Commit Graph

1362 Commits

Author SHA1 Message Date
Petr Lautrbach
2001cdc01d libselinux-2.8-4
- Fix typo in newrole.1 manpage
- sepolgen: print all AV rules correctly
- sepolgen: fix access vector initialization
- Add xperms support to audit2allow
- semanage: Stop logging loginRecords changes
- semanage: Fix logger class definition
- semanage: Replace bare except with specific one
- semanage: fix Python syntax of catching several exceptions
- sepolgen: return NotImplemented instead of raising it
- sepolgen: fix refpolicy parsing of "permissive"
2018-09-04 09:32:10 +02:00
Petr Lautrbach
1cf65c551e Update README.translations to reflect recent changes and add default zanata.xml 2018-08-07 18:01:26 +02:00
Petr Lautrbach
ad810ff414 Use patch'es without translations since they are in separete tarballs 2018-08-07 18:01:26 +02:00
Petr Lautrbach
03a027dfaa Split translations into sub-tarballs
https://github.com/fedora-selinux/selinux/issues/43
2018-08-07 17:33:39 +02:00
Petr Lautrbach
0da684cc41 policycoreutils-2.8-6.fc29
- Use split translation files
  https://github.com/fedora-selinux/selinux/issues/43
2018-08-06 14:47:07 +02:00
Petr Lautrbach
1a9e2c70e4 Use new translation files structure
https://github.com/fedora-selinux/selinux/issues/43
2018-08-06 14:38:57 +02:00
Petr Lautrbach
e8cd8997c5 tests: Add selinux-info, booleans and modules tests 2018-08-03 14:11:50 +02:00
Petr Lautrbach
2e1ddce936 Build with python3 by default
Since this [1] change, there's no /usr/bin/python anymore

[1] https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package
2018-07-18 22:39:08 +02:00
Petr Lautrbach
2f16dd5c7d cgroup support was removed from sandbox in 2.4 release long time ago 2018-07-18 13:04:23 +02:00
Petr Lautrbach
748028495e Disable automatic compilation of Python files in extra directories
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IDDR65FMKZYZYLL6DGFEKFACC55PELW3/
https://fedoraproject.org/wiki/Packaging:Python_Appendix#Manual_byte_compilation
2018-07-16 14:47:02 +02:00
Petr Lautrbach
7505971712 Do not use symlinks to enable selinux-autorelabel-mark.service
The service should be enabled using `systemd preset`
https://bugzilla.redhat.com/show_bug.cgi?id=1589720
2018-07-16 13:35:12 +02:00
Fedora Release Engineering
3a5478fbe1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 22:42:19 +00:00
Miro Hrončok
ed5913bed9 Rebuilt for Python 3.7 2018-07-02 18:24:39 +02:00
Petr Lautrbach
c1291665a7 policycoreutils-2.8-3.fc29
- selinux-autorelabel: Use plymouth --quit rather then --hide-splash (#1592221)
- selinux-autorelabel: Increment boot_indeterminate grub environment variable (#1592221)
2018-06-18 11:23:27 +02:00
Hans de Goede
3bbe617cee selinux-autorelabel: Increment boot_indeterminate grub environment variable
For the new grub auto-hide feature:
https://fedoraproject.org/wiki/Changes/HiddenGrubMenu

Grub needs to know if the previous boot succeeded. This is tracked
through flags in the grub environment.

A selinux autorelabel is special, because it reboots the machine without
completing the boot in the normal manner.

grub checks the (new) boot_indeterminate grub environment variable to deal
with this. This is a variable containing a count of special boots since
the last successful normal boot. If this variable is 1 then it also treats
the previous boot as successful. The idea is that an autorelabel (or
offline updates) increments boot_indeterminate, so normally after a reboot
it will be 1 and the grub menu stays hidden. But if we end up in a selinux
autorelabel loop for some reason, then it will be bigger then 1 (*) and
the grub menu will be shown allowing the user to try and fix things.

*) grub itself will also increment it if it is 1 so that even if it gets
incremented only once, that still only makes 1 boot count as successful.

This commit makes the selinux-autorelabel script call:
grub2-editenv - incr boot_indeterminate
for proper integration with this new grub feature.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2018-06-18 11:03:49 +02:00
Hans de Goede
a16e7bc7bb selinux-autorelabel: Use plymouth --quit rather then --hide-splash
plymouth by defaults waits for 5 seconds before showing the splash so
that the splash simply gets skipped on real quick boots.

In my testing it seems that --hide-splash is a no-op when run before
the 5 seconds have passed and the splash is shown, causing the splash
to still be there during a relabel. Note this problem only shows when
*not* using disk-encryption.

Switching to plymouth --quit fixes this.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2018-06-18 11:03:46 +02:00
Miro Hrončok
426ef33d7b Rebuilt for Python 3.7 2018-06-15 22:47:46 +02:00
Petr Lautrbach
e02a588654 policycoreutils-2.8-1
- SELinux userspace 2.8 release
2018-05-25 11:45:50 +02:00
Petr Lautrbach
dafef9cd56 policycoreutils-2.8-0.rc3.2
- selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
- selinux-autorelabel: synchronize cached writes before reboot (#1385272)
2018-05-22 07:55:28 +02:00
David Kaspar [Dee'Kej]
f5a2299168 selinux-autorelabel: synchronize cached writes before reboot
This should prevent boot loops when 'touch /.autorelabel' has been used.

  See: https://bugzilla.redhat.com/show_bug.cgi?id=1385272

Signed-off-by: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
2018-05-18 13:55:09 +02:00
David Kaspar [Dee'Kej]
4af347c8e5 selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent
This can be useful when user has this UEFI boot order e.g.:

                 Windows | grub | Linux

  And decides to boot into grub/Linux. In case the autorelabel service
  is being run after the boot into grub, then the reboot after the
  autorelabel is done will cause user to boot into Windows again...

  This change should make the behaviour more intuitive for the user.

Signed-off-by: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
2018-05-18 13:53:03 +02:00
Petr Lautrbach
5da1961fa7 Add policycoreutils_man_ru2.tar.bz2 back to sources 2018-05-15 09:56:15 +02:00
Petr Lautrbach
b05095b2d3 SELinux userspace 2.8-rc3 release candidate 2018-05-15 09:51:02 +02:00
Petr Lautrbach
b1b5b44bff SELinux userspace 2.8-rc2 release candidate 2018-05-04 16:20:03 +02:00
Petr Lautrbach
6545ae2ada SELinux userspace 2.8-rc1 release candidate 2018-04-23 14:31:24 +02:00
Petr Lautrbach
1d2d2bc1ce Drop python2 sepolicy gui files from policycoreutils-gui
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1566618
2018-04-19 09:13:06 +02:00
Iryna Shcherbina
6035a0be1e Update Python 2 dependency declarations to new packaging standards 2018-04-19 09:12:05 +02:00
Petr Lautrbach
3581fc76d3 policycoreutils-2.7-18
- Move semodule_* utilities to policycoreutils package (#1562549)
2018-04-03 12:15:10 +02:00
Petr Lautrbach
a707f868c5 Move semodule_* utilities to policycoreutils package
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1562549
2018-04-03 12:12:50 +02:00
Petr Lautrbach
3b2c0121a0 policycoreutils-2.7-17
- semanage/seobject.py: Fix undefined store check (#1559174)
2018-03-22 13:10:25 +01:00
Petr Lautrbach
e7588169c3 Since python subpackages are noarch now, use provides without %_isa 2018-03-21 17:54:54 +01:00
Petr Lautrbach
389ac0b9c7 Require libsepol-2.7-6, libselinux-2.7-13, libsemanage-2.7-12 2018-03-21 16:53:03 +01:00
Petr Lautrbach
320398f39a policycoreutils-2.7-16
- Build python only subpackages as noarch
- Move semodule_package to policycoreutils-devel
2018-03-16 17:10:02 +01:00
Petr Lautrbach
ebb2c5bfea Build python only subpackages as noarch
policycoreutils-dbus.noarch.rpm
policycoreutils-gui.noarch.rpm
policycoreutils-python-utils.noarch.rpm
python3-policycoreutils.noarch.rpm
python2-policycoreutils.noarch.rpm
2018-03-16 17:05:10 +01:00
Petr Lautrbach
8f22730766 Move semodule_package to policycoreutils-devel
It's not a python utility and other semodule_* tools live there.
2018-03-16 17:03:10 +01:00
Petr Lautrbach
38ab1da754 policycoreutils-2.7-15
- sepolicy: Fix translated strings with parameters
- sepolicy: Support non-MLS policy
- sepolicy: Initialize policy.ports as a dict in generate.py
- gui/polgengui.py: Use stop_emission_by_name instead of emit_stop_by_name
- Minor update for bash completion
- semodule_package: fix semodule_unpackage man page
- gui/semanagePage: Close "edit" and "add" dialogues when successfull
- gui/fcontextPage: Set default object class in addDialog\
- sepolgen: fix typo in PolicyGenerator
- build: follow standard semantics for DESTDIR and PREFIX
2018-03-13 14:43:27 +01:00
Petr Lautrbach
3b55d7f197 policycoreutils-2.7-14
- Use Fedora RPM build flags

https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1548740
2018-02-26 10:48:36 +01:00
Petr Lautrbach
005a370f1c -gui requires gtk3 and python3-gobject at least 2018-02-20 12:44:11 +01:00
Petr Lautrbach
d3d971ba91 Fix mangling python shebangs
- use pathfix.py instead of sed
- clean up '*~' files

Fixes:
policycoreutils has broken dependencies in the rawhide tree:
On i386:
        python2-policycoreutils-2.7-11.fc28.i686 requires /usr/bin/python22
On armhfp:
        python2-policycoreutils-2.7-11.fc28.armv7hl requires /usr/bin/python22
2018-02-20 12:38:53 +01:00
Petr Lautrbach
2c47aaddd8 List gcc in BuildRequires
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
https://fedoraproject.org/wiki/Packaging:C_and_C%2B%2B#BuildRequires_and_Requires
2018-02-19 13:37:46 +01:00
Miro Hrončok
c6b051c966 python3: suffix -> prefix 2018-02-19 11:56:26 +01:00
Petr Lautrbach
b11cdd32ec Spec file cleanup
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/MRWOMRZ6KPCV25EFHJ2O67BCCP3L4Y6N/
2018-02-16 10:19:01 +01:00
Petr Lautrbach
1bb4ee0d45 policycoreutils-2.7-11.f28
- Rewrite selinux-polgengui to use Gtk3
- Drop python2 and gnome-python2 from gui Requires
2018-02-15 21:34:05 +01:00
Petr Lautrbach
b16a211432 Drop python2 and gnome-python2 from gui Requires
It should not be needed anymore
2018-02-15 21:29:23 +01:00
Petr Lautrbach
203045ec1e gui: Several python 3 related fixes from fedora-selinux/selinux
- gui/polgengui.py: Fix sepolicy.generate import in polgengui.py
- gui/polgengui.py: Convert polgen.glade to Builder format polgen.ui
- python/sepolicy: Use list instead of map
- python/sepolicy: Do not use types.BooleanType
2018-02-15 21:29:23 +01:00
Petr Lautrbach
7ef4db2ba4 Use /usr/bin/python2 and other "avoid Python 2" improvements
https://fedoraproject.org/wiki/Changes/Avoid_usr_bin_python_in_RPM_Build
2018-02-15 21:29:23 +01:00
Petr Lautrbach
c5c508337c Use shared repository for tests
https://fedoraproject.org/wiki/CI/Share_Test_Code
2018-02-14 17:32:57 +01:00
Fedora Release Engineering
f81f64ddb6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-09 05:31:13 +00:00
Petr Lautrbach
dfb5be5ac0 policycoreutils-2.7-9.fc28
- audit-libs-python was renamed to audit-libs-python2
- Use python2_sitearch and python2_sitelib macro
2018-01-31 10:51:43 +01:00
Petr Lautrbach
d6b46ca1c4 audit-libs-python was renamed to audit-libs-python2 2018-01-24 17:55:20 +01:00