Commit Graph

9 Commits

Author SHA1 Message Date
Petr Lautrbach
0ae5e5f70c semanage.conf - expand list of ignoredirs
It should prevent problems with wrong labels on directories in / after
commands like:

    # useradd -Z unconfined_u -d /var test

    # matchpathcon /var
    /var    unconfined_u:object_r:user_home_dir_t:s0
2020-12-18 17:24:10 +01:00
Petr Lautrbach
6cea6649ba semanage.conf - improve usepasswd=False explanation 2020-12-18 17:23:29 +01:00
Ondrej Mosnacek
5c57870019 Enable policy optimization
The new v3.0 SELInux userspace added support for optimizing the binary
policy by pruning redundant rules from it. Enable it on Fedora by
default, since it brings noticeable space savings and only negligibly
increases policy build time.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
2020-01-22 15:21:38 +01:00
Petr Lautrbach
3eb8f0c347 Revert "Enable expand-check in semanage.conf"
There are several update issues which need to be soled first before we
enable this in a stable release.

For more information see
https://bugzilla.redhat.com/show_bug.cgi?id=1319652#c25

This reverts commit e2707be9e1.
2018-06-27 09:34:21 +02:00
Petr Lautrbach
0b7304dd79 libsemanage-2.7-1
- Update to upstream release 2017-08-04
- Use 'sefcontext_compile -r' when it's run during SELinux policy build
2017-08-07 14:47:19 +02:00
Petr Lautrbach
e2707be9e1 Enable expand-check in semanage.conf
libsepol was fixed before release 2.4 and expand-check=1 doesn't make a
big time penalty. On the other hand, it's helpful to make it enabled by
default.

Resolves: rhbz#1319652
2016-03-21 11:15:45 +01:00
Dan Walsh
32db106626 Add support for ignoredirs param in /etc/selinux/semanage.conf 2011-12-15 10:32:47 -05:00
Dan Walsh
0984542175 Add semanage_set_selinux_path, to allow semodule to work on alternate selinux pools 2011-06-02 12:14:52 -04:00
Daniel J Walsh
0b6b0c93f2 - Update to upstream
Add enable/disable patch support from Dan Walsh.
Add usepasswd flag to semanage.conf to disable genhomedircon using passwd
    from Dan Walsh.
regenerate swig wrappers
2010-03-08 18:19:41 +00:00