Merged optimizations from Stephen Smalley.
- do not set all booleans upon commit, only those whose values have changed
- only install the sandbox upon commit if something was rebuilt
Merged Makefile test target patch from Caleb Case.
Merged get_commit_number function rename patch from Caleb Case.
Merged strnlen -> strlen patch from Todd Miller.
Merged patch to optionally reduce disk usage by removing the backup module
store and linked policy from Karl MacMillan
Merged patch to correctly propagate return values in libsemanage
Merged patch to optionally reduce disk usage by removing the backup module
store and linked policy from Karl MacMillan
Merged patch to correctly propagate return values in libsemanage
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
prevent hitting the global offest table limit. Patch changed to include
libselinux and libsemanage in addition to libsepol.
dbase_file_cache: deref of uninit data on error path. dbase_policydb_cache:
clear fp to avoid double fclose semanage_fc_sort: destroy temp on error
paths
Merged updated file context sorting patch from Christopher Ashworth, with
bug fix for escaped character flag.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
Merged file context sorting code from Christopher Ashworth (Tresys
Technology), based on fc_sort.c code in refpolicy.
Merged python binding t_output_helper removal patch from Dan Walsh.
Regenerated swig files.
- Upgrade to latest from NSA
Merged abort early on merge errors patch from Ivan Gyurdiev.
Cleaned up error handling in semanage_split_fc based on a patch by Serge
Hallyn (IBM) and suggestions by Ivan Gyurdiev.
Merged MLS handling fixes from Ivan Gyurdiev.
Merged paths array patch from Ivan Gyurdiev.
Merged bug fix patch from Ivan Gyurdiev.
Merged improve bindings patch from Ivan Gyurdiev.
Merged use PyList patch from Ivan Gyurdiev.
Merged memory leak fix patch from Ivan Gyurdiev.
Merged nodecon support patch from Ivan Gyurdiev.
Merged cleanups patch from Ivan Gyurdiev.
Merged split swig patch from Ivan Gyurdiev.
Merged optionals in base patch from Joshua Brindle.
Merged treat seusers/users_extra as optional sections patch from Ivan
Gyurdiev.
Merged parse_optional fixes from Ivan Gyurdiev.
Clarified error messages from parse_module_headers and parse_base_headers
for base/module mismatches.
Merged string and file optimization patch from Russell Coker.
Merged swig header reordering patch from Ivan Gyurdiev.
Merged toggle modify on add patch from Ivan Gyurdiev.
Merged ports parser bugfix patch from Ivan Gyurdiev.
Merged fcontext swig patch from Ivan Gyurdiev.
Merged remove add/modify/delete for active booleans patch from Ivan
Gyurdiev.
Merged man pages for dbase functions patch from Ivan Gyurdiev.
Merged pywrap tests patch from Ivan Gyurdiev.
- separate file rw code from linked list
- annotate objects
- fold together internal headers
- support ordering of records in compare function
- add active dbase backend, active booleans
- return commit numbers for ro database calls
- use modified flags to skip rebuild whenever possible
- enable port interfaces
- update swig interfaces and typemaps
- add an API for file_contexts.local and file_contexts
- flip the traversal order in iterate/list
- reorganize sandbox_expand
- add seusers MLS validation
- improve dbase spec/documentation
- clone record on set/add/modify
Merged further header cleanups from Ivan Gyurdiev.
Merged toggle modified flag in policydb_modify, fix memory leak in
clear_obsolete, polymorphism vs headers fix, and include guards for
internal headers patches from Ivan Gyurdiev.
Merged toggle modified flag in policydb_modify, fix memory leak in
clear_obsolete, polymorphism vs headers fix, and include guards for
internal headers patches from Ivan Gyurdiev.
Added file-mode= setting to semanage.conf, default to 0644. Changed
semanage_copy_file and callers to use this mode when installing policy
files to runtime locations.
Changed semanage_handle_create() to set do_reload based on
is_selinux_enabled(). This prevents improper attempts to load policy on
a non-SELinux system.
Merged wrap char*** for user_get_roles patch from Joshua Brindle.
Merged remove defrole from sepol patch from Ivan Gyurdiev.
Merged swig wrappers for modifying users and seusers from Joshua Brindle.
Fixed free->key_free bug.
Merged clear obsolete patch from Ivan Gyurdiev.
Merged modified swigify patch from Dan Walsh (original patch from Joshua
Brindle).
Merged move genhomedircon call patch from Chad Sellers.
Merged cleanup patch from Ivan Gyurdiev. This renames semanage_module_conn
to semanage_direct_handle, and moves sepol handle create/destroy into
semanage handle create/destroy to allow use even when disconnected (for
the record interfaces).
Clear modules modified flag upon disconnect and commit.
Added tracking of module modifications and use it to determine whether
expand-time checks should be applied on commit.
Reverted semanage_set_reload_bools() interface.
Disabled calls to port dbase for merge and commit and stubbed out calls to
sepol_port interfaces since they are not exported.
Merged rename instead of copy patch from Joshua Brindle (Tresys).
Added hidden_def/hidden_proto for exported symbols used within libsemanage
to eliminate relocations. Wrapped type definitions in exported headers
as needed to avoid conflicts. Added src/context_internal.h and
src/iface_internal.h.
Added semanage_is_managed() interface to allow detection of whether the
policy is managed via libsemanage. This enables proper handling in
setsebool for non-managed systems.
Merged semanage_set_reload_bools() interface from Ivan Gyurdiev, to enable
runtime control over preserving active boolean values versus reloading
their saved settings upon commit.
Merged seuser parser resync, dbase tracking and cleanup, strtol bug,
copyright, and assert space patches from Ivan Gyurdiev.
Added src/*_internal.h in preparation for other changes.
Added hidden/hidden_proto/hidden_def to src/debug.[hc] and
src/seusers.[hc].
Merged interface parse/print, context_to_string interface change, move
assert_noeof, and order preserving patches from Ivan Gyurdiev.
Added src/dso.h in preparation for other changes.
Merged install seusers, handle/error messages, MLS parsing, and seusers
validation patches from Ivan Gyurdiev.