Commit Graph

633 Commits

Author SHA1 Message Date
Dan Walsh
e0ffc386e8 Add listing of distribution equivalence class from semanage fcontext -l
Add checking to semanage fcontext -a to guarantee a file specification will not be masked by an equivalence

Allow ~ as a valid part of a filename in sepolgen
2011-11-16 15:41:18 -05:00
Dan Walsh
35a1c24b59 sandbox init script should always return 0
sandbox command needs to check range of categories and report error if not big enough
2011-11-11 15:25:44 -05:00
Dan Walsh
e71cb0d5d0 Allow user to specify DPI when running sandbox 2011-11-07 15:56:15 -05:00
Dan Walsh
2c4e323ce5 Upgrade to policycoreutils upstream
* sandbox: Maintain the LANG environment into the sandbox
	* audit2allow: use audit2why internally
	* fixfiles: label /root but not /var/lib/BackupPC
	* semanage: update local boolean settings is dealing with localstore
	* semanage: missing modify=True
	* semanage: set modified correctly
	* restorecond: make restorecond dbuss-able
	* restorecon: Always check return code on asprintf
	* restorecond: make restorecond -u exit when terminal closes
	* sandbox: introduce package name and language stuff
	* semodule_package: remove semodule_unpackage on clean
	* fix sandbox Makefile to support DESTDIR
	* semanage: Add -o description to the semanage man page
	* make use of the new realpath_not_final function
	* setfiles: close /proc/mounts file when finished
	* semodule: Document semodule -p in man page
	* setfiles: fix use before initialized
	* restorecond: Add .local/share as a directory to watch
Upgrade to sepolgen upstream
	* Ignore permissive qualifier if found in an interface
	* Return name field in avc data
2011-11-04 10:47:42 -04:00
Dan Walsh
2392ca1483 A couple of minor coverity fixes for a potential leaked file descriptor
An an unchecked return code.
Add ~/.local/share/* to restorecond_user watches
2011-10-28 16:47:40 -04:00
Dan Walsh
6c13d007c9 restorecond -u needs to watch terminal for exit if run outside of dbus. 2011-10-06 16:07:50 -04:00
Dan Walsh
ebadcd67f7 Do not drop capabilities if running newrole as root 2011-10-04 08:36:06 -04:00
Dan Walsh
3507aa6632 Update to upstream
* semanage: fix indentation error in seobject
2011-09-30 09:28:53 -04:00
Dan Walsh
e5b91b64fc Remove gnome requirement from polgengui 2011-09-29 10:09:48 -04:00
Dan Walsh
b91e98e2c2 Update to upstream
policycoreutils-2.1.6
	* sepolgen-ifgen: new attr-helper does something
	* audit2allow: use alternate policy file
	* audit2allow: sepolgen-ifgen use the attr helper
	* setfiles: switch from stat to stat64
	* setfiles: Fix potential crash using dereferenced ftsent
	* setfiles: do not wrap * output at 80 characters
	* sandbox: add -Wall and -Werror to makefile
	* sandbox: add sandbox cgroup support
	* sandbox: rewrite /tmp handling
	* sandbox: do not bind mount so much
	* sandbox: add level based kill option
	* sandbox: cntrl-c should kill entire process control group
	* Create a new preserve_tunables flag in sepol_handle_t.
	* semanage: show running and disk setting for booleans
	* semanage: Dont print heading if no items selected
	* sepolgen: audit2allow is mistakakenly not allowing valid module names
	* semanage: Catch RuntimeErrors, that can be generated when SELinux is disabled
	* More files to ignore
	* tree: default make target to all not install
	* sandbox: do not load unused generic init functions
sepolgen-1.1.2
	* src: sepolgen: add attribute storing infrastructure
	* Change perm-map and add open to try to get better results on
	* look for booleans that might solve problems
	* sepolgen: audit2allow is mistakakenly not allowing valid module names
	* tree: default make target to all not install
2011-09-19 07:40:39 -04:00
Dan Walsh
64a1a56e71 Change separator on -L from ; to : 2011-09-14 22:08:19 -04:00
Dan Walsh
2d6eafee19 Add back lockdown wizard for booleans using pywebkitgtk 2011-09-08 09:47:43 -04:00
Dan Walsh
78175de296 Maintain the LANG environment Variable into the sandbox
Change restorecon/setfiles to only change type part of the context unless
f qualifier is given
2011-09-07 14:23:19 -04:00
Dan Walsh
04b2851781 Allow setfiles and restorecon to use labeledprefix to speed up processing
and limit memory.
2011-09-02 09:24:40 -04:00
Dan Walsh
42466e2b7e Update to upstream
* policycoreutils
	* setfiles: Fix process_glob to handle error situations
	* sandbox: Allow seunshare to run as root
	* sandbox: trap sigterm to make sure sandbox
	* sandbox: pass DPI from the desktop
	* sandbox: seunshare: introduce helper spawn_command
	* sandbox: seunshare: introduce new filesystem helpers
	* sandbox: add -C option to not drop
	* sandbox: split seunshare caps dropping
	* sandbox: use dbus-launch
	* sandbox: numerous simple updates to sandbox
	* sandbox: do not require selinux context
	* sandbox: Makefile: new man pages
	* sandbox: rename dir to srcdir
	* sandbox: allow users specify sandbox window size
	* sandbox: check for paths up front
	* sandbox: use defined values for paths rather
	* sandbox: move seunshare globals to the top
	* sandbox: whitespace fix
	* semodule_package: Add semodule_unpackage executable
	* setfiles: get rid of some stupid globals
	* setfiles: move exclude_non_seclabel_mounts to a generic location
* sepolgen
	* refparser: include open among valid permissions
	* refparser: add support for filename_trans rules
2011-08-30 16:32:33 -04:00
Dan Walsh
8b0727dc56 Fix bug in glob handling for restorecon 2011-08-23 17:13:19 -04:00
Dan Walsh
831d6fd46c Update to upstream
2.1.4 2011-08-17
	* run_init: clarification of the usage in the
	* semanage: fix usage header around booleans
	* semanage: remove useless empty lines
	* semanage: update man page with new examples
	* semanage: update usage text
	* semanage: introduce file context equivalencies
	* semanage: enable and disable modules
	* semanage: output all local modifications
	* semanage: introduce extraction of local configuration
	* semanage: cleanup error on invalid operation
	* semanage: handle being called with no arguments
	* semanage: return sooner to save CPU time
	* semanage: surround getopt with try/except
	* semanage: use define/raise instead of lots of
	* semanage: some options are only valid for
	* semanage: introduce better deleteall support
	* semanage: do not allow spaces in file
	* semanage: distinguish between builtin and local permissive
	* semanage: centralized ip node handling
	* setfiles: make the restore function exclude() non-static
	* setfiles: use glob to handle ~ and
	* fixfiles: do not hard code types
	* fixfiles: stop trying to be smart about
	* fixfiles: use new kernel seclabel option
	* fixfiles: pipe everything to cat before sending
	* fixfiles: introduce /etc/selinux/fixfiles_exclude_dirs
	* semodule: support for alternative root paths
2011-08-18 07:23:59 -04:00
Dan Walsh
a648c6f239 Change seunshare to send kill signals to the childs session.
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:53:37 -04:00
Dan Walsh
af0f4926da Change seunshare to send kill signals to the childs session.
Also add signal handler to catch sigint, so if user enters ctrl-C sandbox will shutdown.
2011-07-07 14:37:24 -04:00
Dan Walsh
8dbd4d49f6 dd new restorecond service 2011-07-05 17:18:12 -04:00
Dan Walsh
759501823b Add -C option to sandbox and seunshare to maintain capabilities, otherwise
the bounding set will be dropped.
Change --cgroups short name -c rather then -C for consistancy
Fix memory and fd leaks in seunshare
2011-07-05 16:51:18 -04:00
Dan Walsh
173e9f90db Do not drop capability bounding set in seunshare, this allows sandbox to
run setuid apps.
2011-06-13 13:37:04 -04:00
Dan Walsh
299d98087e Remove mount -o bind calls from sandbox init script
pam_namespace now has this built in.
2011-06-07 13:58:41 -04:00
Dan Walsh
dc86b007cf Pass desktop dpi to sandbox Xephyr window 2011-06-07 08:37:18 -04:00
Dan Walsh
c2ef4a0bea Allow semodule to pick alternate root for selinux files
Add ~/.config/* to restorcond_user.conf, so restorecond will watch for mislabeled files in this directory.
2011-06-06 13:01:14 -04:00
Dan Walsh
4a56398540 Apply patches from Christoph A.
* fix sandbox title
* stop xephyr from li
Also ignore errors on sandbox include of directory missing files
2011-04-22 07:06:23 -04:00
Dan Walsh
588030fc2c Change fixfiles restore to delete unlabeled sockets in /tmp 2011-04-18 13:18:18 -04:00
Dan Walsh
61f1bc2068 Change fixfiles restore to delete unlabeled sockets in /tmp 2011-04-18 12:47:15 -04:00
Dan Walsh
9f65a26864 Update to upstream
* Use correct color range in mcstrand by Richard Haines.
2011-04-13 16:52:53 -04:00
Dan Walsh
1da0399e25 rsynccmd should run outside of execcon 2011-03-30 14:42:36 -04:00
Dan Walsh
be38aa471e Rewrite seunshare to make sure /tmp is mounted stickybit owned by root 2011-03-03 13:35:37 -05:00
Dan Walsh
433953b033 - Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
- Cleanup chcat man page
2011-02-03 16:15:43 -05:00
Dan Walsh
331e9ad06d - Report full errors on OSError on Sandbox 2011-02-02 13:34:22 -05:00
Dan Walsh
e764b2d2b6 - Fix newrole hanlding of pcap 2011-01-21 15:11:31 -05:00
Dan Walsh
971f278f98 - Have restorecond watch more directories in homedir 2011-01-19 16:45:53 -05:00
Dan Walsh
12eb5b45f4 - Fix proper handling of getopt errors
- Do not allow modules names to contain spaces
2011-01-10 14:39:21 -05:00
Dan Walsh
c76dc0c642 - Polgengui raises the wrong type of exception. #471078
- Change semanage to not allow it to semanage module -D
- Change setsebool to suggest run as root on failure
2011-01-06 14:38:19 -05:00
Dan Walsh
448a84b06a - Polgengui raises the wrong type of exception. #471078
- Change semanage to not allow it to semanage module -D
2011-01-04 17:23:27 -05:00
Dan Walsh
18119ffd24 - Fix restorecond watching utmp file for people logging in our out 2010-12-22 14:38:46 -05:00
Dan Walsh
a548207cc4 - Change to allow sandbox to run on nfs homedirs, add start python script 2010-12-21 16:20:01 -05:00
Dan Walsh
8937a040d8 - Change to allow sandbox to run on nfs homedirs, add start python script 2010-12-15 16:47:38 -05:00
Dan Walsh
6c80e8dc19 - Fix sandbox to show correct types in usage statement 2010-11-30 12:09:48 -05:00
Dan Walsh
8c1d9b0f48 - Stop fixfiles from complaining about missing dirs 2010-11-29 10:14:39 -05:00
Dan Walsh
63fda8aa74 - Update to upstream
- List types available for sandbox in usage statement
2010-11-24 13:44:58 -05:00
Dan Walsh
f0e85a70d6 - Update to upstream
- List types available for sandbox in usage statement
2010-11-24 13:41:52 -05:00
Dan Walsh
b9b7f4161c - Fix up problems pointed out by solar designer on dropping capabilities 2010-11-08 15:12:25 -05:00
Dan Walsh
d7e1c238f4 - Check if you have full privs and reset otherwise dont drop caps 2010-11-01 16:21:00 -04:00
Dan Walsh
cdcc4526b7 - Fix setools require line 2010-11-01 09:50:12 -04:00
Dan Walsh
622bb69d77 - Move /etc/pam.d/newrole in to polcicycoreutils-newrole
- Additiona capability  checking in sepolgen
2010-10-29 09:39:03 -04:00
Dan Walsh
9852e61813 - Remove setuid flag and replace with file capabilities
- Fix sandbox handling of files with spaces in them
2010-10-25 17:25:34 -04:00
Dan Walsh
cccd96b8cf - Move restorecond into its own subpackage 2010-09-23 16:23:05 -04:00
Dan Walsh
e500ad80f0 * Wed Jul 28 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-9
- Update selinux-polgengui to sepolgen policy generation
2010-07-30 11:19:53 -04:00
Daniel J Walsh
1eab65cee2 * Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-6
- Fix sandbox man page
2010-07-26 15:33:31 +00:00
Daniel J Walsh
d6510fbca2 * Tue Jul 20 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-4
- Add translations for menus
- Fixup man page from Russell Coker
2010-07-20 13:18:18 +00:00
Daniel J Walsh
614ca03ae7 * Tue Jun 15 2010 Dan Walsh <dwalsh@redhat.com> 2.0.83-3
- Change python scripts to use -s flag
- Update po
2010-07-13 17:32:51 +00:00
Daniel J Walsh
73342918cd * Tue Jun 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-30
- Add cgroup support for sandbox
2010-06-08 19:13:40 +00:00
Daniel J Walsh
70b2ff10d0 * Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-28
- Fix sandbox init script
- Add dbus-launch to sandbox -X
Resolve: #599599
2010-06-03 21:14:18 +00:00
Daniel J Walsh
85a18e3dcc * Thu Jun 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-27
- Move genhomedircon.8 to same package as genhomedircon
- Fix sandbox to pass unit test
Resolves: #595796
2010-06-03 15:04:49 +00:00
Daniel J Walsh
829762e693 * Thu May 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.82-24
- Man page fixes
- sandbox fixes
Resolves: #595796
- Move seunshare to base package
2010-05-27 21:23:08 +00:00
Daniel J Walsh
be45950990 * Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
- Update to upstream
	* Fix double-free in newrole
- Fix python language handling
2010-02-16 21:35:16 +00:00
Daniel J Walsh
fc6c93ebeb * Thu Feb 16 2010 Dan Walsh <dwalsh@redhat.com> 2.0.79-1
- Update to upstream
	* Fix double-free in newrole
2010-02-16 19:49:37 +00:00
Daniel J Walsh
8fd9d71264 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
2010-02-11 22:13:39 +00:00
Daniel J Walsh
fce031b620 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
2010-02-11 21:56:38 +00:00
Daniel J Walsh
ee3649bda5 * Thu Feb 11 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-21
- Fix display of command in sandbox
2010-02-11 18:24:55 +00:00
Daniel J Walsh
e7737e34ea * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-19
- Fix seobject and fixfiles
2010-02-03 20:24:35 +00:00
Daniel J Walsh
c8f4893a95 * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-18
- Fix seobject and fixfiles
2010-02-03 16:42:37 +00:00
Daniel J Walsh
35da894f0e * Wed Feb 3 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-18
- Fix seobject and fixfiles
2010-02-03 16:42:35 +00:00
Daniel J Walsh
db71b70994 * Fri Jan 29 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-17
- Change seobject to use translations properly
2010-02-01 14:40:42 +00:00
Daniel J Walsh
dd674534b4 * Wed Jan 27 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-14
- Add session capability to sandbox
- sandbox -SX -H ~/.homedir -t unconfined_t -l s0:c15 /etc/gdm/Xsession
2010-01-27 21:52:27 +00:00
Daniel J Walsh
a02089d628 * Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati
2010-01-19 17:25:36 +00:00
Daniel J Walsh
54e6651778 * Thu Jan 14 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-11
- Run with the same xdmodmap in sandbox as outside
- Patch from Josh Cogliati
2010-01-14 21:34:51 +00:00
Daniel J Walsh
6c22c6b1f6 * Fri Jan 8 2010 Dan Walsh <dwalsh@redhat.com> 2.0.78-9
- Add -e to semanage man page
- Add -D qualifier to audit2allow to generate dontaudit rules
2010-01-08 14:37:32 +00:00
Daniel J Walsh
29b74ccd7d * Fri Dec 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-7
- Fixes to sandbox man page
2009-12-21 21:56:27 +00:00
Daniel J Walsh
a1bf0daa6c * Wed Dec 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-5
- If restorecond running as a user has no files to watch then it should exit.  (NFS Homedirs)
2009-12-16 13:21:49 +00:00
Daniel J Walsh
79944fd474 * Tue Dec 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-3
- Fix audit2allow to report constraints, dontaudits, types, booleans
2009-12-09 21:33:50 +00:00
Daniel J Walsh
3fbc112632 * Tue Dec 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.78-1
- Update to upstream
	* Remove non-working OUTFILE from fixfiles from Dan Walsh.
	* Additional exception handling in chcat from Dan Walsh.
2009-12-01 21:17:45 +00:00
Daniel J Walsh
f3a1cbae2a * Tue Nov 24 2009 Dan Walsh <dwalsh@redhat.com> 2.0.77-1
- Update to upstream
	* Fixed bug preventing semanage node -a from working
	  from Chad Sellers
	* Fixed bug preventing semanage fcontext -l from working
	  from Chad Sellers
- Change semanage to use unicode
2009-11-24 15:30:53 +00:00
Daniel J Walsh
e973847bf6 * Wed Nov 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.76-1
- Update to upstream
	* Remove setrans management from semanage, as it does not work
	  from Dan Walsh.
	* Move load_policy from /usr/sbin to /sbin from Dan Walsh.
2009-11-18 22:20:42 +00:00
Daniel J Walsh
4e4a82e887 * Mon Nov 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-3
- Raise exception if user tries to add file context with an embedded space
2009-11-16 21:54:45 +00:00
Daniel J Walsh
a1e42cb153 * Wed Nov 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-2
- Fix sandbox to setsid so it can run under mozilla without crashing the session
2009-11-11 21:56:23 +00:00
Daniel J Walsh
942b683f29 * Tue Nov 2 2009 Dan Walsh <dwalsh@redhat.com> 2.0.75-1
- Update to upstream
	* Factor out restoring logic from setfiles.c into restore.c
2009-11-09 21:12:58 +00:00
Daniel J Walsh
44bb682976 * Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-15
- Fix typo in seobject.py
2009-11-02 16:40:00 +00:00
Daniel J Walsh
8cf3bcfdee * Fri Oct 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-14
- Allow semanage -i and semanage -o to generate customization files.
- semanage -o will generate a customization file that semanage -i can read and set a machines to the same selinux configuration
2009-10-30 21:01:42 +00:00
Daniel J Walsh
fd3c8c94ea * Wed Oct 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-9
- Move fixfiles man pages into the correct package
- Add genhomedircon to fixfiles restore
2009-10-14 14:47:50 +00:00
Daniel J Walsh
ac48b0b34b * Thu Oct 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-8
- Add check to sandbox to verify save changes - Chris Pardy
- Fix memory leak in restorecond - Steve Grubb
2009-10-06 16:09:52 +00:00
Daniel J Walsh
678a86d335 * Thu Oct 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-7
- Fixes Templates
2009-10-01 16:04:13 +00:00
Daniel J Walsh
f466aa0b3b * Wed Sep 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-5
- Fixes for semanage -equiv, readded modules, --enable, --disable
2009-09-30 15:37:12 +00:00
Daniel J Walsh
6c27d724c5 * Sun Sep 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-4
- Close sandbox when eclipse exits
2009-09-21 13:54:02 +00:00
Daniel J Walsh
425e7d2796 * Fri Sep 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-3
- Security fixes for seunshare
- Fix Sandbox to handle non file input to command.
2009-09-19 01:40:53 +00:00
Daniel J Walsh
b98d816316 * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-2
- Security fixes for seunshare
2009-09-17 19:19:53 +00:00
Daniel J Walsh
26d020dedb * Thu Sep 17 2009 Dan Walsh <dwalsh@redhat.com> 2.0.74-1
- Update to upstream
	* Change semodule upgrade behavior to install even if the module
	  is not present from Dan Walsh.
	* Make setfiles label if selinux is disabled and a seclabel aware
	  kernel is running from Caleb Case.
	* Clarify forkpty() error message in run_init from Manoj Srivastava.
2009-09-17 13:07:45 +00:00
Daniel J Walsh
1696e8f7d1 * Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-5
- Fix sandbox to handle relative paths
2009-09-16 19:48:49 +00:00
Daniel J Walsh
f109f0076e * Mon Sep 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-3
- Fix restorecond script to use force-reload
2009-09-14 19:39:09 +00:00
Daniel J Walsh
b87b8212fa * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-2
- Fix init script to show status in usage message
2009-09-09 21:07:24 +00:00
Daniel J Walsh
fc20c42a12 * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-2
- Fix init script to show status in usage message
2009-09-09 17:04:51 +00:00
Daniel J Walsh
7ae4fd64fa * Tue Sep 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.73-1
- Update to upstream
        * Add semanage dontaudit to turn off dontaudits from Dan Walsh.
        * Fix semanage to set correct mode for setrans file from Dan Walsh.
        * Fix malformed dictionary in portRecord from Dan Walsh.
	* Restore symlink handling support to restorecon based on a patch by
	Martin Orr.  This fixes the restorecon /dev/stdin performed by Debian
	udev scripts that was broken by policycoreutils 2.0.70.
2009-09-08 14:15:50 +00:00
Daniel J Walsh
7b3ab100a9 * Fri Aug 28 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-14
- Add enable/disable patch
2009-08-28 18:18:46 +00:00
Daniel J Walsh
a39af4db38 * Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-12
- Tighten up controls on seunshare.c
2009-08-26 21:52:30 +00:00
Daniel J Walsh
349a457593 * Wed Aug 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-11
- Add sandboxX
2009-08-26 18:05:32 +00:00
Daniel J Walsh
4b8a9749e9 * Sat Aug 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-10
- Fix realpath usage to only happen on argv input from user
2009-08-22 12:08:34 +00:00
Daniel J Walsh
4bf248f359 * Thu Aug 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-7
- Fix glob handling of /..
2009-08-20 19:51:45 +00:00
Daniel J Walsh
3f2af1bab0 * Thu Aug 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-7
- Fix glob handling of /..
2009-08-20 19:05:30 +00:00
Daniel J Walsh
c14fb87560 * Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-6
- Redesign restorecond to use setfiles/restore functionality
2009-08-19 20:38:19 +00:00
Daniel J Walsh
8c640c000d * Wed Aug 19 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-6
- Redesign restorecond to use setfiles/restore functionality
2009-08-19 20:25:21 +00:00
Daniel J Walsh
e96c403a63 * Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-4
- Add --boot flag to audit2allow to get all AVC messages since last boot
2009-08-18 19:25:04 +00:00
Daniel J Walsh
2b1f1bd524 * Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-3
- Fix semanage command
2009-08-18 12:32:44 +00:00
Daniel J Walsh
afa7adf27e * Thu Aug 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.71-1
- Fix chcat to report error on non existing file
- Update to upstream
	* Modify setfiles/restorecon checking of exclude paths.  Only check
	user-supplied exclude paths (not automatically generated ones based on
	lack of seclabel support), don't require them to be directories, and
	ignore permission denied errors on them (it is ok to exclude a path to
	which the caller lacks permission).
2009-08-13 15:51:51 +00:00
Daniel J Walsh
f23e0fcdf3 * Mon Aug 10 2009 Dan Walsh <dwalsh@redhat.com> 2.0.70-2
- Don't warn if the user did not specify the exclude if root can not stat file system
2009-08-10 15:26:43 +00:00
Daniel J Walsh
886ea9345c * Wed Aug 5 2009 Dan Walsh <dwalsh@redhat.com> 2.0.70-1
- Update to upstream
	* Modify restorecon to only call realpath() on user-supplied pathnames
	from Stephen Smalley.
	* Fix typo in fixfiles that prevented it from relabeling btrfs
	  filesystems from Dan Walsh.
2009-08-05 19:27:53 +00:00
Daniel J Walsh
d03de9fdcd * Sun Jul 29 2009 Dan Walsh <dwalsh@redhat.com> 2.0.68-1
- Fix location of man pages
- Update to upstream
	* Modify setfiles to exclude mounts without seclabel option in
	/proc/mounts on kernels >= 2.6.30 from Thomas Liu.
	* Re-enable disable_dontaudit rules upon semodule -B from Christopher
	Pardy and Dan Walsh.
	* setfiles converted to fts from Thomas Liu.
2009-07-29 13:43:53 +00:00
Daniel J Walsh
2cc7fbfc2e * Fri Jun 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.64-1
- Update to upstream
	* Keep setfiles from spamming console from Dan Walsh.
	* Fix chcat's category expansion for users from Dan Walsh.
- Update po files
- Fix sepolgen
2009-06-26 19:02:05 +00:00
Daniel J Walsh
b30ac013f1 * Mon Jun 1 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-4
- Fix Sandbox option handling
- Fix fixfiles handling of btrfs
2009-06-01 10:43:27 +00:00
Daniel J Walsh
61c2d77e4e * Tue May 26 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-3
- Fix sandbox to be able to execute files in homedir
2009-05-26 16:58:40 +00:00
Daniel J Walsh
7d0ef81ff4 * Wed May 20 2009 Dan Walsh <dwalsh@redhat.com> 2.0.63-1
- Update to upstream
	* Fix transaction checking from Dan Walsh.
	* Make fixfiles -R (for rpm) recursive.
	* Make semanage permissive clean up after itself from Dan Walsh.
	* add /root/.ssh/* to restorecond.conf
2009-05-22 18:00:00 +00:00
Daniel J Walsh
e265547be3 * Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages
2009-05-12 19:32:47 +00:00
Daniel J Walsh
43016e2233 * Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages
2009-05-05 19:50:40 +00:00
Daniel J Walsh
b61040e0cd * Wed Apr 22 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-14
- Fix audit2allow -a to retun /var/log/messages
2009-05-05 18:51:52 +00:00
Daniel J Walsh
20fb912a16 * Thu Apr 16 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-11
- Add semanage module support
2009-04-16 18:53:29 +00:00
Daniel J Walsh
cdfce15287 * Tue Apr 14 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-10
- Do not print \n, if count < 1000;
2009-04-14 13:40:09 +00:00
Daniel J Walsh
a8ac23f196 * Sat Apr 11 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-9
- Handle case where subs file does not exist
2009-04-11 12:22:23 +00:00
Daniel J Walsh
28aeded808 * Wed Apr 8 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-8
- Update po files
- Add --equiv command for semanage
2009-04-09 02:05:21 +00:00
Daniel J Walsh
e5ab0eb59c * Tue Mar 31 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-7
- Cleanup creation of permissive domains
- Update po files
2009-03-31 12:56:45 +00:00
Daniel J Walsh
28777e87d2 * Thu Mar 12 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-5
- Fix semanage transations
2009-03-12 13:30:38 +00:00
Daniel J Walsh
3a53f1bcb5 * Mon Feb 23 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-2
- Add /root/.ssh to restorecond.conf
- fixfiles -R package should recursively fix files
2009-02-23 16:34:14 +00:00
Daniel J Walsh
badeadc2fc * Wed Feb 18 2009 Dan Walsh <dwalsh@redhat.com> 2.0.62-1
- Update to upstream
	* Add btrfs to fixfiles from Dan Walsh.
	* Remove restorecond error for matching globs with multiple hard links
 	  and fix some error messages from Dan Walsh.
	* Make removing a non-existant module a warning rather than an error
	  from Dan Walsh.
	* Man page fixes from Dan Walsh.
2009-02-18 21:54:32 +00:00
Daniel J Walsh
fdaed91e49 * Fri Jan 30 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-7
- Dont report errors on glob match and multiple links
2009-01-30 16:35:12 +00:00
Daniel J Walsh
114d182b28 * Tue Jan 13 2009 Dan Walsh <dwalsh@redhat.com> 2.0.61-1
- Update to upstream
	* chcat: cut categories at arbitrary point (25) from Dan Walsh
	* semodule: use new interfaces in libsemanage for compressed files
	  from Dan Walsh
	* audit2allow: string changes for usage
2009-01-13 14:01:10 +00:00
Daniel J Walsh
e2044195fe * Tue Jan 6 2009 Dan Walsh <dwalsh@redhat.com> 2.0.60-7
- Don't error out when removing a non existing module
2009-01-06 14:12:27 +00:00
Daniel J Walsh
55a7005067 * Mon Dec 15 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-6
- fix audit2allow man page
2009-01-04 19:46:52 +00:00
Daniel J Walsh
f4379014a9 * Tue Dec 2 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-2
- Fix error checking in restorecond, for inotify_add_watch
2008-12-02 13:37:45 +00:00
Daniel J Walsh
461604839c * Mon Dec 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.60-1
- Update to upstream
	* semanage: use semanage_mls_enabled() from Stephen Smalley.
2008-12-01 16:49:49 +00:00
Daniel J Walsh
127ce1fef4 * Tue Nov 11 2008 Dan Walsh <dwalsh@redhat.com> 2.0.59-1
- Update to upstream
	* fcontext add checked local records twice, fix from Dan Walsh.
2008-11-11 21:18:08 +00:00
Daniel J Walsh
69a016d597 * Fri Nov 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-12
- add compression
2008-11-07 15:01:06 +00:00
Daniel J Walsh
acb7809eb8 * Thu Oct 30 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-10
- Fix traceback in audit2why
2008-10-30 18:23:59 +00:00
Daniel J Walsh
ac45055c8c * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-8
- Fix typo in man page
2008-10-29 13:46:43 +00:00
Daniel J Walsh
6389ce25ff * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
- Add usermode-gtk requires
2008-10-28 19:54:05 +00:00
Daniel J Walsh
3f2ca56c60 * Mon Oct 27 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-6
- Add usermode-gtk requires
2008-10-27 14:11:34 +00:00
Daniel J Walsh
1fd30f90e9 * Tue Oct 23 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-5
- Allow addition of local modifications of fcontext policy.
2008-10-23 17:17:24 +00:00
Daniel J Walsh
20b4a0e287 * Mon Oct 20 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-4
- Fix system-config-selinux booleanspage throwing and exception
- Update po files
2008-10-20 20:11:49 +00:00
Daniel J Walsh
26e1328daf * Fri Oct 17 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-3
- Fix text in newrole
- Fix revertbutton on booleans page in system-config-selinux
2008-10-17 22:05:43 +00:00
Daniel J Walsh
9bb9beca12 * Wed Oct 1 2008 Dan Walsh <dwalsh@redhat.com> 2.0.57-1
- Update to upstream
	* Update po files from Dan Walsh.
2008-10-06 19:05:59 +00:00
Daniel J Walsh
2cfc77b157 * Fri Sep 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.56-1
- Fix semanage help display
- Update to upstream
	* fixfiles will now remove all files in /tmp and will check for
	  unlabeled_t in /tmp and /var/tmp from Dan Walsh.
	* add glob support to restorecond from Dan Walsh.
	* allow semanage to handle multi-line commands in a single transaction
	  from Dan Walsh.
2008-09-12 15:58:45 +00:00
Daniel J Walsh
77ffddfa2c * Fri Sep 12 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-9
- Fix semanage help display
2008-09-12 15:45:19 +00:00
Daniel J Walsh
9f10e60d0d * Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-5
- Add node support to semanage
2008-09-08 21:03:49 +00:00
Daniel J Walsh
f015700775 * Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-4
- Fix fixfiles to correct unlabeled_t files and remove .? files
2008-09-08 18:09:36 +00:00
Daniel J Walsh
ac5ad8648b * Mon Sep 8 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-3
- Fix fixfiles to correct unlabeled_t files and remove .? files
2008-09-08 17:47:59 +00:00
Daniel J Walsh
8b3cb0f67c * Wed Sep 3 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-2
- Add glob support to restorecond so it can check every file in the homedir
2008-09-03 21:46:03 +00:00
Daniel J Walsh
2a4d967daa * Thu Aug 28 2008 Dan Walsh <dwalsh@redhat.com> 2.0.55-1
- Update to upstream
	* Merged semanage node support from Christian Kuester.
2008-08-29 19:05:21 +00:00
Daniel J Walsh
51c06b5513 * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-5
- Fixes for multiple transactions
2008-08-08 21:04:55 +00:00
Daniel J Walsh
b0592a727f * Thu Aug 7 2008 Dan Walsh <dwalsh@redhat.com> 2.0.54-4
- Fixes for multiple transactions
2008-08-07 20:04:12 +00:00