Commit Graph

731 Commits

Author SHA1 Message Date
Petr Lautrbach
73b8ccd58d policycoreutils-2.4-14
- Revert the attempt to port -gui to GTK 3 (#1269328, #1266059)
2015-10-08 11:15:17 +02:00
Petr Lautrbach
f8062d58e4 policycoreutils-2.4-13
- newrole: Set keepcaps around setresuid calls
- newrole: Open stdin as read/write
2015-10-02 19:52:27 +02:00
Petr Lautrbach
d2c9993f24 Another two fixes related to Python 3
- policycoreutils/sepolicy: decode output from subprocess, if error
  occurred (#1247039)
- Use correct variable when creating a permissive domain
2015-09-03 23:49:39 +02:00
Petr Lautrbach
45b6c21434 policycoreutils-2.4-11
- audit2allow, audit2why - ignore setlocale errors (#1208529)
2015-09-02 08:34:22 +02:00
Petr Lautrbach
27a1dde02d policycoreutils-2.4-10
- Port sandbox to GTK 3 and fix issue with Xephyr
2015-08-21 17:19:30 +02:00
Petr Lautrbach
8e5935ed03 policycoreutils-2.4-9
- Fix another python3 issues mainly in sepolicy (#1247039,#1247575,#1251713)
- The functionality of audit2allow which was disabled in the previous
  commit should be available again
2015-08-13 17:36:39 +02:00
Petr Lautrbach
d0392a9475 policycoreutils-2.4-8
- Fix multiple python3 issues in sepolgen (#1249388,#1247575,#1247564)

FIXME: some functionality of audit2allow was temporarily disabled until sepolicy is
ported to python 3
2015-08-06 18:00:07 +02:00
Petr Lautrbach
f26322759f All scripts originally from policycoreutils-python use python 3 now 2015-07-24 17:26:50 +02:00
Petr Lautrbach
ebb9f41c51 policycoreutils: semanage: fix moduleRecords deleteall method
commit 2ff279e21e4715ac49e094b5fae8bc8e84b9e417 ("policycoreutils:
 semanage: update to new source policy infrastructure") introduced
new methods for enabling/disabling modules but failed to update
the deleteall method of class moduleRecords to use the new method.
The deleteall method was introduced by commit
3dafb1046d847783f1e761535925ea79d69d3305 ("Add deleteall customizations
field for modules.") as a way to re-enable all locally disabled modules.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

fedora-selinux/selinux.git:
ab77906ea96a10bcbefee06ab7d32af853d4cf33
adffc5e277f5c5a99771439f793b7aa91be59f31
2015-07-24 10:05:52 +02:00
Petr Lautrbach
056cb287fa Improve compatibility with python 3 2015-07-23 14:24:40 +02:00
Petr Lautrbach
5f7a92e79b update from bachradsusi/selinux branch 2.4
policycoreutils-2.4-0.7
- Fix typo in semanage args for minimum policy store
2015-07-15 16:13:03 +02:00
Petr Lautrbach
087b495201 update from bachradsusi/selinux branch 2.4
policycoreutils-2.4-0.6
- policycoreutils: semanage: update to new source policy infrastructure
- semanage: move permissive module creation to /tmp
2015-07-03 10:27:31 +02:00
Petr Lautrbach
dec177337d - semanage_migrate_store: add -r <root> option for migrating inside chroots
- fixes needed for secadm_r and auditadm_r in MLS policy
2015-05-25 16:37:16 +02:00
Petr Lautrbach
be16d7c136 Update to upstream release 2.4 from https://github.com/bachradsusi/selinux.git branch 2.4 2015-04-13 13:55:14 +02:00
Petr Lautrbach
15238906cb Simplication of sepolicy-manpage web functionality (#1193552)
system_release is no longer hardcoded and it creates only index.html and html man pages in the directory for the system release.
2015-02-24 17:02:35 +01:00
Petr Lautrbach
bb04b4de9b Re-create policycoreutils-rhat.patch from
03cfe4ebfa
- We need to cover file_context.XXX.homedir to have fixfiles with exclude_dirs working correctly.
- use dnf instead of yum - rhbz#1156547
2015-02-02 17:21:15 +01:00
Petr Lautrbach
9d99a57696 Make packaging more transparent
- add make-rhat-patches.sh script which creates policycoreutils-rhat.patch and sepolgen-rhat.patch patches
- use source files from https://github.com/SELinuxProject/selinux/wiki/Releases
- extract sources to selinux/ directory and build them there

Create -rhat patches from
c83f4d17e7
2015-02-02 16:42:37 +01:00
Miroslav Grepl
180235ba1d - Examples are no longer in the main semanage man page (#1084390)
- Add support for Fedora22 man pages. We need to fix it to not using hardcoding.
- Print usage for all mutually exclusive options.
- Fix selinux man page to refer seinfo and sesearch tools.
2014-07-23 08:26:28 +02:00
Dan Walsh
cbb4c3ee48 Update Miroslav Grepl Patches
* If there is no executable we don't want to print a part of STANDARD FILE CON
  * Add-manpages-for-typealiased-types
  * Make fixfiles_exclude_dirs working if there is a substituion for the given d
2014-05-16 11:48:54 -04:00
Dan Walsh
d60939fccd Update to upstream
* Add -P semodule option to man page from Dan Walsh.
	* selinux_current_policy_path will return none on a disabled SELinux system from Dan Walsh.
	* Add new icons for sepolicy gui from Dan Walsh.
	* Only return writeable files that are enabled from Dan Walsh.
	* Add domain to short list of domains, when -t and -d from Dan Walsh.
	* Fix up desktop files to match current standards from Dan Walsh.
	* Add support to return sensitivities and categories for python from Dan Walsh.
	* Cleanup whitespace from Dan Walsh.
	* Add message to tell user to install sandbox policy from Dan Walsh.
	* Add systemd unit file for mcstrans from Laurent Bigonville.
	* Improve restorecond systemd unit file from Laurent Bigonville.
	* Minor man pages improvements from Laurent Bigonville.
2014-05-06 14:58:32 -04:00
Dan Walsh
e9004a6bf6 Update Translations 2014-04-01 09:37:30 -04:00
Dan Walsh
86feb38872 [PATCH] Add support for Fedora21 html manpage structure
-  From Miroslav Grepl
2014-03-31 08:34:41 -04:00
Dan Walsh
60924625b8 mgrepl [PATCH] Deleteall user customization fails if there is a user used
- for the default login. We do not want to fail on it and continue to delete
- customizations for users which are not used for default login.
2014-03-26 09:15:58 -04:00
Dan Walsh
794d8879f7 Update Translations
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
2014-03-25 10:47:23 -04:00
Dan Walsh
f30728b86b Update Translations
- Make selinux-policy build working also on another architectures related to s
- Miroslav grepl patch to fix the creation of man pages on different architectures.
- Add ability to list the actual active modules
- Fix spelling mistake on sesearch in generate man pages.
2014-03-24 14:56:27 -04:00
Dan Walsh
fec09b4310 Allow manpages to be built on aarch64 2014-02-24 11:45:05 -05:00
Dan Walsh
f17032379c Don't be verbose in fixfiles if there is not tty 2014-02-14 12:33:24 -05:00
Dan Walsh
57422a62c6 Update translations 2014-01-21 09:18:34 -05:00
Dan Walsh
a3dfb2e273 Add Miroslav patch to
- Fix previously_modified_initialize() to show modified changes properly for all selections
2014-01-16 12:34:30 -05:00
Dan Walsh
16f2333d36 Add Miroslav patch to
-    Fix previously_modified_initialize() to show modified changes properly for all selections
2014-01-16 12:12:35 -05:00
Dan Walsh
b371ba3420 Don't require /usr/share/selinux/devel/Makefile to build permissive domains 2014-01-08 11:20:05 -05:00
Dan Walsh
b9afd68089 Update to upstream
* Ignore selevel/serange if MLS is disabled from Sven Vermeulen.
2014-01-06 10:24:11 -05:00
Dan Walsh
2200ddeea6 Update Tranlations
- Patch from Yuri Chornoivan to fix typos
2014-01-03 16:06:52 -05:00
Dan Walsh
53ac00459c Fixes Customized booleans causing a crash of the sepolicy gui 2014-01-03 14:39:18 -05:00
Dan Walsh
fa2e38d15a Fix sepolicy gui selection for advanced screen
- Update Translations
2013-12-20 09:01:14 -05:00
Dan Walsh
576b3e8a80 Break out python3 code into separate package 2013-12-13 08:48:16 -05:00
Dan Walsh
5c1fb32c8b Update to upstream
* Revert automatic setting of serange and seuser in seobject; was breaking non-MLS systems.
- Add patches for sepolicy gui from mgrepl to
  Fix advanced_item_button_push() to allow to select an application in advanced search menu
  Fix previously_modified_initialize() to show modified changes properly for all selections
2013-12-03 15:50:34 -05:00
Dan Walsh
e0ae96d544 Update to upstream
* Apply polkit check on all dbus interfaces and restrict to active user from Dan Walsh.
	* Fix typo in sepolicy gui dbus.relabel_on_boot call from Dan Walsh.
- Apply Miroslav Grepl patch to fix TEMPLATETYPE_domtrans description in sepolicy generate
2013-11-22 09:06:48 -05:00
Dan Walsh
934834e6cb Fix selinux-polgengui, get_all_modules call 2013-11-20 09:19:24 -05:00
Dan Walsh
394f387019 Speed up startup time of sepolicy gui
- Clean up ports screen to only show enabled ports.
- Update to upstream
	* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
	* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
	* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
2013-11-18 13:28:42 -05:00
Dan Walsh
5d97d38d1b Speed up startup time of sepolicy gui
- Clean up ports screen to only show enabled ports.
- Update to upstream
	* Remove import policycoreutils.default_encoding_utf8 from semanage from Dan Walsh.
	* Make yum/extract_rpms optional for sepolicy generate from Dan Walsh.
	* Add test suite for audit2allow and sepolgen-ifgen from Dan Walsh.
2013-11-15 09:06:16 -05:00
Dan Walsh
6e2e7ad1d8 Update to upstream
* Properly build the swig exception file from Laurent Bigonville.
	* Fix man pages from Laurent Bigonville.
	* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
	* Fix LDFLAGS usage from Laurent Bigonville.
	* Fix init_policy warning from Laurent Bigonville.
	* Fix semanage logging from Laurent Bigonville.
	* Open newrole stdin as read/write from Sven Vermeulen.
	* Fix sepolicy transition from Sven Vermeulen.
	* Support overriding CFLAGS from Simon Ruderich.
	* Create correct man directory for run_init from Russell Coker.
	* restorecon GLOB_BRACE change from Michal Trunecka.
	* Extend audit2why to report additional constraint information.
	* Catch IOError errors within audit2allow from Dan Walsh.
	* semanage export/import fixes from Dan Walsh.
	* Improve setfiles progress reporting from Dan Walsh.
	* Document setfiles -o option in usage from Dan Walsh.
	* Change setfiles to always return -1 on failure from Dan Walsh.
	* Improve setsebool error r eporting from Dan Walsh.
	* Major overhaul of gui from Dan Walsh.
	* Fix sepolicy handling of non-MLS policy from Dan Walsh.
	* Support returning type aliases from Dan Walsh.
	* Add sepolicy tests from Dan Walsh.
	* Add org.selinux.config.policy from Dan Walsh.
	* Improve range and user input checking by semanage from Dan Walsh.
	* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
	* Allow use of <<none>> for semanage fcontext from Dan Walsh.
        * Report customized user levels from Dan Walsh.
	* Support deleteall for restoring disabled modules from Dan Walsh.
	* Improve semanage error reporting from Dan Walsh.
	* Only list disabled modules for module locallist from Dan Walsh.
	* Fix logging from Dan Walsh.
	* Define new constants for file type character codes from Dan Walsh.
	* Improve bash completions from Dan Walsh.
	* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
	* Add semanage tests from Dan Walsh.
	* Split semanage man pages from Dan Walsh.
	* Move bash completion scripts from Dan Walsh.
	* Replace genhomedircon script with a link to semodule from Dan Walsh.
	* Fix fixfiles from Dan Walsh.
	* Add support for systemd service for restorecon from Dan Walsh.
	* Spelling corrections from Dan Walsh.
	* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
	* Switch sandbox to openbox window manager from Dan Walsh.
	* Coalesce audit2why and audit2allow from Dan Walsh.
	* Change audit2allow to append to output file from Dan Walsh.
	* Update translations from Dan Walsh.
	* Change audit2why to use selinux_current_policy_path from Dan Walsh.
2013-10-31 14:27:38 -04:00
Dan Walsh
2b7d10b4f0 Update to upstream
* Properly build the swig exception file from Laurent Bigonville.
	* Fix man pages from Laurent Bigonville.
	* Support overriding PATH and INITDIR in Makefile from Laurent Bigonville.
	* Fix LDFLAGS usage from Laurent Bigonville.
	* Fix init_policy warning from Laurent Bigonville.
	* Fix semanage logging from Laurent Bigonville.
	* Open newrole stdin as read/write from Sven Vermeulen.
	* Fix sepolicy transition from Sven Vermeulen.
	* Support overriding CFLAGS from Simon Ruderich.
	* Create correct man directory for run_init from Russell Coker.
	* restorecon GLOB_BRACE change from Michal Trunecka.
	* Extend audit2why to report additional constraint information.
	* Catch IOError errors within audit2allow from Dan Walsh.
	* semanage export/import fixes from Dan Walsh.
	* Improve setfiles progress reporting from Dan Walsh.
	* Document setfiles -o option in usage from Dan Walsh.
	* Change setfiles to always return -1 on failure from Dan Walsh.
	* Improve setsebool error r eporting from Dan Walsh.
	* Major overhaul of gui from Dan Walsh.
	* Fix sepolicy handling of non-MLS policy from Dan Walsh.
	* Support returning type aliases from Dan Walsh.
	* Add sepolicy tests from Dan Walsh.
	* Add org.selinux.config.policy from Dan Walsh.
	* Improve range and user input checking by semanage from Dan Walsh.
	* Prevent source or target arguments that end with / for substitutions from Dan Walsh.
	* Allow use of <<none>> for semanage fcontext from Dan Walsh.
        * Report customized user levels from Dan Walsh.
	* Support deleteall for restoring disabled modules from Dan Walsh.
	* Improve semanage error reporting from Dan Walsh.
	* Only list disabled modules for module locallist from Dan Walsh.
	* Fix logging from Dan Walsh.
	* Define new constants for file type character codes from Dan Walsh.
	* Improve bash completions from Dan Walsh.
	* Convert semanage to argparse from Dan Walsh (originally by Dave Quigley).
	* Add semanage tests from Dan Walsh.
	* Split semanage man pages from Dan Walsh.
	* Move bash completion scripts from Dan Walsh.
	* Replace genhomedircon script with a link to semodule from Dan Walsh.
	* Fix fixfiles from Dan Walsh.
	* Add support for systemd service for restorecon from Dan Walsh.
	* Spelling corrections from Dan Walsh.
	* Improve sandbox support for home dir symlinks and file caps from Dan Walsh.
	* Switch sandbox to openbox window manager from Dan Walsh.
	* Coalesce audit2why and audit2allow from Dan Walsh.
	* Change audit2allow to append to output file from Dan Walsh.
	* Update translations from Dan Walsh.
	* Change audit2why to use selinux_current_policy_path from Dan Walsh.
2013-10-31 10:06:05 -04:00
Dan Walsh
256317fccc Cleanup errors found by pychecker
- Apply patch from Michal Trunecka to allow restorecon to handle {} in globs
2013-10-16 15:20:12 -04:00
Dan Walsh
8f0685b998 sepolicy gui
- mgrepl fixes for users and login
- Update Translations.
2013-10-15 15:37:37 -04:00
Dan Walsh
9f7fe58ac4 sepolicy gui
- mgrepl added delete screens for users and login
  - Fix lots of bugs.
- Update Translations.
2013-10-11 17:15:18 -04:00
Dan Walsh
58b140fa6b mgrepl added delete screens for users and login 2013-10-11 16:43:11 -04:00
Dan Walsh
f00bc4f487 Fixes for fixfiles
* exclude_from_dirs should apply to all types of restorecon calls
  * fixfiles check now works
  * exit with the correct status
2013-10-04 18:24:43 -04:00
Dan Walsh
685bf50ba2 Fixes for sepolicy gui
- Fix setsebool to return 0 on success
- Update Po
2013-10-02 16:25:25 -04:00
Dan Walsh
2683a97019 Improvements to sepolicy gui
- Add more help information
  - Cleanup code
  - Add deny_ptrace on lockdown screen
  - Make unconfined/permissivedomains lockdown work
  - Add more support for file equivalency
2013-09-28 07:06:41 -04:00