896e46d7d4
Fix a typo in the restorecon method of the libselinux-rhat patch
2008-11-17 20:23:52 +00:00
41931f8d57
- Eamon Walsh Patch - libselinux: allow shell-style wildcarding in X names
...
- Add Restorecon/Install python functions from Luke Macken
2008-11-17 15:27:48 +00:00
d3b013d124
- Update to Upstream
...
Correct message types in AVC log messages.
Make matchpathcon -V pass mode from Dan Walsh.
Add man page for selinux_file_context_cmp from Dan Walsh.
2008-11-07 14:08:36 +00:00
3898d8da39
- Update to Upstream
...
New man pages from Dan Walsh.
Update flask headers from refpolicy trunk from Dan Walsh.
2008-09-30 13:30:18 +00:00
263ee4f1ec
- Fix matchpathcon -V call
2008-09-26 14:22:14 +00:00
63093bd540
- Fix matchpathcon -V call
2008-09-26 13:59:44 +00:00
3578778806
- Add flask definitions for open, X and nlmsg_tty_audit
2008-09-22 17:52:30 +00:00
15c5a627bc
- Add missing get/setkeycreatecon man pages
2008-09-09 20:24:22 +00:00
ac4e772e3d
- Add missing man page links for [lf]getfilecon
2008-09-09 18:45:26 +00:00
7a7d4171f1
Fix patch
2008-08-05 14:30:33 +00:00
7918b2858e
- Update to Upstream
...
Add group support to seusers using %groupname syntax from Dan Walsh.
Mark setrans socket close-on-exec from Stephen Smalley.
Only apply nodups checking to base file contexts from Stephen Smalley.
2008-08-05 14:05:15 +00:00
86ce8d44b1
- Update to Upstream
...
Merge ruby bindings from Dan Walsh.
- Add support for Linux groups to getseuserbyname
2008-08-01 10:56:37 +00:00
0397b472b7
- Update to Upstream
...
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 18:37:01 +00:00
d0a06b2c34
- Update to Upstream
...
Handle duplicate file context regexes as a fatal error from Stephen
Smalley. This prevents adding them via semanage.
Fix audit2why shadowed variables from Stephen Smalley.
Note that freecon NULL is legal in man page from Karel Zak.
2008-07-29 13:22:45 +00:00
ee778682f8
- Add ruby support for puppet
2008-07-09 20:57:21 +00:00
ea56feab06
- Add Karel Zak patch for freecon man page
2008-06-29 12:31:00 +00:00
6359e2ad79
- Update to Upstream
...
New and revised AVC, label, and mapping man pages from Eamon Walsh.
Add swig python bindings for avc interfaces from Dan Walsh.
2008-06-22 13:48:37 +00:00
792921f4eb
- Add sedefaultcon and setconlist commands to dump login context
2008-05-07 17:34:12 +00:00
1209c857ab
- Update to Upstream
...
Fixed selinux_set_callback man page.
Try loading the max of the kernel-supported version and the
libsepol-supported version when no manipulation of the binary policy is
needed from Stephen Smalley.
Fix memory leaks in matchpathcon from Eamon Walsh.
2008-04-22 20:59:01 +00:00
d87adcfe95
- Add avc.h to swig code
2008-04-14 18:54:09 +00:00
eb8e2a0d36
- Fix matchpathcon memory leak
2008-03-13 23:45:19 +00:00
0984abe5d8
- Update to Upstream
...
Merged reset_selinux_config() for load policy from Dan Walsh.
2008-02-28 21:06:47 +00:00
baab9d46ea
- Reload library on loading of policy to handle chroot
2008-02-28 16:58:02 +00:00
3cb08a5330
- Update to Upstream
...
Regenerated Flask headers from refpolicy flask definitions.
2008-02-22 17:41:12 +00:00
8f9ecf5890
- Update to Upstream
...
Merged fix for audit2why from Dan Walsh.
2008-01-29 13:29:32 +00:00
213643620c
- Fix audit2why to grab latest policy versus the one selected by the kernel
2008-01-25 16:11:42 +00:00
e4623197a5
Merged audit2why python binding from Dan Walsh.
2008-01-23 21:52:01 +00:00
c633d69a56
Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
2008-01-23 19:40:26 +00:00
45460445ad
- Put back libselinux.a
2008-01-15 13:49:29 +00:00
2f233dfd7a
- Fix memory references in audit2why and change to use tuples
...
- Update to Upstream
granted null message bug from Stephen Smalley.
2008-01-11 15:55:35 +00:00
88cc8f8805
- Fix __init__.py specification
2008-01-11 13:48:43 +00:00
831e63b413
- Add audit2why python bindings
2008-01-10 19:01:20 +00:00
625a8fb5a8
- Add pid_t typemap for swig bindings
2008-01-08 11:07:27 +00:00
805402396f
- Add pid_t typemap for swig bindings
2008-01-08 10:25:03 +00:00
e1e36a0421
- Fix spec file caused by spec review
2008-01-03 20:29:21 +00:00
41bd3b2ae1
- Upgrade to upstream
...
matchpathcon(8) man page update from Dan Walsh.
2007-12-11 02:52:13 +00:00
b0195e100d
- Upgrade to upstream
...
matchpathcon(8) man page update from Dan Walsh.
2007-12-11 02:50:12 +00:00
c4aa29e945
- Upgrade to upstream
...
dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
Based on a suggestion from Ulrich Drepper, defer regex compilation until we
have a stem match, by Stephen Smalley.
A further optimization would be to defer regex compilation until we have a
complete match of the constant prefix of the regex - TBD.
2007-11-30 20:13:08 +00:00
39606ee687
- Upgrade to upstream
...
Merged selinux_get_callback, avc_open, empty string mapping from Eamon
Walsh.
2007-10-05 17:20:30 +00:00
dcd9773ab2
- Fix segfault on missing file_context file
2007-09-27 17:55:13 +00:00
7cbfb0e27a
- Upgrade to upstream
...
Make netlink socket close-on-exec to avoid descriptor leakage from Dan
Walsh.
Pass CFLAGS when using gcc for linking from Dennis Gilmore.
2007-09-27 14:54:10 +00:00
ae054c560b
*** empty log message ***
2007-09-24 15:56:01 +00:00
0102138c4a
*** empty log message ***
2007-09-24 15:42:11 +00:00
0fa749d083
*** empty log message ***
2007-09-18 20:44:47 +00:00
71cd1381ef
*** empty log message ***
2007-09-18 15:37:42 +00:00
6a9919e596
*** empty log message ***
2007-09-06 12:37:00 +00:00
6e60f16b98
*** empty log message ***
2007-08-03 20:06:53 +00:00
44ef5d5d9f
- Apply Steven Smalley patch to fix segfault in string_to_security_class
2007-07-23 14:23:50 +00:00
aebde7523f
- Fix matchpathcon to set default myprintf
2007-07-18 17:54:00 +00:00
8ffc2801ed
- Update to match flask/access_vectors in policy
2007-07-11 14:52:47 +00:00
8e8fca8665
- Fix man page markup lanquage for translations
2007-07-10 16:27:52 +00:00
3e1ba6da3a
- Fix semanage segfault on x86 platform
2007-06-26 09:16:06 +00:00
35bc5a8a68
- Upgrade to upstream
...
Merged additional swig python bindings from Dan Walsh.
Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
2007-05-18 14:52:28 +00:00
4dca0c42c9
- Add get_context_list funcitions to swig file
2007-04-23 14:38:02 +00:00
a11359c0ea
- Upgrade to upstream
...
Merged rpm_execcon python binding fix, matchpathcon man page fix, and
getsebool -a handling for EACCES from Dan Walsh.
2007-04-12 20:07:39 +00:00
6265db0381
2007-04-12 16:50:49 +00:00
47b511b094
- Upgrade to upstream
...
Merged userspace AVC patch to follow kernel's behavior for permissive mode
in caching previous denials from Eamon Walsh.
Merged sidput(NULL) patch from Eamon Walsh.
2007-04-09 19:50:05 +00:00
ff4b4da61f
- Make rpm_exec swig work
2007-04-05 15:57:35 +00:00
ace2ebf6d7
- Upgrade to upstream
...
Merged class/av string conversion and avc_compute_create patch from Eamon
Walsh.
2007-04-02 19:14:28 +00:00
71021c8327
- Upgrade to upstream
...
Merged fix for avc.h #include's from Eamon Walsh.
2007-03-27 19:49:37 +00:00
98a61bfb92
- Add stdint.h to avc.h
2007-03-22 20:50:31 +00:00
22298b4b74
Merged patch to drop support for CACHETRANS=0 config option from Steve
...
Grubb.
Merged patch to drop support for old /etc/sysconfig/selinux and
/etc/security policy file layout from Steve Grubb.
2007-03-13 00:20:29 +00:00
c7862e54aa
- Do not fail on permission denied in getsebool
2007-03-08 16:15:36 +00:00
8efd1ef10e
- Upgrade to upstream
...
Removed sending of setrans init message.
Merged matchpathcon memory leak fix from Steve Grubb.
2007-02-23 21:49:32 +00:00
14de1c34ad
- Upgrade to upstream
...
Merged patch from Todd Miller to convert int types over to C99 style.
2007-02-20 14:31:07 +00:00
29ad08b8d0
Merged patch from Todd Miller to remove sscanf in matchpathcon.c because of
...
the use of the non-standard format %as. (original patch changed for
style).
Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> - 1.34.0-2
- Add context function to python to split context into 4 parts
2007-02-07 19:39:11 +00:00
ad1a6889cc
- Add context function to python to split context into 4 parts
2007-01-24 17:20:19 +00:00
53158b7152
- Upgrade to upstream
...
Merged getdefaultcon utility from Dan Walsh.
2007-01-16 22:10:55 +00:00
a339bc228d
- Upgrade to upstream
...
Merged getdefaultcon utility from Dan Walsh.
2007-01-16 21:46:11 +00:00
5f8636d1e9
- Add Ulrich NSCD__GETSERV and NSCD__SHMEMGRP for Uli
2007-01-15 21:30:17 +00:00
a9c082be34
- Add reference to selinux man page in all man pages to make apropos work
...
Resolves: # 217881
2007-01-12 16:02:56 +00:00
05bd40847c
- Upstream wanted some minor changes, upgrading to keep api the same
...
- Upgrade to upstream
#200110
2007-01-11 19:20:27 +00:00
e3bd599d8e
- Cleanup patch
2007-01-09 15:02:46 +00:00
e6bab37d57
- Add securetty handling Resolves : #200110
2007-01-05 17:54:21 +00:00
dbfbfbe639
- Fix matchpathcon to lstat files
2006-12-06 19:13:54 +00:00
846f2ad19d
- Update man page
2006-11-30 18:11:20 +00:00
2bcf9654c5
- Add James Antill patch for login verification of MLS Levels
...
- MLS ragnes need to be checked, Eg. login/cron. This patch adds
infrastructure.
2006-11-03 22:14:51 +00:00
a7aef657f6
- Add James Antill patch for login verification of MLS Levels
...
- MLS ragnes need to be checked, Eg. login/cron. This patch adds
infrastructure.
2006-11-03 21:59:03 +00:00
9d61c9c320
- Add James Antill patch for login verification of MLS Levels
...
- MLS ragnes need to be checked, Eg. login/cron. This patch adds
infrastructure.
2006-11-03 21:36:28 +00:00
cfd1d1337d
- Add sgrubb patch for polmatch
2006-09-25 14:19:06 +00:00
b7bdc631f1
- Fix translation return codes to return size of buffer
2006-08-10 15:34:47 +00:00
d8849af170
- Turn off error printing in library. Need to compile with DEBUG to get it
...
back
2006-06-21 19:58:52 +00:00
f4b45ddd03
- Turn off error printing in library. Need to compile with DEBUG to get it
...
back
2006-06-21 18:33:13 +00:00
2d9b36b51e
- Fix error reporting of matchpathcon
2006-06-21 13:12:11 +00:00
645f93a8a5
- Add function to compare file context on disk versus contexts in
...
file_contexts file.
2006-06-20 20:30:59 +00:00
c92317552d
Add MLSENabled check
2006-06-12 18:10:30 +00:00
8389437eda
- Add selinux_getpolicytype()
2006-06-09 19:43:52 +00:00
f3cb9dc26b
- Check for selinux_mnt == NULL
2006-06-01 17:25:22 +00:00
8f927c4a9f
- More fixes for translation cache
...
- Upgrade to latest from NSA
Added matchpathcon_fini() function to free memory allocated by
matchpathcon_init().
2006-05-18 16:15:35 +00:00
069461a7d8
- Add Russell's AVC patch to handle large numbers
2006-05-09 19:13:08 +00:00
98a597a060
Merged fix warnings patch from Karl MacMillan.
...
Merged setrans client support from Dan Walsh. This removes use of
libsetrans.
Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
Merged swig typemap fixes from Glauber de Oliveira Costa.
2006-05-08 14:08:21 +00:00
a925159382
- Add selinuxswig fixes
...
- Stop using PAGE_SIZE and start using sysconf(_SC_PAGE_SIZE)
2006-05-02 18:49:41 +00:00
e0ab958383
- Add selinuxswig fixes
...
- Stop using PAGE_SIZE and start using sysconfig(_SC_PAGE_SIZE)
2006-05-02 18:23:25 +00:00
75c50e4988
- Add selinuxswig fixes
2006-05-02 17:09:39 +00:00
fed1ce5b77
- Fix python bindings for matchpathcon
...
- Fix booleans man page
2006-04-11 19:03:13 +00:00
c8030dcf96
Merged Makefile PYLIBVER definition patch from Dan Walsh.
2006-04-11 18:25:46 +00:00
d27dc97404
- Make some fixes so it will build on RHEL4
...
- Upgrade to latest from NSA
Updated version for release.
Altered rpm_execcon fallback logic for permissive mode to also handle case
where /selinux/enforce is not available.
2006-03-17 17:20:57 +00:00
f4d57a9014
- Split out pywrap in Makefile
2006-01-14 05:05:19 +00:00
407234b39f
- Fix swig call for getpidcon
2005-12-20 14:44:43 +00:00
3371166078
- update to latest libsetrans
...
- Fix potential memory leak
2005-12-13 20:44:36 +00:00
0e39b77de1
- Fix some of the python swig objects
2005-12-07 15:53:55 +00:00
56d326bb01
- Change getsebool to return on/off instead of active/inactive
2005-11-29 19:21:03 +00:00
86e0b5f76e
- Separate out libselinux-python bindings into separate rpm
2005-11-29 03:02:30 +00:00
4bb08c52c4
- Separate out libselinux-python bindings into separate rpm
2005-11-28 22:02:25 +00:00
ae85aab0af
- Add python bindings
2005-11-17 17:13:50 +00:00
e6236defe6
- Update to latest from NSA
...
Added security_canonicalize_context() interface and
set_matchpathcon_canoncon() interface for obtaining canonical contexts.
Changed matchpathcon internals to obtain canonical contexts by default.
Provided fallback for kernels that lack extended selinuxfs context
interface.
- Patch to not translate mls when calling setfiles
2005-11-08 23:41:10 +00:00
70810f17e4
- Patch to not translate mls when calling setfiles
2005-11-08 19:18:13 +00:00
37bc4557e3
- Don't strip mls context if selinux is not enabled.
2005-11-08 19:09:28 +00:00
9f412a6358
- Change default to __default__
2005-10-26 20:32:58 +00:00
54939fac9a
- Add selinux_translations_path
2005-10-25 22:03:43 +00:00
78dc042098
- Update to latest from NSA
...
Merged get_default_context_with_rolelevel and man pages from Dan Walsh (Red
Hat).
Updated call to sepol_policydb_to_image for sepol changes.
Changed getseuserbyname to ignore empty lines and to handle no matching
entry in the same manner as no seusers file.
2005-10-18 18:27:41 +00:00
61427961fc
-
2005-10-17 18:19:07 +00:00
4dc4d104e7
- Fix patch to satisfy upstream
2005-09-29 21:35:43 +00:00
bebb529bd5
- Update to latest from NSA
...
- Add getseuserbyname
2005-09-29 02:12:47 +00:00
e8346fc44d
- Fix patch call
2005-09-19 17:36:11 +00:00
fedf8202cb
- Fix patch call
2005-09-16 19:53:29 +00:00
b86cfc3a43
- Fix strip_con call
2005-09-16 18:42:27 +00:00
96ff98944c
- Go back to original libsetrans code
2005-09-16 17:43:14 +00:00
c2b28e3158
- Go back to original libsetrans code
2005-09-13 21:21:50 +00:00
bc0a935c8c
- Eliminate forth param from mls context when mls is not enabled.
2005-09-13 16:48:16 +00:00
017ea0e76c
- Update from NSA
...
Merged modified form of patch to avoid dlopen/dlclose by the static
libselinux from Dan Walsh. Users of the static libselinux will not have
any context translation by default.
2005-09-12 15:52:30 +00:00
59d6552e7d
- Update from NSA
...
Added public functions to export context translation to users of libselinux
(selinux_trans_to_raw_context, selinux_raw_to_trans_context).
2005-09-01 15:23:17 +00:00
d3d9f9e7f8
- Update from NSA
...
Hid translation-related symbols entirely and ensured that raw functions
have hidden definitions for internal use.
Allowed setting NULL via context_set* functions.
Allowed whitespace in MLS component of context.
Changed rpm_execcon to use translated functions to workaround lack of MLS
level on upgraded systems.
2005-08-25 20:21:14 +00:00
e7e35da33b
Merged context translation patch, originally by TCS, with modifications by
...
Dan Walsh (Red Hat).
2005-08-24 13:15:02 +00:00
1f935e2ec7
- Update from NSA
...
Merged several fixes for error handling paths in the AVC sidtab,
matchpathcon, booleans, context, and get_context_list code from Serge
Hallyn (IBM). Bugs found by Coverity.
Removed setupns; migrated to pam.
Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original
symbol is temporarily retained for compatibility until all callers are
updated.
2005-08-12 02:46:49 +00:00
44200d6b78
- Update makefiles
2005-07-18 19:15:29 +00:00
67d0acbf49
- Update from NSA
...
Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page
2005-06-29 20:04:50 +00:00
8456bc124a
- Fix avcstat to clear totals
2005-05-11 15:00:11 +00:00
8371f522b4
- Fix avcstat to clear totals
2005-05-11 14:48:34 +00:00
d3be4d7a20
- Update from NSA
...
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
allow variable MLS fields.
2005-04-29 19:01:28 +00:00
4ff3f08454
- Add backin matchpathcon
2005-04-21 14:20:57 +00:00
ce82f572f7
- Fix selinux_policy_root man page
2005-04-13 19:12:02 +00:00
b83512ff2c
- Change assert(selinux_mnt) to if (!selinux_mnt) return -1;
2005-04-13 15:42:02 +00:00
07da577db2
- Better handling of booleans
2005-03-29 15:33:55 +00:00
d4111cf41f
- Update from NSA
...
Changed matchpathcon_common to ignore any non-format bits in the mode.
2005-03-02 04:04:04 +00:00
e7c97c5559
- Fix matchpathcon on eof.
2005-02-21 14:25:51 +00:00
31e19c1580
- Fix matchpathcon on eof.
2005-02-21 14:10:27 +00:00
8e994c6484
- Update from NSA
...
Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
Added selinux_users_path() for path to directory containing system.users
and local.users.
2005-02-17 19:27:56 +00:00
03d51ea8f7
- Process file_context.homedir
2005-02-11 01:38:47 +00:00
e0a30a3da4
- rpmexeccon should not fail in permissive mode.
2005-01-24 20:46:24 +00:00
ca41c6e4bb
- fix printf in avcstat
2005-01-21 20:57:55 +00:00
958b6d4982
- Modify matchpathcon to also process file_contexts.local if it exists
2005-01-18 22:27:57 +00:00
ae6f77c9ad
- Add is_customizable_types function call
2005-01-12 14:37:21 +00:00
4f73d76fa3
- Fix unitialized variable in avcstat.c
2004-12-27 11:53:31 +00:00
e836ab9afb
fix spec file
2004-12-20 14:25:06 +00:00
cc63ca70ad
- Upgrade to upstream
2004-12-01 01:31:34 +00:00
6864134300
- Add avcstat program
2004-11-18 21:29:18 +00:00
4962db3e56
- Add lots of missing man pages
2004-11-15 20:05:55 +00:00
437c89fe9f
- Fix output of getsebool.
2004-11-12 13:03:50 +00:00
38be80f2c3
- Update from upstream, fix setsebool -P segfault
2004-11-09 14:24:39 +00:00
Luke Macken
Daniel J Walsh