Commit Graph

353 Commits

Author SHA1 Message Date
Dan Walsh
8f8f3fb514 Update to upstream
* filename_trans: use some better sorting to compare and merge
	* coverity fixes
	* implement default type policy syntax
	* Fix memory leak issues found by Klocwork
- Add CONTRAINT_NAMES to the kernel
2013-02-07 12:24:09 -05:00
Dan Walsh
1a48e42dcf Update to latest patches from eparis/Upstream 2013-01-27 19:55:20 -05:00
Dan Walsh
d002148307 Update to latest patches from eparis/Upstream 2013-01-25 09:32:52 -05:00
Dan Walsh
6e6c78000d Update to latest patches from eparis/Upstream 2013-01-25 09:21:55 -05:00
Dan Walsh
5a38f90989 Fix libsepol.stack messages in audit2allow/audit2why 2013-01-08 13:35:56 -05:00
Dan Walsh
7a2ea3adf4 Fix libsepol.stack messages in audit2allow/audit2why 2013-01-08 13:30:18 -05:00
Dan Walsh
0df3b08ca9 Update to latest patches from eparis/Upstream 2013-01-04 17:17:25 -05:00
Dan Walsh
a3698bbb34 Update Richard Haines patch to show constraint information 2012-11-27 16:31:35 -05:00
Dan Walsh
0557b38137 Add sepol_compute_av_reason_buffer patch from Richard Haines 2012-11-19 09:10:41 -05:00
rhatdan
eb4908df1b Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules 2012-09-19 16:09:53 -04:00
rhatdan
7a85deddcf Update to upstream
* fix neverallow checking on attributes
	* Move context_copy() after switch block in ocontext_copy_*().
	* check for missing initial SID labeling statement.
	* Add always_check_network policy capability
	* role_fix_callback skips out-of-scope roles during expansion.
2012-09-13 12:32:09 -04:00
Dan Walsh
99ee75724c Try new patches 2012-07-30 11:11:54 -04:00
Dan Walsh
f204e024f1 Try new patches 2012-07-30 11:10:02 -04:00
Dan Walsh
feedd04d81 Revert patches 2012-07-24 13:52:32 -04:00
Dan Walsh
4b02553992 Revert patches 2012-07-24 13:52:08 -04:00
Dan Walsh
fa3013007e Revert patches 2012-07-24 13:50:59 -04:00
Dennis Gilmore
03f17d27e6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-19 16:10:21 -05:00
Dan Walsh
5f329cea08 Update to upstream
* reserve policycapability for redhat testing of ptrace child
	* cosmetic changes to make the source easier to read
	* prepend instead of append to filename_trans list
	* Android/MacOS X build support
	* allocate enough space to hold filename in trans rules
2012-07-04 07:19:41 -04:00
Dan Walsh
96e6f72927 Fix off by one error that is causing file_name transition rules to be expanded
- incorrectly on i686 machines
2012-04-23 18:20:41 -04:00
Dan Walsh
9d04e817bf Add support for ptrace_child 2012-04-17 13:12:15 -04:00
Dan Walsh
a195d32913 Update to upstream
* checkpolicy: implement new default labeling behaviors
2012-03-29 14:28:13 -04:00
Dennis Gilmore
46942f6c6f - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 02:24:42 -06:00
Dan Walsh
ee95801ed9 Update to match eparis pool 2011-12-21 13:33:01 +00:00
Dan Walsh
f39b887832 Additional fix for default transitioning labeling for semodule 2011-12-15 17:06:11 -05:00
Dan Walsh
f15ff0d1b0 Add Eparis patch for handling of default transition labeling 2011-12-15 16:18:28 -05:00
Dan Walsh
b413b6e9e9 Add Eparis patch for handling of default transition labeling 2011-12-15 15:05:59 -05:00
Dan Walsh
58df885532 Remove old source from sources file 2011-11-04 09:06:17 -04:00
Dan Walsh
39e091adf3 Update to upstream
* regenerate .pc on VERSION change
	* Move ebitmap_* functions from mcstrans to libsepol
	* expand: do filename_trans type comparison on mapped representation
2011-11-04 08:55:31 -04:00
Dan Walsh
878dae3299 The filename_trans code had a bug where duplicate detection was being
done between the unmapped type value of a new rule and the type value of
rules already in policy.  This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem.  It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
2011-10-31 16:34:33 -04:00
Dan Walsh
07e78442e3 Update to upstream
* Skip writing role attributes for policy.X and
	* Indicate when boolean is indeed a tunable.
	* Separate tunable from boolean during compile.
	* Write and read TUNABLE flags in related
	* Copy and check the cond_bool_datum_t.flags during link.
	* Permanently discard disabled branches of tunables in
	* Skip tunable identifier and cond_node_t in expansion.
	* Create a new preserve_tunables flag
	* Preserve tunables when required by semodule program.
	* setools expects expand_module_avrules to be an exported
	* tree: default make target to all not
2011-09-19 06:48:59 -04:00
Dan Walsh
ed26f06a29 Add patch to handle preserving tunables 2011-09-14 22:40:27 -04:00
Dan Walsh
3c75a3b3ff export expand_module_avrules 2011-09-01 17:07:56 -04:00
Dan Walsh
6eec04097e Update to upstream
* Only call role_fix_callback for base.p_roles during expansion.
	* use mapped role number instead of module role number
2011-08-18 06:58:25 -04:00
Dan Walsh
a98ce44d26 Update to upstream
* Release, minor version bump
2011-07-28 11:35:27 -04:00
Dan Walsh
b7b88e49b7 Update to upstream
* Warn if filename_trans rules are dropped by Steve Lawrence.
2011-05-03 09:40:22 -04:00
Dan Walsh
1a403b0896 Fixes for new role_transition class field by Eric Paris. 2011-04-21 11:25:56 -04:00
Dan Walsh
6e97542597 Update to upstream
* Fixes for new role_transition class field by Eric Paris.
	* Add libsepol support for filename_trans rules by Eric Paris.
2011-04-14 08:52:33 -04:00
Dan Walsh
54f27dc276 re-add Erics patch for filename transitions
Update to upstream
	* Add new class field in role_transition by Harry Ciao.
2011-04-12 14:29:20 -04:00
Dan Walsh
554824b9da Latest patches 2011-04-12 13:11:15 -04:00
Dan Walsh
53af5b6865 re-add Erics patch for filename transitions
Update to upstream
	* Add new class field in role_transition by Harry Ciao.
2011-04-12 10:36:13 -04:00
Dan Walsh
a3a7288b5c * Give correct names to mount points in load_policy by Dan Walsh.
* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-04-12 10:03:13 -04:00
Dan Walsh
92502fe369 Apply Eparis Patch
This patch add libsepol support for filename_trans rules.  These rules
allow on to make labeling decisions for new objects based partially on
the last path component.  They are stored in a list.  If we find that
the number of rules grows to an significant size I will likely choose to
store these in a hash, both in libsepol and in the kernel.  But as long
as the number of such rules stays small, this should be good.
2011-03-29 15:27:36 -04:00
Dennis Gilmore
65043ab531 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 05:21:04 -06:00
Dan Walsh
60894b281e - Upgrade to latest from NSA
* Fix compliation under GCC 4.6 by Justin Mattock
2010-12-22 14:56:26 -05:00
Dan Walsh
9788767c5c - Upgrade to latest from NSA
* Fix compliation under GCC 4.6 by Justin Mattock
2010-12-21 16:43:33 -05:00
Fedora Release Engineering
957300d4ea dist-git conversion 2010-07-28 21:38:27 +00:00
Dan Horák
a7387c80ed - Fix libsepol.pc file 2010-06-17 07:38:54 +00:00
Daniel J Walsh
83e7a5b3fa - Resolve specfile problems Resolves: #555835 2010-01-28 21:04:22 +00:00
Daniel J Walsh
90faed0461 - Resolve specfile problems Resolves: #555835 2010-01-28 21:03:34 +00:00
Bill Nottingham
c07084d5f6 Fix typo that causes a failure to update the common directory. (releng
#2781)
2009-11-25 23:51:16 +00:00