Commit Graph

533 Commits

Author SHA1 Message Date
Daniel J Walsh
61427961fc - 2005-10-17 18:19:07 +00:00
Daniel J Walsh
d5c6e72c48 - Tell init to reexec itself in post script 2005-10-14 16:11:08 +00:00
Daniel J Walsh
c521275b65 - Update to latest from NSA
Changed selinux_mkload_policy to try downgrading the latest policy version
    available to the kernel-supported version.
Changed selinux_mkload_policy to fall back to the maximum policy version
    supported by libsepol if the kernel policy version falls outside of the
    supported range.
2005-10-14 12:34:19 +00:00
Daniel J Walsh
555e97b002 - Update to latest from NSA
Changed getseuserbyname to fall back to the Linux username and NULL level
    if seusers config file doesn't exist unless REQUIRESEUSERS=1 is set in
    /etc/selinux/config.
Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
2005-10-13 13:12:23 +00:00
Daniel J Walsh
b19e5c854f - Update to latest from NSA
Changed getseuserbyname to fall back to the Linux username and NULL level
    if seusers config file doesn't exist unless REQUIRESEUSERS=1 is set in
    /etc/selinux/config.
Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
2005-10-07 14:09:21 +00:00
Daniel J Walsh
33b55398a2 - Update to latest from NSA
Added selinux_init_load_policy() function as an even higher level interface
    for the initial policy load by /sbin/init. This obsoletes the
    load_policy() function in the sysvinit-selinux.patch.
Added selinux_mkload_policy() function as a higher level interface for
    loading policy than the security_load_policy() interface.
2005-10-06 19:03:52 +00:00
Daniel J Walsh
90c2814893 - Update to latest from NSA
Merged fix for matchpathcon (regcomp error checking) from Johan Fischer.
    Also added use of regerror to obtain the error string for inclusion in
    the error message.
2005-10-06 13:21:54 +00:00
Daniel J Walsh
f76369a096 - Update to latest from NSA
Changed getseuserbyname to not require (and ignore if present) the MLS
    level in seusers.conf if MLS is disabled, setting *level to NULL in
    this case.
2005-10-04 15:43:00 +00:00
Daniel J Walsh
1cfd4dc1a6 - Update to latest from NSA
Merged getseuserbyname patch from Dan Walsh.
2005-10-03 13:14:47 +00:00
Daniel J Walsh
4dc4d104e7 - Fix patch to satisfy upstream 2005-09-29 21:35:43 +00:00
Daniel J Walsh
bebb529bd5 - Update to latest from NSA
- Add getseuserbyname
2005-09-29 02:12:47 +00:00
Daniel J Walsh
e8346fc44d - Fix patch call 2005-09-19 17:36:11 +00:00
Daniel J Walsh
fedf8202cb - Fix patch call 2005-09-16 19:53:29 +00:00
Daniel J Walsh
b86cfc3a43 - Fix strip_con call 2005-09-16 18:42:27 +00:00
Daniel J Walsh
96ff98944c - Go back to original libsetrans code 2005-09-16 17:43:14 +00:00
Daniel J Walsh
c2b28e3158 - Go back to original libsetrans code 2005-09-13 21:21:50 +00:00
Daniel J Walsh
bc0a935c8c - Eliminate forth param from mls context when mls is not enabled. 2005-09-13 16:48:16 +00:00
Daniel J Walsh
017ea0e76c - Update from NSA
Merged modified form of patch to avoid dlopen/dlclose by the static
    libselinux from Dan Walsh. Users of the static libselinux will not have
    any context translation by default.
2005-09-12 15:52:30 +00:00
Daniel J Walsh
99ddec8d69 - Update from NSA
Merged modified form of patch to avoid dlopen/dlclose by the static
    libselinux from Dan Walsh. Users of the static libselinux will not have
    any context translation by default.
2005-09-06 16:41:47 +00:00
Daniel J Walsh
59d6552e7d - Update from NSA
Added public functions to export context translation to users of libselinux
    (selinux_trans_to_raw_context, selinux_raw_to_trans_context).
2005-09-01 15:23:17 +00:00
Daniel J Walsh
eb500fb164 - Update from NSA
Remove special definition for context_range_set; use common code.
2005-08-29 11:59:41 +00:00
Daniel J Walsh
d3d9f9e7f8 - Update from NSA
Hid translation-related symbols entirely and ensured that raw functions
    have hidden definitions for internal use.
Allowed setting NULL via context_set* functions.
Allowed whitespace in MLS component of context.
Changed rpm_execcon to use translated functions to workaround lack of MLS
    level on upgraded systems.
2005-08-25 20:21:14 +00:00
Daniel J Walsh
e7e35da33b Merged context translation patch, originally by TCS, with modifications by
Dan Walsh (Red Hat).
2005-08-24 13:15:02 +00:00
Daniel J Walsh
1f935e2ec7 - Update from NSA
Merged several fixes for error handling paths in the AVC sidtab,
    matchpathcon, booleans, context, and get_context_list code from Serge
    Hallyn (IBM). Bugs found by Coverity.
Removed setupns; migrated to pam.
Merged patches to rename checkPasswdAccess() from Joshua Brindle. Original
    symbol is temporarily retained for compatibility until all callers are
    updated.
2005-08-12 02:46:49 +00:00
Daniel J Walsh
856cdc49d0 - Update makefiles 2005-07-21 15:58:45 +00:00
Daniel J Walsh
44200d6b78 - Update makefiles 2005-07-18 19:15:29 +00:00
Daniel J Walsh
67d0acbf49 - Update from NSA
Merged security_setupns() from Chad Sellers.
- fix selinuxenabled man page
2005-06-29 20:04:50 +00:00
Daniel J Walsh
661867eccf - Update from NSA
Merged avcstat and selinux man page from Dan Walsh.
Changed security_load_booleans to process booleans.local even if booleans
    file doesn't exist.
Fri Apr 26 2005 Dan Walsh <dwalsh@redhat.com> 1.23.10-3
- Fix avcstat to clear totals
2005-05-20 17:18:49 +00:00
Daniel J Walsh
8456bc124a - Fix avcstat to clear totals 2005-05-11 15:00:11 +00:00
Daniel J Walsh
8371f522b4 - Fix avcstat to clear totals 2005-05-11 14:48:34 +00:00
Daniel J Walsh
8f3fa78bf6 - Add info to man page 2005-04-29 19:03:45 +00:00
Daniel J Walsh
d3be4d7a20 - Update from NSA
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
    allow variable MLS fields.
2005-04-29 19:01:28 +00:00
Daniel J Walsh
3127b94941 - Update from NSA
Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
Rewrote get_ordered_context_list and helpers, including changing logic to
    allow variable MLS fields.
2005-04-29 18:11:40 +00:00
Daniel J Walsh
d7bbd88ea0 - Update from NSA 2005-04-26 16:25:57 +00:00
Daniel J Walsh
4ff3f08454 - Add backin matchpathcon 2005-04-21 14:20:57 +00:00
Daniel J Walsh
ce82f572f7 - Fix selinux_policy_root man page 2005-04-13 19:12:02 +00:00
Daniel J Walsh
b83512ff2c - Change assert(selinux_mnt) to if (!selinux_mnt) return -1; 2005-04-13 15:42:02 +00:00
Daniel J Walsh
e39f335d11 - Update from NSA
Fixed bug in matchpathcon_filespec_destroy.
2005-04-11 20:11:29 +00:00
Daniel J Walsh
5b866cc468 - Update from NSA
Fixed bug in rpm_execcon error handling path.
2005-04-06 11:06:40 +00:00
Daniel J Walsh
03a50e15ab - Update from NSA
Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
Merged fix for getconlist utility from Andreas Steinmetz.
2005-04-04 20:17:21 +00:00
Daniel J Walsh
fbe330170e - Update from NSA 2005-03-30 03:12:14 +00:00
Daniel J Walsh
c74c56d735 - Update from NSA 2005-03-30 03:02:38 +00:00
Daniel J Walsh
07da577db2 - Better handling of booleans 2005-03-29 15:33:55 +00:00
Daniel J Walsh
e037587aca - Update from NSA
Merged destructors patch from Tomas Mraz.
2005-03-17 20:01:37 +00:00
Daniel J Walsh
d432883eeb - Update from NSA
Added set_matchpathcon_flags() function for setting flags controlling
    operation of matchpathcon. MATCHPATHCON_BASEONLY means only process the
    base file_contexts file, not file_contexts.homedirs or
    file_contexts.local, and is for use by setfiles -c.
Updated matchpathcon.3 man page.
2005-03-17 15:39:58 +00:00
Daniel J Walsh
8e67581eb8 - Update from NSA 2005-03-10 14:44:02 +00:00
Daniel J Walsh
adbca5042d - Update from NSA
Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
2005-03-08 20:15:20 +00:00
Daniel J Walsh
d4111cf41f - Update from NSA
Changed matchpathcon_common to ignore any non-format bits in the mode.
2005-03-02 04:04:04 +00:00
Daniel J Walsh
1ec9b46064 - Update from NSA
Merged several fixes from Ulrich Drepper.
2005-02-22 22:12:25 +00:00
Daniel J Walsh
4cc1ca9316 - Update from NSA
Merged several fixes from Ulrich Drepper.
2005-02-22 21:38:09 +00:00