2011-07-05 17:18:12 -04:00
Dan Walsh
759501823b Add -C option to sandbox and seunshare to maintain capabilities, otherwise 
the bounding set will be dropped.
Change --cgroups short name -c rather then -C for consistancy
Fix memory and fd leaks in seunshare
 2011-07-05 16:51:18 -04:00
Dan Walsh
173e9f90db Do not drop capability bounding set in seunshare, this allows sandbox to 
run setuid apps.
 2011-06-13 13:37:04 -04:00
Dan Walsh
299d98087e Remove mount -o bind calls from sandbox init script 
pam_namespace now has this built in.
 2011-06-07 13:58:41 -04:00
Dan Walsh
dc86b007cf Pass desktop dpi to sandbox Xephyr window 2011-06-07 08:37:18 -04:00
Dan Walsh
c2ef4a0bea Allow semodule to pick alternate root for selinux files 
Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
 2011-06-06 13:01:14 -04:00
Dan Walsh
4a56398540 Apply patches from Christoph A. 
* fix sandbox title
* stop xephyr from li
Also ignore errors on sandbox include of directory missing files
 2011-04-22 07:06:23 -04:00
Dan Walsh
588030fc2c Change fixfiles restore to delete unlabeled sockets in /tmp 2011-04-18 13:18:18 -04:00
Dan Walsh
61f1bc2068 Change fixfiles restore to delete unlabeled sockets in /tmp 2011-04-18 12:47:15 -04:00
Dan Walsh
9f65a26864 Update to upstream 
* Use correct color range in mcstrand by Richard Haines.
 2011-04-13 16:52:53 -04:00
Dan Walsh
1da0399e25 rsynccmd should run outside of execcon 2011-03-30 14:42:36 -04:00
Dan Walsh
be38aa471e Rewrite seunshare to make sure /tmp is mounted stickybit owned by root 2011-03-03 13:35:37 -05:00
Dan Walsh
433953b033 - Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name 
- Cleanup chcat man page
 2011-02-03 16:15:43 -05:00
Dan Walsh
331e9ad06d - Report full errors on OSError on Sandbox 2011-02-02 13:34:22 -05:00
Dan Walsh
e764b2d2b6 - Fix newrole hanlding of pcap 2011-01-21 15:11:31 -05:00
Dan Walsh
971f278f98 - Have restorecond watch more directories in homedir 2011-01-19 16:45:53 -05:00
Dan Walsh
12eb5b45f4 - Fix proper handling of getopt errors 
- Do not allow modules names to contain spaces
 2011-01-10 14:39:21 -05:00
Dan Walsh
c76dc0c642 - Polgengui raises the wrong type of exception. #471078 
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
 2011-01-06 14:38:19 -05:00
Dan Walsh
448a84b06a - Polgengui raises the wrong type of exception. #471078 
- Change semanage to not allow it to semanage module -D
 2011-01-04 17:23:27 -05:00
Dan Walsh
18119ffd24 - Fix restorecond watching utmp file for people logging in our out 2010-12-22 14:38:46 -05:00
Dan Walsh
a548207cc4 - Change to allow sandbox to run on nfs homedirs, add start python script 2010-12-21 16:20:01 -05:00
Dan Walsh
8937a040d8 - Change to allow sandbox to run on nfs homedirs, add start python script 2010-12-15 16:47:38 -05:00
Dan Walsh
6c80e8dc19 - Fix sandbox to show correct types in usage statement 2010-11-30 12:09:48 -05:00
Dan Walsh
8c1d9b0f48 - Stop fixfiles from complaining about missing dirs 2010-11-29 10:14:39 -05:00
Dan Walsh
63fda8aa74 - Update to upstream 
- List types available for sandbox in usage statement
 2010-11-24 13:44:58 -05:00
Dan Walsh
f0e85a70d6 - Update to upstream 
- List types available for sandbox in usage statement
 2010-11-24 13:41:52 -05:00
Dan Walsh
b9b7f4161c - Fix up problems pointed out by solar designer on dropping capabilities 2010-11-08 15:12:25 -05:00
Dan Walsh
d7e1c238f4 - Check if you have full privs and reset otherwise dont drop caps 2010-11-01 16:21:00 -04:00
Dan Walsh
cdcc4526b7 - Fix setools require line 2010-11-01 09:50:12 -04:00
Dan Walsh
622bb69d77 - Move /etc/pam.d/newrole in to polcicycoreutils-newrole 
- Additiona capability  checking in sepolgen
 2010-10-29 09:39:03 -04:00
Dan Walsh
9852e61813 - Remove setuid flag and replace with file capabilities 
- Fix sandbox handling of files with spaces in them
 2010-10-25 17:25:34 -04:00
Dan Walsh
cccd96b8cf - Move restorecond into its own subpackage 2010-09-23 16:23:05 -04:00
Dan Walsh
e500ad80f0 * Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9 
- Update selinux-polgengui to sepolgen policy generation
 2010-07-30 11:19:53 -04:00
Daniel J Walsh
1eab65cee2 * Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-6 
- Fix sandbox man page
 2010-07-26 15:33:31 +00:00
Daniel J Walsh
d6510fbca2 * Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-4 
- Add translations for menus
- Fixup man page from Russell Coker
 2010-07-20 13:18:18 +00:00
Daniel J Walsh
614ca03ae7 * Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-3 
- Change python scripts to use -s flag
- Update po
 2010-07-13 17:32:51 +00:00
Daniel J Walsh
73342918cd * Tue Jun 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-30 
- Add cgroup support for sandbox
 2010-06-08 19:13:40 +00:00
Daniel J Walsh
70b2ff10d0 * Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-28 
- Fix sandbox init script
- Add dbus-launch to sandbox -X
Resolve: #599599
 2010-06-03 21:14:18 +00:00
Daniel J Walsh
85a18e3dcc * Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-27 
- Move genhomedircon.8 to same package as genhomedircon
- Fix sandbox to pass unit test
Resolves: #595796
 2010-06-03 15:04:49 +00:00
Daniel J Walsh
829762e693 * Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24 
- Man page fixes
- sandbox fixes
Resolves: #595796
- Move seunshare to base package
 2010-05-27 21:23:08 +00:00
Daniel J Walsh
be45950990 * Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1 
- Update to upstream
	* Fix double-free in newrole
- Fix python language handling
 2010-02-16 21:35:16 +00:00
Daniel J Walsh
fc6c93ebeb * Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1 
- Update to upstream
	* Fix double-free in newrole
 2010-02-16 19:49:37 +00:00