Commit Graph

102 Commits

Author SHA1 Message Date
Petr Lautrbach
153a29f02a Update to upstream release 2.4 from https://github.com/bachradsusi/selinux.git branch 2.4 2015-04-13 14:52:15 +02:00
Miroslav Grepl
bc9b70b7c6 * Wed Jul 30 2014 Miroslav Grepl <mgrepl@fedoraproject.org> - 2.3-5
- Skip policy module re-link when only setting booleans.
    * patch from Stephen Smalley
2014-07-30 19:22:07 +02:00
Dan Walsh
a0fdb6de82 libsemanage: fix memory leak in semanage_genhomedircon
- Patch from THomas Hurd
2014-03-31 08:34:33 -04:00
Dan Walsh
ab84ace2a1 Cleanup handling of missing mls_range to fix problems with useradd -Z
- Fix auditing of login record changes, roles were not working correctly.
Resolves: #952237
2013-10-16 14:34:13 -04:00
Dan Walsh
8dcd430104 Fix errors found by coverity 2013-10-04 14:55:58 -04:00
Dan Walsh
2a9c9b49a7 Do not fail on missing SELinux User Record when adding login record 2013-09-25 12:46:19 -04:00
Dan Walsh
a7e3a97407 Add msg to audit records 2013-09-23 15:11:52 -04:00
Dan Walsh
4bccd198db Do not write error message to screen when looking for previous record for auditing.
- Add mls_range from user record if the MLS range is not specified by the seuser add record.
- Error out if seuser or mls range is not specified when adding user records
2013-09-23 14:30:33 -04:00
Dan Walsh
a70e6a436c Create symlink from policy.kern to active kernel. 2013-09-09 09:34:32 -04:00
Dan Walsh
514a8aa4c0 Move handling of role audit records into the library
- Patch stops semanage from removing user record while in use
2013-07-26 17:39:40 -04:00
Dan Walsh
13bc72f76a - Fix test suite to build 2013-04-22 10:29:48 -04:00
Dan Walsh
db579f949e Fix test suite to build 2013-04-11 11:37:19 -04:00
Dan Walsh
518c1aa0ae Revert some changes which are causing the wrong policy version file to be created 2013-02-14 07:58:54 -05:00
Dan Walsh
1021fcbc45 Update to upstream
* Add sefcontext_compile to compile regex everytime policy is rebuilt
	* Cleanup/fix enable/disable/remove module.
	* redo genhomedircon minuid
	* fixes from coverity
	* semanage_store: do not leak memory in semanage_exec_prog
	* genhomedircon: remove useless conditional in get_home_dirs
	* genhomedircon: double free in get_home_dirs
	* fcontext_record: do not leak on error in semanage_fcontext_key_create
	* genhomedircon: do not leak on failure in write_gen_home_dir_context
	* semanage_store: do not leak fd
	* genhomedircon: do not leak shells list
	* semanage_store: do not leak on strdup failure
	* semanage_store: rewrite for readability
2013-02-07 13:41:45 -05:00
Dan Walsh
15a3a08fb3 Update to latest patches from eparis/Upstream
-    libsemanage: fixes from coverity
-    libsemange: redo genhomedircon minuid
2013-01-05 11:31:53 -05:00
Dan Walsh
f0b6adc46c Fix handling of missing semanage permissive -d foo, not failing correctly
- Previous to this fix the first module beginning with foo would get deleted.
2012-11-21 14:30:13 -05:00
rhatdan
70de4204ca Update to upstream
* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* do boolean name substitution
	* Fix segfault for building standard policies.
2012-09-15 07:48:40 -04:00
Dan Walsh
5f72978380 Attempt to allocate memory for selinux_binary_policy_path and free memory
- allocated by asprintf.
2012-07-13 16:37:22 -04:00
Dan Walsh
ea5e4bfdc0 Revert Eric Paris Patch for binary_policy_path 2012-07-13 14:30:26 -04:00
Dan Walsh
f21a19ce73 Fix asprintf within an asprintf call 2012-07-12 17:47:17 -04:00
Dan Walsh
114463ed84 Update to upstream
* remove build warning when build swig c files
	* additional makefile support for rubywrap
	* ignore 80 column limit for readability
	* semanage_store: fix snprintf length argument by using asprintf
	* Use default semanage.conf as a fallback
	* use after free in python bindings
2012-07-04 07:34:56 -04:00
Dan Walsh
340a7403e4 Apply patch from Sven Vermeulen to fix problem with python3 bindings. 2012-05-29 11:17:02 -04:00
Dan Walsh
72a84c3f42 Update to upstream
* Alternate path for semanage.conf
	* do not link against libpython, this is considered bad in Debian
	* Allow to build for several ruby version
	* fallback-user-level
2012-03-29 15:28:29 -04:00
Dan Walsh
6bcdc7fca5 Add patch form Xin Ouyang to make library use private semanage.conf 2012-01-06 09:19:58 -05:00
Dan Walsh
99d9fa911a Update to upstream
* add ignoredirs config for genhomedircon
	* Fallback_user_level can be NULL if you are not using MLS
2011-12-21 18:09:42 +00:00
Dan Walsh
32db106626 Add support for ignoredirs param in /etc/selinux/semanage.conf 2011-12-15 10:32:47 -05:00
Dan Walsh
a29afa3a34 Upgrade to upstream
* regenerate .pc on VERSION change
	* maintain mode even if umask is tighter
	* semanage.conf man page
	* create man5dir if not exist
2011-11-04 09:37:32 -04:00
Dan Walsh
86ba998b25 Fix handling of umask, so files get created with the correct label. 2011-10-20 15:03:03 -04:00
Dan Walsh
f7a6a5065b Add Guido Trentalancia semanage.conf man page 2011-09-19 08:17:18 -04:00
Dan Walsh
0b324a21d7 Add Guido Trentalancia semanage.conf man page 2011-09-19 07:29:40 -04:00
Dan Walsh
71a9b31459 Update to upstream
* Create a new preserve_tunables flag
	* tree: default make target to all not
	* fix semanage_store_access_check calling arguments
2011-09-19 06:57:07 -04:00
Dan Walsh
b7399a1357 Add support for preserving tunables 2011-09-14 22:29:13 -04:00
Dan Walsh
e7fd74843d Update to upstream
* python wrapper makefile changes
2011-08-30 16:50:02 -04:00
Dan Walsh
5e780f2aa2 Update to upstream
2.1.2 2011-08-17
	* print error debug info for buggy fc
	* introduce semanage_set_root and friends
	* throw exceptions in python rather than return
	* python3 support.
	* patch for MCS/MLS in user files
2011-08-22 09:46:21 -04:00
Dan Walsh
716220e45b Update to upstream
2.1.2 2011-08-17
	* print error debug info for buggy fc
	* introduce semanage_set_root and friends
	* throw exceptions in python rather than return
	* python3 support.
	* patch for MCS/MLS in user files
2011-08-19 06:34:47 -04:00
Dan Walsh
617897ade9 Update to upstream
2.1.2 2011-08-17
	* print error debug info for buggy fc
	* introduce semanage_set_root and friends
	* throw exceptions in python rather than return
	* python3 support.
	* patch for MCS/MLS in user files
2011-08-18 07:16:10 -04:00
Dan Walsh
c00e96cc0c More fixes for disabled modules 2011-06-08 14:46:29 -04:00
Dan Walsh
568e47f118 Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
indicating the module is disabled.  MODULE.pp.disabled, it will no longer rename the module.  This way we can
ship active modules in rpm.
2011-06-07 13:54:28 -04:00
Dan Walsh
410db78cc0 Change libsemanage mechanism for handling disabled modules. Now it will only create a flag for a module
indicating the module is disabled.  MODULE.pp.disabled, it will no longer rename the module.  This way we can
ship active modules in rpm.
2011-06-07 13:14:57 -04:00
Dan Walsh
0984542175 Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools 2011-06-02 12:14:52 -04:00
Dan Walsh
6120de7432 - Update to upstream
* Fix compliation under GCC 4.6 by Justin Mattock
2010-12-21 16:35:11 -05:00
Daniel J Walsh
0b6b0c93f2 - Update to upstream
Add enable/disable patch support from Dan Walsh.
Add usepasswd flag to semanage.conf to disable genhomedircon using passwd
    from Dan Walsh.
regenerate swig wrappers
2010-03-08 18:19:41 +00:00
Daniel J Walsh
bae6b411c7 - Rebuild all c programs with -fPIC 2009-12-16 21:11:12 +00:00
Daniel J Walsh
71c0c5e065 - Update to upstream
Move load_policy from /usr/sbin to /sbin from Dan Walsh.
2009-11-18 22:19:06 +00:00
Daniel J Walsh
b1238c466b - Dont relabel /root with genhomedircon 2009-09-20 11:43:05 +00:00
Daniel J Walsh
b05566938b - Update to upstream
Change semodule upgrade behavior to install even if the module is not
    present from Dan Walsh.
Make genhomedircon trim excess '/' from homedirs from Dan Walsh.
2009-09-17 13:02:59 +00:00
Daniel J Walsh
5aeb590264 - Update to upstream
Fix persistent dontaudit support to rebuild policy if the dontaudit state
    is changed from Chad Sellers.
- Move load_policy to /sbin
2009-09-09 17:57:13 +00:00
Daniel J Walsh
f6a1eaa2e3 - Add enable/disable modules 2009-08-28 18:03:05 +00:00
Daniel J Walsh
7313e2e746 - Make sure /root is not used in genhomedircon 2009-08-26 19:06:23 +00:00
Daniel J Walsh
168ea7cab1 Revert hard linking of files between tmp/active/previous.
Enable configuration of bzip behavior from Stephen Smalley.
    bzip-blocksize=0 to disable compression and decompression support.
    bzip-blocksize=1..9 to set the blocksize for compression.
    bzip-small=true to reduce memory usage for decompression.
2009-08-05 19:21:58 +00:00