Dan Walsh
8b0727dc56
Fix bug in glob handling for restorecon
2011-08-23 17:13:19 -04:00
Dan Walsh
dafba41234
Update to upstream
...
2.1.4 2011-08-17
* run_init: clarification of the usage in the
* semanage: fix usage header around booleans
* semanage: remove useless empty lines
* semanage: update man page with new examples
* semanage: update usage text
* semanage: introduce file context equivalencies
* semanage: enable and disable modules
* semanage: output all local modifications
* semanage: introduce extraction of local configuration
* semanage: cleanup error on invalid operation
* semanage: handle being called with no arguments
* semanage: return sooner to save CPU time
* semanage: surround getopt with try/except
* semanage: use define/raise instead of lots of
* semanage: some options are only valid for
* semanage: introduce better deleteall support
* semanage: do not allow spaces in file
* semanage: distinguish between builtin and local permissive
* semanage: centralized ip node handling
* setfiles: make the restore function exclude() non-static
* setfiles: use glob to handle ~ and
* fixfiles: do not hard code types
* fixfiles: stop trying to be smart about
* fixfiles: use new kernel seclabel option
* fixfiles: pipe everything to cat before sending
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
* semodule: support for alternative root paths
2011-08-22 13:35:58 -04:00
Dan Walsh
831d6fd46c
Update to upstream
...
2.1.4 2011-08-17
* run_init: clarification of the usage in the
* semanage: fix usage header around booleans
* semanage: remove useless empty lines
* semanage: update man page with new examples
* semanage: update usage text
* semanage: introduce file context equivalencies
* semanage: enable and disable modules
* semanage: output all local modifications
* semanage: introduce extraction of local configuration
* semanage: cleanup error on invalid operation
* semanage: handle being called with no arguments
* semanage: return sooner to save CPU time
* semanage: surround getopt with try/except
* semanage: use define/raise instead of lots of
* semanage: some options are only valid for
* semanage: introduce better deleteall support
* semanage: do not allow spaces in file
* semanage: distinguish between builtin and local permissive
* semanage: centralized ip node handling
* setfiles: make the restore function exclude() non-static
* setfiles: use glob to handle ~ and
* fixfiles: do not hard code types
* fixfiles: stop trying to be smart about
* fixfiles: use new kernel seclabel option
* fixfiles: pipe everything to cat before sending
* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
* semodule: support for alternative root paths
2011-08-18 07:23:59 -04:00
Dan Walsh
a648c6f239
Change seunshare to send kill signals to the childs session.
...
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:53:37 -04:00
Dan Walsh
af0f4926da
Change seunshare to send kill signals to the childs session.
...
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:37:24 -04:00
Dan Walsh
8dbd4d49f6
dd new restorecond service
2011-07-05 17:18:12 -04:00
Dan Walsh
759501823b
Add -C option to sandbox and seunshare to maintain capabilities, otherwise
...
the bounding set will be dropped.
Change --cgroups short name -c rather then -C for consistancy
Fix memory and fd leaks in seunshare
2011-07-05 16:51:18 -04:00
Dan Walsh
173e9f90db
Do not drop capability bounding set in seunshare, this allows sandbox to
...
run setuid apps.
2011-06-13 13:37:04 -04:00
Dan Walsh
24d29a5015
Add semanage-bash-completion.sh script
2011-06-10 16:33:08 -04:00
Dan Walsh
299d98087e
Remove mount -o bind calls from sandbox init script
...
pam_namespace now has this built in.
2011-06-07 13:58:41 -04:00
Dan Walsh
dc86b007cf
Pass desktop dpi to sandbox Xephyr window
2011-06-07 08:37:18 -04:00
Dan Walsh
c2ef4a0bea
Allow semodule to pick alternate root for selinux files
...
Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
2011-06-06 13:01:14 -04:00
Dan Walsh
93a347a42a
Fix var_spool template read_spool_files
...
Fix sepolgen to handle filename transitions
2011-05-25 16:20:29 -04:00
Dan Walsh
ed0051b493
Templates cleanedup by Dominic Grift
2011-05-23 17:05:41 -04:00
Dan Walsh
0b324049b3
Clean up some of the templates for sepolgen
2011-04-29 11:50:14 -04:00
Dan Walsh
4a56398540
Apply patches from Christoph A.
...
* fix sandbox title
* stop xephyr from li
Also ignore errors on sandbox include of directory missing files
2011-04-22 07:06:23 -04:00
Dan Walsh
e1285d4541
rebuild versus latest libsepol
2011-04-21 12:02:06 -04:00
Dan Walsh
588030fc2c
Change fixfiles restore to delete unlabeled sockets in /tmp
2011-04-18 13:18:18 -04:00
Dan Walsh
61f1bc2068
Change fixfiles restore to delete unlabeled sockets in /tmp
2011-04-18 12:47:15 -04:00
Dan Walsh
822e503b13
rebuild versus latest libsepol
2011-04-18 09:28:27 -04:00
Dan Walsh
9f65a26864
Update to upstream
...
* Use correct color range in mcstrand by Richard Haines.
2011-04-13 16:52:53 -04:00
Dan Walsh
8acc019498
rsynccmd should run outside of execcon
2011-04-01 13:29:38 -04:00
Dan Walsh
1da0399e25
rsynccmd should run outside of execcon
2011-03-30 14:42:36 -04:00
Dan Walsh
be38aa471e
Rewrite seunshare to make sure /tmp is mounted stickybit owned by root
2011-03-03 13:35:37 -05:00
Dan Walsh
a710a4e711
- Fix sandbox policy creation with udp connect ports
2011-02-03 17:05:41 -05:00
Dan Walsh
433953b033
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
...
- Cleanup chcat man page
2011-02-03 16:15:43 -05:00
Dan Walsh
331e9ad06d
- Report full errors on OSError on Sandbox
2011-02-02 13:34:22 -05:00
Dan Walsh
e764b2d2b6
- Fix newrole hanlding of pcap
2011-01-21 15:11:31 -05:00
Dan Walsh
971f278f98
- Have restorecond watch more directories in homedir
2011-01-19 16:45:53 -05:00
Dan Walsh
01e471247b
- Add sandbox to sepolgen
2011-01-14 16:37:43 -05:00
Dan Walsh
afa2535b24
- Add sandbox to sepolgen
2011-01-14 14:39:26 -05:00
Dan Walsh
12eb5b45f4
- Fix proper handling of getopt errors
...
- Do not allow modules names to contain spaces
2011-01-10 14:39:21 -05:00
Dan Walsh
c76dc0c642
- Polgengui raises the wrong type of exception. #471078
...
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
2011-01-06 14:38:19 -05:00
Dan Walsh
448a84b06a
- Polgengui raises the wrong type of exception. #471078
...
- Change semanage to not allow it to semanage module -D
2011-01-04 17:23:27 -05:00
Dan Walsh
18119ffd24
- Fix restorecond watching utmp file for people logging in our out
2010-12-22 14:38:46 -05:00
Dan Walsh
b1a3235896
- Update to upstream
2010-12-21 16:20:42 -05:00
Dan Walsh
a548207cc4
- Change to allow sandbox to run on nfs homedirs, add start python script
2010-12-21 16:20:01 -05:00
Dan Walsh
8937a040d8
- Change to allow sandbox to run on nfs homedirs, add start python script
2010-12-15 16:47:38 -05:00
Dan Walsh
3108046cf7
- Move seunshare to sandbox package
2010-12-15 14:15:49 -05:00
Dan Walsh
6c80e8dc19
- Fix sandbox to show correct types in usage statement
2010-11-30 12:09:48 -05:00
Dan Walsh
8c1d9b0f48
- Stop fixfiles from complaining about missing dirs
2010-11-29 10:14:39 -05:00
Dan Walsh
f0e85a70d6
- Update to upstream
...
- List types available for sandbox in usage statement
2010-11-24 13:41:52 -05:00
Dan Walsh
af19df0f00
- Don't report error on load_policy when system is disabled.
2010-11-22 13:50:29 -05:00
Dan Walsh
b9b7f4161c
- Fix up problems pointed out by solar designer on dropping capabilities
2010-11-08 15:12:25 -05:00
Dan Walsh
d7e1c238f4
- Check if you have full privs and reset otherwise dont drop caps
2010-11-01 16:21:00 -04:00
Dan Walsh
cdcc4526b7
- Fix setools require line
2010-11-01 09:50:12 -04:00
Dan Walsh
622bb69d77
- Move /etc/pam.d/newrole in to polcicycoreutils-newrole
...
- Additiona capability checking in sepolgen
2010-10-29 09:39:03 -04:00
Dan Walsh
9852e61813
- Remove setuid flag and replace with file capabilities
...
- Fix sandbox handling of files with spaces in them
2010-10-25 17:25:34 -04:00
Jesse Keating
c9df11e933
- Rebuilt for gcc bug 634757
2010-09-29 15:05:42 -07:00
Dan Walsh
cccd96b8cf
- Move restorecond into its own subpackage
2010-09-23 16:23:05 -04:00
Dan Walsh
e500ad80f0
* Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
...
- Update selinux-polgengui to sepolgen policy generation
2010-07-30 11:19:53 -04:00
Daniel J Walsh
57906a7d95
* Tue Jul 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-7
...
- Update translations
2010-07-27 13:59:26 +00:00
Daniel J Walsh
3fd25d56a5
* Mon Jul 26 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-6
...
- Fix sandbox man page
2010-07-26 15:58:23 +00:00
Daniel J Walsh
1eab65cee2
* Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-6
...
- Fix sandbox man page
2010-07-26 15:33:31 +00:00
dmalcolm
dee9b43382
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
2010-07-22 03:01:32 +00:00
Daniel J Walsh
d6510fbca2
* Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-4
...
- Add translations for menus
- Fixup man page from Russell Coker
2010-07-20 13:18:18 +00:00
Daniel J Walsh
614ca03ae7
* Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-3
...
- Change python scripts to use -s flag
- Update po
2010-07-13 17:32:51 +00:00
Daniel J Walsh
73342918cd
* Tue Jun 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-30
...
- Add cgroup support for sandbox
2010-06-08 19:13:40 +00:00
Daniel J Walsh
c6d112a36e
* Mon Jun 7 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-29
...
- Allow creation of /var/cache/DOMAIN from sepolgen
2010-06-07 20:48:46 +00:00
Daniel J Walsh
70b2ff10d0
* Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-28
...
- Fix sandbox init script
- Add dbus-launch to sandbox -X
Resolve : #599599
2010-06-03 21:14:18 +00:00
Daniel J Walsh
9ff9a87a26
* Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-27
...
- Move genhomedircon.8 to same package as genhomedircon
- Fix sandbox to pass unit test
Resolves : #595796
2010-06-03 15:04:52 +00:00
Daniel J Walsh
85a18e3dcc
* Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-27
...
- Move genhomedircon.8 to same package as genhomedircon
- Fix sandbox to pass unit test
Resolves : #595796
2010-06-03 15:04:49 +00:00
Daniel J Walsh
d98a8977c6
* Wed Jun 2 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-26
...
- Fix listing of booleans from audit2allow
2010-06-02 15:48:11 +00:00
Daniel J Walsh
829762e693
* Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
...
- Man page fixes
- sandbox fixes
Resolves : #595796
- Move seunshare to base package
2010-05-27 21:23:08 +00:00
Daniel J Walsh
be45950990
* Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
...
- Update to upstream
* Fix double-free in newrole
- Fix python language handling
2010-02-16 21:35:16 +00:00
Daniel J Walsh
fc6c93ebeb
* Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
...
- Update to upstream
* Fix double-free in newrole
2010-02-16 19:49:37 +00:00
Daniel J Walsh
ee3649bda5
* Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
...
- Fix display of command in sandbox
2010-02-11 18:24:55 +00:00
Daniel J Walsh
e7737e34ea
* Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-19
...
- Fix seobject and fixfiles
2010-02-03 20:24:35 +00:00
Daniel J Walsh
c8f4893a95
* Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-18
...
- Fix seobject and fixfiles
2010-02-03 16:42:37 +00:00
Daniel J Walsh
db71b70994
* Fri Jan 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-17
...
- Change seobject to use translations properly
2010-02-01 14:40:42 +00:00
Daniel J Walsh
ab47b01339
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-16
...
- Cleanup spec file
Resolves: 555835
2010-01-28 20:51:21 +00:00
Daniel J Walsh
fc6e11b600
* Thu Jan 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-15
...
- Add use_resolve to sepolgen
2010-01-28 17:19:01 +00:00
Daniel J Walsh
dd674534b4
* Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
...
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
2010-01-27 21:52:27 +00:00
Daniel J Walsh
88295c72ea
* Thu Jan 21 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-13
...
- Fix executable template for fifo files
2010-01-21 14:35:19 +00:00
Daniel J Walsh
5b80bc7b2c
* Tue Jan 19 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-12
...
- Fix patch xod xmodmap
- Exit 0 from script
2010-01-19 17:28:01 +00:00
Daniel J Walsh
a02089d628
* Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
...
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati
2010-01-19 17:25:36 +00:00
Daniel J Walsh
54e6651778
* Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
...
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati
2010-01-14 21:34:51 +00:00
Daniel J Walsh
fc860fa036
* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-10
...
- Fix sepolgen to not generate user sh section on non user policy
2010-01-08 15:22:16 +00:00
Daniel J Walsh
6c22c6b1f6
* Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-9
...
- Add -e to semanage man page
- Add -D qualifier to audit2allow to generate dontaudit rules
2010-01-08 14:37:32 +00:00
Daniel J Walsh
0779b0302c
* Wed Jan 6 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-8
...
- Speed up audit2allow processing of audit2why comments
2010-01-06 20:51:36 +00:00
Daniel J Walsh
6ed2be87b5
* Wed Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-8
...
- Speed up audit2allow processing of audit2why comments
2010-01-06 20:49:27 +00:00
Daniel J Walsh
29b74ccd7d
* Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
...
- Fixes to sandbox man page
2009-12-21 21:56:27 +00:00
Daniel J Walsh
beaed6f629
* Thu Dec 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-6
...
- Add setools-libs-python to requires for gui
2009-12-17 13:24:23 +00:00
Daniel J Walsh
37227819c9
* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
...
- If restorecond running as a user has no files to watch then it should exit. (NFS Homedirs)
2009-12-16 21:18:04 +00:00
Daniel J Walsh
a1bf0daa6c
* Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
...
- If restorecond running as a user has no files to watch then it should exit. (NFS Homedirs)
2009-12-16 13:21:49 +00:00
Daniel J Walsh
79944fd474
* Tue Dec 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-3
...
- Fix audit2allow to report constraints, dontaudits, types, booleans
2009-12-09 21:33:50 +00:00
Daniel J Walsh
3fbc112632
* Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-1
...
- Update to upstream
* Remove non-working OUTFILE from fixfiles from Dan Walsh.
* Additional exception handling in chcat from Dan Walsh.
2009-12-01 21:17:45 +00:00
Daniel J Walsh
f3a1cbae2a
* Tue Nov 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.77-1
...
- Update to upstream
* Fixed bug preventing semanage node -a from working
from Chad Sellers
* Fixed bug preventing semanage fcontext -l from working
from Chad Sellers
- Change semanage to use unicode
2009-11-24 15:30:53 +00:00
Daniel J Walsh
e973847bf6
* Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
...
- Update to upstream
* Remove setrans management from semanage, as it does not work
from Dan Walsh.
* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
2009-11-18 22:20:42 +00:00
Daniel J Walsh
4e4a82e887
* Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
...
- Raise exception if user tries to add file context with an embedded space
2009-11-16 21:54:45 +00:00
Daniel J Walsh
a1e42cb153
* Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
...
- Fix sandbox to setsid so it can run under mozilla without crashing the session
2009-11-11 21:56:23 +00:00
Daniel J Walsh
942b683f29
* Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
...
- Update to upstream
* Factor out restoring logic from setfiles.c into restore.c
2009-11-09 21:12:58 +00:00
Daniel J Walsh
44bb682976
* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
...
- Fix typo in seobject.py
2009-11-02 16:40:00 +00:00
Daniel J Walsh
8cf3bcfdee
* Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-14
...
- Allow semanage -i and semanage -o to generate customization files.
- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
2009-10-30 21:01:42 +00:00
Daniel J Walsh
d189740fc7
* Mon Oct 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-12
...
- Add generation of the users context file to polgengui
2009-10-19 19:05:28 +00:00
Daniel J Walsh
573cd1c340
* Fri Oct 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-11
...
- Remove tabs from system-config-selinux glade file
2009-10-16 14:46:45 +00:00
Daniel J Walsh
bf48090916
* Thu Oct 15 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-10
...
- Remove translations screen from system-config-selinux
2009-10-15 21:46:14 +00:00
Daniel J Walsh
fd3c8c94ea
* Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-9
...
- Move fixfiles man pages into the correct package
- Add genhomedircon to fixfiles restore
2009-10-14 14:47:50 +00:00
Daniel J Walsh
ac48b0b34b
* Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
...
- Add check to sandbox to verify save changes - Chris Pardy
- Fix memory leak in restorecond - Steve Grubb
2009-10-06 16:09:52 +00:00
Daniel J Walsh
678a86d335
* Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-7
...
- Fixes Templates
2009-10-01 16:04:13 +00:00