Commit Graph

1010 Commits

Author SHA1 Message Date
Dan Walsh
92a9b8454b Sepolixy should not throw an exception on an SELinux disabled machine
- Switch from using console app to using pkexec, so we will work better
with policykit.
- Add missing import to fix system-config-selinux startup
- Add comment to pamd files about pam_rootok.so
- Fix sepolicy generate to not comment out the first line
2013-02-21 18:26:12 +01:00
Dan Walsh
3234f310f1 Add --root/-r flag to sepolicy manpage,
- This allows us to generate man pages on the fly in the selinux-policy build
2013-02-20 16:48:51 +01:00
Dan Walsh
68cfa786ad Fix newrole to retain cap_audit_write when compiled with namespace, also
do not drop capabilities when run as root.
2013-02-18 14:14:39 -05:00
Dan Walsh
5855410892 Fix man page generation and public_content description 2013-02-14 10:13:51 -05:00
Dan Walsh
9057b25d2b Revert some changes which are causing the wrong policy version file to be created
- Switch sandbox to start using openbox rather then matchpbox
- Make sepolgen a symlink to sepolicy
- update translations
2013-02-14 08:28:08 -05:00
Dan Walsh
f79f9d24b6 Fix empty system-config-selinux.png, again 2013-02-13 09:23:43 -05:00
Dan Walsh
296f63cbc3 Fix empty system-config-selinux.png 2013-02-12 16:16:02 -05:00
Dan Walsh
0e639a9ea0 Update to upstream 2013-02-08 09:44:20 -05:00
Dan Walsh
205e3429b9 Reorginize sepolicy so all get_all functions are in main module
- Add -B capability to fixfiles onboot and fixfiles restore, basically searches for all files created since the last boot.
2013-01-31 13:58:25 -05:00
Dan Walsh
14f88c192c Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-28 09:29:48 -05:00
Dan Walsh
3aa7d3a916 Update to latest patches from eparis/Upstream
- fixfiles onboot will write any flags handed to it to /.autorelabel.
-   * Patch sent to initscripts to have fedora-autorelabel pass flags back to fixfiles restore
-   * This should allow fixfiles -F onboot, to force a hard relabel.
- Add -p to show progress on full relabel.
2013-01-25 18:03:21 -05:00
Dan Walsh
eef44bd006 Additional changes for bash completsion and generate man page to match the w
-  Add newtype as a new qualifier to sepolicy generate.  This new mechanism wil
-  a policy write to generate types after the initial policy has been written a
-  will autogenerate all of the interfaces.
-  I also added a -w options to allow policy writers from the command line to s
-  the writable directories of files.
-
-  Modify network.py to include interface definitions for newly created port type
-  Standardize of te_types just like all of the other templates.
2013-01-21 13:37:48 -06:00
Dan Walsh
d6717e2cff Update Translations
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
-   This fixes the spec file and script file getting wrong names for modules and types.
2013-01-15 12:46:10 -05:00
Dan Walsh
c910a0cf10 Update Translations
- Fix handling of semanage generate --cgi -n MODULE PATHTO/CGI
-   This fixes the spec file and script file getting wrong names for modules and types.
2013-01-15 12:19:10 -05:00
Dan Walsh
06ab21ffa7 Additional patch from Miroslav to handle role attributes 2013-01-09 12:08:37 -05:00
Dan Walsh
422fcbbd1a Update with Miroslav patch to handle role attributes
- Update Translations
- import sepolicy will only throw exception on missing policy iff selinux is enabled
2013-01-09 08:37:32 -05:00
Dan Walsh
6be5fbacb4 Update to latest patches from eparis/Upstream
-    secon: add support for setrans color information in prompt output
- Update translations
2013-01-05 11:25:32 -05:00
Dan Walsh
5a6000efc7 Update translations
- Fix sepolicy booleans to handle autogenerated booleans descriptions
- Cleanups of sepolicy manpage
- Fix crash on git_shell man page generation
2013-01-04 17:14:27 -05:00
Dan Walsh
c488be004d Update translations
- update sepolicy manpage to generate fcontext equivalence data and to list
default file context paths.
- Add ability to generate policy for confined admins and domains like puppet.
2013-01-03 15:21:48 -05:00
Dan Walsh
a61d456504 Fix semanage permissive , this time with the patch.
- Update translations
2012-12-20 10:05:01 -05:00
Dan Walsh
c28ba657ed Fix semanage permissive
- Change to use correct gtk forward button
- Update po
2012-12-19 15:31:43 -05:00
Dan Walsh
8826d7e0fd Move audit2why to -devel package 2012-12-17 16:22:32 -05:00
Dan Walsh
558e4d0e2d sepolicy transition was blowing up. Also cleanup output when only source is specified.
- sepolicy generate should allow policy modules names that include - or _
2012-12-17 13:22:14 -05:00
Dan Walsh
2a0d3b9155 Apply patch from Miroslav to display proper range description in man pages g
- Should print warning on missing default label when run in recusive mode iff
- Remove extra -R description, and fix recursive description
2012-12-10 11:02:46 -05:00
Dan Walsh
ceff76e017 Additional fixes for disabled SELinux Box
- system-config-selinux no longer relies on lokkit for /etc/selinux/config
2012-12-06 14:57:17 -05:00
Dan Walsh
4933c11cf0 sepolicy should failover to installed policy file on a disabled SELinux box, if it exists. 2012-12-06 09:16:30 -05:00
Dan Walsh
91c5cd51d5 Update Translations
- sepolicy network -d needs to accept multiple domains
2012-12-05 15:17:23 -05:00
Dan Walsh
844afda5b6 Add --path as a parameter to sepolicy generate
- Print warning message if program does not exists when generating policy, and do not attempt to run nm command
- Fix sepolicy generate -T to not take an argument, and supress the help message
- Since this is really just a testing tool
2012-11-30 00:46:59 -05:00
Dan Walsh
ad24fe0d6f Fix sepolicy communicate to handle invalid input 2012-11-30 00:01:24 -05:00
Dan Walsh
ee03d6c97d Fix sepolicy network -p to handle high ports 2012-11-29 16:03:36 -05:00
Dan Walsh
de745c0321 Fix handling of manpages without entrypoints, nsswitch domains
- Update Translations
2012-11-29 15:50:47 -05:00
Dan Walsh
c7b078ec4b Move sepogen python bindings back into policycoreutils-python out of -devel, since sepolicy is using the 2012-11-28 11:04:23 -05:00
Dan Walsh
5ffa11c17a Fix sepolicy/__init__.py to handle _() 2012-11-27 16:35:09 -05:00
Dan Walsh
c80e41cce5 Add Miroslav Grepl patch to create etc_rw_t sock files policy 2012-11-21 14:32:28 -05:00
Dan Walsh
77c01a631e Fix semanage to work without policycoreutils-devel installed
- Update translations
2012-11-16 14:44:43 -05:00
Dan Walsh
3df9272539 Fix semanage to work without policycoreutils-devel installed
- Update translations
2012-11-16 12:02:59 -05:00
Dan Walsh
356d85e93c Fix semanage login -l to list contents of /etc/selinux/POLICY/logins directory 2012-11-13 17:05:58 -05:00
Dan Walsh
dcda6e4336 Fix booleansPage not showing booleans
- Fix audit2allow -b
2012-11-13 10:30:48 -05:00
Dan Walsh
435b38a137 Fix sepolicy booleans again
- Fix man page
2012-11-13 07:05:08 -05:00
Dan Walsh
bd8b5a05a7 Move policy generation tools into policycoreutils-devel 2012-11-12 17:02:39 -05:00
Dan Walsh
442a7187fc Document and fix sepolicy booleans
- Update Translations
- Fix several spelling mistakes
2012-11-12 15:27:22 -05:00
Dan Walsh
6dfb3b920c Only report restorecon warning for missing default label, if not running
recusively
- Update translations
2012-11-07 10:49:52 -05:00
Dan Walsh
16444033da Fix semanage booleans -l, move more boolean_dict handling into sepolicy
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
2012-11-06 06:12:01 -05:00
Dan Walsh
321b3f2caa Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
2012-11-05 15:41:11 -05:00
Dan Walsh
ddeee18742 Remove run_init, no longer needed with systemd.
- Fix sepolicy generate to not include subdirs in generated fcontext file.  (mgrepl patch)
2012-11-05 13:23:00 -05:00
Dan Walsh
cc08d7735b Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
2012-11-03 07:19:34 -04:00
rhatdan
1cc95772be Fix some build problems in sepolicy manpage and sepolicy transition 2012-11-01 14:36:52 -04:00
rhatdan
d76fa39cad Add alias man pages to sepolicy manpage 2012-10-30 16:40:08 -04:00
rhatdan
13f0c57022 Redesign sepolicy to only read the policy file once, not for every call 2012-10-29 13:48:36 -04:00
rhatdan
7d197203b0 Redesign sepolicy to only read the policy file once, not for every call 2012-10-29 12:38:36 -04:00