Commit Graph

1152 Commits

Author SHA1 Message Date
Dan Walsh
745809503f Remove build requires for openbox, not needed 2014-08-04 14:56:11 -04:00
Tom Callaway
b82f4f6e94 fix license handling 2014-07-31 08:51:14 -04:00
Tom Callaway
766e677550 fix license handling 2014-07-31 08:50:37 -04:00
Miroslav Grepl
180235ba1d - Examples are no longer in the main semanage man page (#1084390)
- Add support for Fedora22 man pages. We need to fix it to not using hardcoding.
- Print usage for all mutually exclusive options.
- Fix selinux man page to refer seinfo and sesearch tools.
2014-07-23 08:26:28 +02:00
Dennis Gilmore
bfa3cbb7ef - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 11:42:16 -05:00
Kalev Lember
80c825c98f Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 2014-05-28 12:16:54 +02:00
Miroslav Grepl
a3adc5bf70 * Tue May 20 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-4
- Fix setfiles to work correctly if -r option is defined
2014-05-20 12:11:11 +02:00
Dan Walsh
a0f67d4a93 Update Miroslav Grepl Patches
* If there is no executable we don't want to print a part of STANDARD FILE CON
  * Add-manpages-for-typealiased-types
  * Make fixfiles_exclude_dirs working if there is a substituion for the given d
2014-05-16 11:51:36 -04:00
Dan Walsh
cbb4c3ee48 Update Miroslav Grepl Patches
* If there is no executable we don't want to print a part of STANDARD FILE CON
  * Add-manpages-for-typealiased-types
  * Make fixfiles_exclude_dirs working if there is a substituion for the given d
2014-05-16 11:48:54 -04:00
Miroslav Grepl
3fe9255f89 * Mon May 12 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.3-2
- If there is no executable we don't want to print a part of STANDARD FILE CONTEXT
2014-05-12 14:15:12 +02:00
Dan Walsh
d60939fccd Update to upstream
* Add -P semodule option to man page from Dan Walsh.
	* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
	* Add new icons for sepolicy gui from Dan Walsh.
	* Only return writeable files that are enabled from Dan Walsh.
	* Add domain to short list of domains, when -t and -d from Dan Walsh.
	* Fix up desktop files to match current standards from Dan Walsh.
	* Add support to return sensitivities and categories for python from Dan Walsh.
	* Cleanup whitespace from Dan Walsh.
	* Add message to tell user to install sandbox policy from Dan Walsh.
	* Add systemd unit file for mcstrans from Laurent Bigonville.
	* Improve restorecond systemd unit file from Laurent Bigonville.
	* Minor man pages improvements from Laurent Bigonville.
2014-05-06 14:58:32 -04:00
Miroslav Grepl
998c56497f * Tue May 6 2014 Miroslav Grepl <mgreplh@redhat.com> - 2.2.5-15
- Apply patch to use setcon in seunshare from luto@mit.edu
2014-05-06 18:55:08 +02:00
Dan Walsh
78088dae9e Remove requirement for systemd-units 2014-04-30 10:34:15 -04:00
Miroslav Grepl
231d059f2a * Fri Apr 25 2014 Miroslav Grepl <mgreplh@redhat.com> - 2.2.5-13
- Fix previous Fix-STANDARD_FILE_CONTEXT patch to exclude if non_exec does not exist
2014-04-25 11:13:57 +02:00
Miroslav Grepl
cc5a0e201f - Add 0001-Fix-STANDARD_FILE_CONTEXT-section-in-man-pages patch 2014-04-24 13:48:24 +02:00
Miroslav Grepl
35e5459a69 * Tue Apr 24 2014 Miroslav Grepl <mgreplh@redhat.com> - 2.2.5-12
- Add policycoreutils-rhat-revert.patch to revert the last two commits to make build working
2014-04-24 11:33:07 +02:00
Dan Walsh
110c90c00a Update Translations 2014-04-01 09:53:21 -04:00
Dan Walsh
e9004a6bf6 Update Translations 2014-04-01 09:37:30 -04:00
Dan Walsh
86feb38872 [PATCH] Add support for Fedora21 html manpage structure
-  From Miroslav Grepl
2014-03-31 08:34:41 -04:00
Miroslav Grepl
d5a13602dd * Thu Mar 27 2014 Miroslav Grepl <mgrepl@redhat.com> - 2.2.5-10
- Add support for Fedora21 html manpage structure
- Fix broken dependencies to require only usermode-gtk
2014-03-27 18:58:18 +01:00
Dan Walsh
60924625b8 mgrepl [PATCH] Deleteall user customization fails if there is a user used
- for the default login. We do not want to fail on it and continue to delete
- customizations for users which are not used for default login.
2014-03-26 09:15:58 -04:00
Dan Walsh
69fae7632e Update Translations
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
2014-03-25 10:49:00 -04:00
Dan Walsh
f30728b86b Update Translations
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
2014-03-24 14:56:27 -04:00
Dan Walsh
1ccde5adcd Merge branch 'master' of ssh://pkgs.fedoraproject.org/policycoreutils 2014-02-24 11:46:48 -05:00
Dan Walsh
fec09b4310 Allow manpages to be built on aarch64 2014-02-24 11:45:05 -05:00
Miroslav Grepl
23e0198817 Fix spec file to remove run_init which is no longer used because of systemd 2014-02-17 12:09:26 +01:00
Dan Walsh
f17032379c Don't be verbose in fixfiles if there is not tty 2014-02-14 12:33:24 -05:00
Dan Walsh
5dc80ea534 Yum should only be required for policycoreutils-devel 2014-02-13 19:54:31 -05:00
Dan Walsh
57422a62c6 Update translations 2014-01-21 09:18:34 -05:00
Dan Walsh
a3dfb2e273 Add Miroslav patch to
- Fix previously_modified_initialize() to show modified changes properly for all selections
2014-01-16 12:34:30 -05:00
Dan Walsh
16f2333d36 Add Miroslav patch to
-    Fix previously_modified_initialize() to show modified changes properly for all selections
2014-01-16 12:12:35 -05:00
Dan Walsh
b371ba3420 Don't require /usr/share/selinux/devel/Makefile to build permissive domains 2014-01-08 11:20:05 -05:00
Dan Walsh
b9afd68089 Update to upstream
* Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
2014-01-06 10:24:11 -05:00
Dan Walsh
2200ddeea6 Update Tranlations
- Patch from Yuri Chornoivan to fix typos
2014-01-03 16:06:52 -05:00
Dan Walsh
53ac00459c Fixes Customized booleans causing a crash of the sepolicy gui 2014-01-03 14:39:18 -05:00
Dan Walsh
8a88784fab Fix sepolicy gui selection for advanced screen
- Update Translations
- Move requires checkpolicy requirement into policycoreutils-python
2013-12-20 09:03:17 -05:00
Dan Walsh
fa2e38d15a Fix sepolicy gui selection for advanced screen
- Update Translations
2013-12-20 09:01:14 -05:00
Dan Walsh
e467d097c8 Fix semanage man page description of import command 2013-12-16 11:31:32 -05:00
Dan Walsh
6df7d46d73 Fix broken dependencies. 2013-12-16 09:20:43 -05:00
Dan Walsh
576b3e8a80 Break out python3 code into separate package 2013-12-13 08:48:16 -05:00
Dan Walsh
5c1fb32c8b Update to upstream
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
- Add patches for sepolicy gui from mgrepl to
  Fix advanced_item_button_push() to allow to select an application in advanced search menu
  Fix previously_modified_initialize() to show modified changes properly for all selections
2013-12-03 15:50:34 -05:00
Dan Walsh
e0ae96d544 Update to upstream
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
	* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
- Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate
2013-11-22 09:06:48 -05:00
Dan Walsh
50cb89c077 Fix selinux-polgengui, get_all_modules call 2013-11-20 09:17:21 -05:00
Dan Walsh
d028c1652f Speed up startup time of sepolicy gui
- Clean up ports screen to only show enabled ports.
- Update to upstream
	* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
	* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
	* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
2013-11-18 14:07:07 -05:00
Dan Walsh
5d97d38d1b Speed up startup time of sepolicy gui
- Clean up ports screen to only show enabled ports.
- Update to upstream
	* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
	* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
	* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
2013-11-15 09:06:16 -05:00
Dan Walsh
2b7d10b4f0 Update to upstream
* Properly build the swig exception file from Laurent Bigonville.
	* Fix man pages from Laurent Bigonville.
	* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
	* Fix LDFLAGS usage from Laurent Bigonville.
	* Fix init_policy warning from Laurent Bigonville.
	* Fix semanage logging from Laurent Bigonville.
	* Open newrole stdin as read/write from Sven Vermeulen.
	* Fix sepolicy transition from Sven Vermeulen.
	* Support overriding CFLAGS from Simon Ruderich.
	* Create correct man directory for run_init from Russell Coker.
	* restorecon GLOB_BRACE change from Michal Trunecka.
	* Extend audit2why to report additional constraint information.
	* Catch IOError errors within audit2allow from Dan Walsh.
	* semanage export/import fixes from Dan Walsh.
	* Improve setfiles progress reporting from Dan Walsh.
	* Document setfiles -o option in usage from Dan Walsh.
	* Change setfiles to always return -1 on failure from Dan Walsh.
	* Improve setsebool error r eporting from Dan Walsh.
	* Major overhaul of gui from Dan Walsh.
	* Fix sepolicy handling of non-MLS policy from Dan Walsh.
	* Support returning type aliases from Dan Walsh.
	* Add sepolicy tests from Dan Walsh.
	* Add org.selinux.config.policy from Dan Walsh.
	* Improve range and user input checking by semanage from Dan Walsh.
	* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
	* Allow use of <<none>> for semanage fcontext from Dan Walsh.
        * Report customized user levels from Dan Walsh.
	* Support deleteall for restoring disabled modules from Dan Walsh.
	* Improve semanage error reporting from Dan Walsh.
	* Only list disabled modules for module locallist from Dan Walsh.
	* Fix logging from Dan Walsh.
	* Define new constants for file type character codes from Dan Walsh.
	* Improve bash completions from Dan Walsh.
	* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
	* Add semanage tests from Dan Walsh.
	* Split semanage man pages from Dan Walsh.
	* Move bash completion scripts from Dan Walsh.
	* Replace genhomedircon script with a link to semodule from Dan Walsh.
	* Fix fixfiles from Dan Walsh.
	* Add support for systemd service for restorecon from Dan Walsh.
	* Spelling corrections from Dan Walsh.
	* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
	* Switch sandbox to openbox window manager from Dan Walsh.
	* Coalesce audit2why and audit2allow from Dan Walsh.
	* Change audit2allow to append to output file from Dan Walsh.
	* Update translations from Dan Walsh.
	* Change audit2why to use selinux_current_policy_path from Dan Walsh.
2013-10-31 10:06:05 -04:00
Dan Walsh
256317fccc Cleanup errors found by pychecker
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
2013-10-16 15:20:12 -04:00
Dan Walsh
8f0685b998 sepolicy gui
- mgrepl fixes for users and login
- Update Translations.
2013-10-15 15:37:37 -04:00
Dan Walsh
9f7fe58ac4 sepolicy gui
- mgrepl added delete screens for users and login
  - Fix lots of bugs.
- Update Translations.
2013-10-11 17:15:18 -04:00
Dan Walsh
58b140fa6b mgrepl added delete screens for users and login 2013-10-11 16:43:11 -04:00
Dan Walsh
744effa009 Fixes for fixfiles
* exclude_from_dirs should apply to all types of restorecon calls
  * fixfiles check now works
  * exit with the correct status
2013-10-04 18:25:40 -04:00
Dan Walsh
f00bc4f487 Fixes for fixfiles
* exclude_from_dirs should apply to all types of restorecon calls
  * fixfiles check now works
  * exit with the correct status
2013-10-04 18:24:43 -04:00
Dan Walsh
685bf50ba2 Fixes for sepolicy gui
- Fix setsebool to return 0 on success
- Update Po
2013-10-02 16:25:25 -04:00
Dan Walsh
2683a97019 Improvements to sepolicy gui
- Add more help information
  - Cleanup code
  - Add deny_ptrace on lockdown screen
  - Make unconfined/permissivedomains lockdown work
  - Add more support for file equivalency
2013-09-28 07:06:41 -04:00
Dan Walsh
6879d63783 Add back in the help png files
- Begin Adding support for file equivalency.
2013-09-18 15:03:38 -04:00
Dan Walsh
0a77d12b6f Random fixes for sepolicy gui
* Do not prompt for password until you make a change
  * Add user mappings and selinux users page
  * lots of code cleanup
2013-09-11 09:45:00 -04:00
Dan Walsh
05a4073c77 Update sepolicy gui code, cleanups and add file transition tab
- Fix semanage fcontext -a --ftype code to work.
2013-08-15 10:14:40 -04:00
Dan Walsh
02d8b93ce5 Update sepolicy gui code, cleanups and add file transition tab
- Fix semanage fcontext -a --ftype code to work.
2013-08-15 09:00:32 -04:00
Dan Walsh
79e2d33ac3 If policy is not installed get_bools should not crash 2013-08-09 05:49:38 -04:00
Dan Walsh
e61d91108f Update sepolicy gui code, cleanups and add file transition tab
- Fix semanage argparse problems
2013-08-06 17:26:50 -04:00
Dan Walsh
56c629dbeb Update sepolicy gui code, adding dbus calls
- Update Translations
2013-08-02 14:42:48 -04:00
Dan Walsh
0385dda17f Update sepolicy gui code, adding dbus calls
- Update Translations
2013-08-02 14:24:25 -04:00
Dan Walsh
0eb608c431 Fix semanage argparse bugs
- Update Translations
- Add test suite for semanage command lines
2013-07-26 12:20:20 -04:00
Dan Walsh
f8c8b42b7a Fix semanage argparse bugs 2013-07-24 11:42:48 -04:00
Dan Walsh
d21896c450 Fix bugs introduced by previous patch. semanage port
- Update Translations
- Add test suite for sepolicy command lines
2013-07-23 16:59:48 -04:00
Dan Walsh
7fa44b7304 Fix bugs introduced by previous patch. semanage port
- Update Translations
2013-07-19 07:07:18 -04:00
Dan Walsh
27d056afb8 Don't generate shell script or spec file for sepolicy generate --newtype
- Update translations
- Fix sepolicy generate --admin_user man page again
- Fix setsebool to print less verbose error messages by default, add -V for ve
2013-07-16 11:53:03 -04:00
Dan Walsh
101341aa44 Update sepolicy gui. 2013-07-10 16:48:48 -04:00
Dan Walsh
2ab6b02e3c Add Ryan Hallisey sepolicy gui.
- Update Translations
2013-06-28 12:50:17 -04:00
Dan Walsh
e396b39f10 Fix semanage module error handling 2013-06-24 17:32:33 -04:00
Dan Walsh
863699842d Add back default exception handling for errors, which argparse rewrite removed. 2013-06-23 07:02:14 -04:00
Dan Walsh
5f68ab8fd2 Remove requires for systemd-sysv
- Move systemd-units require to restorecond section
- Update Tranlasions
- More sepolicy interfaces for gui
2013-06-21 07:43:24 -04:00
Dan Walsh
a904d22fb4 Fix semanage export/import commands
- Fix semange module command
- Remove --version option from sandbox
2013-06-19 11:24:56 -04:00
Dan Walsh
11643b3535 Fix semanage export/import commands
- Fix semange module command
2013-06-19 10:44:58 -04:00
Dan Walsh
82362e85ca Add man page doc for --role and bash complestion support for sepolicy --role 2013-06-18 14:49:19 -04:00
Dan Walsh
544468684c Make fcdict return a dictionary of dictionaries
- Fix for sepolicy manpage
2013-06-18 14:38:47 -04:00
Dan Walsh
4f89c533b5 Add new man pages for each semanage subsection 2013-06-17 16:59:42 -04:00
Dan Walsh
69da86fcf8 Add new man pages for each semanage subsection 2013-06-17 16:18:37 -04:00
Dan Walsh
305ae476dd Fix handling of sepolicy network sorting.
- Additional interfaces needed for sepolicy gui
2013-06-17 13:35:55 -04:00
Dan Walsh
39c0a6ec6a Fix handling of semanage args 2013-06-06 16:19:32 -04:00
Dan Walsh
b8c1b26e16 Fix sepolicy generate --confined_admin to generate tunables
- Add new interface to generate entrypoints for use with new gui
2013-06-06 14:05:52 -04:00
Dan Walsh
ad349ef1ad Fix handing of semanage with no args 2013-06-05 13:26:26 -04:00
Dan Walsh
4f084e9fcd Fix audit2allow -o to open file for append
- Fix the name of the spec file generated in the build script
2013-06-04 10:53:51 -04:00
Dan Walsh
e90e9c6c30 Fix mgrepl patch to support all semanage command parsing 2013-05-31 09:10:29 -04:00
Dan Walsh
16ab1d5de7 Fix the name of the spec file generated in the build script
- Add mgrepl patch to support argparse for semanage command parsing
2013-05-26 07:04:55 -04:00
Dan Walsh
4254724cef Fix the name of the spec file generated in the build script
- Add mgrepl patch to support argparse for semanage command parsing
2013-05-26 07:00:33 -04:00
Dan Walsh
f5d4f8f0dd Fix sandbox to always use sandbox_file_t, so generated policy will work.
- Update Translations
2013-05-21 09:41:29 -04:00
Dan Walsh
a956fd7105 Need to handle gziped policy.xml as well as not compressed. 2013-05-14 15:53:54 -04:00
Dan Walsh
b0bf57fdb1 Add support for Xephyr -resizable, so sandbox can now resize window
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
2013-05-14 08:21:26 -04:00
Dan Walsh
81224adaf3 Add support for Xephyr -resizable, so sandbox can now resize window
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
2013-05-14 08:18:35 -04:00
Dan Walsh
68b643cce8 Add support for Xephyr -resizable, so sandbox can now resize window
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
2013-05-14 08:17:18 -04:00
Dan Walsh
5918716f29 Apply patches from Sven Vermeulen for sepolgen to fix typos. 2013-05-13 16:47:23 -04:00
Dan Walsh
4adc19aea3 Only require selinux-policy-devel for policycoreutils-devel, this will shrink the size of the livecd. 2013-05-13 10:19:59 -04:00
Dan Walsh
d610eb1fd8 Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed, first time
- Add  Sven Vermeulen  patches to cleanup man pages
2013-05-12 06:06:28 -04:00
Dan Walsh
a941cc9a2c No longer run sepolgen-ifgen at install time.
- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed.
- Update Translations
2013-05-10 09:33:24 -04:00
Dan Walsh
b4c5b4829d Fix exceptionion hanling in audit2allow -o
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
2013-04-22 10:03:47 -04:00
Dan Walsh
19201f72c6 Update translations
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
2013-04-10 16:46:39 -04:00
Dan Walsh
6b0d365200 Update translations
- Add patch inspired by Miroslav Grepl to add extended information for sepolicy interface command.
2013-04-09 11:35:08 -04:00
Dan Walsh
bbf6a880b6 Update translations
- Add missing man pages and fixup existing man pages
2013-04-08 15:13:24 -04:00
Dan Walsh
0dad6598dd Update translations
- Add missing man pages and fixup existing man pages
2013-04-08 14:53:05 -04:00
Dan Walsh
f7ec68c101 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel
- Apply Miroslav Grepl Patches for sepolicy
-- Fix generate mutually groups option handling
-- EUSER is used for existing policy
-- customize options can be used together with admin_domain option
-- Fix manpage.py to generate correct man pages for SELinux users
-- Fix policy *.te file generated by customize+writepaths options
-- Fix install script for confined_admin option
2013-04-03 11:20:45 -04:00
Dan Walsh
5b06f96755 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel
- Apply Miroslav Grepl Patches for sepolicy
2013-04-03 11:19:42 -04:00
Dan Walsh
d4ae6ccd66 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel
- Apply Miroslav Grepl Patches for sepolicy
2013-04-03 11:18:44 -04:00
Dan Walsh
3cc0cfcac3 Add post install scripts for gui to make sure Icon Cache is refreshed.
- Fix grammar issue in secon man page
- Update Translations
2013-04-01 10:45:06 -04:00
Dan Walsh
4084a6ea89 Add buildrequires for OpenBox to prevent me from accidently building into RHEL7
- Add support for returning alias data to sepolicy.info python bindings
2013-03-28 13:40:55 -04:00
Dan Walsh
e9b167e78d Fix audit2allow output to better align analysys with the allow rules
- Apply Miroslav Grepl patch to clean up sepolicy generate usage
- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
- Update Tranlslations
2013-03-27 14:00:16 -04:00
Dan Walsh
8e3bfe0949 Allow semanage fcontext -a -t "<<none>>" ... to work 2013-03-27 11:20:46 -04:00
Dan Walsh
98c418def3 Can not unshare IPC in sandbox, since it blows up Xephyr
- Remove bogus error message sandbox about reseting setfsuid
2013-03-25 09:21:51 -04:00
Dan Walsh
c1e35cdc89 sepolgen-ifgen needs to handle filename transition rules containing ":" 2013-03-21 10:52:00 -04:00
Dan Walsh
8be0816a98 sepolicy manpage:
-   use nroff instead of man2html
-   Remove checking for name of person who created the man page
- audit2allow
-   Fix output to show the level that is different.
2013-03-19 16:58:35 -04:00
Dan Walsh
3aca74a161 Have restorecon exit -1 on errors for consistancy. 2013-03-06 12:03:27 -05:00
Dan Walsh
b4e4f79ed5 Need to provide a value to semanage boolean -m 2013-03-05 11:20:07 -05:00
Dan Walsh
e5aaa46215 Fix cut and paste errors for sepolicy network command 2013-03-04 11:34:25 -05:00
Dan Walsh
fefce8f581 Fix sepoicy interface to work properly 2013-03-01 14:18:15 -05:00
Dan Walsh
5324d20ca0 Fix fixfiles to use exclude_dirs on fixfiles restore 2013-02-28 15:31:20 -05:00
Dan Walsh
10913b779d Fix fixfiles to use exclude_dirs on fixfiles restore 2013-02-28 15:28:38 -05:00
Dan Walsh
4cc4167518 Allow users with symlinked homedirs to work. call realpath on homedir
- Fix sepolicy reorganization of helper functions.
2013-02-28 14:24:35 -05:00
Rahul Sundaram
1dd3bee373 remove vendor tag from desktop file. https://fedorahosted.org/fpc/ticket/247
- clean up spec to follow current guidelines
2013-02-25 00:32:25 -05:00
Dan Walsh
b1cf8c69ac Update trans
- Fix sepolicy reorganization of helper functions.
2013-02-24 18:29:34 +01:00
Dan Walsh
8c07616121 Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package 2013-02-22 17:38:59 +01:00
Dan Walsh
c617c0cebf sepolgen-ifgen should use the current policy path if selinux is enabled 2013-02-22 14:06:28 +01:00
Dan Walsh
21179e1822 Fix sepolicy to be able to work on an SELinux disabled system.
- Needed to be able to build man pages in selinux-policy package
2013-02-22 13:06:49 +01:00
Dan Walsh
3f69c2f15b Add yum to requires of policycoreutils-python since sepolicy requires it. 2013-02-21 22:49:36 +01:00
Dan Walsh
d421fd0097 Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 21:21:18 +01:00
Dan Walsh
8779e924e9 Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 20:06:41 +01:00
Dan Walsh
92a9b8454b Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 18:26:12 +01:00
Dan Walsh
3234f310f1 Add --root/-r flag to sepolicy manpage,
- This allows us to generate man pages on the fly in the selinux-policy build
2013-02-20 16:48:51 +01:00
Dan Walsh
68cfa786ad Fix newrole to retain cap_audit_write when compiled with namespace, also
do not drop capabilities when run as root.
2013-02-18 14:14:39 -05:00
Dan Walsh
5855410892 Fix man page generation and public_content description 2013-02-14 10:13:51 -05:00
Dan Walsh
9057b25d2b Revert some changes which are causing the wrong policy version file to be created
- Switch sandbox to start using openbox rather then matchpbox
- Make sepolgen a symlink to sepolicy
- update translations
2013-02-14 08:28:08 -05:00
Dan Walsh
f79f9d24b6 Fix empty system-config-selinux.png, again 2013-02-13 09:23:43 -05:00
Dan Walsh
296f63cbc3 Fix empty system-config-selinux.png 2013-02-12 16:16:02 -05:00
Dan Walsh
0e639a9ea0 Update to upstream 2013-02-08 09:44:20 -05:00
Dan Walsh
205e3429b9 Reorginize sepolicy so all get_all functions are in main module
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
2013-01-31 13:58:25 -05:00
Dan Walsh
14f88c192c Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-28 09:29:48 -05:00
Dan Walsh
3aa7d3a916 Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-25 18:03:21 -05:00
Dan Walsh
eef44bd006 Additional changes for bash completsion and generate man page to match the w
-  Add newtype as a new qualifier to sepolicy generate.  This new mechanism wil
-  a policy write to generate types after the initial policy has been written a
-  will autogenerate all of the interfaces.
-  I also added a -w options to allow policy writers from the command line to s
-  the writable directories of files.
-
-  Modify network.py to include interface definitions for newly created port type
-  Standardize of te_types just like all of the other templates.
2013-01-21 13:37:48 -06:00
Dan Walsh
c910a0cf10 Update Translations
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
-   This fixes the spec file and script file getting wrong names for modules and types.
2013-01-15 12:19:10 -05:00
Dan Walsh
06ab21ffa7 Additional patch from Miroslav to handle role attributes 2013-01-09 12:08:37 -05:00
Dan Walsh
422fcbbd1a Update with Miroslav patch to handle role attributes
- Update Translations
- import sepolicy will only throw exception on missing policy iff selinux is enabled
2013-01-09 08:37:32 -05:00
Dan Walsh
6be5fbacb4 Update to latest patches from eparis/Upstream
-    secon: add support for setrans color information in prompt output
- Update translations
2013-01-05 11:25:32 -05:00
Dan Walsh
5a6000efc7 Update translations
- Fix sepolicy booleans to handle autogenerated booleans descriptions
- Cleanups of sepolicy manpage
- Fix crash on git_shell man page generation
2013-01-04 17:14:27 -05:00
Dan Walsh
c488be004d Update translations
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.
2013-01-03 15:21:48 -05:00
Dan Walsh
a61d456504 Fix semanage permissive , this time with the patch.
- Update translations
2012-12-20 10:05:01 -05:00
Dan Walsh
c28ba657ed Fix semanage permissive
- Change to use correct gtk forward button
- Update po
2012-12-19 15:31:43 -05:00
Dan Walsh
8826d7e0fd Move audit2why to -devel package 2012-12-17 16:22:32 -05:00
Dan Walsh
558e4d0e2d sepolicy transition was blowing up. Also cleanup output when only source is specified.
- sepolicy generate should allow policy modules names that include - or _
2012-12-17 13:22:14 -05:00
Dan Walsh
2a0d3b9155 Apply patch from Miroslav to display proper range description in man pages g
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
2012-12-10 11:02:46 -05:00
Dan Walsh
ceff76e017 Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
2012-12-06 14:57:17 -05:00
Dan Walsh
4933c11cf0 sepolicy should failover to installed policy file on a disabled SELinux box, if it exists. 2012-12-06 09:16:30 -05:00
Dan Walsh
91c5cd51d5 Update Translations
- sepolicy network -d needs to accept multiple domains
2012-12-05 15:17:23 -05:00
Dan Walsh
844afda5b6 Add --path as a parameter to sepolicy generate
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
- Fix sepolicy generate -T to not take an argument, and supress the help message
- Since this is really just a testing tool
2012-11-30 00:46:59 -05:00
Dan Walsh
ad24fe0d6f Fix sepolicy communicate to handle invalid input 2012-11-30 00:01:24 -05:00
Dan Walsh
ee03d6c97d Fix sepolicy network -p to handle high ports 2012-11-29 16:03:36 -05:00
Dan Walsh
de745c0321 Fix handling of manpages without entrypoints, nsswitch domains
- Update Translations
2012-11-29 15:50:47 -05:00
Dan Walsh
c7b078ec4b Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the 2012-11-28 11:04:23 -05:00
Dan Walsh
5ffa11c17a Fix sepolicy/__init__.py to handle _() 2012-11-27 16:35:09 -05:00
Dan Walsh
c80e41cce5 Add Miroslav Grepl patch to create etc_rw_t sock files policy 2012-11-21 14:32:28 -05:00
Dan Walsh
77c01a631e Fix semanage to work without policycoreutils-devel installed
- Update translations
2012-11-16 14:44:43 -05:00
Dan Walsh
3df9272539 Fix semanage to work without policycoreutils-devel installed
- Update translations
2012-11-16 12:02:59 -05:00
Dan Walsh
356d85e93c Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory 2012-11-13 17:05:58 -05:00
Dan Walsh
dcda6e4336 Fix booleansPage not showing booleans
- Fix audit2allow -b
2012-11-13 10:30:48 -05:00
Dan Walsh
435b38a137 Fix sepolicy booleans again
- Fix man page
2012-11-13 07:05:08 -05:00
Dan Walsh
bd8b5a05a7 Move policy generation tools into policycoreutils-devel 2012-11-12 17:02:39 -05:00
Dan Walsh
442a7187fc Document and fix sepolicy booleans
- Update Translations
- Fix several spelling mistakes
2012-11-12 15:27:22 -05:00
Dan Walsh
6dfb3b920c Only report restorecon warning for missing default label, if not running
recusively
- Update translations
2012-11-07 10:49:52 -05:00
Dan Walsh
16444033da Fix semanage booleans -l, move more boolean_dict handling into sepolicy
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
2012-11-06 06:12:01 -05:00
Dan Walsh
321b3f2caa Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
2012-11-05 15:41:11 -05:00
Dan Walsh
ddeee18742 Remove run_init, no longer needed with systemd.
- Fix sepolicy generate to not include subdirs in generated fcontext file.  (mgrepl patch)
2012-11-05 13:23:00 -05:00
Dan Walsh
cc08d7735b Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
2012-11-03 07:19:34 -04:00
rhatdan
1cc95772be Fix some build problems in sepolicy manpage and sepolicy transition 2012-11-01 14:36:52 -04:00
rhatdan
d76fa39cad Add alias man pages to sepolicy manpage 2012-10-30 16:40:08 -04:00
rhatdan
7d197203b0 Redesign sepolicy to only read the policy file once, not for every call 2012-10-29 12:38:36 -04:00
rhatdan
7e71323398 Fixes to sepolicy transition, allow it to list all transitions from a domain 2012-10-29 09:09:07 -04:00
rhatdan
70bff091fa Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network 2012-10-27 07:48:31 -04:00
rhatdan
91f5677207 Allow sepolicy to specify the policy to generate content from 2012-10-26 14:44:32 -04:00
rhatdan
4a63d32419 Fix semanage boolean -F to handle boolean subs 2012-10-25 14:20:27 -04:00
rhatdan
655a2656e3 Add Miroslav Grepl patch to generate html man pages
- Update Translations
- Add option to sandbox to shred files before deleting
2012-10-25 13:58:08 -04:00
rhatdan
6d5c3dfe44 Rebuild without bogus prebuild 64 bit seunshare app 2012-09-25 16:22:19 -04:00
rhatdan
2d7c6d02f4 Allow fixfiles to specify -v, so they can get verbosity rather then progress.
- Fix load_file Makefile to use SBINDIR rather then real OS.
- Fix man pages in setfiles and restorecon to reflect what happens when you relabel the entire OS.
2012-09-17 14:56:05 -04:00
rhatdan
6e9d4c92ea Use systemd post install scriptlets 2012-09-17 12:37:51 -04:00
rhatdan
775d48fd41 Update to upstream
* genhomedircon: manual page improvements
	* setfiles/restorecon minor improvements
	* run_init: If open_init_pty is not available then just use exec
	* newrole: do not drop capabilities when newrole is run as
	* restorecon: only update type by default
	* scripts: Don't syslog setfiles changes on a fixfiles restore
	* setfiles: do not syslog if no changes
	* Disable user restorecond by default
	* Make restorecon return 0 when a file has changed context
	* setfiles: Fix process_glob error handling
	* semanage: allow enable/disable under -m
	* add .tx to gitignore
	* translations: commit translations from Fedora community
	* po: silence build process
	* gui: Checking in policy to support polgengui and sepolgen.
	* gui: polgen: search for systemd subpackage when generating policy
	* gui: for exploring booleans
	* gui: system-config-selinux gui
	* Add Makefiles to support new gui code
	* gui: remove lockdown wizard
	* return equivalency records in fcontext customized
	* semanage: option to not load new policy into kernel after
	* sandbox: manpage update to describe standard types
	* setsebool: -N should not reload policy on changes
	* semodule: Add -N qualifier to no reload kernel policy
	* gui: polgen: sort selinux types of user controls
	* gui: polgen: follow symlinks and get the real path to
	* gui: Fix missing error function
	* setfiles: return errors when bad paths are given
	* fixfiles: tell restorecon to ignore missing paths
	* setsebool: error when setting multiple options
	* semanage: use boolean subs.
	* sandbox: Make sure Xephyr never listens on tcp ports
	* sepolgen: return and output constraint violation information
	* semanage: skip comments while reading external configuration files
	* restorecond: relabel all mount runtime files in the restorecond example
	* genhomedircon: dynamically create genhomedircon
	* Allow returning of bastard matches
	* sepolgen: return and output constraint violation information
	* audit2allow: one role/type pair per line
2012-09-15 08:34:36 -04:00
rhatdan
92907b214d Change polgen to generate dbus apps as optional so they can compile on minimal policy system, patch from Miroslav Grepl 2012-08-08 09:25:33 -04:00
Dan Walsh
634c0824af Fix sepolgen/audit2allow to handle multiple role/types in avc messages properly 2012-07-27 09:42:59 -04:00
Dan Walsh
7e579fc0a2 userapps is generating sandbox code in polgengui 2012-07-19 13:21:49 -04:00
Dan Walsh
9c3e56bd25 userapps is generating sandbox code in polgengui 2012-07-11 10:51:38 -04:00
Dan Walsh
4ab9c398e5 Remove load_policy symbolic link on usrmove systems this breaks the system 2012-07-05 05:56:49 -04:00
Dan Walsh
f35df462e0 Update to upstream
- policycoreutils
	* restorecond: wrong options should exit with non-zero error code
	* restorecond: Add -h option to get usage command
	* resorecond: user: fix fd leak
	* mcstrans: add -f to run in foreground
	* semanage: fix man page range and level defaults
	* semanage: bash completion for modules should include -a,-m, -d
	* semanage: manpage update for -e
	* semanage: dontaudit off should work
	* semanage: locallist option does not take an argument
	* sepolgen: Make use of setools optional within sepolgen
   - sepolgen
	* Make use of setools optional within sepolgen
	* We need to support files that have a + in them
2012-07-04 07:41:05 -04:00
Dan Walsh
b97e271674 Make restorecon exit with an error on a bad path 2012-05-24 11:39:55 -04:00
Dan Walsh
f7d5cb7960 Fix setsebool command, handling of = broken.
- Add missing error option in booleansPage
2012-05-24 08:59:33 -04:00
Dan Walsh
03b8834355 Fix setsebool command, handling of = broken.
- Add missing error option in booleansPage
2012-05-24 05:55:35 -04:00
Dan Walsh
1b634710d1 Allow stream sock_files to be stored in /tmp and etc_rw_t directories by sepolgen
- Trigger on selinux-policy needs to change to selinux-policy-devel
- Update translations
- Fix semanage dontaudit off/on exception
2012-05-18 11:42:50 -04:00
Dan Walsh
9d30639944 Trigger on selinux-policy needs to change to selinux-policy-devel 2012-05-18 11:14:21 -04:00
Dan Walsh
31cb4ccac2 Update translations
- Fix semanage dontaudit off/on exception
2012-05-18 09:58:36 -04:00
Dan Walsh
4f5186ec4f Add -N qualifier to semanage, setsebool and semodule to allow you to update
- policy without reloading it into the kernel.
2012-05-08 16:32:53 -04:00
Dan Walsh
3348eaa82b add some definition to the standard types available for sandboxes 2012-05-03 19:34:17 -04:00
Dan Walsh
9d3be2cefc Remove lockdown wizard 2012-05-01 16:14:29 -04:00
Dan Walsh
c938748d91 Remove lockdown wizard 2012-05-01 16:13:35 -04:00
Dan Walsh
01c8a3601e Fix semanage fcontext -E to extract the equivalance customizations. 2012-04-30 15:05:24 -04:00
Dan Walsh
e6f13dc63b Add mgrepl patch to have sepolgen search for -systemd rpm packages 2012-04-26 13:55:39 -04:00