Fixes:
# semanage boolean -m --on polyinstantiation_enabled
ValueError: Boolean polyinstantiation_enabled is not defined
# semanage login -a -s staff_u -r s0-s0:c0.c1023 yeti
libsemanage.dbase_llist_query: could not query record value (No such
file or directory).
FileNotFoundError: [Errno 2] No such file or directory
- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
- The functionality of audit2allow which was disabled in the previous
commit should be available again
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)
FIXME: some functionality of audit2allow was temporarily disabled until sepolicy is
ported to python 3
commit 2ff279e21e4715ac49e094b5fae8bc8e84b9e417 ("policycoreutils:
semanage: update to new source policy infrastructure") introduced
new methods for enabling/disabling modules but failed to update
the deleteall method of class moduleRecords to use the new method.
The deleteall method was introduced by commit
3dafb1046d847783f1e761535925ea79d69d3305 ("Add deleteall customizations
field for modules.") as a way to re-enable all locally disabled modules.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
fedora-selinux/selinux.git:
ab77906ea96a10bcbefee06ab7d32af853d4cf33
adffc5e277f5c5a99771439f793b7aa91be59f31
Conflict with selinux-policy causes deadlocks in buildroots when
there's no selinux-policy available. selinux-policy-base is provided by
targeted, mls and minimum subpackages which are not installed to
buildroots.
- add make-rhat-patches.sh script which creates policycoreutils-rhat.patch and sepolgen-rhat.patch patches
- use source files from https://github.com/SELinuxProject/selinux/wiki/Releases
- extract sources to selinux/ directory and build them there
Create -rhat patches from
c83f4d17e7
- Add support for Fedora22 man pages. We need to fix it to not using hardcoding.
- Print usage for all mutually exclusive options.
- Fix selinux man page to refer seinfo and sesearch tools.
* If there is no executable we don't want to print a part of STANDARD FILE CON
* Add-manpages-for-typealiased-types
* Make fixfiles_exclude_dirs working if there is a substituion for the given d
* If there is no executable we don't want to print a part of STANDARD FILE CON
* Add-manpages-for-typealiased-types
* Make fixfiles_exclude_dirs working if there is a substituion for the given d
* Add -P semodule option to man page from Dan Walsh.
* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
* Add new icons for sepolicy gui from Dan Walsh.
* Only return writeable files that are enabled from Dan Walsh.
* Add domain to short list of domains, when -t and -d from Dan Walsh.
* Fix up desktop files to match current standards from Dan Walsh.
* Add support to return sensitivities and categories for python from Dan Walsh.
* Cleanup whitespace from Dan Walsh.
* Add message to tell user to install sandbox policy from Dan Walsh.
* Add systemd unit file for mcstrans from Laurent Bigonville.
* Improve restorecond systemd unit file from Laurent Bigonville.
* Minor man pages improvements from Laurent Bigonville.
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
- Add patches for sepolicy gui from mgrepl to
Fix advanced_item_button_push() to allow to select an application in advanced search menu
Fix previously_modified_initialize() to show modified changes properly for all selections
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
- Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate
- Clean up ports screen to only show enabled ports.
- Update to upstream
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
- Clean up ports screen to only show enabled ports.
- Update to upstream
* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
* Properly build the swig exception file from Laurent Bigonville.
* Fix man pages from Laurent Bigonville.
* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
* Fix LDFLAGS usage from Laurent Bigonville.
* Fix init_policy warning from Laurent Bigonville.
* Fix semanage logging from Laurent Bigonville.
* Open newrole stdin as read/write from Sven Vermeulen.
* Fix sepolicy transition from Sven Vermeulen.
* Support overriding CFLAGS from Simon Ruderich.
* Create correct man directory for run_init from Russell Coker.
* restorecon GLOB_BRACE change from Michal Trunecka.
* Extend audit2why to report additional constraint information.
* Catch IOError errors within audit2allow from Dan Walsh.
* semanage export/import fixes from Dan Walsh.
* Improve setfiles progress reporting from Dan Walsh.
* Document setfiles -o option in usage from Dan Walsh.
* Change setfiles to always return -1 on failure from Dan Walsh.
* Improve setsebool error r eporting from Dan Walsh.
* Major overhaul of gui from Dan Walsh.
* Fix sepolicy handling of non-MLS policy from Dan Walsh.
* Support returning type aliases from Dan Walsh.
* Add sepolicy tests from Dan Walsh.
* Add org.selinux.config.policy from Dan Walsh.
* Improve range and user input checking by semanage from Dan Walsh.
* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
* Allow use of <<none>> for semanage fcontext from Dan Walsh.
* Report customized user levels from Dan Walsh.
* Support deleteall for restoring disabled modules from Dan Walsh.
* Improve semanage error reporting from Dan Walsh.
* Only list disabled modules for module locallist from Dan Walsh.
* Fix logging from Dan Walsh.
* Define new constants for file type character codes from Dan Walsh.
* Improve bash completions from Dan Walsh.
* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
* Add semanage tests from Dan Walsh.
* Split semanage man pages from Dan Walsh.
* Move bash completion scripts from Dan Walsh.
* Replace genhomedircon script with a link to semodule from Dan Walsh.
* Fix fixfiles from Dan Walsh.
* Add support for systemd service for restorecon from Dan Walsh.
* Spelling corrections from Dan Walsh.
* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
* Switch sandbox to openbox window manager from Dan Walsh.
* Coalesce audit2why and audit2allow from Dan Walsh.
* Change audit2allow to append to output file from Dan Walsh.
* Update translations from Dan Walsh.
* Change audit2why to use selinux_current_policy_path from Dan Walsh.
- Add more help information
- Cleanup code
- Add deny_ptrace on lockdown screen
- Make unconfined/permissivedomains lockdown work
- Add more support for file equivalency
- Update translations
- Fix sepolicy generate --admin_user man page again
- Fix setsebool to print less verbose error messages by default, add -V for ve
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
- Apply Miroslav Grepl Patches for sepolicy
-- Fix generate mutually groups option handling
-- EUSER is used for existing policy
-- customize options can be used together with admin_domain option
-- Fix manpage.py to generate correct man pages for SELinux users
-- Fix policy *.te file generated by customize+writepaths options
-- Fix install script for confined_admin option
- Apply Miroslav Grepl patch to clean up sepolicy generate usage
- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
- Update Tranlslations
- use nroff instead of man2html
- Remove checking for name of person who created the man page
- audit2allow
- Fix output to show the level that is different.
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
- fixfiles onboot will write any flags handed to it to /.autorelabel.
- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
- * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
- fixfiles onboot will write any flags handed to it to /.autorelabel.
- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
- * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
- Add newtype as a new qualifier to sepolicy generate. This new mechanism wil
- a policy write to generate types after the initial policy has been written a
- will autogenerate all of the interfaces.
- I also added a -w options to allow policy writers from the command line to s
- the writable directories of files.
-
- Modify network.py to include interface definitions for newly created port type
- Standardize of te_types just like all of the other templates.
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
- Fix sepolicy generate -T to not take an argument, and supress the help message
- Since this is really just a testing tool
Petr Lautrbach
Lukas Vrabec
Ondrej Slamecka
Dennis Gilmore
Dan Walsh
Miroslav Grepl
Peter Robinson
Tom Callaway
Kalev Lember
Rahul Sundaram