6b51ca9aafMove the tmpfiles.d content from /etc/tmpfiles.d to /usr/lib/tmpfiles.d
Dan Walsh
2012-07-16 17:13:48 -0400
852ea731d6Revert Eric Paris Patch for selinux_binary_policy_path
Dan Walsh
2012-07-13 15:38:11 -0400
cd092e1338Update to upstream
Dan Walsh
2012-07-04 07:31:12 -0400
d9f6251b10Fix booleans.subs name, change function name to selinux_boolean_sub,
Dan Walsh
2012-06-11 13:31:23 -0400
f9135bb77cFix to compile with Fortify source
Dan Walsh
2012-05-25 07:20:38 -0400
3cc27ef958Rebuild to get latest libsepol which fixes the file_name transition problems
Dan Walsh
2012-04-23 17:01:17 -0400
e808f19bf8Add support for lxc contexts file
Dan Walsh
2012-04-20 10:11:55 -0400
8cc2e0b718Add support for lxc contexts file
Dan Walsh
2012-04-20 09:33:04 -0400
40eaa6c970Add support for lxc contexts file
Dan Walsh
2012-04-19 16:34:27 -0400
884d86db59Update to upstream
Dan Walsh
2012-03-29 14:43:23 -0400
ce3cc634ebUpdate to upstream
Dan Walsh
2012-03-29 14:39:18 -0400
0f82e5f63fAdd assert to avc calls to make sure avc_init has been called.
Dan Walsh
2012-03-01 16:00:07 -0500
daa8c9882dAdd selinux_current_policy_path to return /sys/fs/selinux/policy if it exists
Dan Walsh
2012-02-16 12:08:37 -0500
2877c3328dAdd selinux_current_policy_path to return /sys/fs/selinux/policy if it exists
Dan Walsh
2012-02-16 11:50:02 -0500
83430650ccChange selinux_binary_policy_path to return /sys/fs/selinux/policy
Dan Walsh
2012-02-15 13:28:00 -0500
aee5a016a4avc_netlink_recieve should continue to poll if it receinves an EINTR rather
f16
Dan Walsh
2012-02-03 10:44:40 -0500
98393f1aaaavc_netlink_recieve should continue to poll if it receinves an EINTR rather
Dan Walsh
2012-02-03 10:41:03 -0500
a6c6ce4ff0avc_netlink_recieve should continue to poll if it receinves an EINTR rather
Dan Walsh
2012-02-03 10:33:11 -0500
76fb5c8e65avc_netlink_recieve should continue to poll if it receinves an EINTR rather
Dan Walsh
2012-02-03 10:31:53 -0500
82dfd09743Update release
Kay Sievers
2012-01-29 19:47:44 +0100
de370ba771Use /sbin/ldconfig, glibc does not provide /usr/sbin/ldconfig for now
Kay Sievers
2012-01-29 19:41:31 +0100
86fcde8ff1Rebuild with cleaned up upstream to work in /usr
Dan Walsh
2012-01-27 14:50:47 -0500
cca484b26binstall everything in /usr
Harald Hoyer
2012-01-25 19:01:37 +0100
f5849c1fadAdd Dan Berrange code cleanup patches.
Dan Walsh
2012-01-23 13:39:03 -0500
3b242a5830Add Dan Berrange code cleanup patches.
Dan Walsh
2012-01-23 11:30:40 -0500
80c334bf8dFix selabal_open man page to refer to proper selinux_opt structure
Dan Walsh
2012-01-23 11:28:11 -0500
ad8477f7a1Fix selabal_open man page to refer to proper selinux_opt structure
Dan Walsh
2012-01-04 11:03:19 -0500
7959ef108bUpdate to upstream * Fix setenforce man page to refer to selinux man page * Cleanup Man pages * merge freecon with getcon man page
Dan Walsh
2011-12-21 18:09:52 +0000
2390d5be83Update to upstream * Fix setenforce man page to refer to selinux man page * Cleanup Man pages * merge freecon with getcon man page
Dan Walsh
2011-12-21 18:02:29 +0000
3ae845067cUpdate to upstream * Fix setenforce man page to refer to selinux man page * Cleanup Man pages * merge freecon with getcon man page
Dan Walsh
2011-12-21 18:01:55 +0000
0c717c5b8cAdd patch from Richard Haines When selabel_lookup found an invalid context with validation enabled, it always stated it was 'file_contexts' whether media, x, db or file. The fix is to store the spec file name in the selabel_lookup_rec on selabel_open and use this as output for logs. Also a minor fix if key is NULL to stop seg faults. Fix setenforce manage page.
Dan Walsh
2011-12-19 14:48:33 -0500
3e52a1517dRebuild with new libsepol
Dan Walsh
2011-12-16 06:22:49 -0500
7a677c0c11Rebuild with new libsepol
Dan Walsh
2011-12-15 16:50:07 -0500
e9493af009Fix setenforce man page, from Miroslav Grepl
Dan Walsh
2011-12-06 10:43:58 -0500
de1ce20f11Upgrade to upstream * selinuxswig_python.i: don't make syscall if it won't change anything * Remove assert in security_get_boolean_names(3) * Mapped compute functions now obey deny_unknown flag * get_default_type now sets EINVAL if no entry. * return EINVAL if invalid role selected * Updated selabel_file(5) man page * Updated selabel_db(5) man page * Updated selabel_media(5) man page * Updated selabel_x(5) man page * Add man/man5 man pages * Add man/man5 man pages * Add man/man5 man pages * use -W and -Werror in utils
Dan Walsh
2011-12-06 08:55:52 -0500
60ebb758f7Change python binding for restorecon to check if the context matches. If it does do not reset
Dan Walsh
2011-11-29 10:14:35 -0500
b02e059741Change python binding for restorecon to check if the context matches. If it does do not reset
Dan Walsh
2011-11-29 09:52:39 -0500
0921286973Change python binding for restorecon to check if the context matches. If it does do not reset
Dan Walsh
2011-11-29 09:47:57 -0500
5cb2893d59* Makefiles: syntax, convert all ${VAR} to $(VAR) * load_policy: handle selinux=0 and /sys/fs/selinux not exist * regenerate .pc on VERSION change * label: cosmetic cleanups * simple interface for access checks * Don't reinitialize avc_init if it has been called previously * seusers: fix to handle large sets of groups * audit2why: close fd on enomem * rename and export symlink_realpath * label_file: style changes to make Eric happy.
Dan Walsh
2011-11-04 09:13:56 -0400
fb2ea7dbfbApply libselinux patch to handle large groups in seusers.
Dan Walsh
2011-10-24 14:41:47 -0400
8075466849Apply libselinux patch to handle large groups in seusers.
Dan Walsh
2011-10-24 14:30:05 -0400
9328ed5d59Add selinux_check_access function. Needed for passwd, chfn, chsh
Dan Walsh
2011-10-20 16:50:40 -0400
a8fa8756a9Add selinux_check_access function. Needed for passwd, chfn, chsh
Dan Walsh
2011-10-20 15:44:39 -0400
a702adc23cHandle situation where selinux=0 passed to the kernel and both /selinux and
Dan Walsh
2011-09-22 09:40:40 -0400
3f542ebbedHandle situation where selinux=0 passed to the kernel and both /selinux and
Dan Walsh
2011-09-22 09:38:06 -0400
942b6cd466Update to upstream * utils: matchpathcon: remove duplicate declaration * src: matchpathcon: use myprintf not fprintf * src: matchpathcon: make sure resolved path starts * put libselinux.so.1 in /lib not /usr/lib * tree: default make target to all not
Dan Walsh
2011-09-19 06:53:35 -0400
aa09b7d954Update to upstream * utils: matchpathcon: remove duplicate declaration * src: matchpathcon: use myprintf not fprintf * src: matchpathcon: make sure resolved path starts * put libselinux.so.1 in /lib not /usr/lib * tree: default make target to all not
Dan Walsh
2011-09-19 06:52:45 -0400
37244b5b3bSwitch to use ":" as prefix separator rather then ";"
Dan Walsh
2011-09-14 22:02:29 -0400
5113c7563aSwitch to use ":" as prefix separator rather then ";"
Dan Walsh
2011-09-14 22:01:30 -0400
8530670002Avoid unnecessary shell invocation in %post.
Dan Walsh
2011-09-12 16:33:28 -0400
09b67080b4Avoid unnecessary shell invocation in %post.
Dan Walsh
2011-09-08 15:26:30 -0400
c03bd38197Fix handling of subset labeling that is causing segfault in restorecon
Dan Walsh
2011-09-06 09:46:57 -0400
10e77a8370Change matchpathcon_init_prefix and selabel_open to allow multiple initial prefixes. Now you can specify a ";" separated list of prefixes and the labeling system will only load regular expressions that match these prefixes.
Dan Walsh
2011-09-02 08:58:11 -0400
44cb708314Change matchpatcon to use proper myprintf Fix symlink_realpath to always include "/" Update to upstream * selinux_file_context_verify function returns wrong value. * move realpath helper to matchpathcon library * python wrapper makefile changes
Dan Walsh
2011-08-30 11:14:36 -0400
495b754734Change matchpatcon to use proper myprintf Fix symlink_realpath to always include "/" Update to upstream * selinux_file_context_verify function returns wrong value. * move realpath helper to matchpathcon library * python wrapper makefile changes
Dan Walsh
2011-08-30 11:08:49 -0400
0ae97d39a1Move to new Makefile that can build with or without PYTHON being set
Dan Walsh
2011-08-23 09:20:39 -0400
4eca5fc79fMove to new Makefile that can build with or without PYTHON being set
Dan Walsh
2011-08-22 11:04:32 -0400
00e063e5f5Update to upstream 2.1.4 2011-0817 * mapping fix for invalid class/perms after selinux_set_mapping * audit2why: work around python bug not defining * resolv symlinks and dot directories before matching
Dan Walsh
2011-08-18 07:09:51 -0400
125b5b107cUpdate to upstream * Release, minor version bump * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_* functions by Richard Haines.
Dan Walsh
2011-07-28 11:58:12 -0400
076f35f59bOnly call dups check within selabel/matchpathcon if you are validating the context This seems to speed the loading of labels by 4 times.
Dan Walsh
2011-06-13 11:29:06 -0400
2c3aaeae1eMove /selinux to /sys/fs/selinux Add selinuxexeccon Add realpath to matchpathcon to handle matchpathcon * type queries.
Dan Walsh
2011-05-25 14:25:56 -0400
71e7978d45Update for latest libsepol
Dan Walsh
2011-04-21 12:02:22 -0400
f0ee56705aUpdate for latest libsepol
Dan Walsh
2011-04-18 09:33:23 -0400
73bed069d2Fix restorecon python binding to accept relative paths
Dan Walsh
2011-04-13 16:51:22 -0400
f3cde748c3Fix restorecon python binding to accept relative paths
f15
Dan Walsh
2011-04-13 16:51:13 -0400
6db4df3c24Update to upstream * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_* functions by Richard Haines.
Dan Walsh
2011-04-12 10:09:47 -0400
982b2e517dUpdate to upstream * Give correct names to mount points in load_policy by Dan Walsh. * Make sure selinux state is reported correctly if selinux is disabled or fails to load by Dan Walsh. * Fix crash if selinux_key_create was never called by Dan Walsh. * Add new file_context.subs_dist for distro specific filecon substitutions by Dan Walsh. * Update man pages for selinux_color_* functions by Richard Haines.
Dan Walsh
2011-04-12 10:08:26 -0400
33126529f6Clean up patch to make handling of constructor cleanup more portable * db_language object class support for selabel_lookup from KaiGai Kohei. * Library destructors for thread local storage keys from Eamon Walsh.
Dan Walsh
2011-04-06 16:48:06 -0400
d455eb5e43Clean up patch to make handling of constructor cleanup more portable * db_language object class support for selabel_lookup from KaiGai Kohei. * Library destructors for thread local storage keys from Eamon Walsh.
Dan Walsh
2011-04-06 16:46:47 -0400
3d499ceb03Clean up patch to make handling of constructor cleanup more portable
Dan Walsh
2011-04-06 11:19:19 -0400
0b1dda0fafClean up patch to make handling of constructor cleanup more portable
Dan Walsh
2011-04-06 11:19:12 -0400
8723500e16Add file_context.subs_dist to subs paths
Dan Walsh
2011-04-05 14:03:07 -0400
1f974ef6b5Add patch from dbhole@redhat.com to initialize thread keys to -1 Errors were being seen in libpthread/libdl that were related to corrupt thread specific keys. Global destructors that are called on dl unload. During destruction delete a thread specific key without checking if it has been initialized. Since the constructor is not called each time (i.e. key is not initialized with pthread_key_create each time), and the default is 0, there is a possibility that key 0 for an active thread gets deleted. This is exactly what is happening in case of OpenJDK.
Dan Walsh
2011-04-05 12:11:41 -0400
4b2caaad18Add patch from dbhole@redhat.com to initialize thread keys to -1 Errors were being seen in libpthread/libdl that were related to corrupt thread specific keys. Global destructors that are called on dl unload. During destruction delete a thread specific key without checking if it has been initialized. Since the constructor is not called each time (i.e. key is not initialized with pthread_key_create each time), and the default is 0, there is a possibility that key 0 for an active thread gets deleted. This is exactly what is happening in case of OpenJDK.
Dan Walsh
2011-04-05 12:10:57 -0400
c862d2e3e2Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
Dan Walsh
2011-04-05 11:38:53 -0400
9ac8a9964bCall fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
Dan Walsh
2011-04-05 11:37:30 -0400
0cd375f839Call fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
Dan Walsh
2011-04-05 11:25:39 -0400
ec9f86f97cCall fini_selinuxmnt if selinux is disabled, to cause is_selinux_disabled() to report correct data
Dan Walsh
2011-04-05 11:25:33 -0400
1fefea1eb1Update to upstream * Turn off default user handling when computing user contexts by Dan Walsh
Dan Walsh
2011-03-30 14:42:17 -0400
3fe523e77cUpdate to upstream * Turn off default user handling when computing user contexts by Dan Walsh
Dan Walsh
2011-03-03 09:41:32 -0500