076f35f59b
Only call dups check within selabel/matchpathcon if you are validating the
...
context
This seems to speed the loading of labels by 4 times.
2011-06-13 11:29:06 -04:00
2c3aaeae1e
Move /selinux to /sys/fs/selinux
...
Add selinuxexeccon
Add realpath to matchpathcon to handle matchpathcon * type queries.
2011-05-25 14:25:56 -04:00
73bed069d2
Fix restorecon python binding to accept relative paths
2011-04-13 16:51:22 -04:00
6db4df3c24
Update to upstream
...
* Give correct names to mount points in load_policy by Dan Walsh.
* Make sure selinux state is reported correctly if selinux is disabled or
fails to load by Dan Walsh.
* Fix crash if selinux_key_create was never called by Dan Walsh.
* Add new file_context.subs_dist for distro specific filecon substitutions
by Dan Walsh.
* Update man pages for selinux_color_* functions by Richard Haines.
2011-04-12 10:09:47 -04:00
3d499ceb03
Clean up patch to make handling of constructor cleanup more portable
2011-04-06 11:19:19 -04:00
8723500e16
Add file_context.subs_dist to subs paths
2011-04-05 14:03:07 -04:00
4b2caaad18
Add patch from dbhole@redhat.com to initialize thread keys to -1
...
Errors were being seen in libpthread/libdl that were related
to corrupt thread specific keys. Global destructors that are called on dl
unload. During destruction delete a thread specific key without checking
if it has been initialized. Since the constructor is not called each time
(i.e. key is not initialized with pthread_key_create each time), and the
default is 0, there is a possibility that key 0 for an active thread gets
deleted. This is exactly what is happening in case of OpenJDK.
2011-04-05 12:10:57 -04:00
9ac8a9964b
Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
2011-04-05 11:37:30 -04:00
0cd375f839
Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
2011-04-05 11:25:39 -04:00
1fefea1eb1
Update to upstream
...
* Turn off default user handling when computing user contexts by Dan Walsh
2011-03-30 14:42:17 -04:00
c49c04df3b
- Fixup selinux man page
2011-02-01 17:40:11 -05:00
3c1b814b3d
- Fix Makefile to use pkg-config --cflags python3 to discover include paths
2011-01-18 10:08:15 -05:00
ca9cea7698
- Update to upstream
...
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
2010-12-21 16:29:19 -05:00
159f7d2174
- Turn off fallback in to SELINUX_DEFAULTUSER in get_context_list
2010-07-27 17:50:51 +00:00
4235807de2
- Turn off messages in audit2why
2010-06-25 21:05:56 +00:00
5abec270e9
- Update to upstream
...
Add const qualifiers to public API where appropriate by KaiGai Kohei.
2010-06-16 13:23:15 +00:00
982ffdc3f5
- Update to upstream
...
Fix from Eric Paris to fix leak on non-selinux systems.
regenerate swig wrappers
pkgconfig fix to respect LIBDIR from Dan Walsh.
2010-03-08 13:14:35 +00:00
68c8d967fd
- Update to upstream
...
Change the AVC to only audit the permissions specified by the policy,
excluding any permissions specified via dontaudit or not specified via
auditallow.
Fix compilation of label_file.c with latest glibc headers.
2010-02-24 19:12:12 +00:00
de078cb3d5
- Fix man page for selinuxdefcon
2010-01-18 21:59:45 +00:00
995afc05f3
- Fix man page for selinuxdefcon
2010-01-18 21:44:50 +00:00
1f46a5f18f
Mon Jam 4 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.90-2
...
- Free memory on disabled selinux boxes
2010-01-04 22:17:33 +00:00
4ed79e3521
- Fix selinuxdefcon man page
2009-11-23 18:32:48 +00:00
510eba6977
- Update to upstream
...
Add exception handling in libselinux from Dan Walsh. This uses a shell
script called exception.sh to generate a swig interface file.
make swigify
Make matchpathcon print <<none>> if path not found in fcontext file.
2009-09-28 20:33:26 +00:00
d3cc14428b
- Eliminate -pthread switch in Makefile
2009-09-15 19:24:22 +00:00
fa621852dc
- Update to upstream
...
Reverted Tomas Mraz's fix for freeing thread local storage to avoid pthread
dependency.
Removed fini_context_translations() altogether.
Merged lazy init patch from Stephen Smalley based on original patch by
Steve Grubb.
2009-07-14 15:29:55 +00:00
23660c5dba
- Update to upstream
...
Add per-service seuser support from Dan Walsh.
Let load_policy gracefully handle selinuxfs being mounted from Stephen
Smalley.
Check /proc/filesystems before /proc/mounts for selinuxfs from Eric Paris.
2009-07-07 16:26:11 +00:00
a66522107b
- Update to upstream
...
Fix improper use of thread local storage from Tomas Mraz
<tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
2009-06-23 19:54:03 +00:00
d6966f294b
- Update to upstream
...
Fix improper use of thread local storage from Tomas Mraz
<tmraz@redhat.com>.
Label substitution support from Dan Walsh.
Support for labeling virtual machine images from Dan Walsh.
2009-06-23 19:40:42 +00:00
403bfa5085
- Update to upstream
...
Trim / from the end of input paths to matchpathcon from Dan Walsh.
Fix leak in process_line in label_file.c from Hiroshi Shinji.
Move matchpathcon to /sbin, add matchpathcon to clean target from Dan
Walsh.
getdefaultcon to print just the correct match and add verbose option from
Dan Walsh.
2009-05-18 18:22:22 +00:00
2f2316f496
- Fix Memory Leak
2009-04-03 14:05:22 +00:00
d6eb0cea47
- Fix Memory Leak
2009-04-03 12:58:07 +00:00
261c72abdb
- Fix crash in python
2009-04-02 13:36:47 +00:00
f6ba4d34de
- Add back in additional interfaces
2009-03-29 15:18:28 +00:00
55f4c91ff1
- Add back in av_decision to python swig
2009-03-27 20:39:31 +00:00
974a6e4ad2
- Add back in av_decision to python swig
2009-03-27 18:25:16 +00:00
c86e2e8d59
- Update to upstream
...
Netlink socket handoff patch from Adam Jackson.
AVC caching of compute_create results by Eric Paris.
2009-03-12 12:57:57 +00:00
3da9d84fdc
- Add substitute pattern
...
- matchpathcon output <<none>> on ENOENT
2009-03-06 21:31:10 +00:00
07ae258133
- Update to upstream
...
Fix incorrect conversion in discover_class code.
2009-03-02 18:21:46 +00:00
19dec57f82
- Add
...
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
2009-02-18 19:45:23 +00:00
6396f115b4
- Add
...
- selinux_virtual_domain_context_path
- selinux_virtual_image_context_path
2009-02-18 18:29:42 +00:00
b5b41bc929
- Throw exeptions in python swig bindings on failures
2009-01-27 20:00:47 +00:00
c1e059f764
- Fix restorecon python code
2009-01-06 15:44:49 +00:00
49eae3b63b
- Update to upstream
2009-01-06 14:31:47 +00:00
e672e99f9d
- Strip trailing / for matchpathcon
2008-12-19 20:17:53 +00:00
0c692a5a64
- Fix segfault if seusers file does not work
2008-12-16 14:38:49 +00:00
d9847be233
- Add new function getseuser which will take username and service and
...
return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
2008-12-12 16:15:27 +00:00
cd000f17c0
- Add new function getseuser which will take username and service and
...
return
- seuser and level. ipa will populate file in future.
- Change selinuxdefcon to return just the context by default
2008-12-12 15:21:10 +00:00
4d61602917
- Update to Upstream
...
Allow shell-style wildcards in x_contexts file.
2008-11-22 21:01:27 +00:00
8222e32ca0
Fix a typo in the restorecon method, and import the stat module.
2008-11-18 21:25:09 +00:00
f4a6eb5feb
The restorecon method needs the stat module as well
2008-11-17 20:26:34 +00:00
896e46d7d4
Fix a typo in the restorecon method of the libselinux-rhat patch
2008-11-17 20:23:52 +00:00
41931f8d57
- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
...
- Add Restorecon/Install python functions from Luke Macken
2008-11-17 15:27:48 +00:00
d3b013d124
- Update to Upstream
...
Correct message types in AVC log messages.
Make matchpathcon -V pass mode from Dan Walsh.
Add man page for selinux_file_context_cmp from Dan Walsh.
2008-11-07 14:08:36 +00:00
3898d8da39
- Update to Upstream
...
New man pages from Dan Walsh.
Update flask headers from refpolicy trunk from Dan Walsh.
2008-09-30 13:30:18 +00:00
263ee4f1ec
- Fix matchpathcon -V call
2008-09-26 14:22:14 +00:00
63093bd540
- Fix matchpathcon -V call
2008-09-26 13:59:44 +00:00
3578778806
- Add flask definitions for open, X and nlmsg_tty_audit
2008-09-22 17:52:30 +00:00
15c5a627bc
- Add missing get/setkeycreatecon man pages
2008-09-09 20:24:22 +00:00
ac4e772e3d
- Add missing man page links for [lf]getfilecon
2008-09-09 18:45:26 +00:00
7a7d4171f1
Fix patch
2008-08-05 14:30:33 +00:00
7918b2858e
- Update to Upstream
...
Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
2008-08-05 14:05:15 +00:00
86ce8d44b1
- Update to Upstream
...
Merge ruby bindings from Dan Walsh.
- Add support for Linux groups to getseuserbyname
2008-08-01 10:56:37 +00:00
0397b472b7
- Update to Upstream
...
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 18:37:01 +00:00
d0a06b2c34
- Update to Upstream
...
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 13:22:45 +00:00
ee778682f8
- Add ruby support for puppet
2008-07-09 20:57:21 +00:00
ea56feab06
- Add Karel Zak patch for freecon man page
2008-06-29 12:31:00 +00:00
6359e2ad79
- Update to Upstream
...
New and revised AVC, label, and mapping man pages from Eamon Walsh.
Add swig python bindings for avc interfaces from Dan Walsh.
2008-06-22 13:48:37 +00:00
792921f4eb
- Add sedefaultcon and setconlist commands to dump login context
2008-05-07 17:34:12 +00:00
1209c857ab
- Update to Upstream
...
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
libsepol-supported version when no manipulation of the binary policy is
needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
2008-04-22 20:59:01 +00:00
d87adcfe95
- Add avc.h to swig code
2008-04-14 18:54:09 +00:00
eb8e2a0d36
- Fix matchpathcon memory leak
2008-03-13 23:45:19 +00:00
0984abe5d8
- Update to Upstream
...
Merged reset_selinux_config() for load policy from Dan Walsh.
2008-02-28 21:06:47 +00:00
baab9d46ea
- Reload library on loading of policy to handle chroot
2008-02-28 16:58:02 +00:00
3cb08a5330
- Update to Upstream
...
Regenerated Flask headers from refpolicy flask definitions.
2008-02-22 17:41:12 +00:00
8f9ecf5890
- Update to Upstream
...
Merged fix for audit2why from Dan Walsh.
2008-01-29 13:29:32 +00:00
213643620c
- Fix audit2why to grab latest policy versus the one selected by the kernel
2008-01-25 16:11:42 +00:00
e4623197a5
Merged audit2why python binding from Dan Walsh.
2008-01-23 21:52:01 +00:00
c633d69a56
Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
2008-01-23 19:40:26 +00:00
45460445ad
- Put back libselinux.a
2008-01-15 13:49:29 +00:00
2f233dfd7a
- Fix memory references in audit2why and change to use tuples
...
- Update to Upstream
granted null message bug from Stephen Smalley.
2008-01-11 15:55:35 +00:00
88cc8f8805
- Fix __init__.py specification
2008-01-11 13:48:43 +00:00
831e63b413
- Add audit2why python bindings
2008-01-10 19:01:20 +00:00
625a8fb5a8
- Add pid_t typemap for swig bindings
2008-01-08 11:07:27 +00:00
805402396f
- Add pid_t typemap for swig bindings
2008-01-08 10:25:03 +00:00
e1e36a0421
- Fix spec file caused by spec review
2008-01-03 20:29:21 +00:00
41bd3b2ae1
- Upgrade to upstream
...
matchpathcon(8) man page update from Dan Walsh.
2007-12-11 02:52:13 +00:00
b0195e100d
- Upgrade to upstream
...
matchpathcon(8) man page update from Dan Walsh.
2007-12-11 02:50:12 +00:00
c4aa29e945
- Upgrade to upstream
...
dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
Based on a suggestion from Ulrich Drepper, defer regex compilation until we
have a stem match, by Stephen Smalley.
A further optimization would be to defer regex compilation until we have a
complete match of the constant prefix of the regex - TBD.
2007-11-30 20:13:08 +00:00
39606ee687
- Upgrade to upstream
...
Merged selinux_get_callback, avc_open, empty string mapping from Eamon
Walsh.
2007-10-05 17:20:30 +00:00
dcd9773ab2
- Fix segfault on missing file_context file
2007-09-27 17:55:13 +00:00
7cbfb0e27a
- Upgrade to upstream
...
Make netlink socket close-on-exec to avoid descriptor leakage from Dan
Walsh.
Pass CFLAGS when using gcc for linking from Dennis Gilmore.
2007-09-27 14:54:10 +00:00
ae054c560b
*** empty log message ***
2007-09-24 15:56:01 +00:00
0102138c4a
*** empty log message ***
2007-09-24 15:42:11 +00:00
0fa749d083
*** empty log message ***
2007-09-18 20:44:47 +00:00
71cd1381ef
*** empty log message ***
2007-09-18 15:37:42 +00:00
6a9919e596
*** empty log message ***
2007-09-06 12:37:00 +00:00
6e60f16b98
*** empty log message ***
2007-08-03 20:06:53 +00:00
44ef5d5d9f
- Apply Steven Smalley patch to fix segfault in string_to_security_class
2007-07-23 14:23:50 +00:00
aebde7523f
- Fix matchpathcon to set default myprintf
2007-07-18 17:54:00 +00:00
8ffc2801ed
- Update to match flask/access_vectors in policy
2007-07-11 14:52:47 +00:00
Dan Walsh
Daniel J Walsh
Luke Macken