rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,094 Commits 40 Branches 764 Tags 58 MiB
180235ba1d
Commit Graph

999 Commits

Author SHA1 Message Date
Dan Walsh
2683a97019 Improvements to sepolicy gui 
- Add more help information
  - Cleanup code
  - Add deny_ptrace on lockdown screen
  - Make unconfined/permissivedomains lockdown work
  - Add more support for file equivalency
 2013-09-28 07:06:41 -04:00
Dan Walsh
6879d63783 Add back in the help png files 
- Begin Adding support for file equivalency.
 2013-09-18 15:03:38 -04:00
Dan Walsh
0a77d12b6f Random fixes for sepolicy gui 
* Do not prompt for password until you make a change
  * Add user mappings and selinux users page
  * lots of code cleanup
 2013-09-11 09:45:00 -04:00
Dan Walsh
05a4073c77 Update sepolicy gui code, cleanups and add file transition tab 
- Fix semanage fcontext -a --ftype code to work.
 2013-08-15 10:14:40 -04:00
Dan Walsh
02d8b93ce5 Update sepolicy gui code, cleanups and add file transition tab 
- Fix semanage fcontext -a --ftype code to work.
 2013-08-15 09:00:32 -04:00
Dan Walsh
79e2d33ac3 If policy is not installed get_bools should not crash 2013-08-09 05:49:38 -04:00
Dan Walsh
e61d91108f Update sepolicy gui code, cleanups and add file transition tab 
- Fix semanage argparse problems
 2013-08-06 17:26:50 -04:00
Dan Walsh
56c629dbeb Update sepolicy gui code, adding dbus calls 
- Update Translations
 2013-08-02 14:42:48 -04:00
Dan Walsh
0385dda17f Update sepolicy gui code, adding dbus calls 
- Update Translations
 2013-08-02 14:24:25 -04:00
Dan Walsh
0eb608c431 Fix semanage argparse bugs 
- Update Translations
- Add test suite for semanage command lines
 2013-07-26 12:20:20 -04:00
Dan Walsh
f8c8b42b7a Fix semanage argparse bugs 2013-07-24 11:42:48 -04:00
Dan Walsh
d21896c450 Fix bugs introduced by previous patch. semanage port 
- Update Translations
- Add test suite for sepolicy command lines
 2013-07-23 16:59:48 -04:00
Dan Walsh
7fa44b7304 Fix bugs introduced by previous patch. semanage port 
- Update Translations
 2013-07-19 07:07:18 -04:00
Dan Walsh
27d056afb8 Don't generate shell script or spec file for sepolicy generate --newtype 
- Update translations
- Fix sepolicy generate --admin_user man page again
- Fix setsebool to print less verbose error messages by default, add -V for ve
 2013-07-16 11:53:03 -04:00
Dan Walsh
101341aa44 Update sepolicy gui. 2013-07-10 16:48:48 -04:00
Dan Walsh
2ab6b02e3c Add Ryan Hallisey sepolicy gui. 
- Update Translations
 2013-06-28 12:50:17 -04:00
Dan Walsh
e396b39f10 Fix semanage module error handling 2013-06-24 17:32:33 -04:00
Dan Walsh
863699842d Add back default exception handling for errors, which argparse rewrite removed. 2013-06-23 07:02:14 -04:00
Dan Walsh
5f68ab8fd2 Remove requires for systemd-sysv 
- Move systemd-units require to restorecond section
- Update Tranlasions
- More sepolicy interfaces for gui
 2013-06-21 07:43:24 -04:00
Dan Walsh
a904d22fb4 Fix semanage export/import commands 
- Fix semange module command
- Remove --version option from sandbox
 2013-06-19 11:24:56 -04:00
Dan Walsh
11643b3535 Fix semanage export/import commands 
- Fix semange module command
 2013-06-19 10:44:58 -04:00
Dan Walsh
82362e85ca Add man page doc for --role and bash complestion support for sepolicy --role 2013-06-18 14:49:19 -04:00
Dan Walsh
544468684c Make fcdict return a dictionary of dictionaries 
- Fix for sepolicy manpage
 2013-06-18 14:38:47 -04:00
Dan Walsh
4f89c533b5 Add new man pages for each semanage subsection 2013-06-17 16:59:42 -04:00
Dan Walsh
69da86fcf8 Add new man pages for each semanage subsection 2013-06-17 16:18:37 -04:00
Dan Walsh
305ae476dd Fix handling of sepolicy network sorting. 
- Additional interfaces needed for sepolicy gui
 2013-06-17 13:35:55 -04:00
Dan Walsh
39c0a6ec6a Fix handling of semanage args 2013-06-06 16:19:32 -04:00
Dan Walsh
b8c1b26e16 Fix sepolicy generate --confined_admin to generate tunables 
- Add new interface to generate entrypoints for use with new gui
 2013-06-06 14:05:52 -04:00
Dan Walsh
ad349ef1ad Fix handing of semanage with no args 2013-06-05 13:26:26 -04:00
Dan Walsh
4f084e9fcd Fix audit2allow -o to open file for append 
- Fix the name of the spec file generated in the build script
 2013-06-04 10:53:51 -04:00
Dan Walsh
e90e9c6c30 Fix mgrepl patch to support all semanage command parsing 2013-05-31 09:10:29 -04:00
Dan Walsh
16ab1d5de7 Fix the name of the spec file generated in the build script 
- Add mgrepl patch to support argparse for semanage command parsing
 2013-05-26 07:04:55 -04:00
Dan Walsh
4254724cef Fix the name of the spec file generated in the build script 
- Add mgrepl patch to support argparse for semanage command parsing
 2013-05-26 07:00:33 -04:00
Dan Walsh
f5d4f8f0dd Fix sandbox to always use sandbox_file_t, so generated policy will work. 
- Update Translations
 2013-05-21 09:41:29 -04:00
Dan Walsh
a956fd7105 Need to handle gziped policy.xml as well as not compressed. 2013-05-14 15:53:54 -04:00
Dan Walsh
b0bf57fdb1 Add support for Xephyr -resizable, so sandbox can now resize window 
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
 2013-05-14 08:21:26 -04:00
Dan Walsh
81224adaf3 Add support for Xephyr -resizable, so sandbox can now resize window 
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
 2013-05-14 08:18:35 -04:00
Dan Walsh
68b643cce8 Add support for Xephyr -resizable, so sandbox can now resize window 
- Add support for compressed policy.xml
- Miroslav Grepl patch to allow sepolicy interface on individual interface fil
- Also add capability to test interfaces for correctness.
 2013-05-14 08:17:18 -04:00
Dan Walsh
5918716f29 Apply patches from Sven Vermeulen for sepolgen to fix typos. 2013-05-13 16:47:23 -04:00
Dan Walsh
4adc19aea3 Only require selinux-policy-devel for policycoreutils-devel, this will shrink the size of the livecd. 2013-05-13 10:19:59 -04:00
Dan Walsh
d610eb1fd8 Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed, first time 
- Add  Sven Vermeulen  patches to cleanup man pages
 2013-05-12 06:06:28 -04:00
Dan Walsh
a941cc9a2c No longer run sepolgen-ifgen at install time. 
- Run sepolgen-ifgen in audit2allow and sepolicy generate, if needed.
- Update Translations
 2013-05-10 09:33:24 -04:00
Dan Walsh
b4c5b4829d Fix exceptionion hanling in audit2allow -o 
- Generate Man pages for everydomain, not just ones with exec_t entrypoints
- sepolicy comunicate should return ValueError not TypeError
- Trim header line in sepolicy manpage to use less space
- Add missing options to restorecon man page
 2013-04-22 10:03:47 -04:00
Dan Walsh
19201f72c6 Update translations 
- Add patch by Miroslav Grepl to add compile test for sepolicy interface command.
 2013-04-10 16:46:39 -04:00
Dan Walsh
6b0d365200 Update translations 
- Add patch inspired by Miroslav Grepl to add extended information for sepolicy interface command.
 2013-04-09 11:35:08 -04:00
Dan Walsh
bbf6a880b6 Update translations 
- Add missing man pages and fixup existing man pages
 2013-04-08 15:13:24 -04:00
Dan Walsh
0dad6598dd Update translations 
- Add missing man pages and fixup existing man pages
 2013-04-08 14:53:05 -04:00
Dan Walsh
f7ec68c101 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel 
- Apply Miroslav Grepl Patches for sepolicy
-- Fix generate mutually groups option handling
-- EUSER is used for existing policy
-- customize options can be used together with admin_domain option
-- Fix manpage.py to generate correct man pages for SELinux users
-- Fix policy *.te file generated by customize+writepaths options
-- Fix install script for confined_admin option
 2013-04-03 11:20:45 -04:00
Dan Walsh
5b06f96755 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel 
- Apply Miroslav Grepl Patches for sepolicy
 2013-04-03 11:19:42 -04:00
Dan Walsh
d4ae6ccd66 Move sepolicy to policycoreutils-devel pacage, since most of it is used for devel 
- Apply Miroslav Grepl Patches for sepolicy
 2013-04-03 11:18:44 -04:00
Dan Walsh
3cc0cfcac3 Add post install scripts for gui to make sure Icon Cache is refreshed. 
- Fix grammar issue in secon man page
- Update Translations
 2013-04-01 10:45:06 -04:00
Dan Walsh
4084a6ea89 Add buildrequires for OpenBox to prevent me from accidently building into RHEL7 
- Add support for returning alias data to sepolicy.info python bindings
 2013-03-28 13:40:55 -04:00
Dan Walsh
e9b167e78d Fix audit2allow output to better align analysys with the allow rules 
- Apply Miroslav Grepl patch to clean up sepolicy generate usage
- Apply Miroslav Grepl patch to fixupt handing of admin_user generation
- Update Tranlslations
 2013-03-27 14:00:16 -04:00
Dan Walsh
8e3bfe0949 Allow semanage fcontext -a -t "<<none>>" ... to work 2013-03-27 11:20:46 -04:00
Dan Walsh
98c418def3 Can not unshare IPC in sandbox, since it blows up Xephyr 
- Remove bogus error message sandbox about reseting setfsuid
 2013-03-25 09:21:51 -04:00
Dan Walsh
c1e35cdc89 sepolgen-ifgen needs to handle filename transition rules containing ":" 2013-03-21 10:52:00 -04:00
Dan Walsh
8be0816a98 sepolicy manpage: 
-   use nroff instead of man2html
-   Remove checking for name of person who created the man page
- audit2allow
-   Fix output to show the level that is different.
 2013-03-19 16:58:35 -04:00
Dan Walsh
3aca74a161 Have restorecon exit -1 on errors for consistancy. 2013-03-06 12:03:27 -05:00
Dan Walsh
b4e4f79ed5 Need to provide a value to semanage boolean -m 2013-03-05 11:20:07 -05:00
Dan Walsh
e5aaa46215 Fix cut and paste errors for sepolicy network command 2013-03-04 11:34:25 -05:00
Dan Walsh
fefce8f581 Fix sepoicy interface to work properly 2013-03-01 14:18:15 -05:00
Dan Walsh
5324d20ca0 Fix fixfiles to use exclude_dirs on fixfiles restore 2013-02-28 15:31:20 -05:00
Dan Walsh
10913b779d Fix fixfiles to use exclude_dirs on fixfiles restore 2013-02-28 15:28:38 -05:00
Dan Walsh
4cc4167518 Allow users with symlinked homedirs to work. call realpath on homedir 
- Fix sepolicy reorganization of helper functions.
 2013-02-28 14:24:35 -05:00
Rahul Sundaram
1dd3bee373 remove vendor tag from desktop file. https://fedorahosted.org/fpc/ticket/247 
- clean up spec to follow current guidelines
 2013-02-25 00:32:25 -05:00
Dan Walsh
b1cf8c69ac Update trans 
- Fix sepolicy reorganization of helper functions.
 2013-02-24 18:29:34 +01:00
Dan Walsh
8c07616121 Do not load interface file by default when sepolicy is called, mov get_all_methods to the sepolicy package 2013-02-22 17:38:59 +01:00
Dan Walsh
c617c0cebf sepolgen-ifgen should use the current policy path if selinux is enabled 2013-02-22 14:06:28 +01:00
Dan Walsh
21179e1822 Fix sepolicy to be able to work on an SELinux disabled system. 
- Needed to be able to build man pages in selinux-policy package
 2013-02-22 13:06:49 +01:00
Dan Walsh
3f69c2f15b Add yum to requires of policycoreutils-python since sepolicy requires it. 2013-02-21 22:49:36 +01:00
Dan Walsh
d421fd0097 Sepolixy should not throw an exception on an SELinux disabled machine 
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
 2013-02-21 21:21:18 +01:00
Dan Walsh
8779e924e9 Sepolixy should not throw an exception on an SELinux disabled machine 
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
 2013-02-21 20:06:41 +01:00
Dan Walsh
92a9b8454b Sepolixy should not throw an exception on an SELinux disabled machine 
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
 2013-02-21 18:26:12 +01:00
Dan Walsh
3234f310f1 Add --root/-r flag to sepolicy manpage, 
- This allows us to generate man pages on the fly in the selinux-policy build
 2013-02-20 16:48:51 +01:00
Dan Walsh
68cfa786ad Fix newrole to retain cap_audit_write when compiled with namespace, also 
do not drop capabilities when run as root.
 2013-02-18 14:14:39 -05:00
Dan Walsh
5855410892 Fix man page generation and public_content description 2013-02-14 10:13:51 -05:00
Dan Walsh
9057b25d2b Revert some changes which are causing the wrong policy version file to be created 
- Switch sandbox to start using openbox rather then matchpbox
- Make sepolgen a symlink to sepolicy
- update translations
 2013-02-14 08:28:08 -05:00
Dan Walsh
f79f9d24b6 Fix empty system-config-selinux.png, again 2013-02-13 09:23:43 -05:00
Dan Walsh
296f63cbc3 Fix empty system-config-selinux.png 2013-02-12 16:16:02 -05:00
Dan Walsh
0e639a9ea0 Update to upstream 2013-02-08 09:44:20 -05:00
Dan Walsh
205e3429b9 Reorginize sepolicy so all get_all functions are in main module 
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
 2013-01-31 13:58:25 -05:00
Dan Walsh
14f88c192c Update to latest patches from eparis/Upstream 
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
 2013-01-28 09:29:48 -05:00
Dan Walsh
3aa7d3a916 Update to latest patches from eparis/Upstream 
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
 2013-01-25 18:03:21 -05:00
Dan Walsh
eef44bd006 Additional changes for bash completsion and generate man page to match the w 
-  Add newtype as a new qualifier to sepolicy generate.  This new mechanism wil
-  a policy write to generate types after the initial policy has been written a
-  will autogenerate all of the interfaces.
-  I also added a -w options to allow policy writers from the command line to s
-  the writable directories of files.
-
-  Modify network.py to include interface definitions for newly created port type
-  Standardize of te_types just like all of the other templates.
 2013-01-21 13:37:48 -06:00
Dan Walsh
c910a0cf10 Update Translations 
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
-   This fixes the spec file and script file getting wrong names for modules and types.
 2013-01-15 12:19:10 -05:00
Dan Walsh
06ab21ffa7 Additional patch from Miroslav to handle role attributes 2013-01-09 12:08:37 -05:00
Dan Walsh
422fcbbd1a Update with Miroslav patch to handle role attributes 
- Update Translations
- import sepolicy will only throw exception on missing policy iff selinux is enabled
 2013-01-09 08:37:32 -05:00
Dan Walsh
6be5fbacb4 Update to latest patches from eparis/Upstream 
-    secon: add support for setrans color information in prompt output
- Update translations
 2013-01-05 11:25:32 -05:00
Dan Walsh
5a6000efc7 Update translations 
- Fix sepolicy booleans to handle autogenerated booleans descriptions
- Cleanups of sepolicy manpage
- Fix crash on git_shell man page generation
 2013-01-04 17:14:27 -05:00
Dan Walsh
c488be004d Update translations 
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.
 2013-01-03 15:21:48 -05:00
Dan Walsh
a61d456504 Fix semanage permissive , this time with the patch. 
- Update translations
 2012-12-20 10:05:01 -05:00
Dan Walsh
c28ba657ed Fix semanage permissive 
- Change to use correct gtk forward button
- Update po
 2012-12-19 15:31:43 -05:00
Dan Walsh
8826d7e0fd Move audit2why to -devel package 2012-12-17 16:22:32 -05:00
Dan Walsh
558e4d0e2d sepolicy transition was blowing up. Also cleanup output when only source is specified. 
- sepolicy generate should allow policy modules names that include - or _
 2012-12-17 13:22:14 -05:00
Dan Walsh
2a0d3b9155 Apply patch from Miroslav to display proper range description in man pages g 
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
 2012-12-10 11:02:46 -05:00
Dan Walsh
ceff76e017 Additional fixes for disabled SELinux Box 
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
 2012-12-06 14:57:17 -05:00
Dan Walsh
4933c11cf0 sepolicy should failover to installed policy file on a disabled SELinux box, if it exists. 2012-12-06 09:16:30 -05:00
Dan Walsh
91c5cd51d5 Update Translations 
- sepolicy network -d needs to accept multiple domains
 2012-12-05 15:17:23 -05:00
Dan Walsh
844afda5b6 Add --path as a parameter to sepolicy generate 
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
- Fix sepolicy generate -T to not take an argument, and supress the help message
- Since this is really just a testing tool
 2012-11-30 00:46:59 -05:00
Dan Walsh
ad24fe0d6f Fix sepolicy communicate to handle invalid input 2012-11-30 00:01:24 -05:00