Commit Graph

724 Commits

Author SHA1 Message Date
Dan Walsh
b91e98e2c2 Update to upstream
policycoreutils-2.1.6
	* sepolgen-ifgen: new attr-helper does something
	* audit2allow: use alternate policy file
	* audit2allow: sepolgen-ifgen use the attr helper
	* setfiles: switch from stat to stat64
	* setfiles: Fix potential crash using dereferenced ftsent
	* setfiles: do not wrap * output at 80 characters
	* sandbox: add -Wall and -Werror to makefile
	* sandbox: add sandbox cgroup support
	* sandbox: rewrite /tmp handling
	* sandbox: do not bind mount so much
	* sandbox: add level based kill option
	* sandbox: cntrl-c should kill entire process control group
	* Create a new preserve_tunables flag in sepol_handle_t.
	* semanage: show running and disk setting for booleans
	* semanage: Dont print heading if no items selected
	* sepolgen: audit2allow is mistakakenly not allowing valid module names
	* semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled
	* More files to ignore
	* tree: default make target to all not install
	* sandbox: do not load unused generic init functions
sepolgen-1.1.2
	* src: sepolgen: add attribute storing infrastructure
	* Change perm-map and add open to try to get better results on
	* look for booleans that might solve problems
	* sepolgen: audit2allow is mistakakenly not allowing valid module names
	* tree: default make target to all not install
2011-09-19 07:40:39 -04:00
Dan Walsh
64a1a56e71 Change separator on -L from ; to : 2011-09-14 22:08:19 -04:00
Dan Walsh
2d6eafee19 Add back lockdown wizard for booleans using pywebkitgtk 2011-09-08 09:47:43 -04:00
Dan Walsh
78175de296 Maintain the LANG environment Variable into the sandbox
Change restorecon/setfiles to only change type part of the context unless
f qualifier is given
2011-09-07 14:23:19 -04:00
Dan Walsh
04b2851781 Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
2011-09-02 09:24:40 -04:00
Dan Walsh
42466e2b7e Update to upstream
* policycoreutils
	* setfiles: Fix process_glob to handle error situations
	* sandbox: Allow seunshare to run as root
	* sandbox: trap sigterm to make sure sandbox
	* sandbox: pass DPI from the desktop
	* sandbox: seunshare: introduce helper spawn_command
	* sandbox: seunshare: introduce new filesystem helpers
	* sandbox: add -C option to not drop
	* sandbox: split seunshare caps dropping
	* sandbox: use dbus-launch
	* sandbox: numerous simple updates to sandbox
	* sandbox: do not require selinux context
	* sandbox: Makefile: new man pages
	* sandbox: rename dir to srcdir
	* sandbox: allow users specify sandbox window size
	* sandbox: check for paths up front
	* sandbox: use defined values for paths rather
	* sandbox: move seunshare globals to the top
	* sandbox: whitespace fix
	* semodule_package: Add semodule_unpackage executable
	* setfiles: get rid of some stupid globals
	* setfiles: move exclude_non_seclabel_mounts to a generic location
* sepolgen
	* refparser: include open among valid permissions
	* refparser: add support for filename_trans rules
2011-08-30 16:32:33 -04:00
Dan Walsh
8b0727dc56 Fix bug in glob handling for restorecon 2011-08-23 17:13:19 -04:00
Dan Walsh
831d6fd46c Update to upstream
2.1.4 2011-08-17
	* run_init: clarification of the usage in the
	* semanage: fix usage header around booleans
	* semanage: remove useless empty lines
	* semanage: update man page with new examples
	* semanage: update usage text
	* semanage: introduce file context equivalencies
	* semanage: enable and disable modules
	* semanage: output all local modifications
	* semanage: introduce extraction of local configuration
	* semanage: cleanup error on invalid operation
	* semanage: handle being called with no arguments
	* semanage: return sooner to save CPU time
	* semanage: surround getopt with try/except
	* semanage: use define/raise instead of lots of
	* semanage: some options are only valid for
	* semanage: introduce better deleteall support
	* semanage: do not allow spaces in file
	* semanage: distinguish between builtin and local permissive
	* semanage: centralized ip node handling
	* setfiles: make the restore function exclude() non-static
	* setfiles: use glob to handle ~ and
	* fixfiles: do not hard code types
	* fixfiles: stop trying to be smart about
	* fixfiles: use new kernel seclabel option
	* fixfiles: pipe everything to cat before sending
	* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
	* semodule: support for alternative root paths
2011-08-18 07:23:59 -04:00
Dan Walsh
a648c6f239 Change seunshare to send kill signals to the childs session.
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:53:37 -04:00
Dan Walsh
af0f4926da Change seunshare to send kill signals to the childs session.
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:37:24 -04:00
Dan Walsh
8dbd4d49f6 dd new restorecond service 2011-07-05 17:18:12 -04:00
Dan Walsh
759501823b Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped.
Change --cgroups short name -c rather then -C for consistancy
Fix memory and fd leaks in seunshare
2011-07-05 16:51:18 -04:00
Dan Walsh
173e9f90db Do not drop capability bounding set in seunshare, this allows sandbox to
run setuid apps.
2011-06-13 13:37:04 -04:00
Dan Walsh
299d98087e Remove mount -o bind calls from sandbox init script
pam_namespace now has this built in.
2011-06-07 13:58:41 -04:00
Dan Walsh
dc86b007cf Pass desktop dpi to sandbox Xephyr window 2011-06-07 08:37:18 -04:00
Dan Walsh
c2ef4a0bea Allow semodule to pick alternate root for selinux files
Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
2011-06-06 13:01:14 -04:00
Dan Walsh
4a56398540 Apply patches from Christoph A.
* fix sandbox title
* stop xephyr from li
Also ignore errors on sandbox include of directory missing files
2011-04-22 07:06:23 -04:00
Dan Walsh
588030fc2c Change fixfiles restore to delete unlabeled sockets in /tmp 2011-04-18 13:18:18 -04:00
Dan Walsh
61f1bc2068 Change fixfiles restore to delete unlabeled sockets in /tmp 2011-04-18 12:47:15 -04:00
Dan Walsh
9f65a26864 Update to upstream
* Use correct color range in mcstrand by Richard Haines.
2011-04-13 16:52:53 -04:00
Dan Walsh
1da0399e25 rsynccmd should run outside of execcon 2011-03-30 14:42:36 -04:00
Dan Walsh
be38aa471e Rewrite seunshare to make sure /tmp is mounted stickybit owned by root 2011-03-03 13:35:37 -05:00
Dan Walsh
433953b033 - Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
- Cleanup chcat man page
2011-02-03 16:15:43 -05:00
Dan Walsh
331e9ad06d - Report full errors on OSError on Sandbox 2011-02-02 13:34:22 -05:00
Dan Walsh
e764b2d2b6 - Fix newrole hanlding of pcap 2011-01-21 15:11:31 -05:00
Dan Walsh
971f278f98 - Have restorecond watch more directories in homedir 2011-01-19 16:45:53 -05:00
Dan Walsh
12eb5b45f4 - Fix proper handling of getopt errors
- Do not allow modules names to contain spaces
2011-01-10 14:39:21 -05:00
Dan Walsh
c76dc0c642 - Polgengui raises the wrong type of exception. #471078
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
2011-01-06 14:38:19 -05:00
Dan Walsh
448a84b06a - Polgengui raises the wrong type of exception. #471078
- Change semanage to not allow it to semanage module -D
2011-01-04 17:23:27 -05:00
Dan Walsh
18119ffd24 - Fix restorecond watching utmp file for people logging in our out 2010-12-22 14:38:46 -05:00
Dan Walsh
a548207cc4 - Change to allow sandbox to run on nfs homedirs, add start python script 2010-12-21 16:20:01 -05:00
Dan Walsh
8937a040d8 - Change to allow sandbox to run on nfs homedirs, add start python script 2010-12-15 16:47:38 -05:00
Dan Walsh
6c80e8dc19 - Fix sandbox to show correct types in usage statement 2010-11-30 12:09:48 -05:00
Dan Walsh
8c1d9b0f48 - Stop fixfiles from complaining about missing dirs 2010-11-29 10:14:39 -05:00
Dan Walsh
63fda8aa74 - Update to upstream
- List types available for sandbox in usage statement
2010-11-24 13:44:58 -05:00
Dan Walsh
f0e85a70d6 - Update to upstream
- List types available for sandbox in usage statement
2010-11-24 13:41:52 -05:00
Dan Walsh
b9b7f4161c - Fix up problems pointed out by solar designer on dropping capabilities 2010-11-08 15:12:25 -05:00
Dan Walsh
d7e1c238f4 - Check if you have full privs and reset otherwise dont drop caps 2010-11-01 16:21:00 -04:00
Dan Walsh
cdcc4526b7 - Fix setools require line 2010-11-01 09:50:12 -04:00
Dan Walsh
622bb69d77 - Move /etc/pam.d/newrole in to polcicycoreutils-newrole
- Additiona capability  checking in sepolgen
2010-10-29 09:39:03 -04:00
Dan Walsh
9852e61813 - Remove setuid flag and replace with file capabilities
- Fix sandbox handling of files with spaces in them
2010-10-25 17:25:34 -04:00
Dan Walsh
cccd96b8cf - Move restorecond into its own subpackage 2010-09-23 16:23:05 -04:00
Dan Walsh
e500ad80f0 * Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
- Update selinux-polgengui to sepolgen policy generation
2010-07-30 11:19:53 -04:00
Daniel J Walsh
1eab65cee2 * Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-6
- Fix sandbox man page
2010-07-26 15:33:31 +00:00
Daniel J Walsh
d6510fbca2 * Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-4
- Add translations for menus
- Fixup man page from Russell Coker
2010-07-20 13:18:18 +00:00
Daniel J Walsh
614ca03ae7 * Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-3
- Change python scripts to use -s flag
- Update po
2010-07-13 17:32:51 +00:00
Daniel J Walsh
73342918cd * Tue Jun 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-30
- Add cgroup support for sandbox
2010-06-08 19:13:40 +00:00
Daniel J Walsh
70b2ff10d0 * Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-28
- Fix sandbox init script
- Add dbus-launch to sandbox -X
Resolve: #599599
2010-06-03 21:14:18 +00:00
Daniel J Walsh
85a18e3dcc * Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-27
- Move genhomedircon.8 to same package as genhomedircon
- Fix sandbox to pass unit test
Resolves: #595796
2010-06-03 15:04:49 +00:00
Daniel J Walsh
829762e693 * Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
- Man page fixes
- sandbox fixes
Resolves: #595796
- Move seunshare to base package
2010-05-27 21:23:08 +00:00
Daniel J Walsh
be45950990 * Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
- Update to upstream
	* Fix double-free in newrole
- Fix python language handling
2010-02-16 21:35:16 +00:00
Daniel J Walsh
fc6c93ebeb * Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
- Update to upstream
	* Fix double-free in newrole
2010-02-16 19:49:37 +00:00
Daniel J Walsh
8fd9d71264 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
2010-02-11 22:13:39 +00:00
Daniel J Walsh
fce031b620 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
2010-02-11 21:56:38 +00:00
Daniel J Walsh
ee3649bda5 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
2010-02-11 18:24:55 +00:00
Daniel J Walsh
e7737e34ea * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-19
- Fix seobject and fixfiles
2010-02-03 20:24:35 +00:00
Daniel J Walsh
c8f4893a95 * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-18
- Fix seobject and fixfiles
2010-02-03 16:42:37 +00:00
Daniel J Walsh
35da894f0e * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-18
- Fix seobject and fixfiles
2010-02-03 16:42:35 +00:00
Daniel J Walsh
db71b70994 * Fri Jan 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-17
- Change seobject to use translations properly
2010-02-01 14:40:42 +00:00
Daniel J Walsh
dd674534b4 * Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
2010-01-27 21:52:27 +00:00
Daniel J Walsh
a02089d628 * Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati
2010-01-19 17:25:36 +00:00
Daniel J Walsh
54e6651778 * Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati
2010-01-14 21:34:51 +00:00
Daniel J Walsh
6c22c6b1f6 * Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-9
- Add -e to semanage man page
- Add -D qualifier to audit2allow to generate dontaudit rules
2010-01-08 14:37:32 +00:00
Daniel J Walsh
29b74ccd7d * Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
- Fixes to sandbox man page
2009-12-21 21:56:27 +00:00
Daniel J Walsh
a1bf0daa6c * Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
- If restorecond running as a user has no files to watch then it should exit.  (NFS Homedirs)
2009-12-16 13:21:49 +00:00
Daniel J Walsh
79944fd474 * Tue Dec 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-3
- Fix audit2allow to report constraints, dontaudits, types, booleans
2009-12-09 21:33:50 +00:00
Daniel J Walsh
3fbc112632 * Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-1
- Update to upstream
	* Remove non-working OUTFILE from fixfiles from Dan Walsh.
	* Additional exception handling in chcat from Dan Walsh.
2009-12-01 21:17:45 +00:00
Daniel J Walsh
f3a1cbae2a * Tue Nov 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.77-1
- Update to upstream
	* Fixed bug preventing semanage node -a from working
	  from Chad Sellers
	* Fixed bug preventing semanage fcontext -l from working
	  from Chad Sellers
- Change semanage to use unicode
2009-11-24 15:30:53 +00:00
Daniel J Walsh
e973847bf6 * Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
- Update to upstream
	* Remove setrans management from semanage, as it does not work
	  from Dan Walsh.
	* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
2009-11-18 22:20:42 +00:00
Daniel J Walsh
4e4a82e887 * Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
- Raise exception if user tries to add file context with an embedded space
2009-11-16 21:54:45 +00:00
Daniel J Walsh
a1e42cb153 * Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
- Fix sandbox to setsid so it can run under mozilla without crashing the session
2009-11-11 21:56:23 +00:00
Daniel J Walsh
942b683f29 * Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
- Update to upstream
	* Factor out restoring logic from setfiles.c into restore.c
2009-11-09 21:12:58 +00:00
Daniel J Walsh
44bb682976 * Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
- Fix typo in seobject.py
2009-11-02 16:40:00 +00:00
Daniel J Walsh
8cf3bcfdee * Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-14
- Allow semanage -i and semanage -o to generate customization files.
- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
2009-10-30 21:01:42 +00:00
Daniel J Walsh
fd3c8c94ea * Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-9
- Move fixfiles man pages into the correct package
- Add genhomedircon to fixfiles restore
2009-10-14 14:47:50 +00:00
Daniel J Walsh
ac48b0b34b * Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
- Add check to sandbox to verify save changes - Chris Pardy
- Fix memory leak in restorecond - Steve Grubb
2009-10-06 16:09:52 +00:00
Daniel J Walsh
678a86d335 * Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-7
- Fixes Templates
2009-10-01 16:04:13 +00:00
Daniel J Walsh
f466aa0b3b * Wed Sep 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-5
- Fixes for semanage -equiv, readded modules, --enable, --disable
2009-09-30 15:37:12 +00:00
Daniel J Walsh
6c27d724c5 * Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-4
- Close sandbox when eclipse exits
2009-09-21 13:54:02 +00:00
Daniel J Walsh
425e7d2796 * Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
- Security fixes for seunshare
- Fix Sandbox to handle non file input to command.
2009-09-19 01:40:53 +00:00
Daniel J Walsh
b98d816316 * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
- Security fixes for seunshare
2009-09-17 19:19:53 +00:00
Daniel J Walsh
26d020dedb * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-1
- Update to upstream
	* Change semodule upgrade behavior to install even if the module
	  is not present from Dan Walsh.
	* Make setfiles label if selinux is disabled and a seclabel aware
	  kernel is running from Caleb Case.
	* Clarify forkpty() error message in run_init from Manoj Srivastava.
2009-09-17 13:07:45 +00:00
Daniel J Walsh
1696e8f7d1 * Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-5
- Fix sandbox to handle relative paths
2009-09-16 19:48:49 +00:00
Daniel J Walsh
f109f0076e * Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-3
- Fix restorecond script to use force-reload
2009-09-14 19:39:09 +00:00
Daniel J Walsh
b87b8212fa * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-2
- Fix init script to show status in usage message
2009-09-09 21:07:24 +00:00
Daniel J Walsh
fc20c42a12 * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-2
- Fix init script to show status in usage message
2009-09-09 17:04:51 +00:00
Daniel J Walsh
7ae4fd64fa * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-1
- Update to upstream
        * Add semanage dontaudit to turn off dontaudits from Dan Walsh.
        * Fix semanage to set correct mode for setrans file from Dan Walsh.
        * Fix malformed dictionary in portRecord from Dan Walsh.
	* Restore symlink handling support to restorecon based on a patch by
	Martin Orr.  This fixes the restorecon /dev/stdin performed by Debian
	udev scripts that was broken by policycoreutils 2.0.70.
2009-09-08 14:15:50 +00:00
Daniel J Walsh
7b3ab100a9 * Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
- Add enable/disable patch
2009-08-28 18:18:46 +00:00
Daniel J Walsh
a39af4db38 * Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-12
- Tighten up controls on seunshare.c
2009-08-26 21:52:30 +00:00
Daniel J Walsh
349a457593 * Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-11
- Add sandboxX
2009-08-26 18:05:32 +00:00
Daniel J Walsh
4b8a9749e9 * Sat Aug 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-10
- Fix realpath usage to only happen on argv input from user
2009-08-22 12:08:34 +00:00
Daniel J Walsh
4bf248f359 * Thu Aug 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-7
- Fix glob handling of /..
2009-08-20 19:51:45 +00:00
Daniel J Walsh
3f2af1bab0 * Thu Aug 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-7
- Fix glob handling of /..
2009-08-20 19:05:30 +00:00
Daniel J Walsh
c14fb87560 * Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-6
- Redesign restorecond to use setfiles/restore functionality
2009-08-19 20:38:19 +00:00
Daniel J Walsh
8c640c000d * Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-6
- Redesign restorecond to use setfiles/restore functionality
2009-08-19 20:25:21 +00:00
Daniel J Walsh
e96c403a63 * Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4
- Add --boot flag to audit2allow to get all AVC messages since last boot
2009-08-18 19:25:04 +00:00
Daniel J Walsh
2b1f1bd524 * Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-3
- Fix semanage command
2009-08-18 12:32:44 +00:00
Daniel J Walsh
afa7adf27e * Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-1
- Fix chcat to report error on non existing file
- Update to upstream
	* Modify setfiles/restorecon checking of exclude paths.  Only check
	user-supplied exclude paths (not automatically generated ones based on
	lack of seclabel support), don't require them to be directories, and
	ignore permission denied errors on them (it is ok to exclude a path to
	which the caller lacks permission).
2009-08-13 15:51:51 +00:00
Daniel J Walsh
f23e0fcdf3 * Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 2.0.70-2
- Don't warn if the user did not specify the exclude if root can not stat file system
2009-08-10 15:26:43 +00:00
Daniel J Walsh
886ea9345c * Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.70-1
- Update to upstream
	* Modify restorecon to only call realpath() on user-supplied pathnames
	from Stephen Smalley.
	* Fix typo in fixfiles that prevented it from relabeling btrfs
	  filesystems from Dan Walsh.
2009-08-05 19:27:53 +00:00
Daniel J Walsh
d03de9fdcd * Sun Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
- Fix location of man pages
- Update to upstream
	* Modify setfiles to exclude mounts without seclabel option in
	/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
	* Re-enable disable_dontaudit rules upon semodule -B from Christopher
	Pardy and Dan Walsh.
	* setfiles converted to fts from Thomas Liu.
2009-07-29 13:43:53 +00:00
Daniel J Walsh
2cc7fbfc2e * Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.64-1
- Update to upstream
	* Keep setfiles from spamming console from Dan Walsh.
	* Fix chcat's category expansion for users from Dan Walsh.
- Update po files
- Fix sepolgen
2009-06-26 19:02:05 +00:00
Daniel J Walsh
b30ac013f1 * Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4
- Fix Sandbox option handling
- Fix fixfiles handling of btrfs
2009-06-01 10:43:27 +00:00
Daniel J Walsh
61c2d77e4e * Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-3
- Fix sandbox to be able to execute files in homedir
2009-05-26 16:58:40 +00:00
Daniel J Walsh
7d0ef81ff4 * Wed May 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-1
- Update to upstream
	* Fix transaction checking from Dan Walsh.
	* Make fixfiles -R (for rpm) recursive.
	* Make semanage permissive clean up after itself from Dan Walsh.
	* add /root/.ssh/* to restorecond.conf
2009-05-22 18:00:00 +00:00
Daniel J Walsh
e265547be3 * Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages
2009-05-12 19:32:47 +00:00
Daniel J Walsh
43016e2233 * Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages
2009-05-05 19:50:40 +00:00
Daniel J Walsh
b61040e0cd * Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages
2009-05-05 18:51:52 +00:00
Daniel J Walsh
20fb912a16 * Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-11
- Add semanage module support
2009-04-16 18:53:29 +00:00
Daniel J Walsh
cdfce15287 * Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
- Do not print \n, if count < 1000;
2009-04-14 13:40:09 +00:00
Daniel J Walsh
a8ac23f196 * Sat Apr 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-9
- Handle case where subs file does not exist
2009-04-11 12:22:23 +00:00
Daniel J Walsh
28aeded808 * Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-8
- Update po files
- Add --equiv command for semanage
2009-04-09 02:05:21 +00:00
Daniel J Walsh
e5ab0eb59c * Tue Mar 31 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-7
- Cleanup creation of permissive domains
- Update po files
2009-03-31 12:56:45 +00:00
Daniel J Walsh
28777e87d2 * Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-5
- Fix semanage transations
2009-03-12 13:30:38 +00:00
Daniel J Walsh
3a53f1bcb5 * Mon Feb 23 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-2
- Add /root/.ssh to restorecond.conf
- fixfiles -R package should recursively fix files
2009-02-23 16:34:14 +00:00
Daniel J Walsh
badeadc2fc * Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-1
- Update to upstream
	* Add btrfs to fixfiles from Dan Walsh.
	* Remove restorecond error for matching globs with multiple hard links
 	  and fix some error messages from Dan Walsh.
	* Make removing a non-existant module a warning rather than an error
	  from Dan Walsh.
	* Man page fixes from Dan Walsh.
2009-02-18 21:54:32 +00:00
Daniel J Walsh
fdaed91e49 * Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7
- Dont report errors on glob match and multiple links
2009-01-30 16:35:12 +00:00
Daniel J Walsh
114d182b28 * Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1
- Update to upstream
	* chcat: cut categories at arbitrary point (25) from Dan Walsh
	* semodule: use new interfaces in libsemanage for compressed files
	  from Dan Walsh
	* audit2allow: string changes for usage
2009-01-13 14:01:10 +00:00
Daniel J Walsh
e2044195fe * Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.60-7
- Don't error out when removing a non existing module
2009-01-06 14:12:27 +00:00
Daniel J Walsh
55a7005067 * Mon Dec 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-6
- fix audit2allow man page
2009-01-04 19:46:52 +00:00
Daniel J Walsh
f4379014a9 * Tue Dec 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-2
- Fix error checking in restorecond, for inotify_add_watch
2008-12-02 13:37:45 +00:00
Daniel J Walsh
461604839c * Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-1
- Update to upstream
	* semanage: use semanage_mls_enabled() from Stephen Smalley.
2008-12-01 16:49:49 +00:00
Daniel J Walsh
127ce1fef4 * Tue Nov 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.59-1
- Update to upstream
	* fcontext add checked local records twice, fix from Dan Walsh.
2008-11-11 21:18:08 +00:00
Daniel J Walsh
69a016d597 * Fri Nov 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
- add compression
2008-11-07 15:01:06 +00:00
Daniel J Walsh
acb7809eb8 * Thu Oct 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-10
- Fix traceback in audit2why
2008-10-30 18:23:59 +00:00
Daniel J Walsh
ac45055c8c * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-8
- Fix typo in man page
2008-10-29 13:46:43 +00:00
Daniel J Walsh
6389ce25ff * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
- Add usermode-gtk requires
2008-10-28 19:54:05 +00:00
Daniel J Walsh
3f2ca56c60 * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
- Add usermode-gtk requires
2008-10-27 14:11:34 +00:00
Daniel J Walsh
1fd30f90e9 * Tue Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
- Allow addition of local modifications of fcontext policy.
2008-10-23 17:17:24 +00:00
Daniel J Walsh
20b4a0e287 * Mon Oct 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-4
- Fix system-config-selinux booleanspage throwing and exception
- Update po files
2008-10-20 20:11:49 +00:00
Daniel J Walsh
26e1328daf * Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-3
- Fix text in newrole
- Fix revertbutton on booleans page in system-config-selinux
2008-10-17 22:05:43 +00:00
Daniel J Walsh
9bb9beca12 * Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-1
- Update to upstream
	* Update po files from Dan Walsh.
2008-10-06 19:05:59 +00:00
Daniel J Walsh
2cfc77b157 * Fri Sep 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.56-1
- Fix semanage help display
- Update to upstream
	* fixfiles will now remove all files in /tmp and will check for
	  unlabeled_t in /tmp and /var/tmp from Dan Walsh.
	* add glob support to restorecond from Dan Walsh.
	* allow semanage to handle multi-line commands in a single transaction
	  from Dan Walsh.
2008-09-12 15:58:45 +00:00
Daniel J Walsh
77ffddfa2c * Fri Sep 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-9
- Fix semanage help display
2008-09-12 15:45:19 +00:00
Daniel J Walsh
9f10e60d0d * Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-5
- Add node support to semanage
2008-09-08 21:03:49 +00:00
Daniel J Walsh
f015700775 * Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-4
- Fix fixfiles to correct unlabeled_t files and remove .? files
2008-09-08 18:09:36 +00:00
Daniel J Walsh
ac5ad8648b * Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-3
- Fix fixfiles to correct unlabeled_t files and remove .? files
2008-09-08 17:47:59 +00:00
Daniel J Walsh
8b3cb0f67c * Wed Sep 3 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-2
- Add glob support to restorecond so it can check every file in the homedir
2008-09-03 21:46:03 +00:00
Daniel J Walsh
2a4d967daa * Thu Aug 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-1
- Update to upstream
	* Merged semanage node support from Christian Kuester.
2008-08-29 19:05:21 +00:00
Daniel J Walsh
51c06b5513 * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-5
- Fixes for multiple transactions
2008-08-08 21:04:55 +00:00
Daniel J Walsh
b0592a727f * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-4
- Fixes for multiple transactions
2008-08-07 20:04:12 +00:00
Daniel J Walsh
c7da14e85c * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-3
- Fixes for multiple transactions
2008-08-07 12:21:01 +00:00
Daniel J Walsh
875701c42a * Wed Aug 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-2
- Allow multiple transactions in one semanage command
2008-08-06 22:11:40 +00:00
Daniel J Walsh
67e7928a28 Fix up patch 2008-08-05 14:32:31 +00:00
Daniel J Walsh
14f807a094 * Tue Aug 5 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-1
- Update to upstream
	* Add support for boolean files and group support for seusers from Dan Walsh.
	* Ensure that setfiles -p output is newline terminated from Russell Coker.
2008-08-05 14:18:33 +00:00
Daniel J Walsh
0fdc47a89f * Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.53-1
- Update to upstream
	* Change setfiles to validate all file_contexts files when using -c from Stephen Smalley.
2008-07-29 18:06:14 +00:00
Daniel J Walsh
1e4d97ba6c * Tue Jul 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-6
- Fix boolean handling
- Upgrade to latest sepolgen
- Update po patch
2008-07-29 13:30:54 +00:00
Daniel J Walsh
1c5205b81f * Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-5
- Additial cleanup of boolean handling for semanage
2008-07-10 13:40:20 +00:00
Daniel J Walsh
794090192b * Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-5
- Additial cleanup of boolean handling for semanage
2008-07-09 13:04:58 +00:00
Daniel J Walsh
b54c5a833b * Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-3
- Fix indent problems in seobject
2008-07-08 12:58:55 +00:00
Daniel J Walsh
df8efb5fb3 * Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-2
- Add lockdown wizard
- Allow semanage booleans to take an input file an process lots of booleans at once.
2008-07-03 17:25:34 +00:00
Daniel J Walsh
c66a0ee3f8 * Wed Jul 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.52-1
- Default prefix to "user"
2008-07-02 21:22:58 +00:00
Daniel J Walsh
8ac1404c6b * Tue Jul 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-2
- Remove semodule use within semanage
2008-07-02 00:52:32 +00:00
Daniel J Walsh
ad9ae902cf Updated seobject.py 2008-07-01 13:44:20 +00:00
Daniel J Walsh
adf7360bca * Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
- Update to upstream
	* Fix audit2allow generation of role-type rules from Karl MacMillan.
2008-06-30 20:51:23 +00:00
Daniel J Walsh
d21474fea3 * Mon Jun 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.50-1
- Update to upstream
	* Fix audit2allow generation of role-type rules from Karl MacMillan.
2008-06-30 15:52:24 +00:00
Daniel J Walsh
9236954d7c * Mon Jun 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-8
- Fix sepolgen/audit2allow handling of roles
2008-06-23 11:09:58 +00:00
Daniel J Walsh
559a178835 * Thu Jun 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-6
- Add deleteall to semanage permissive, cleanup error handling
2008-06-12 18:35:22 +00:00
Daniel J Walsh
69499e5535 * Wed Jun 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-4
- Add semanage permissive *
* Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-3
- Fix fixfiles to cleanup /tmp and /var/tmp
2008-06-11 20:20:15 +00:00
Daniel J Walsh
6ead03f02f * Fri May 16 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-3
- Fix fixfiles to cleanup /tmp and /var/tmp
2008-05-22 18:05:56 +00:00
Daniel J Walsh
6c5a205c34 * Mon May 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.49-1
- Update to upstream
	* Remove security_check_context calls for prefix validation from semanage.
	* Change setfiles and restorecon to not relabel if the file already has the correct context value even if -F/force is specified.
2008-05-16 15:16:20 +00:00
Daniel J Walsh
d8a7e13fd5 *** empty log message *** 2008-05-08 20:30:22 +00:00
Daniel J Walsh
26821691ec *** empty log message *** 2008-05-07 15:13:49 +00:00
Daniel J Walsh
2219648009 *** empty log message *** 2008-05-07 11:38:31 +00:00
Daniel J Walsh
c22424dd48 * Sun Apr 6 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-3
- Fix boolean descriptions
- Fix semanage man page
2008-04-08 13:54:34 +00:00
Daniel J Walsh
1f4b8a30fb * Wed Mar 19 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-2
- Don't use prefix in gui
2008-03-20 12:43:37 +00:00
Daniel J Walsh
7d1caca617 * Tue Mar 18 2008 Dan Walsh <dwalsh@redhat.com> 2.0.46-1
- Update to upstream
	* Update audit2allow to report dontaudit cases from Dan Walsh.
	* Fix semanage port to use --proto from Caleb Case.
2008-03-18 20:59:17 +00:00
Daniel J Walsh
813c122421 * Fri Feb 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
- Add messages for audit2allow DONTAUDIT
2008-02-08 19:59:45 +00:00
Daniel J Walsh
75c4c38f00 * Tue Jan 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.41-1
- Update to upstream
	* Merged audit2why fix and semanage boolean --on/--off/-1/-0 support from Dan Walsh.
	* Merged a second fixfiles -C fix from Marshall Miller.
2008-01-29 13:23:41 +00:00
Daniel J Walsh
dc637d77fd * Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.39-1
- Don't initialize audit2allow for audit2why call.  Use default
- Update to upstream
	* Merged fixfiles -C fix from Marshall Miller.
2008-01-25 16:14:52 +00:00
Daniel J Walsh
375c226ef2 * Thu Jan 24 2008 Dan Walsh <dwalsh@redhat.com> 2.0.38-1
- Update to upstream
  * Merged audit2allow cleanups and boolean descriptions from Dan Walsh.
  * Merged setfiles -0 support by Benny Amorsen via Dan Walsh.
  * Merged fixfiles fixes and support for ext4 and gfs2 from Dan Walsh.
2008-01-24 19:45:03 +00:00
Daniel J Walsh
1392cbabd2 * Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.37-1
- Update to upstream
  * Merged replacement for audit2why from Dan Walsh.
2008-01-23 22:18:29 +00:00
Daniel J Walsh
5031b9bd5a * Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.37-1
- Update to upstream
  * Merged replacement for audit2why from Dan Walsh.
2008-01-23 22:11:23 +00:00
Daniel J Walsh
f8fdb548ab * Wed Jan 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.36-1
- Update to upstream
	* Merged update to chcat, fixfiles, and semanage scripts from Dan Walsh.
2008-01-23 19:44:15 +00:00
Daniel J Walsh
138cbeabb6 * Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-5
- handle files with spaces on upgrades
2008-01-23 18:37:06 +00:00
Daniel J Walsh
1aa6d7bef2 * Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-4
- Add support in fixfiles for ext4 ext4dev and gfs2
2008-01-22 20:50:27 +00:00
Daniel J Walsh
feaf320062 * Mon Jan 21 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-3
- Allow files with spaces to be used by setfiles
2008-01-21 21:04:52 +00:00
Daniel J Walsh
b16ae3b80f * Tue Jan 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-2
- Add descriptions of booleans to audit2allow
2008-01-15 16:34:45 +00:00
Daniel J Walsh
34a3b99b21 * Fri Jan 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.35-1
- Update to upstream
	* Merged support for non-interactive newrole command invocation from Tim Reed.
2008-01-11 18:33:07 +00:00
Daniel J Walsh
7870eae9ac * Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-7
- Fix fixfiles to handle no args
2008-01-10 19:12:45 +00:00
Daniel J Walsh
d7cddef625 * Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-7
- Fix fixfiles to handle no args
2008-01-08 14:57:29 +00:00
Daniel J Walsh
856619e48c * Tue Jan 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.34-6
- Fix fixfiles to handle no args
2008-01-08 13:58:11 +00:00
Daniel J Walsh
d40cc99c51 * Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-5
- Fix roles output when creating a module
2007-12-31 19:24:10 +00:00
Daniel J Walsh
60ad59cab9 * Mon Dec 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-4
- Handle files with spaces in fixfiles
2007-12-31 16:26:02 +00:00
Daniel J Walsh
ec80e1ce63 * Fri Dec 21 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-3
- Catch SELINUX_ERR with audit2allow and generate policy
2007-12-21 07:14:11 +00:00
Daniel J Walsh
7f6f58266d * Thu Dec 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-2
- Make sepolgen set error exit code when partial failure
- audit2why now checks booleans for avc diagnosis
2007-12-20 19:24:11 +00:00
Daniel J Walsh
bac931cd73 * Tue Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.34-1
- Update to upstream
* Tue Dec 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-4
- Fix sepolgen to be able to parse Fedora 9 policy
      Handle ifelse statements
      Handle refpolicywarn inside of define
      Add init.if and inetd.if into parse
      Add parse_file to syntax error message
2007-12-19 17:55:58 +00:00
Daniel J Walsh
9ecec66343 * Mon Dec 10 2007 Dan Walsh <dwalsh@redhat.com> 2.0.33-1
- Upgrade from NSA
	* Drop verbose output on fixfiles -C from Dan Walsh.
	* Fix argument handling in fixfiles from Dan Walsh.
	* Enhance boolean support in semanage, including using the .xml description when available, from Dan Walsh.
- Fix handling of final screen in polgengui
2007-12-11 02:47:29 +00:00
Daniel J Walsh
b458bb5fd5 * Mon Nov 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-20
- Don't show error on missing policy.xml
2007-11-19 22:38:48 +00:00
Daniel J Walsh
ffb96ec3c8 * Mon Nov 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-18
- Remove codec hacking, which seems to be fixed in python
2007-11-19 18:18:08 +00:00
Daniel J Walsh
f51cda3313 * Fri Nov 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-16
- Fix fixfiles argument parsing
2007-11-16 15:56:33 +00:00
Daniel J Walsh
f5a3b73fcd * Thu Nov 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-14
- Fix semanage to handle state where policy.xml is not installed
2007-11-09 17:10:22 +00:00
Daniel J Walsh
3ac73d19b1 * Mon Nov 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-13
- Remove -v from restorecon in fixfiles
2007-11-06 19:58:41 +00:00
Daniel J Walsh
f73ca01a5e *** empty log message *** 2007-11-02 20:27:48 +00:00
Daniel J Walsh
7791fd5472 * Wed Oct 31 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-8
- Validate semanage fcontext input
- Fix template names for log files in gui
2007-10-31 10:57:59 +00:00
Daniel J Walsh
ccbc11e287 * Mon Oct 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.31-1
- Remove no.po
- Update to upstream
	* Fix semodule option handling from Dan Walsh.
	* Add deleteall support for ports and fcontexts in semanage from Dan Walsh.
2007-10-15 18:09:34 +00:00
Daniel J Walsh
105dca2943 * Sun Oct 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.29-1
- Update to upstream
	* Add genhomedircon script to invoke semodule -Bn from Dan Walsh.
- Add deleteall for ports and fcontext
2007-10-08 14:44:26 +00:00
Daniel J Walsh
6827dc2d8b * Fri Oct 5 2007 Dan Walsh <dwalsh@redhat.com> 2.0.28-1
- Update to upstream
	* Update semodule man page for -D from Dan Walsh.
	* Add boolean, locallist, deleteall, and store support to semanage from Dan Walsh.
2007-10-05 17:16:35 +00:00
Daniel J Walsh
07be4dd9c6 * Tue Oct 2 2007 Dan Walsh <dwalsh@redhat.com> 2.0.27-7
- Add genhomedircon script to rebuild file_context for shadow-utils
2007-10-04 14:30:30 +00:00
Daniel J Walsh
a33870f392 * Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.26-3
- Show local changes with semanage
2007-09-24 20:43:32 +00:00
Daniel J Walsh
d1bf9de62b * Mon Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.26-2
- Fixed spelling mistakes in booleans defs
- Update po
2007-09-24 17:45:50 +00:00
Daniel J Walsh
1452353611 * Tue Sep 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.26-1
- Update to upstream
  * Fix setfiles selabel option flag setting for 64-bit from Stephen Smalley.
2007-09-19 02:29:47 +00:00
Daniel J Walsh
32455f343f * Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.25-1
- Update semodule man page
	* Fix genhomedircon searching for USER from Todd Miller
	* Install run_init with mode 0755 from Dan Walsh.
	* Fix chcat from Dan Walsh.
	* Fix fixfiles pattern expansion and error reporting from Dan Walsh.
	* Optimize genhomedircon to compile regexes once from Dan Walsh.
	* Fix semanage gettext call from Dan Walsh.
2007-08-23 21:00:38 +00:00
Daniel J Walsh
4bf679be9e * Thu Aug 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.23-2
- Update semodule man page
2007-08-23 14:24:18 +00:00
Daniel J Walsh
0f56395076 * Mon Aug 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.23-1
- Update to match NSA
  	* Disable dontaudits via semodule -D
2007-08-21 13:02:46 +00:00
Daniel J Walsh
3de9d83f00 * Wed Aug 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-13
- Speed up genhomedircon by an order of magnitude by compiling regex
- Allow semanage fcontext -a -t <<none>> /path to work
2007-08-01 20:13:35 +00:00
Daniel J Walsh
4ecb32d9da * Wed Aug 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-13
- Speed up genhomedircon by an order of magnitude by compiling regex
- Allow semanage fcontext -a -t <<none>> /path to work
2007-08-01 20:07:58 +00:00
Daniel J Walsh
b9cac613d7 * Wed Aug 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-12
- Allow semanage fcontext -a -t <<none>> /path to work
2007-08-01 18:58:45 +00:00
Daniel J Walsh
85e2ce7e5a * Wed Aug 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-12
- Allow semanage fcontext -a -t <<none>> /path to work
2007-08-01 13:42:41 +00:00
Daniel J Walsh
4a02fad3a2 * Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-11
- Fixfiles update required to match new regex
2007-07-31 19:46:03 +00:00
Daniel J Walsh
27013450e0 * Fri Jul 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-11
- Fixfiles update required to match new regex
2007-07-31 19:39:20 +00:00
Daniel J Walsh
ce6cc5a5bd * Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-7
- Fix fixfiles to report incorrect rpm
- Patch provided by Tony Nelson
2007-07-23 14:40:24 +00:00
Daniel J Walsh
18e5e753c6 * Mon Jul 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-7
- Fix fixfiles to report incorrect rpm
- Patch provided by Tony Nelson
2007-07-23 14:31:40 +00:00
Daniel J Walsh
e0e7edadda * Fri Jul 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-6
- Clean up spec file
2007-07-20 16:09:40 +00:00
Daniel J Walsh
9c2c4da554 * Fri Jul 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-4
- Fix checking for conflicting directory specification in genhomedircon
2007-07-06 13:47:43 +00:00
Daniel J Walsh
df5eceb2a1 * Fri Jun 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.22-2
- Fix else path in chcat
2007-06-22 13:33:42 +00:00
Daniel J Walsh
a0ef77a17e * Mon Jun 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.20-1
- Update to match NSA
	* Merged genhomedircon fixes from Dan Walsh.
	* Merged setfiles -c usage fix from Dan Walsh.
	* Merged restorecon fix from Yuichi Nakamura.
	* Dropped -lsepol where no longer needed.
2007-06-11 18:44:01 +00:00
Daniel J Walsh
4efe23c541 * Mon Jun 11 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-5
- Fix translations code,  Add more filters to gui
2007-06-11 16:47:29 +00:00
Daniel J Walsh
1f766d055e * Mon Jun 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-4
- Fix setfiles -c to make it work
2007-06-04 21:46:14 +00:00
Daniel J Walsh
2b62f3a02f * Fri Jun 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-2
- Fix genhomedircon to work in stage2 builds of anaconda
2007-06-01 14:33:57 +00:00
Daniel J Walsh
6f8d76967a * Fri May 19 2007 Dan Walsh <dwalsh@redhat.com> 2.0.19-1
- Update to match NSA
2007-05-18 14:44:34 +00:00
Daniel J Walsh
5bafb36498 * Tue May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.0.16-1
- Updated version of policycoreutils
	* Merged support for modifying the prefix via semanage from Dan Walsh.
- Fixed genhomedircon to find homedirs correctly.
2007-05-04 17:30:00 +00:00
Daniel J Walsh
323af3f0d5 * Tue May 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.15-1
- Updated version of policycoreutils
	* Merged po file updates from Dan Walsh.
- Fix semanage to be able to modify prefix in user record
2007-05-01 13:44:29 +00:00
Daniel J Walsh
0652cce264 * Wed Apr 25 2007 Dan Walsh <dwalsh@redhat.com> 2.0.13-1
- Updated version of policycoreutils
	* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
	* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
	* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
2007-04-25 15:32:00 +00:00
Daniel J Walsh
1dd185bcfd * Tue Apr 24 2007 Dan Walsh <dwalsh@redhat.com> 2.0.10-1
- Updated version of policycoreutils
	* Merged chcat, fixfiles, genhomedircon, restorecond, and restorecon patches from Dan Walsh.
2007-04-24 14:44:06 +00:00
Daniel J Walsh
27712930f0 * Fri Apr 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-10
- Fix genhomedircon to handle non user_u for the default user
2007-04-20 18:01:26 +00:00
Daniel J Walsh
64fb16ae88 * Wed Apr 18 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-7
- Fix restorecon crash
2007-04-18 18:35:04 +00:00
Daniel J Walsh
8548a07e56 * Mon Apr 16 2007 Dan Walsh <dwalsh@redhat.com> 2.0.9-4
- Add -l flag to restorecon to not traverse file systems
2007-04-16 17:27:49 +00:00
Daniel J Walsh
0fad80a584 * Mon Apr 9 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-11
- Don't generate invalid context with genhomedircon
2007-04-09 20:49:19 +00:00
Daniel J Walsh
5b8c007d5a * Thu Mar 29 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-7
- Many fixes to polgengui
2007-03-29 16:16:45 +00:00
Daniel J Walsh
bb82af009d * Fri Mar 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-5
- Change location of audit2allow and sepol-ifgen to sbin
- Updated version of sepolgen
2007-03-23 12:54:17 +00:00
Daniel J Walsh
8607eefd72 * Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-3
- service restorecond status needs to set exit value correctly
2007-03-14 15:09:33 +00:00
Daniel J Walsh
7e97034f67 * Mon Mar 12 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-2
- Fix gui
2007-03-13 00:48:19 +00:00
Daniel J Walsh
aedc2f975f * Thu Mar 1 2007 Dan Walsh <dwalsh@redhat.com> 2.0.7-1
- Update to upstream
	* Merged restorecond init script LSB compliance patch from Steve Grubb.
  -sepolgen
	* Merged better matching for refpolicy style from Karl MacMillan
	* Merged support for extracting interface paramaters from interface calls from Karl MacMillan
	* Merged support for parsing USER_AVC audit messages from Karl MacMillan.
2007-03-01 22:37:59 +00:00
Daniel J Walsh
1f727605c3 * Tue Feb 27 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-3
- Update to upstream
  -sepolgen
	* Merged support for enabling parser debugging from Karl MacMillan.
- Add sgrupp cleanup of restorcon init script
2007-02-27 16:37:10 +00:00
Daniel J Walsh
d166c332ff * Mon Feb 26 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-2
- Add Bill Nottinham patch to run restorcond condrestart in postun
2007-02-26 20:30:42 +00:00
Daniel J Walsh
2b3bf6c51c * Fri Feb 23 2007 Dan Walsh <dwalsh@redhat.com> 2.0.6-1
- Update to upstream
  - policycoreutils
	* Merged newrole O_NONBLOCK fix from Linda Knippers.
	* Merged sepolgen and audit2allow patches to leave generated files
	  in the current directory from Karl MacMillan.
	* Merged restorecond memory leak fix from Steve Grubb.
  -sepolgen
	* Merged patch to leave generated files (e.g. local.te) in current directory from Karl MacMillan.
	* Merged patch to make run-tests.py use unittest.main from Karl MacMillan.
	* Merged patch to update PLY from Karl MacMillan.
	* Merged patch to update the sepolgen parser to handle the latest reference policy from Karl MacMillan.
2007-02-23 16:42:26 +00:00
Daniel J Walsh
1e9f6c8a11 * Thu Feb 22 2007 Dan Walsh <dwalsh@redhat.com> 2.0.3-1
- Update to upstream
	* Merged translations update from Dan Walsh.
	* Merged chcat fixes from Dan Walsh.
	* Merged man page fixes from Dan Walsh.
	* Merged seobject prefix validity checking from Dan Walsh.
	* Merged Makefile and refparser.py patch from Dan Walsh.
	  Fixes PYTHONLIBDIR definition and error handling on interface files.
2007-02-22 15:14:00 +00:00
Daniel J Walsh
565fe97388 * Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-3
- Updated newrole NONBlOCK patch
2007-02-20 22:00:54 +00:00
Daniel J Walsh
4215f9a636 * Tue Feb 20 2007 Dan Walsh <dwalsh@redhat.com> 2.0.2-1
- Update to upstream
	* Merged seobject exception handler fix from Caleb Case.
	* Merged setfiles memory leak patch from Todd Miller.
2007-02-20 14:57:59 +00:00
Daniel J Walsh
facaf7c767 * Thu Feb 15 2007 Dan Walsh <dwalsh@redhat.com> 2.0.1-2
- Cleanup man pages syntax
- Add sepolgen
2007-02-15 20:27:16 +00:00
Daniel J Walsh
1933b44f16 * Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
- Update to upstream
	* Merged new audit2allow from Karl MacMillan.
	  This audit2allow depends on the new sepolgen python module.
	  Note that you must run the sepolgen-ifgen tool to generate
	  the data needed by audit2allow to generate refpolicy.
	* Fixed newrole non-pam build.
- Fix Changelog and spelling error in man page
2007-02-12 15:51:38 +00:00
Daniel J Walsh
f1efb4d7ce * Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
- Update to upstream
	* Merged new audit2allow from Karl MacMillan.
	  This audit2allow depends on the new sepolgen python module.
	  Note that you must run the sepolgen-ifgen tool to generate
	  the data needed by audit2allow to generate refpolicy.
	* Fixed newrole non-pam build.
- Fix Changelog and spelling error in man page
2007-02-12 15:29:02 +00:00
Daniel J Walsh
702971bc39 * Wed Feb 7 2007 Dan Walsh <dwalsh@redhat.com> 2.0.0-1
- Update to upstream
	* Merged new audit2allow from Karl MacMillan.
	  This audit2allow depends on the new sepolgen python module.
	  Note that you must run the sepolgen-ifgen tool to generate
	  the data needed by audit2allow to generate refpolicy.
	* Fixed newrole non-pam build.
2007-02-07 21:47:33 +00:00
Daniel J Walsh
f980d990af * Thu Feb 1 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-4
- Fix audit2allow on missing translations
2007-02-01 21:17:39 +00:00
Daniel J Walsh
6164c43b6c * Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-3
- More chcat fixes
2007-01-24 20:15:03 +00:00
Daniel J Walsh
e35ae98d98 * Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-2
- Change chcat to exec semodule so file context is maintained
2007-01-24 19:42:25 +00:00
Daniel J Walsh
76e419bed5 * Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-2
- Change chcat to exec semodule so file context is maintained
2007-01-24 19:35:51 +00:00
Daniel J Walsh
a43d594198 * Wed Jan 24 2007 Dan Walsh <dwalsh@redhat.com> 1.34.1-1
- Fix system-config-selinux ports view
- Update to upstream
	* Fixed newrole non-pam build.
	* Updated version for stable branch.
2007-01-24 15:06:29 +00:00
Daniel J Walsh
a764ad3ab5 * Wed Jan 17 2007 Dan Walsh <dwalsh@redhat.com> 1.33.15-1
- Update to upstream
	* Merged unicode-to-string fix for seobject audit from Dan Walsh.
	* Merged man page updates to make "apropos selinux" work from Dan Walsh.
* Tue Jan 16 2007 Dan Walsh <dwalsh@redhat.com> 1.33.14-1
	* Merged newrole man page patch from Michael Thompson.
	* Merged patch to fix python unicode problem from Dan Walsh.
2007-01-17 16:14:32 +00:00