Dan Walsh
92a9b8454b
Sepolixy should not throw an exception on an SELinux disabled machine
...
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 18:26:12 +01:00
Dan Walsh
3234f310f1
Add --root/-r flag to sepolicy manpage,
...
- This allows us to generate man pages on the fly in the selinux-policy build
2013-02-20 16:48:51 +01:00
Dan Walsh
68cfa786ad
Fix newrole to retain cap_audit_write when compiled with namespace, also
...
do not drop capabilities when run as root.
2013-02-18 14:14:39 -05:00
Dan Walsh
5855410892
Fix man page generation and public_content description
2013-02-14 10:13:51 -05:00
Dan Walsh
9057b25d2b
Revert some changes which are causing the wrong policy version file to be created
...
- Switch sandbox to start using openbox rather then matchpbox
- Make sepolgen a symlink to sepolicy
- update translations
2013-02-14 08:28:08 -05:00
Dan Walsh
f79f9d24b6
Fix empty system-config-selinux.png, again
2013-02-13 09:23:43 -05:00
Dan Walsh
296f63cbc3
Fix empty system-config-selinux.png
2013-02-12 16:16:02 -05:00
Dan Walsh
0e639a9ea0
Update to upstream
2013-02-08 09:44:20 -05:00
Dan Walsh
205e3429b9
Reorginize sepolicy so all get_all functions are in main module
...
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
2013-01-31 13:58:25 -05:00
Dan Walsh
14f88c192c
Update to latest patches from eparis/Upstream
...
- fixfiles onboot will write any flags handed to it to /.autorelabel.
- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
- * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-28 09:29:48 -05:00
Dan Walsh
3aa7d3a916
Update to latest patches from eparis/Upstream
...
- fixfiles onboot will write any flags handed to it to /.autorelabel.
- * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
- * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-25 18:03:21 -05:00
Dan Walsh
eef44bd006
Additional changes for bash completsion and generate man page to match the w
...
- Add newtype as a new qualifier to sepolicy generate. This new mechanism wil
- a policy write to generate types after the initial policy has been written a
- will autogenerate all of the interfaces.
- I also added a -w options to allow policy writers from the command line to s
- the writable directories of files.
-
- Modify network.py to include interface definitions for newly created port type
- Standardize of te_types just like all of the other templates.
2013-01-21 13:37:48 -06:00
Dan Walsh
d6717e2cff
Update Translations
...
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
- This fixes the spec file and script file getting wrong names for modules and types.
2013-01-15 12:46:10 -05:00
Dan Walsh
c910a0cf10
Update Translations
...
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
- This fixes the spec file and script file getting wrong names for modules and types.
2013-01-15 12:19:10 -05:00
Dan Walsh
06ab21ffa7
Additional patch from Miroslav to handle role attributes
2013-01-09 12:08:37 -05:00
Dan Walsh
422fcbbd1a
Update with Miroslav patch to handle role attributes
...
- Update Translations
- import sepolicy will only throw exception on missing policy iff selinux is enabled
2013-01-09 08:37:32 -05:00
Dan Walsh
6be5fbacb4
Update to latest patches from eparis/Upstream
...
- secon: add support for setrans color information in prompt output
- Update translations
2013-01-05 11:25:32 -05:00
Dan Walsh
5a6000efc7
Update translations
...
- Fix sepolicy booleans to handle autogenerated booleans descriptions
- Cleanups of sepolicy manpage
- Fix crash on git_shell man page generation
2013-01-04 17:14:27 -05:00
Dan Walsh
c488be004d
Update translations
...
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.
2013-01-03 15:21:48 -05:00
Dan Walsh
a61d456504
Fix semanage permissive , this time with the patch.
...
- Update translations
2012-12-20 10:05:01 -05:00
Dan Walsh
c28ba657ed
Fix semanage permissive
...
- Change to use correct gtk forward button
- Update po
2012-12-19 15:31:43 -05:00
Dan Walsh
8826d7e0fd
Move audit2why to -devel package
2012-12-17 16:22:32 -05:00
Dan Walsh
558e4d0e2d
sepolicy transition was blowing up. Also cleanup output when only source is specified.
...
- sepolicy generate should allow policy modules names that include - or _
2012-12-17 13:22:14 -05:00
Dan Walsh
2a0d3b9155
Apply patch from Miroslav to display proper range description in man pages g
...
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
2012-12-10 11:02:46 -05:00
Dan Walsh
ceff76e017
Additional fixes for disabled SELinux Box
...
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
2012-12-06 14:57:17 -05:00
Dan Walsh
4933c11cf0
sepolicy should failover to installed policy file on a disabled SELinux box, if it exists.
2012-12-06 09:16:30 -05:00
Dan Walsh
91c5cd51d5
Update Translations
...
- sepolicy network -d needs to accept multiple domains
2012-12-05 15:17:23 -05:00
Dan Walsh
844afda5b6
Add --path as a parameter to sepolicy generate
...
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
- Fix sepolicy generate -T to not take an argument, and supress the help message
- Since this is really just a testing tool
2012-11-30 00:46:59 -05:00
Dan Walsh
ad24fe0d6f
Fix sepolicy communicate to handle invalid input
2012-11-30 00:01:24 -05:00
Dan Walsh
ee03d6c97d
Fix sepolicy network -p to handle high ports
2012-11-29 16:03:36 -05:00
Dan Walsh
de745c0321
Fix handling of manpages without entrypoints, nsswitch domains
...
- Update Translations
2012-11-29 15:50:47 -05:00
Dan Walsh
c7b078ec4b
Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the
2012-11-28 11:04:23 -05:00
Dan Walsh
5ffa11c17a
Fix sepolicy/__init__.py to handle _()
2012-11-27 16:35:09 -05:00
Dan Walsh
c80e41cce5
Add Miroslav Grepl patch to create etc_rw_t sock files policy
2012-11-21 14:32:28 -05:00
Dan Walsh
77c01a631e
Fix semanage to work without policycoreutils-devel installed
...
- Update translations
2012-11-16 14:44:43 -05:00
Dan Walsh
3df9272539
Fix semanage to work without policycoreutils-devel installed
...
- Update translations
2012-11-16 12:02:59 -05:00
Dan Walsh
356d85e93c
Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory
2012-11-13 17:05:58 -05:00
Dan Walsh
dcda6e4336
Fix booleansPage not showing booleans
...
- Fix audit2allow -b
2012-11-13 10:30:48 -05:00
Dan Walsh
435b38a137
Fix sepolicy booleans again
...
- Fix man page
2012-11-13 07:05:08 -05:00
Dan Walsh
bd8b5a05a7
Move policy generation tools into policycoreutils-devel
2012-11-12 17:02:39 -05:00
Dan Walsh
442a7187fc
Document and fix sepolicy booleans
...
- Update Translations
- Fix several spelling mistakes
2012-11-12 15:27:22 -05:00
Dan Walsh
6dfb3b920c
Only report restorecon warning for missing default label, if not running
...
recusively
- Update translations
2012-11-07 10:49:52 -05:00
Dan Walsh
16444033da
Fix semanage booleans -l, move more boolean_dict handling into sepolicy
...
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
2012-11-06 06:12:01 -05:00
Dan Walsh
321b3f2caa
Update translations
...
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
2012-11-05 15:41:11 -05:00
Dan Walsh
ddeee18742
Remove run_init, no longer needed with systemd.
...
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
2012-11-05 13:23:00 -05:00
Dan Walsh
cc08d7735b
Fix manpage to generate proper man pages for alternate policy,
...
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
2012-11-03 07:19:34 -04:00
rhatdan
1cc95772be
Fix some build problems in sepolicy manpage and sepolicy transition
2012-11-01 14:36:52 -04:00
rhatdan
d76fa39cad
Add alias man pages to sepolicy manpage
2012-10-30 16:40:08 -04:00
rhatdan
13f0c57022
Redesign sepolicy to only read the policy file once, not for every call
2012-10-29 13:48:36 -04:00
rhatdan
7d197203b0
Redesign sepolicy to only read the policy file once, not for every call
2012-10-29 12:38:36 -04:00