Commit Graph

911 Commits

Author SHA1 Message Date
Dan Walsh
04a21e14f5 Fix the name of the spec file generated in the build script 2013-05-26 07:01:45 -04:00
Dan Walsh
55520d61bb Fix sandbox to always use sandbox_file_t, so generated policy will work.
- Update Translations
2013-05-21 10:24:55 -04:00
Dan Walsh
72cc2c98e2 Need to handle gziped policy.xml as well as not compressed. 2013-05-14 15:54:34 -04:00
Dan Walsh
893a20e39a Add support for Xephyr -resizable, so sandbox can now resize window
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
2013-05-14 08:22:26 -04:00
Dan Walsh
62c82285f2 Only require selinux-policy-devel for policycoreutils-devel, this will shrink the size of the livecd. 2013-05-13 10:21:04 -04:00
Dan Walsh
0d5bdb0982 Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed, first time
- Add  Sven Vermeulen  patches to cleanup man pages
2013-05-12 06:08:08 -04:00
Dan Walsh
f3516b164f No longer run sepolgen-ifgen at install time.
- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed.
- Update Translations
2013-05-10 09:34:20 -04:00
Dan Walsh
a1622cbdfc Fix exceptionion hanling in audit2allow -o
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
2013-04-22 10:04:14 -04:00
Dan Walsh
e19e89cc2d Update translations
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
2013-04-10 16:47:09 -04:00
Dan Walsh
3425b4c3dc Update translations
- Add patch inspired by Miroslav Grepl to add extended information for sepolicy interface command.
2013-04-09 13:12:43 -04:00
Dan Walsh
153f8e3865 Update translations
- Add missing man pages and fixup existing man pages
2013-04-08 15:31:30 -04:00
Dan Walsh
96c084f7c3 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel
- Apply Miroslav Grepl Patches for sepolicy
-- Fix generate mutually groups option handling
-- EUSER is used for existing policy
-- customize options can be used together with admin_domain option
-- Fix manpage.py to generate correct man pages for SELinux users
-- Fix policy *.te file generated by customize+writepaths options
-- Fix install script for confined_admin option
2013-04-03 11:26:49 -04:00
Dan Walsh
93ba232940 Add buildrequires for OpenBox to prevent me from accidently building into RHEL7
- Add support for returning alias data to sepolicy.info python bindings
2013-03-28 13:47:58 -04:00
Dan Walsh
ea6e803673 Fix audit2allow output to better align analysys with the allow rules
- Apply Miroslav Grepl patch to clean up sepolicy generate usage
- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
- Update Tranlslations
2013-03-27 14:00:49 -04:00
Dan Walsh
05cf7b36dc Allow semanage fcontext -a -t "<<none>>" ... to work 2013-03-27 11:21:21 -04:00
Dan Walsh
d052bda88a Can not unshare IPC in sandbox, since it blows up Xephyr
- Remove bogus error message sandbox about reseting setfsuid
2013-03-25 09:22:31 -04:00
Dan Walsh
9ef13ad6bc sepolgen-ifgen needs to handle filename transition rules containing ":" 2013-03-21 10:52:38 -04:00
Dan Walsh
f5c1b2817f sepolicy manpage:
-   use nroff instead of man2html
-   Remove checking for name of person who created the man page
- audit2allow
-   Fix output to show the level that is different.
2013-03-19 17:00:22 -04:00
Dan Walsh
38c288127b Fix newrole to not drop capabilities from the bounding set.
- Stop dropping capabilities from its children.
- Add better error messages.
- Change location of bash_completion files to /usr/share/bash-completion/compl
2013-03-14 17:59:03 -04:00
Dan Walsh
3aca74a161 Have restorecon exit -1 on errors for consistancy. 2013-03-06 12:03:27 -05:00
Dan Walsh
b4e4f79ed5 Need to provide a value to semanage boolean -m 2013-03-05 11:20:07 -05:00
Dan Walsh
e5aaa46215 Fix cut and paste errors for sepolicy network command 2013-03-04 11:34:25 -05:00
Dan Walsh
fefce8f581 Fix sepoicy interface to work properly 2013-03-01 14:18:15 -05:00
Dan Walsh
5324d20ca0 Fix fixfiles to use exclude_dirs on fixfiles restore 2013-02-28 15:31:20 -05:00
Dan Walsh
10913b779d Fix fixfiles to use exclude_dirs on fixfiles restore 2013-02-28 15:28:38 -05:00
Dan Walsh
4cc4167518 Allow users with symlinked homedirs to work. call realpath on homedir
- Fix sepolicy reorganization of helper functions.
2013-02-28 14:24:35 -05:00
Rahul Sundaram
1dd3bee373 remove vendor tag from desktop file. https://fedorahosted.org/fpc/ticket/247
- clean up spec to follow current guidelines
2013-02-25 00:32:25 -05:00
Dan Walsh
b1cf8c69ac Update trans
- Fix sepolicy reorganization of helper functions.
2013-02-24 18:29:34 +01:00
Dan Walsh
8c07616121 Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package 2013-02-22 17:38:59 +01:00
Dan Walsh
c617c0cebf sepolgen-ifgen should use the current policy path if selinux is enabled 2013-02-22 14:06:28 +01:00
Dan Walsh
21179e1822 Fix sepolicy to be able to work on an SELinux disabled system.
- Needed to be able to build man pages in selinux-policy package
2013-02-22 13:06:49 +01:00
Dan Walsh
3f69c2f15b Add yum to requires of policycoreutils-python since sepolicy requires it. 2013-02-21 22:49:36 +01:00
Dan Walsh
d421fd0097 Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 21:21:18 +01:00
Dan Walsh
8779e924e9 Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 20:06:41 +01:00
Dan Walsh
92a9b8454b Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 18:26:12 +01:00
Dan Walsh
3234f310f1 Add --root/-r flag to sepolicy manpage,
- This allows us to generate man pages on the fly in the selinux-policy build
2013-02-20 16:48:51 +01:00
Dan Walsh
68cfa786ad Fix newrole to retain cap_audit_write when compiled with namespace, also
do not drop capabilities when run as root.
2013-02-18 14:14:39 -05:00
Dan Walsh
5855410892 Fix man page generation and public_content description 2013-02-14 10:13:51 -05:00
Dan Walsh
9057b25d2b Revert some changes which are causing the wrong policy version file to be created
- Switch sandbox to start using openbox rather then matchpbox
- Make sepolgen a symlink to sepolicy
- update translations
2013-02-14 08:28:08 -05:00
Dan Walsh
f79f9d24b6 Fix empty system-config-selinux.png, again 2013-02-13 09:23:43 -05:00
Dan Walsh
296f63cbc3 Fix empty system-config-selinux.png 2013-02-12 16:16:02 -05:00
Dan Walsh
0e639a9ea0 Update to upstream 2013-02-08 09:44:20 -05:00
Dan Walsh
205e3429b9 Reorginize sepolicy so all get_all functions are in main module
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
2013-01-31 13:58:25 -05:00
Dan Walsh
14f88c192c Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-28 09:29:48 -05:00
Dan Walsh
3aa7d3a916 Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-25 18:03:21 -05:00
Dan Walsh
eef44bd006 Additional changes for bash completsion and generate man page to match the w
-  Add newtype as a new qualifier to sepolicy generate.  This new mechanism wil
-  a policy write to generate types after the initial policy has been written a
-  will autogenerate all of the interfaces.
-  I also added a -w options to allow policy writers from the command line to s
-  the writable directories of files.
-
-  Modify network.py to include interface definitions for newly created port type
-  Standardize of te_types just like all of the other templates.
2013-01-21 13:37:48 -06:00
Dan Walsh
c910a0cf10 Update Translations
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
-   This fixes the spec file and script file getting wrong names for modules and types.
2013-01-15 12:19:10 -05:00
Dan Walsh
06ab21ffa7 Additional patch from Miroslav to handle role attributes 2013-01-09 12:08:37 -05:00
Dan Walsh
422fcbbd1a Update with Miroslav patch to handle role attributes
- Update Translations
- import sepolicy will only throw exception on missing policy iff selinux is enabled
2013-01-09 08:37:32 -05:00
Dan Walsh
6be5fbacb4 Update to latest patches from eparis/Upstream
-    secon: add support for setrans color information in prompt output
- Update translations
2013-01-05 11:25:32 -05:00