- sandbox: Use dbus-run-session instead of dbus-launch when available
- hll/pp: Change warning for module name not matching filename to match new behavior
- Remove LDFLAGS from CFLAGS
- sandbox: create a new session for sandboxed processes
- sandbox: do not try to setup directories without -X or -M
- sandbox: do not run xmodmap in a new X session
- sandbox: Use GObject introspection binding instead of pygtk2
- sandbox: fix file labels on copied files
- sandbox: tests - close stdout of p
- sandbox: tests - use sandbox from cwd
- audit2allow: tests should use local copy not system
- audit2allow: fix audit2why import from seobject
- audit2allow: remove audit2why so that it gets symlinked
- semanage: fix man page and help message for import option
- semanage: fix error message for fcontext -m
- semanage: Fix semanage fcontext -D
- semanage: Correct fcontext auditing
- semanage: Default serange to "s0" for port modify
- semanage: Use socket.getprotobyname for protocol
- semanage: fix modify action in node and interface
- fixfiles: Pass -n to restorecon for fixfiles check
- sepolicy: Check get_rpm_nvr_list() return value
- Don't use subprocess.getstatusoutput() in Python 2 code
- semanage: Add auditing of changes in records
- Remove unused 'q' from semodule getopt string
- Fix typos in semanage manpages
- Fix the documentation of -l,--list for semodule
- Minor fix in a French translation
- Fix the extract example in semodule.8
- Update sandbox.8 man page
- Remove typos from chcat --help
- sepolgen: Remove additional files when cleaning
initscripts package is being slowly removed so fedora-autorelabel
utility and systemd unit files need a new home.
At the same time, "fedora-" prefix is changed to general "selinux-".
/lib/systemd/fedora-autorelabel -> /usr/libexec/selinux/selinux-autorelabel
fedora-autorelabel.service -> selinux-autorelabel.service
fedora-autorelabel-mark.service -> selinux-autorelabel-mark.service
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1328825
Fixes:
# semanage boolean -m --on polyinstantiation_enabled
ValueError: Boolean polyinstantiation_enabled is not defined
# semanage login -a -s staff_u -r s0-s0:c0.c1023 yeti
libsemanage.dbase_llist_query: could not query record value (No such
file or directory).
FileNotFoundError: [Errno 2] No such file or directory
- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
- The functionality of audit2allow which was disabled in the previous
commit should be available again
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
FIXME: some functionality of audit2allow was temporarily disabled until sepolicy is
ported to python 3
commit 2ff279e21e4715ac49e094b5fae8bc8e84b9e417 ("policycoreutils:
semanage: update to new source policy infrastructure") introduced
new methods for enabling/disabling modules but failed to update
the deleteall method of class moduleRecords to use the new method.
The deleteall method was introduced by commit
3dafb1046d847783f1e761535925ea79d69d3305 ("Add deleteall customizations
field for modules.") as a way to re-enable all locally disabled modules.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
fedora-selinux/selinux.git:
ab77906ea96a10bcbefee06ab7d32af853d4cf33
adffc5e277f5c5a99771439f793b7aa91be59f31
Conflict with selinux-policy causes deadlocks in buildroots when
there's no selinux-policy available. selinux-policy-base is provided by
targeted, mls and minimum subpackages which are not installed to
buildroots.
- add make-rhat-patches.sh script which creates policycoreutils-rhat.patch and sepolgen-rhat.patch patches
- use source files from https://github.com/SELinuxProject/selinux/wiki/Releases
- extract sources to selinux/ directory and build them there
Create -rhat patches from
c83f4d17e7
- Add support for Fedora22 man pages. We need to fix it to not using hardcoding.
- Print usage for all mutually exclusive options.
- Fix selinux man page to refer seinfo and sesearch tools.
* If there is no executable we don't want to print a part of STANDARD FILE CON
* Add-manpages-for-typealiased-types
* Make fixfiles_exclude_dirs working if there is a substituion for the given d
* If there is no executable we don't want to print a part of STANDARD FILE CON
* Add-manpages-for-typealiased-types
* Make fixfiles_exclude_dirs working if there is a substituion for the given d
* Add -P semodule option to man page from Dan Walsh.
* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
* Add new icons for sepolicy gui from Dan Walsh.
* Only return writeable files that are enabled from Dan Walsh.
* Add domain to short list of domains, when -t and -d from Dan Walsh.
* Fix up desktop files to match current standards from Dan Walsh.
* Add support to return sensitivities and categories for python from Dan Walsh.
* Cleanup whitespace from Dan Walsh.
* Add message to tell user to install sandbox policy from Dan Walsh.
* Add systemd unit file for mcstrans from Laurent Bigonville.
* Improve restorecond systemd unit file from Laurent Bigonville.
* Minor man pages improvements from Laurent Bigonville.
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
- Add patches for sepolicy gui from mgrepl to
Fix advanced_item_button_push() to allow to select an application in advanced search menu
Fix previously_modified_initialize() to show modified changes properly for all selections
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
- Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate
- Clean up ports screen to only show enabled ports.
- Update to upstream
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
- Clean up ports screen to only show enabled ports.
- Update to upstream
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
* Properly build the swig exception file from Laurent Bigonville.
* Fix man pages from Laurent Bigonville.
* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
* Fix LDFLAGS usage from Laurent Bigonville.
* Fix init_policy warning from Laurent Bigonville.
* Fix semanage logging from Laurent Bigonville.
* Open newrole stdin as read/write from Sven Vermeulen.
* Fix sepolicy transition from Sven Vermeulen.
* Support overriding CFLAGS from Simon Ruderich.
* Create correct man directory for run_init from Russell Coker.
* restorecon GLOB_BRACE change from Michal Trunecka.
* Extend audit2why to report additional constraint information.
* Catch IOError errors within audit2allow from Dan Walsh.
* semanage export/import fixes from Dan Walsh.
* Improve setfiles progress reporting from Dan Walsh.
* Document setfiles -o option in usage from Dan Walsh.
* Change setfiles to always return -1 on failure from Dan Walsh.
* Improve setsebool error r eporting from Dan Walsh.
* Major overhaul of gui from Dan Walsh.
* Fix sepolicy handling of non-MLS policy from Dan Walsh.
* Support returning type aliases from Dan Walsh.
* Add sepolicy tests from Dan Walsh.
* Add org.selinux.config.policy from Dan Walsh.
* Improve range and user input checking by semanage from Dan Walsh.
* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
* Allow use of <<none>> for semanage fcontext from Dan Walsh.
* Report customized user levels from Dan Walsh.
* Support deleteall for restoring disabled modules from Dan Walsh.
* Improve semanage error reporting from Dan Walsh.
* Only list disabled modules for module locallist from Dan Walsh.
* Fix logging from Dan Walsh.
* Define new constants for file type character codes from Dan Walsh.
* Improve bash completions from Dan Walsh.
* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
* Add semanage tests from Dan Walsh.
* Split semanage man pages from Dan Walsh.
* Move bash completion scripts from Dan Walsh.
* Replace genhomedircon script with a link to semodule from Dan Walsh.
* Fix fixfiles from Dan Walsh.
* Add support for systemd service for restorecon from Dan Walsh.
* Spelling corrections from Dan Walsh.
* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
* Switch sandbox to openbox window manager from Dan Walsh.
* Coalesce audit2why and audit2allow from Dan Walsh.
* Change audit2allow to append to output file from Dan Walsh.
* Update translations from Dan Walsh.
* Change audit2why to use selinux_current_policy_path from Dan Walsh.
- Add more help information
- Cleanup code
- Add deny_ptrace on lockdown screen
- Make unconfined/permissivedomains lockdown work
- Add more support for file equivalency
- Update translations
- Fix sepolicy generate --admin_user man page again
- Fix setsebool to print less verbose error messages by default, add -V for ve